Yeah what you’re talking about is a DMZ, it still won’t help a ton if you don’t have strict firewall controls inside your network too.
I just use wireguard with firewall rules to restrict to just my server with my docker containers on it and my DNS
Yeah what you’re talking about is a DMZ, it still won’t help a ton if you don’t have strict firewall controls inside your network too.
I just use wireguard with firewall rules to restrict to just my server with my docker containers on it and my DNS
I still use a reverse proxy, but to get into my network you need to be on VPN. It’s more secure for me I guess.
I use traefik forward auth, even inside my network on VPN, for an extra layer of security for some apps.
My opinion is that port 443 getting accidentally misconfigured by me is just too likely a scenario. With wireguard on my router I also am able to restrict traffic to ONLY my webserver and DNS servers for my devices.
So I guess that’s another positive of wireguard, you can use your own DNS servers for all your phones all the time and always have ad blocking with pihole or something similar, even on mobile.
By using VPN I don’t have to worry about accidentally exposing a website with a copy paste error or something over my reverse proxy. I can also easily restrict who has access to my VPN and do routing rules from my router per device or subnet (for people who aren’t in my family I have a separate subnet I assign with more strict firewall rules)
I ended up buying one that flips around and can do A and C connections
If this server is publicly accessible and gets pwned, they can use it as a jump box for your internal devices.
Just close 443 and use VPN with ACME DNS challenges for your certs. That’ll help make it even more secure, nothing is full proof though and a VPN is a good first step
Only if you hook up a torrent client. There’s no requirement to do so
For jellyfin/Plex you can try downloading everything with lidarr
Its behind a paywall can you copy paste?
Self hosting email is a terrible idea. Your Internet goes out? All your emails are black holed
I switched to Kagi like 6 months ago and I still love it. Almost never have to go back to google except for maps.
Yep, everything is fucked. You can put kodi on a raspberry pi though I guess
I have an nvidia shield (android TV) and it had 3/4 of my screen dedicated to ads. I was able to swap my launcher, but still frustrating
There are ads baked in to some websites. Facebook ads make it past pihole.
I personally use both at home I’m just saying pihole doesn’t get everything that unlock does so I always run both
user agent switching is fortunately not too difficult to do.
FF doesn’t do that I think. There are addons that u can use for it though.
is librewolf on mobile?
dns level blocking doesn’t work nearly as well as ublock. Not sure what newpipe is (checking it out now), but pihole misses a ton of things that ublock can do. Ublock can also hide elements from things like “disable your ad blocker” messages that always pop up.
I’m definitely wanting to swap back to firefox, but idk who the hell decided to remove PWA support from FF… hopefully they bring that back.
Runs on docker so it should run fine on your system
And my work profile on my phone tells me to get fucked :(
Dammit
When they first went to chromium it was decent. Then every update since they add more bloatware and popups saying to add their tracker so you can get discounts and shit.
Uninstalled windows and swapped to Firefox. Now I don’t deal with any of that