It is easier to think of the SSL termination in legs.

1. Client to Cloudflare; if you’re behind orange cloud, you get this for free, don’t turn orange cloud off unless you want to have direct exposure.
2. Cloudflare to your sever; use their origin cert, this is easiest and secure. You can even get one made specific so your subdomains, or wildcard of your subdomain. Unless you have specific compliance needs, you shouldn’t need to turn this off, and you don’t need to roll your own cert.
3. Your reverse proxy to your apps; honestly, it’s already on your machine, you can do self signed cert if it really bothers you, but at the end of the day, probably not worth the hassle.

If, however, you want to directly expose your service without orange cloud (running a game server on the same subdomain for example), then you’d disable the orange cloud and do Let’s Encrypt or deploy your own certificate on your reverse proxy.

Looking great! I think it would be amazing if there are filters for processor generations as well as form factor. Thanks for sharing this tool!

In the old days, it used to be a problem because everyone just connect their windows 98 desktop with all their services directly exposed to the internet because they’re using dial up internet without the concept of a gateway that prevents internet from accessing internal resources. Now days, you’re most likely behind your ISP router that doesn’t forward ports by default, and you’re only exposing the things you’d actually want to expose.

For things you’d actually want to expose, having a service on the default port is fine, and reduces the chances of other systems interacting with it failing because they’d expect it on the default port. Moving them to a different port is just security through obscurity, and honestly doesn’t add too much value. You can port scan the entire public IPv4 space fairly quickly fairly cheaply. In fact, it is most likely that it’s already been mapped:

https://www.shodan.io/host/<your-ip-here>

Keeping the service up-to-date regularly and applying best practices around it would be much more important and beneficial. For SSH, make sure you’re using key based authentication, and have password based authentication disabled; add fail2ban to automatically ban those trying to brute force. For Minecraft, online mode and white listed only unless you’re running a public one for everyone.

Stop addressing them as “normies” would be a great start.

Can’t speak for rest of the Fediverse as I’m not super active on microblogging anymore, but at least here on Lemmy, there is such a strong “in” culture and quirky skewed perception of the world, and often times come off as actively hostile against those that do not share the same quirky skewed world view. The anti-AI, anti-corporate, would rather shoot myself in the foot if it’s not FOSS, etc kind of views, with their own strong vocal proponents, comes off as unwelcoming. People are addicted to socials because of the positivity they can get, not the negative sentiments that’s often echo’ed.

Amongst those that doesn’t share the kind of view, you’d already be looking at an extreme small minority that might be willing to give the platform a try, but as long as the skewed perception of the world dominates the discussions, you can expect them to go back to main stream centralized platforms where they can get more main stream view points based discussions.

I’m not saying you’re wrong — I’ve even upvoted your earlier comments because I’m generally in agreement; you’re an instance admin judging by your handle, go and check the vote history yourself lol.

I’m saying people shouldn’t force their janky unproven solo solution on to someone else who doesn’t have their level of distrust, and would just rather trust the multibillion multinational corporation, when all they want is something that’s been working fine for them for all they care.

There’s always the add more of everything so something could fail without impacting the stability aspect, and that’s great for a corporation needing the redundancy; but it’s probably prudent to not forget there’s also the “I’m interested in learning” aspect, where people running a home server to play with software side of things.

You’re spot on in that we’d need to know what it is that OP would like to do with the system, but I’m getting the feeling that stability isn’t that high of a concern just yet.

Until the basement floods and the server goes offline for a few days; or botched upgrade that’s failing quietly; over zealous spam assassin configuration; etc etc

It sounded like they were trying to archive things from Gmail to their own server, so just cut the middleman jank out, and let the wife continue to use her Gmail as intended.

Or better yet, let her keep her gmail. Don’t force any lab instability on to others… especially email. One lost important email (even if not your fault) and you’ll never hear the end of it.

You can manage them as long as you have access to your controller. If you’re using the controller hosted in their cloud, then you’re beholden to their outages. Some gateways cannot use your own controller, so be mindful when selecting your gears.

I use UniFi for switches and AP, it doesn’t make sense to use something else for gateway, not even the AmpliFi or EdgeRouter product lines. Single pane of smooth glass to manage everything in one place.

Get free-ish Enterprise account for Flightaware?

Wololo wololo

Technically, the words are adopted from Chinese (in this case both Traditional and Simplified are the same and have not diverged yet); but same meaning and reasoning, just different pronunciation.

Emojis used zero width joiner to combine multiple single code point emoji to a single combined emoji.

⛥ + ZWJ + ⬠ could form the combined character, and be rendered as desired.

The answer depends on how you’re serving your content. Based on what you’ve described about your setup, your content is likely served over HTTP through the secured tunnel. The tunnel acts like an encrypted VPN, which allows unencrypted content to be sent securely over the wire. This means although your web server is serving unencrypted content, it gets encrypted before it goes to Cloudflare, so no one along the path could snoop on it.

It’s not threatening anyone… I don’t believe I’ve seen anywhere that the mods say or imply that. Also before anyone complain about singling people out, no, if I share anything from a non-reputable source, it’s going to get deleted, regardless of the subject. It’s about the quality of the source; the objective is to create a community sharing good trustworthy sources to improve the overall quality of content appearing on the community.

Again, you’ve been invited by the mods to repost from a more reputable source. If there aren’t any, then perhaps it is not !news worthy.

Looks like a case where poorly sourced article getting removed, with invitation to repost with a more reputable source… so do so with a better source. Or is the underlying article itself leaning too much towards propaganda that there is no more reputable source? and if that is the case, then is it really !news worthy?

Can you elaborate further? If the intention is to obscure the information by federating anonymous information outwards, then no third party instance owners can observe the true usernames for vote manipulation from the same user across instances. If more instances deploy this kind of poisonous behaviour across the fediverse, then it becomes untenable for instance owners and community moderator to protect themselves, which in turn hurts the fediverse as a whole.

Edit: if you mean the vote percentage thing, that’s utterly useless. Vote amplification works both ways, a bot user doesn’t have to vote just down or just up. So knowing the percentage of the anonymous user’s previous behavior doesn’t support identifying vote manipulation. An alleged abuser can easily create thousands of account and sample random % of account to mass drive sentiment without having them all appear with similar percentages.

I’ve seen posts being downvoted by user@instancea, user@instanceb, username@instancec etc. this will make tracking that kind of abuse much more difficult.

No PRs means no automated tests/CI/CD, which means you’d slow down the release train. It might typically be just a 2 minutes quick cycle, but that one time it goes off for longer due to a botched update from upstream means you’re never going to do that again during business hours.