Eh, I agree.

I have root access to the server and can directly interact with the backend DB. Forcing email for a password reset doesn’t protect me from me.

For sure.

I have several of the Google WiFi pucks, myself. Flashing them wasn’t too complicated, but it does involve disassembly. One of them was my primary router for a while, until it was eventually replaced by a banana pi. It handled the typical routing tasks, plus ad blocking, a VPN, etc. without issue.

Like I said, I believe there’s an nginx package for OpenWRT, serving static web pages should be trivial. If I recall correctly, it only has 8gb of sausage and a half gig of RAM, though. Plenty for a router or static web server, but not a lot of resources for anything too complex. I wonder if you could squeeze a GoToSocial instance in there… That might be fun, actually. I’ve been tinkering with Home Assistant lately, but maybe once that’s “finished”, GTS on a WiFi puck might be my next project. Hm…

Neither the Google WiFi nor an RPI make a good nas server, but either would certainly work. Some routers even have m.2 or USB connectors specifically for that reason.

For a simple web server, there’s even an nginx package for OpenWRT, so you have reverse proxying and basic web hosting on that Google puck with just a couple clicks.

Another interesting possibility is putting a tftp server on your router, and using it as a pxe server.

Plenty of options, if you don’t mind the performance.

deleted by creator

Sorry, deleted my last comment.

I thought RedGifs was like “Reddit Gifs” or something, which is why I pointed out that Boost for Reddit had been patched to fix the missing audio issue with redgifs.

I have now learned that RedGifs is just a porn site and not connected to Reddit specifically.

¯\_(ツ)_/¯

deleted by creator

If you’re using it as a GCNAT tunnel and you don’t want to use tailscale, then your best bet will likely be either a VPS or asking your ISP for a public IP address. Some ISPs will just say no, but others might provide one for an additional fee.

You can also look into your IPV6 situation. You might actually already have a public IPv6 address you can use.

You don’t say what you’re using Cloudflare for, so suggesting an alternative is a bit tough.

Assuming that you’re using a CF tunnel to get through CGNAT, tailscale would be one alternative (no need to turn it off/on, though). The other alternative would be renting a cheap VPS and tunneling through that instead.

On the other hand, if you’re primarily using CF as a reverse proxy, you can run any number of them on your own server instead, like Nginx, Zoraxy, etc.

On the other other hand, if you’re using their WAF, that can also be run locally. Crowdsec offers a WAF component in addition to their usual protections, for example.

On the other other other hand… There are alternatives to most, if not all, of their other services, too.

For what it’s worth, I changed both usernames and it worked.

Nerd blogs, a couple message boards and Reddit subs, and XKCD, of course.

Bug report is getting a little spicy.

https://github.com/ReVanced/revanced-patches/issues/4549

There are some tools to help, but things are sort of specific to particular aspects. Lynis for general systems, ntopng for networks, and such.

For 90% of stuff, though, you can just stick to stable repos and upgrade on a schedule and you’ll be alright.

What’s a good reverse proxy for a set up using Cloudflare?

Having a reverse proxy behind your reverse proxy is a little redundant, but should work fine. My preference after trying several was nginx. The config takes a little to get used to, but it has a ton of features.

is Cloudflare’s proxy really needed?

Not at all.

Cloudflare just makes configuration a bit easier, especially if you’re behind CGNAT. I wrote a little about them here: https://blog.k3can.us/index.php?post/2025/02/Cloudflare-for-the-Selfhoster

The paid plans get you the “premium” blocklists, which includes one specially made to prevent AI scrapers, but a free account will still get you the actual software, the community blocklist, plus up to three "basic"lists.

The slightly lower power draw pi5 vs a Tiny will eventually make up for the higher initial cost, but you can save more by turning off lights when you leave a room or skipping a round at the bar.

In my opinion, the wider software compatibility, better processing power, and expansible RAM and storage options far outweigh the eventual theoretical savings.

That said, if you need the super small SBC form factor or GPIO pins, definitely go for a pi. They absolutely have their use cases. I have 4 or 5 of the 3B and 3B+, and have used them on-and-off for a variety of tasks over the years.

It’s been a long time since Pi’s were competitive on price.

You can get a used Lenovo Thinkcentre for $50 on eBay. A modern pi is going to cost you that much for just the board, then you still need to buy a case, power supply, SD card, and then figure out some solution for storage…

Whoa. TIL!

I thought Mandrake/Mandriva died over a decade ago, I had no idea it was still kicking around!

No reason to bother with a Pi unless you need the GPIO for something. You can do more with a Lenovo Tiny or SFF Dell.

I fell for the Ready 100 Computer, years ago and now I don’t trust anything computer related on Kickstarter.

Host? As in running services?

Wireguard and the Proxmox Backup Server software itself. Redundancy/failover comes from the server cluster itself, not my backup server.

As far as the backup content, it “hosts” backup images of my VMs and LXCs, plus /home from my laptop in case it ever gets lost or damaged.