Hey thank you very much for the tip. I have bookmarked it. I feel better knowing it is going to be maintained.

My issue was that Watchtower would sporadically just fumble the update, making re-deployment sometimes necessary. It wasn’t a tag issue. At least none that I could see. Of course, the possibility exists that I could just very well be a dumbass. I just assumed that to be the Docker updates that have happened over the past year, and, without any new code, it just broke. There was a recent Docker/Portainer issue. It happens.

I either read somewhere or someone tipped me off to the fork. I can only speak for my network, but the fork did the trick. Have had zero issues, and I’ve been using it for a good while. Now, I notice that Watchtower fork hasn’t been updated in 6 months. I guess it’s either been abandoned again or there just hasn’t been a need to do so.

Same. No issues.

I mean, there can be some serious consequences, especially if your server starts attacking other servers. They don’t take that shit lightly.

I remember the first Linux server I stood up on a VPS. It got thoroughly hacked almost immedietly. Not only did they hack the server, they set up attack vectors on other servers…aaaand a bitcoin miner. Got up that morning, checked mail, and there was a nastygram from my host wanting to know WTF over. Since then, I did a ton of reading, took a couple basic online courses for my own edification. I now tend to go overboard on security now days if that is possible. I’ve been told my set up is way over engineered. However, it’s been ticking along these many, many years now without issue. Also, since I am the only user of my network, it’s a little easier to lock down. Users create complexities and complexities cause issues.

I’m sure you have done the leg work in bolstering your knowledge base in setting up your first VPS server, but as others have said, beware. It reminds me of the movie Constantine, where just beyond light, in the shadows, lurk thousands and thousands of demons. They are sophisticated bots too, and are quite autonomous.

Authentik

In my reading, tho I don’t run it, VoidAuth is supposed to be lighter than Authentik. Do you have a directive or purpose sketched out for your server? What you want to accomplish, etc?

VPN (At least for local-to-VPS connection, but possibly also for external clients?)

Tailscale is my choice for my VPN overlay on the server. I also use the evil Cloudflare Tunnel/Zero Trust. All devices also run their own VPN.

I have played around with Cosmos. Pretty neat little package, especially for someone just starting out. I can’t speak to it’s performance, but I read glowing reviews. YunoHost would be in that category as well, with a very large app catalog.

Looks like you are heading in the right direction.

Factorio

only old people use computers.

I feel assaulted.

Hmmmm, I did not know that existed. I’ll check it out.

be aware though that if you are not using https

Most definitely using https. I’ll give it a go and see what shakes out. Thanks for the help. I’ll report back.

Well, I’m not sure if the evil Cloudflare Tunnel/Zero Trust, Tailscale, would play nice with Caddy in the mix. I used to use Caddy a long time ago and it is a very capable piece of software. Cloudflare Tunnel/Zero Trust handles pretty much what Caddy does, so I’m unsure if it would create conflict.

So in your case you could have a blanket rule covering your entire domain and gradually add more specific paths as needed.

Ok well that’s helpful. Thanks for the input. I have seen a lot of people recommend VoidAuth so there has to be something to it. LOL

I’ve always wanted a SSO, however, at this point with over 75 apps, I would have to integrate them somehow.

VoidAuth does NOT provide https termination itself, but it is absolutely required. This means you will need a reverse-proxy with https support in front of VoidAuth, as well as your other services.

How would that work in an evil Cloudflare Tunnel/Zero Trust setup?

That’s cool. I pipe everything through a VPN.

also don’t route all my WAN traffic over VPN. Just some of it.

Are there advantages in doing such or what is the reasoning behind that? I would have anxiety…not that I have anything to hide /s

So, how do you change the IP of your VPN on the router if say, you wanted to unblock something that was geoblocked, other than manually on the router’s WUI? Curious, since I have read of people deploying a VPN on the router. Do you just pick a location and go with it? I’ve always have enjoyed the option to change geographical locations on the fly, from the device app.

My wife got very upset. Apparently she likes the ads.

Ahhh the WAF (Wife Acceptance Factor). I created a separate vlan just for her when she comes over, and she can have all the ads and crap she wants. Just keep it off my network.

I think eventually it’ll be inevitably regulated

I know some fear regulation, or over regulation, but right now it’s the wild wild west. Reminiscent of when the internet first became available to the general public. Regulation is necessary, as much as I sometimes chafe at the thought. Corporate penny pinchers are noticing the increased bandwidth u$age and there is no quid pro quo for them.

No problem. I was looking for a HRConvert2 fork but didn’t see one. Usually if the repository goes unmaintained for a while and there is interest in the project, somebody somewhere will fork it.

Happy to share. Came across it in my internet travels and bookmarked it thinking, maybe some could use it.

How about Convertx: https://github.com/C4illin/ConvertX

Network Chuck

They are archived for download at https://archive.org/details/NetworkChuck. That way you don’t have to jump through all of YT’s bs.