I want to be able to upload/download/share my photos from anywhere in the world without using a VPN. Additionally, this satisfies the wife requirement. It works in the background without her needing her to turn on the VPN. I don’t want her to keep asking me how do I turn on the VPN? If it’s just me, then no issue, I’ll use a VPN.
It’s hard to explain from scratch.
Caddy is a reverse proxy software that essentially redirects traffic from a certain port to another port. For example external:port => internal:port. It also enables SSL encryption meaning everything will be encrypted en route between the external and the user.
VPS is a virtual private server. Just someone else’s computer you can expose to the Internet.
Tailscale is a mesh VPN that uses wire guard as its transport. I use this to tunnel between my VPS and my Immich server to hide my home IP and to allow encrypted traffic between my Immich server and my VPS.
A zero-day (also known as a 0-day) is a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available. The vendor thus has zero days to prepare a patch, as the vulnerability has already been described or exploited.
There’s no fix other than security through layers.
Pretty much I have caddy on a VPS that’s pointing to my internal IP using a tailscale tunnel. You are still exposing the web gui to the Internet so I just changed authentication to OAuth to mitigate since risk. There is still a possibility of attacks via zero days, but my immich is on a VM and I’m creating firewall rules to just allow certain ports out.
You will need a VPS as your other endpoint
How are you accessing the fediverse?
I usually say if you have time can you do XYZ? That way if they don’t want to, it’s assumed that they didn’t have time which is fine. They always have a way out
PiHole and AdGuard are both easy to setup servers for network wide DNS blocking. (Homenetworking)
NextDNS is an external entity that allows you to setup DNS blocking on devices that support DoT, DoH, and occasionally plaintext DNS. (For your phone and other mobile devices)
iPhones and Androids both support DoT while Firefox (and likely most modern browsers) supports DoH.
If you don’t want to rely on an external entity, you could use a wire guard split tunnel to block your ads away from your home network. Additionally you can set up a VPS and self host your DNS server there.
I have maybe a few dozen USB C devices all from dumb 5V/2A chargers to 20V/5A chargers. From USB 5GB to USB 40GB. Never once have I ever had issue with the cables and connectors. Only time I’ve had an issue was when I dropped my phone into the charging cable where it physically broke off.
Meanwhile I’ve had an iPhone for 4 years and the lightning connector broke in such a way I had to use hot glue to pull it out of the port.
I just use google OAuth since everyone I know has a google account. It just can’t use OAuth on private IP addresses, just FQDNs.