I’m torn in how to feel about this. it was stupid to turn to a chatbot for things you know nothing about, as you then can’t even verify anything. and when you are a beginner, you probably shouldn’t start with SAS hardware either because it’s more complicated with the added enterprise features.

port 7657 is to the router console, do you really want that? if no, you need to check the tunnel manager for the port configured for your eepsite. its in the I2P Hidden Services list. the default entry uses port 7658

if you followed the advice of others to change the advanced config, you should probably revert this change because you don’t need it.

btw sometimes it may be useful to also expose the router console. but since that’s only for you, you don’t want others using it, configure an encrypted leaseset for it, which makes the router console’s eepsite invisible to others on the network. you should keep the router console’s authentication when you do this. https://geti2p.net/en/blog/post/2021/09/07/Level-Up-Encrypted-Leasesets

I think that’s misleading. I doubt OP wants to access the router console with this name.

I hate it that systemd is so quick to shut down sshd when shutting down the system. it does that in the very first “round”, while it could really just keep it running till the end…

seems right. actually you were just not responding to the questions of anyone in this chain, but always responding with irrelevant things. and thanks for the downvotes! please bring some more.

and where does forgejo support federation for issues, PRs?

if the server is compromised, all the data it stores is at risk of getting drleted or modified. so I don’t think a VPS really solves the problem.

no, forgejo doesnt have “all that”. you are totally missing the point. git is federated, of course, but the added features of forgejo or any other known git forge is not (yet).

does not seem like it

guess what, I know how these work. running 2 dozens of services over two machines, and as I said above, I use my own root certificate… that’s how I know that lots of apps have problems of varying severity with custom root certs! usage of user-installed certs is opt-in nowadays for smartphone apps, it’s not at all like on windows or linux.

you are telling how to do things. the whole thread has been about you telling us to rent a domain for certificates and stop complaining about it being the only viable way…

Sure, but you can’t access your home network anyway if your router is turned off…

of course but most routers won’t do anything like this. and by router I mean the all in one devices people have, not enterprise gear.

Asus routers, even my 15 year old tplink archer A7 could

with factory firmware?

the only router firmware I have seen be able to do that is openwrt, and maybe mikrotik’s. none of these are common though, but if you can do this then yes this is a pretty efficient solution

You can also generate your own certs and use your own ca.

I do this, with a custom root cert, but it has problems. some apps don’t accept it, some only accept it by totally disabling cert verification.

installation is also very cumbersome: you go to a weird, badly structured menu on your phone deep in the settings, and select the certificate from storage where apps could have had replaced it while you were navigating the menu.
it does not ask you for confirmation, does not show anything important about the cert, like its fingerprint you could use to quickly check its not been modified, any name constraints, validity period, etc. users cannot tell what that cert will grant its creator, because the system does not tell them anything so that they could decide, other than a generic “your connection may be monitored” message at all times. and when they refuse to install your cert, they are right, because this way it is very risky.

so please tell me “how to do things right”, or shut up if you can’t tell any useful info

Then VPN in, send a signal to the esp using one of various methods to tell it to send the packet.

this sounds like it requires another computer already turned on

yes you need if you want HTTPS that is accepted by the smartphone client apps of your services.

domains are a constant expense

we shouldn’t need to pay for a domain to be able to self host.

yes, I made a mistake when writing. I was hoping I edited it soon enough that nobody noticed

element call is still a separate thing, but I guess it’s better integrated now

element also has their own service for that, element call. that too can be used without login, or selfhosted

ps: I was wrong it’s not a fork, but a different thing doing the same and more