That makes sense, except Google kinda does the same thing. Everything they have is technically just a “free tier” of the Google One subscription, right? I guess I’m saying that “free tier of paid product” doesn’t automatically qualify a company as trustworthy for me. Is there something else that sets Cloudflare apart?
Why does Cloudflare get a pass on the “if it’s free, you’re the product” mantra of the self-hosting community? Honest question. They seem to provide a lot for free, so…
I’m doing something similar (with a lot less data), and I’m intending on syncing locally the first time to avoid this exact scenario.
I’ve been looking around for notes apps with similar criteria with the addition of a portable format (markdown prferably) and, ideally, the ability to add images directly from the camera. I landed on GitJournal and backed it with a self-hosted Forgejo server, but this can be any git server. This has the benefit of requiring an ssh key pair for access
If you have NextCloud, you can try Deck. I moved off from NextCloud and Deck was, oddly enough, one of the harder apps to replace. I ended up with Vikunja. They have an android app in alpha but it feels pretty polished
When I turn off Wi-Fi, I’m not on the same network as my server, it’s my carrier network so all the internet hops are expected.
The way it’s working now is I have a domain (example.com) that is set up on cloudflare DNS. I added a tunnel in cloudflare zero trust, which generates certificates you add to your server to encrypt traffic from your server to cloudflare. I have added these to traefik to be served with my service url (service.example.com). Then, I added a route in cloudflare for service.example.com.
This works fine. But, what I’ve also done is add a local DNS entry for service.example.com so when I’m on my LAN, I access it without going out to the internet and back (seems like a waste). However, this is serving the origin server certs from cloudflare, which causes trust issues
I’m using docker for everything: traefik, cloudflared tunnel, and my services on the same hardware. The tunnel just runs, and it’s configured on cloudflare zero trust to talk directly to the container:port over the docker network.
That’s what I’m settling on. However, it’s not just about trust, some of the services I’m exposing deal with moving files and I’m mostly interested in higher speeds associated with local transfers as well as not using up my internet data cap.
You’re right, I’m using the cloudflare DNS challenge to get let’s encrypt certs. I’m definitely hitting traefik. I’m testing by turning the Wi-Fi on my phone off/on and opening the page after. I get the same cert every time but it’s not trusted when on Wi-Fi. This makes sense since it’s the origin server cert which is meant to encrypt traffic between my server and cloudflare. To add more certainty, when Wi-Fi is on, a traceroute shows only one hop to my server and shows a bunch of hops when it’s off.
Barring any Traefik tricks that allows me to accomplish what I’m after, I was thinking of going with your “third” option of just letting it use Cloudflare for everything but, I had to check with the experts first before just doing it.
I have some apps that complain or, in one case, flat out doesn’t work if the cert is invalid. I’ve been working around it (sort of) but it would be nice to have it set up “correctly” for once. If routing all traffic through Cloudflare is the answer, so be it ¯_(ツ)_/¯
If I use the Cloudflare origin server certs, the browser shows insecure and the message is “certificate not trusted” which is the same message as self-signed, if I’m not mistaken. I’m not sure what other details are relevant as I’m still new-ish to the networking portion of this home server thing. I’m happy to answer any questions if you suspect something.
I’m not using self-signed anymore, I’m getting them from Cloudflare via DNS challenge
My guess is they’re referring to these release posts with zero detail.
“KelmRigger new release!” means nothing to anybody that’s never heard of it. At least add a sentence to say what it is rather than make everyone go look it up.
So, we’re destined to make new words for colors because all the color words we have now are taboo?
Blackmail was used in England and Scotland to describe money paid by tenant farmers to a chieftan: https://www.history.com/news/where-did-the-word-blackmail-come-from
Black sheep literally comes from black sheep. That one is really obvious… https://www.etymonline.com/word/black sheep
Black market was more associated with anarchists that used black as their color than actual black people. https://en.wikipedia.org/wiki/Black_market
The goal here shouldn’t be changing peoples’ view on the concepts of white/black. We need to stop people from using those words to describe people. People (outside rare cases) are not BLACK or WHITE or YELLOW or RED, or… how about we use actual people names for people?
White and black as colors and concepts are too important to have to tippy-toe around. If something is black, I should be able to say so without getting internet-spanked. Etymology means something regardless of what anybody thinks. You can’t just make something racist because it has a color word in it.
Can everybody just stop looking for things to be mad about for a hot minute?
These aren’t even racial terms, they were used for unionized vs. ununionized workers. Maybe we should be working on not calling people by color names. Not being able to use colors to describe things in the world because it is racially-adjacent is getting a bit difficult
The only way I see that is a dependency update is if you’re versioning your node_modules or <insert-folder-here> which is generally a no-no
Keep changes small, we use git patch stack https://github.com/uptech/git-ps
I needed something dead-simple to keep homelab documentation. If it’s not simple, I probably wouldn’t keep up with changes. I landed on An Otter Wiki https://github.com/redimp/otterwiki
I’m referring to docker bridge networks.
old_main
is in the 10.2.1.0/24 subnet and i’m trying to move everything to a new bridge network on a subnet of 10.0.0.0/24. sorry, i’m not exactly sure what other info would be useful