I sort of said as much. It really doesn’t matter, imho, what you use. As soon as that service becomes abused globally, everyone blocks it, including Tor. Any server using DPI or TLS will spot it a mile away. Now, if you have a fool proof way, than I am very much ready to be educated.

resistant to blocking?

That’s going to be the sticky wicket right there. It is rather trivial for server admins to know what IPs go with VPNs and not. Wireguard is about the best thing on the planet right now, imho, but it will also get blocked. Occasionally, I will happen on a site that outright blocks me. If I can’t bend the site to my will, I just move on. The information on the blocked site will 9 times out of 10 be found duplicated somewhere else.

One ‘trick’ I’ve found works fairly well is Opera. So, when I go to pay my bills online, my VPN coupled with the way I have Firefox configured, will trigger a block. I can fire up Opera, engage it’s built in VPN, still keep my local VPN connected, and have no problem accessing my bills. It’s not an elegant solution, and some users have preclusions to Opera. However, that generally works for me.

Yes, you can create a second Tailnet in Tailscale and add your server without including your personal devices. You’ll have to create a separate account with a separate email address. Then you can join this second Tailnet with your server while leaving your other devices out. The separation allows you to manage connectivity and network policies independently.

What would you guys recommend for a server machine?

I would recommend buying fairly modern equipment, say within the past 5 years or so. Desktops, workstations, with a few additions/adjustments, can make excellent, energy efficient servers. As far as RAM, if your equipment takes DDR3, you will escape the ridiculous current price gouging. For RAM, I shop at MemoryStock. HDD drives still make good storage units, tho I go with SSD for the OS, and HDD for everything else. I would stay far away from enterprise type equipment, even though the prices may be tempting. The money you may save buying cheap, enterprise equipment will be spent on your power bill.

Redundancy covers a lot of ground. You can have a redundant server to fall back to should the wheels fall off of the main server. In the case of say a NAS, RAID gives you redundancy where if one drive fails, you can hot swap it for a fresh one and keep on rocking…pretty much. Redundancy can also apply to backups. I have a main, daily backup, and the same backed up to two different locations.

In addition to equipment selection, you will need to do some reading up on securely setting up a server, if you’ve never done so. Also start thinking about firewalls, WAFs, etc. I would recommend going through the Linux Upskill Challenge. Get your server set up and secured. Familiarize yourself with your server. Add a single service, and play around with that until things start to gel. Then you can think about slowly adding additional services.

I guess there will be a time where I take notes of what month it is!

You may jest, but there are times when I can’t remember what I had for breakfast. They say that you never truly forget anything, but that our recall mechanism fades over time. For a myriad of reasons, including age, my recall mechanism is shit.

Without rDNS:

nslookup xxx.xxx.xxx.xxx (VPN IP)

** server can’t find xxx.xxx.xxx.xxx.in-addr.arpa: NXDOMAIN

With rDNS it might look like this:

nslookup 208.104.203.197

197.203.104.208.in-addr.arpa name = 208-104-203-197.reserved.comporium.net.

ETA: I just pulled 208.104.203.197 out of my firewall. I have beef with them. They hammer me daily from all the way in Gilbert, SC where the fuck that is but I wished they’d stop. I just block their entire CIDR.

deleted by creator

test

Proton will reconnect in the background which means the port changes and the IP address changes.

That’s weird. What is the reasoning behind that? That would drive me up the wall. A new IP and port would require a new leak test for me. Some VPN slots have a reverse DNS which attaches an identifier to the whole shebang, and in my mind, is unacceptable.

That really looks good bro. Very modern looking card style. I’m keen to know how you have coded it to reject IP, other than VPN traffic.

to try and prop their own war machine back up.

I don’t honestly think that Russia couldn’t already afford modern infrastructure and military, as much as I think the government crippled because it’s basically run mafia style where everyone is skimming heavily. on the take. and money being funneled to already wealthy pockets. This sounds vaguely familiar. Even down to people ‘falling’ out of a window from great heights. I get what you are saying tho. Russia is rich in natural resources if they can figure out how to extract a lot of it from the frozen tundra.

Russians aren’t brown skinned people tho. We almost exclusively bomb brown skin people.

If going with a standalone dashboard service, which one?

I use Homarr and find it suites my needs. However there are quite a few others out there. Homepage seems to be a popular one with loads of integrations available.

As in a blog or wiki? I do not because I am not authoritative. What I know came from reading, doing, screwing it up, ad nauseam. When something finally clicks for me, I write it down because 9 times out of 10, I will need that info later. But my writing would be so full of inaccuracies that it would be embarrassing and possibly lead someone astray.

OP, totally understand, but this is a level of success with your homelab. Nothing needs fiddling with. Now, there is a whole Awesome Self Hosted list you could deploy on a non-production server and run that through the paces.

Right before the end of your day

Oh, gosh, I did this last evening. I didn’t check what time it was, and initiated an update on some 70 containers. I have a cron that shuts down the server in the evening, and sure enough, right in the middle of the updates, it powered off. I didn’t even mess with it and went to bed. Re-initiated the update this morning, and everything is up and running. Whew!

unnecessary complexity?

I can help with that. It’s a skill I have. LOL

At 71, I have to document. I started a long time ago. I worked for a mec. contractor long ago, and the rule was: ‘If you didn’t write it down, it didn’t happen.’ That just carried over to everything I do.

time to test the backups!

Always a white knuckle event for me