I should add the d.rymcg.tech includes step-ca if you want to host your own CA server, but I agree with @[email protected] : it’s not necessary for securely hosting services, and ir can be dangerous I’d not done carefully.

I have a similar setup. I use d.rymcg.tech (a configuration manager for Docker, as well as a collection of open source web services and config templates) and have Traefik (reverse proxy) on a Digital Ocean dropet connected to a VM in my home lab through wireguard. This framework allows me to put authentication and authoriation in front of any apps/services I’m hosting (HTTP basic auth, oauth2, mTLS). This setup allows me to control what is allowed access from outside of my home, without opening any ports.

Glances?

I self-host forgejo. I’m not a heavy or advanced user, and it suits my needs. I barely use github any more: mainly to star repos I like, and find and use repos (there’s a ton there - it’s almost ubiquitous).

I self-host xBrowserSync. It’s a bookmark sync tool, not a link manager, but it does that very well (set-and-forget - it’s almost invisible). There are browser extensions and mobile apps

I’ve also used Shaarli, which is more of a link sharing tool. Don’t remember much about it, though - sorry.

I just learned about OpenFreeMap. I’ve not done it but it touts itself as a simple way to host your own tile server. I’m assuming that your proxy would work for a self hosted tile server with a few alterations.

I just learned about Waypoint to plan trips. Haven’t looked at it yet but it sounds cool.

Blossom Puzzle, October 3 Letters: E G N O R S T My score: 293 points My longest word: 9 letters 💐 🌺 🌷 🌼 🏵 🌸 🌹 🌻 💮

I think most of the other suggestions seem like a better solution than WordPress, but there is a plugin for WordPress that exports static websites.

I don’t think you’re correct.

• Richard Nixon (1969–1974)
• Gerald Ford (1974–1977)
• Jimmy Carter (1977–1981)
• Ronald Reagan (1981–1989)
• George H. W. Bush (1989–1993)
• Bill Clinton (1993–2001)
• George W. Bush (2001–2009)
• Barack Obama (2009–2017)
• Donald Trump (2017–2021)
• Joe Biden (2021–present)

Applause for the term “pluriverse” (did you coin it?).

And a standing ovation for the alliterative phrase “pluriverse of protocols”.

It may or.may not be weird depending on the situstion, your neighbor’s personality, your relationship with your neighbor, etc.

But weird != wrong.

I am self hosting it right now, but mainly for friends, family and acquaintances

In addition to rants, if you post tips, how-tos, explanations, best practices, suggestions, etc., I’d like to read your blog. Can you share the URL?

Thanks for your research and the suggestion, @[email protected].

I wasn’t able to make that work, but I don’t think it was trying to solve the problem I’m having, anyway. That procedure was to add self signed SSL certificate to Android, but my certificate is neither self-signed nor an SSL cert. At least I think not - I find certs very confusing. The cert I’m trying to work with is an mTLS cert, a client cert. It’s not used to establish a secure SSL connections, it’s used to verify that I (the person with the cert) and authorized to use the app.

Additionally, I’m able to successfully install the cert into Android, but the problem is that it seems to be ignored. The mTLS cert is installed in GrapheneOS’s “VPN & App User Certificate” section, and my CA cert is installed in the “CA Certificate” section. Vanadium, Fennec, and Mull browsers just aren’t using them. :(

Thanks for the reply, @[email protected].

I tried to install my client cert in “CA Certificate” but the certificate manager app in GrapheneOS said that it was the wrong kind of cert to be used in “CA Certificate”. It is, after all, a client cert, not a CA cert.

:(

Thanks for all those explainations, everyone. Some of it was over my head, by I got the gist. 🙂

I just installed this a couple days ago and already used it twice. It’s super easy and convenient.

All of these replies made me feel a little bit better, but yours especially resonated with me. Thanks.

Can you try killall ssh on the client, and then try to ssh into the rpi again?