I was hoping for an answer. I think OP is saying that the backends are not persistent. So each time data is written or accessed, the backend may be dynamically created or modified. Guessing in lieu of OP’s response. However, the OP’s account is 6 hours old so…

I’m not sure if NextDoor is available in your area but a lot of people dig that sort of thing. Maybe you could put the word out leveraging NextDoor along with some posters around the neighborhood…

I sure haven’t seen any nay sayers. Just some people giving advice, and sharing their experiences.

Sure. It wasn’t a dig against OG Watchtower, it was just that it ceased to work correctly for me, and I sought other options. Whomever produces selfh.st does have a bit of sarcastic wit to his writing that I kind of like anyways. When speaking about GitHub, he threw out another zinger: ‘Cue the intense backlash from users who hate paying for things’. So, I just think it is his writing style. I didn’t get all hung up on it.

Oh this one here will keep you from having a seizure everyday, but you’ll shit your pants every 30 minutes. So the choice is, do you want to roll around on the ground looking like you’re trying out a weird pop-lock break dance, trying to eat your tongue, or do you just want to crap your pants on a regular basis. You pick.

Hey thank you very much for the tip. I have bookmarked it. I feel better knowing it is going to be maintained.

My issue was that Watchtower would sporadically just fumble the update, making re-deployment sometimes necessary. It wasn’t a tag issue. At least none that I could see. Of course, the possibility exists that I could just very well be a dumbass. I just assumed that to be the Docker updates that have happened over the past year, and, without any new code, it just broke. There was a recent Docker/Portainer issue. It happens.

I either read somewhere or someone tipped me off to the fork. I can only speak for my network, but the fork did the trick. Have had zero issues, and I’ve been using it for a good while. Now, I notice that Watchtower fork hasn’t been updated in 6 months. I guess it’s either been abandoned again or there just hasn’t been a need to do so.

Same. No issues.

I mean, there can be some serious consequences, especially if your server starts attacking other servers. They don’t take that shit lightly.

I remember the first Linux server I stood up on a VPS. It got thoroughly hacked almost immedietly. Not only did they hack the server, they set up attack vectors on other servers…aaaand a bitcoin miner. Got up that morning, checked mail, and there was a nastygram from my host wanting to know WTF over. Since then, I did a ton of reading, took a couple basic online courses for my own edification. I now tend to go overboard on security now days if that is possible. I’ve been told my set up is way over engineered. However, it’s been ticking along these many, many years now without issue. Also, since I am the only user of my network, it’s a little easier to lock down. Users create complexities and complexities cause issues.

I’m sure you have done the leg work in bolstering your knowledge base in setting up your first VPS server, but as others have said, beware. It reminds me of the movie Constantine, where just beyond light, in the shadows, lurk thousands and thousands of demons. They are sophisticated bots too, and are quite autonomous.

Authentik

In my reading, tho I don’t run it, VoidAuth is supposed to be lighter than Authentik. Do you have a directive or purpose sketched out for your server? What you want to accomplish, etc?

VPN (At least for local-to-VPS connection, but possibly also for external clients?)

Tailscale is my choice for my VPN overlay on the server. I also use the evil Cloudflare Tunnel/Zero Trust. All devices also run their own VPN.

I have played around with Cosmos. Pretty neat little package, especially for someone just starting out. I can’t speak to it’s performance, but I read glowing reviews. YunoHost would be in that category as well, with a very large app catalog.

Looks like you are heading in the right direction.

Factorio

only old people use computers.

I feel assaulted.

Hmmmm, I did not know that existed. I’ll check it out.

be aware though that if you are not using https

Most definitely using https. I’ll give it a go and see what shakes out. Thanks for the help. I’ll report back.

Well, I’m not sure if the evil Cloudflare Tunnel/Zero Trust, Tailscale, would play nice with Caddy in the mix. I used to use Caddy a long time ago and it is a very capable piece of software. Cloudflare Tunnel/Zero Trust handles pretty much what Caddy does, so I’m unsure if it would create conflict.

So in your case you could have a blanket rule covering your entire domain and gradually add more specific paths as needed.

Ok well that’s helpful. Thanks for the input. I have seen a lot of people recommend VoidAuth so there has to be something to it. LOL

I’ve always wanted a SSO, however, at this point with over 75 apps, I would have to integrate them somehow.

VoidAuth does NOT provide https termination itself, but it is absolutely required. This means you will need a reverse-proxy with https support in front of VoidAuth, as well as your other services.

How would that work in an evil Cloudflare Tunnel/Zero Trust setup?

That’s cool. I pipe everything through a VPN.

also don’t route all my WAN traffic over VPN. Just some of it.

Are there advantages in doing such or what is the reasoning behind that? I would have anxiety…not that I have anything to hide /s

So, how do you change the IP of your VPN on the router if say, you wanted to unblock something that was geoblocked, other than manually on the router’s WUI? Curious, since I have read of people deploying a VPN on the router. Do you just pick a location and go with it? I’ve always have enjoyed the option to change geographical locations on the fly, from the device app.

My wife got very upset. Apparently she likes the ads.

Ahhh the WAF (Wife Acceptance Factor). I created a separate vlan just for her when she comes over, and she can have all the ads and crap she wants. Just keep it off my network.