Nginx Proxy Manager is probably perfect for you.
Pick a domain (like mylab.home or something), set up your home network to resolve that domains IP as your docker hosts IP.
NPM will do self-signed certs. So, you will get a “warning, Https is insecure” kinda page when you visit it. You could import NPMs root cert into your OS/browser so it trusts it (or set up an “don’t warn for this domain” or something).

If you don’t want per-client config to trust it, then you need to buy a domain, use a DNS that supports letsencrypt DNS-challenge, and grab certs that way (means you don’t need a publicly accessible well-known route exposed)

Supabase is a dockerised postgres with user auth, rest API and some other goodies. It’s maybe too complicated as a starter.
Appwrite might also work for ya. Much easier to get into, but also less feature complete.
Pocketbase might also work. Haven’t used it tho

Sqlite is a great embedded database.
If you are storing lots and lots of information in a JSON file, CSV file, or coming up with your own serialisation… Chances are, sqlite is going to do it better.
I know loads of android apps use sqlite for storage. I’ve also managed to open quite a few programmes “proprietary” file format in sqlite.

Interesting to see a lot of these responses (so far) are workflow related instead of being used in production.

If you find the 10-100 viewer streamers playing fun and community games it can be nice and chill.
Feels like old school cs1.6 community servers where you hang out with regulars and have fun.
The community gaming is probably what makes it, tho

When metrics become targets they fail to be metrics any more

Yikes, that’s rough!

Are you 100% sure it was a form from a bank?
Everything stinks of a scammers phishing form, leading to scammer calls.

I expect the only time a bank is going to want your phone number is when you initially sign up with them. After that, they should know who you are and your contact details.

I almost got caught out by a “sorry we missed you” delivery message, until it was asking for my date of birth.
Some of these random emails and SMS can catch you off-guard and seem legit

You can do reverse proxy on the VPS and use SNI routing (because the requested domain is in clear text over HTTPS), then use Proxy Protocol to attach the real source IP to the TCP packets.
This way, you don’t have to terminate HTTPS on the VPS, and you can load balance between a couple wireguard peers so you have redundancy (or direct them to different reverse proxies or whatever).
On your home servers, you will need an additional frontend(s) that accepts Proxy Protocol from the VPS (as Proxy Protocol packets aren’t standard HTTP/S packets, so standard HTTPS reverse proxies will drop them as unknown/broken/etc).
This way, your home reverse proxy knows the original IP and can attach it to the decrypted http requests as x-forward-for. Or you can do ACLs based on original client IP. Or whatever.

I haven’t found a way to get a firewall that pays attention to Proxy Protocol TCP headers, but I haven’t found that to really be an issue. I don’t really have a use case

Tests is the industry name for the automated paging when production breaks

It’s the SATA cable

I think that’s how themes are distributed for VSCode, right?
With VSCode, everything is an extension.
But the vscode marketplace seems to have filters for themes, so there must be some way to differentiate them.

I think extensions need a permissions system

What makes this even more sneaky is that JetBrains has a theme called “Darcula”.

So, with a wider generic theme called Dracula and themes that duplicate JetBrains Darcula theme, it is no surprise that “Darcula Official” is being installed.
It’s more than just a typosquat

Edit:
But why can a theme make web requests?!

When learning c++ you hate c++. Then suddenly you get it, and love c++. Then you learn more c++, and you end up merely liking c++

Oh man, spoilable items? Spoilable agriculture research packs?
That’s pretty intense

Just booted? Better wait 45 seconds and many failed searches, because DNS isn’t resolving.
Doesn’t matter that you are trying to launch a local program, it absolutely must delay the user experience until it can successfully resolve a DNS query.
Disgusting

Sure, but what you are describing is the problem that k8s solves.
I’ve run plenty of production things from docker compose. Auto scaling hasn’t been a requirement, and HA was built into the application (so 2 separate VMs running the compose stack). Docker was perfect for it, and k8s would’ve been a sledgehammer.

It’s not a workaround.
In the old days, if you had 2 services that were hard coded to use the same network port, you would need virtualization or a different server and make sure the networking for those is correct.

Network ports allow multiple services to use the same network adapter as a port is like a “sub” address.
Docker being able to remap host network ports to containers ports is a huge feature.
If a container doesn’t need to be accessed outside of the docker network, you don’t need to expose the port.

The only way to have multiple services on the same port is to use either a load balancer (for multiple instances of the same service) or an application-aware reverse proxy (like nginx, haproxy, caddy etc for web things, I’m sure there are other application-aware reverse proxies).

Invalidating creds sent over http is a great point!

Surely you want to enable 802.1q? Like, that is vlan aware switching and routing. Or is that on the nas?

Edit:
Some troubleshooting:

Connect a laptop into the same subnet as your Nas (so same vlan and IP range/subnet) and connect to the nas. This either eliminates the NAS or the router from the equation