Did you just suggest Linux has no vulnerabilities in any of its distros, and neither does any of the self-hosted services?

Afraid people will use known vulnerabilities in common self-hosted software.

So every answer is as good as you can get?

I’m afraid of security bugs in the software I’m using, so that containers don’t contain, read-only doesn’t prevent writing, mounting directories doesn’t restrict access to those directories, etc.

I’m a nobody, I can’t imagine anyone targeting me or my random domain, but I can imagine getting swept up in a net of attacks of opportunities targeting hosted software with known vulnerabilities, or injected supply chain vulnerabilities, so I want to reduce my attack surface as much as I can (while still actually letting the people I want to access it actually access it)

I’m kinda disappointed with this thread, I’m in a similar position to OP, but all the responses are just like “use a reverse proxy and make your URL hard to guess” and other measures which are not very secure. \

It seems like that’s about as good as you can get at the moment, because the mobile apps barf if you try to add in auth in front of the reverse proxy, but a lot of people seem to be providing this advice like it’s good enough rather than as good as you can get.

Some reverse proxies have an authentication layer.
But this typically breaks the jellyfin Mobile app.

Idk if geo whitelisting is really good enough. I can’t speak for OP, but I’m in the same position and I don’t. I had high hopes for the post but everyone seems to just brush over the “secure” part

How do you get the mobile app to connect?

“openclaw” 👀👀👀

The reason people use SaaS is because they have someone to sue when something goes wrong and you lose days of revenue.

How do you set up private resources to reverse proxy like public resources? I don’t want to have to change URL when I turn on my pangolin client

I may end up doing extra reverse proxies just because complicated configuration is better than complicated use. It kinda feels like there should be a way to do it right in pangolin, it seems like it’s right there lol.

Pangolin is built on traefik, and does all the reverse proxying I need (X sub-domain goes to Y port on Z home server).

I don’t really like the idea of n metroyska reverse proxis, both because conceptually it bothers me, but also because my needs seem simple and doesn’t seem like it deserves the extra complexity. The public resource reverse proxy works for everything I have.

I’m looking for a way to configure pangolin, which already routes property, to skip auth when the auth can be provided by the pangolin client.

Idk why people are downvoting you.

Countries obviously need to be sending food and medical supplies.

But rather than sending oil, countries sending aid should be sending equipment for setting up solar farms, so that the USA can never do this to them again.

Obviously they still need some oil in the short term, but China has so much solar production, and are allied with cuba, I’m surprised they’re not getting massive shipments of solar panels and battery banks.

Major roadblocks to empathy are:

1. Poverty
2. Lack of education
3. Fear

Unfortunately all are things politicians (especially from certain parties) are prone to intentionally exacerbating.
Not without coincidence, these things are also major roadblocks for ditching religion.

Reverse proxies like the one specifically mentioned, pangolin, have auth and user access rules.

I think that’s one of the major reasons to use pangolin over something like nginx - built in auth and support for oidc.

Of course, the native jellyfin apps don’t like the auth layer so idk if it helps if you’re trying to install it on your dad’s tv

Congratulations on forgetting the justification people are using to restrict light brightness, which is that is blind other drivers dangerously.
I would consider motorbikes and bicycles to fall under that category, but I expected that people understood that I wasn’t going into the minutiae of a hypothetical regulation that I’m not responsible for writing. There are, of course, lots of edge cases that I didn’t include.

If you’re making a case for pedestrians, or people indoors, I think that’s gonna need to some more serious justification.

Why specifically EVs?

They should ban any electronics from adversarial foreign nations.
They’re not gonna because good luck getting any electronics manufactured outside of China, but banning EVs specifically when people have phones and computers and watches and etc, well it seems kind of pointless and arbitrary.

Neither of these are, in fact, the only solution.

We could, for example, have heights that identify other cars in the road and selectively dim the area around those cars.

We could have headlights that keep light below a certain level accounting for both the attitude of the car and the oncoming terrain.

Really how it is achieved doesn’t matter, the regulation should just say that, within some cone in front of the vehicle, light levels must be limited to below x for the window areas around any other vehicles.