I didn’t know they stored local copies — had a very, VERY quick skim through their privacy policy on their website and couldn’t see any reference to that (sure it’s there but I didn’t see it).

I’m not a Spark user btw, was just following the conversation. I use plain ol’ Apple Mail.

I could be misinformed, but this isn’t just limited to Spark as I understand it, I believe a lot (maybe all?) third-party clients do the same thing. They act as an intermediary between you and the server so they can deliver push notifications.

However, as I understand it, Spark’s privacy policy outlines that they don’t read/scan the contents of your emails, and the use of app-specific passwords rather than your email password ensures they only have access to emails and nothing else.

Pretty sure others such as Canary, Airmail, Edison, etc. all do/did the same thing, but it was the lack of clarity in Spark’s privacy policy that made them the main target for scrutiny. I think they’ve since cleared that up.

I could be mistaken, though.

Will definitely let you know if I figure it out, for sure.

Before putting Pi-hole behind Traefik, it worked perfectly via :/admin. And the logs for Pi-hole now in Traefik show that it is up and working, and I get the login page. But just can’t get beyond it.

The guides I’ve seen show how to structure the Traefik labels with and without the addprefix middleware, and both apparently work. So I’m wondering if by following several guides and taking bits from each, I’ve ended up overlooking something.

I’ll try and expose 80 and see if it makes a difference, but like I say everything is up and running in the backend, I just can’t get past the login screen on the frontend.

Thanks. Yeah it’s really frustrating. There are guides out there that show that it’s possible, but I think I’m missing something somewhere. I’m combining guides together so more than likely I’ve missed a step somewhere.

I don’t plan on exposing any of this stuff to anybody other than me. I do plan on spinning up SearX but it’ll only be me using it. I’ve given up trying to convince my family to move away from Google to even DuckDuckGo or Startpage, so there’s no way I’ll convince them to use SearX!

I think, therefore, for accessing away from home I’ll perhaps setup a subdomain that points to the IP of my Tailscale container — that means it’ll be accessible externally but only when I turn on the VPN.

When I’m on my home network I have a VPN on my Mac anyway.

Before I was using Traefik I used to use plain NGINX and was pretty happy with it. I made the switch to Traefik after reading some good things about it on Reddit.

More than happy to switch to NPM and give it a try. At this point I have no reverse proxy running at all, so not even like I have to swap out Traefik — there’s nothing they’re to begin with.

Thanks, I’d like to know more about how to go about this approach.

I guess in my head, I want to achieve the following (however I go about it):

• Access https://mydomain.com from outside my network and hit some kind of blank page that wouldn’t necessarily suggest to the public that anything exists here
• Access https://mydomain.com from inside my network and hit a login page of some kind (Authelia or otherwise), to then gain access to the Homepage container running in Docker (essentially a dashboard to all my services)
• Access https://secure.mydomain.com from outside my network and route through to the same as above, only this would be via the Tailscale IP address/container running on my stack to allow for remote access
• Route all HTTP requests to HTTPS
• Use the added protection that Cloudflare brings (orange clouds where possible)
• SSL certificates for all services
• Ability to turn up extra Docker containers and auto-obtain SSL certs for them Ensure that everything else on my NAS and network is secure/inaccessible other than the services I expose through Traefik.

I have no idea where Cloudflare factors in (if at all), nor how Pi-hole factors in (if at all).

Internal stuff I’ve been absolutely fine with. Stick a domain name, a reverse proxy and DNS in front of me and it’s like I’m learning how to code a Hello World app all over again.

Interesting, I’ve never considered Cloudflare Tunnels. Thanks.

However I do remember seeing this video the other day, that suggests perhaps it’s not always the best solution? Not sure this applies here, though: https://www.youtube.com/watch?v=oqy3krzmSMA.

Would love an up-to-date tutorial on how to do this without a domain name. I don’t own one but would still much prefer to use https://jellyfin.myserver.home than http://192.168.1.200:8096.

Thanks. Yeah I originally had plain ol’ NGINX (granted, without the additional networking I have now) and using

location /xyz {
$proxy_pass http://a.b.c:123
}

(I forget the exact syntax now) was pretty easy to route stuff around.

But that was all done under an initial

server :80 {
...
}

section, which might be the part I’m initially struggling with. It just doesn’t seem as intuitive in NPM despite me seeing lots of people preferring it over plain NGINX and Traefik.

NPM is why I have the macvlan and bridge networks in there in the first place, because ports 80 and 443 are in use on the Synology NAS. Otherwise, I could revert back to running a script that frees up those ports on boot-up and use NPM within the same network as all my other containers.