I don’t get why they say that? Sure, maybe the attackers don’t know that I’m on Ubuntu 21.2 but if they come across https://paperless.myproxy.com and the Paperless-NGX website opens, I’m pretty sure they know they just visited a Paperless install and can try the exploits they know. Yes, the last part was a bit snarky, but I am truly curious how it can help? Since I’ve looked at proxies multiple times to use it for my selfhosted stuff but I never saw really practical examples of what to do and how to set it up to add an safety/security layer so I always fall back to my VPN and leave it at that.

I don’t think so. I do have a keychron keyboard, but that’s just USB C I believe.

Going to try both. Someone else mentioned the dummy HDMI plug as well, so I got good hopes for that. Also going to look into Incuss. Never heard of it before.

Thanks, going to do this as well. I had it on a monitor for a while and all looked fine while logged in on the console. Would be a bummer though if this would be true.

Hmm, this does sound like it makes sense. I got the feeling that as soon as I removed the monitor it would stop working in a couple of minutes. But I thought that couldn’t be. Thanks for the tip! Going to see if that helps and I’m going to update the BIOS.

Thanks, will do.

Blocking outgoing traffic isn’t needed. But was mere a headsup if that is something you’ve alread setup. What router do you have? Usually when you open a port there is a dropdown menu or checkboxes for what kind of connection the port opening is allowed.

If your forgejo host needs to connect to the outside world, you can open the port for incomming traffic only for related and established traffic. That way when somebody wants to connect to your port as a new connection it will fail. So when somebody has bad intentions, it will not work unless you’ve already connected to them in the first place. You need to permit outgoing traffic from forgejo if you block outgoing traffic.

Good to know it doesn’t have all the functions. Feels more and more that they would like to make money out of it. Which is fine, but then I feel less inclined to help them serve the fediverse.

Ah, that’s what my guess was. It couldn’t be that people just gave up on hosting it.

That’s funny I just looked at your site and vacancies today. I do not qualify for any of those spots though. You’ve got an impressive amount of services build up. Keep up the good work!

Thanks, I was also doubting about Hugo but came about writefreely as well.

In that case, enjoy! It’s a great feeling when you get it working.

If you’re going to do it on your synology, see if you need to fix the TUN error. Also, you need to add ip routes to your synology to have the IP’s from your VPN on docker forwarded to docker. Make sure these are persistent or added on every startup.

Make sure you allow the VPN to work by adding it to the synology firewall.

You need to setup port forwarding on your router. It needs to point to your synology to the port which is linked to the docker container. You also need to add the route to your router to be able to access your network. For instance, if your VPN has 10.0.3.* and your LAN uses 10.0.0., your LAN/router won’t know where to send the response packets to the VPN network. So when connected to your VPN you will never be able to load stuff. If you add that 10.0.3. needs to route to your synology, and your synology knows that range needs to be routed to the Docker VPN container everybody knows where it needs to go.

Tailscale is (like) a VPN, but traffic will go through their servers. If you setup your own VPN server then traffic will remain between your client and your own server.

Did you setup port forwarding and routing tables when you installed your VPN server?.

The Synology VPN package is lacking behind a lot, so you could be missing some security updates.

If you use a VPN to hide your services, you reduce your attack/risk. Since there is only one package/software suite which could’ve vulnerabilties. And VPN’s are focussed on security. If you expose all your hosted stuff, all those programs need to be secure to prevent abuse. And not everybody is as skilled to build it securily.

I would recommend, for you, to use something like tailscale. Since you seem like someone at the beginning of their safety journey. With setting up a VPN server, you need to know a little bit what your doing to make it secure and work. And you could invest time to learn it all, or you could use something that does it for you. Another, not so wise, advise could be to use a docker container to host the VPN. Most containers have all settings correctly setup and have guides to make it secure. But that means you don’t know what you installed and that could be a bad thing as well. Furthermore, docker adds to the complexity of making it work.

What does the NGINX proxy manager do? Is that to access the mediaserver?

Didn’t Elon say he hated the login-window-on-scroll just after purchasing twitter?

Yeah that sounds about enough to handle the load. How many workers do you use? And do you see any errors in your logs about handling messages? You could try to search for that particular thread to see if all replies are handled correctly?

Does your server have enough power and workers to handle all the federated messages? Or is it constantly at 100% CPU?