Yes it would. In my case though I know all of the users that should have remote access snd I’m more concerned about unauthorized access than ease of use.

If I wanted to host a website for the general public to use though, I’d buy a VPS and host it there. Then use SSH with private key authentication for remote management. This way, again, if someone hacks that server they can’t get access to my home lan.

Their setup sounds similar to mine. But no, only a single service is exposed to the internet: wireguard.

The idea is that you can have any number of servers running on your lan, etc… but in order to access them remotely you first need to VPN into your home network. This way the only thing you need to worry about security wise is wireguard. If there’s a security hole / vulnerability in one of the services you’re running on your network or in nginx, etc… attackers would still need to get past wireguard first before they could access your network.

But here is exactly what I’ve done:

1. Bought a domain so that I don’t have to remember my IP address.
2. Setup DDNS so that the A record for my domain always points to my home ip.
3. Run a wireguard server on my lan.
4. Port forwarded the wireguard port to the wireguard server.
5. Created client configs for all remote devices that should have access to my lan.

Now I can just turn on my phone’s VPN whenever I need to access any one of the services that would normally only be accessible from home.

P.s. there’s additional steps I did to ensure that the masquerade of the VPN was disabled, that all VPN clients use my pihole, and that I can still get decent internet speeds while on the VPN. But that’s slightly beyond the original ask here.

I’m guessing Samsung. Google seems to show a handful of posts online about Samsung users asking about it. Or at least asking what is it, and how to uninstall it.

Pixel doesn’t seems to have it pre-installed anyway.

I can’t say anything about other manufacturers though.

I’m also running Ubuntu as my main machine at home. (I have a Mac and do Android development for my day job).

But at home, I do a lot of website and backend dev.

1. Code in VSCode
2. Build using docker buildx
3. Test using a local container on my machine
4. Upload the tested code to a feature brach on git (self hosted server)
5. Download that same feature branch on a RaspberryPi for QA testing.
6. Merge that same code to develop 6a. That kicks off a CI build that deploys a set of docker images to DockerHub.
7. Merge that to main/master.
8. That kicks off another CI build.
9. SSH into my prod machine and run docker compose up -d

That looks like 8.8.8.8 actually responded. The ::1 is ipv6’s localhost which seems odd. As for the wong ipv4 I’m not sure.

I normally see something like requested 8.8.8.8 but 1.2.3.4 responded if the router was forcing traffic to their DNS servers.

You can also specify the DNS server to use when using nslookup like: nslookup www.google.com 1.1.1.1. And you can see if you get and different answers from there. But what you posted doesn’t seem out of the ordinary other than the ::1.

Edit just for shits and giggles also try nslookup xx.xx.xx.xx where xx.xx… is the wrong up from the other side of the world and see what domain it returns.

Another thing that can be happening is that the router or firewall is redirecting all port 53 traffic to their internal DNS servers. (I do the same thing at home to prevent certain devices from ignoring my router’s DNS settings cough Android cough)

One way you can check for this is to run “nslookup some.domain” from a terminal and see where the response comes from.

Cloudflare? Namecheap?

Not sure exactly what features you’re after but the vast majority of them support what you mentioned above.

Ya, I’ve got a few public services out there and I would love for a better way to manage them. But the fewer ports I open the better. I think there’s also portainer edge agent that’s more secure for prod environments, but I’ve yet to look into it much.

Slightly off topic, but are there not security concerns about opening up a portainer instance to the internet? I run portainer for all of my intranet hosted containers but I have reservations about running either the agent or portainer itself on something external to my lan. It seems like an easy attack vector but maybe I’m just overly worried?

You’ll be able to get an initial set of data from federation but you won’t get any data beyond that.

Federation works via “pushes”, but since your instance would be behind a VPN the other instances in the federation wouldn’t be able to see it to push content updates.

If you upload an image to that server, the image will be gone. Your comments will still exist on other federated instances, assuming that instance was federated in the first place. But any replies to those communities will not propagate once the hosting instance is offline.

For example assume you have 3 instances, A, B, and C. You have an account on A and create a post to a community on A. At some point A goes away, but those posts and that community will still exist on B and C. So you create a new account on B, and reply to one of those posts… users on C won’t be able to see those replies as A isn’t there to broadcast those replies out. And if someone on C creates a new post on that community from A, you wouldn’t be able to see it on B either.

P.S. The same is true if A just decides to defederate instead of shutting down. (other than the images and accounts would still exist obviously).

I was able to get it setup, main things to watch out for:

• Don’t use the provided docker compose file. Or more precisely don’t build from source and lookup the correct image tag on docker hub first.
• The documentation was a bit confusing. This isn’t really specific for the Pi but since I was creating a compose file from scratch some of the steps listed didn’t quite explain all of the details.

I only used it for testing purposes, but performance was fine (on a Pi4 4gb). Note I only ever had one user.