Not sure if Wireguard over obfs4proxy is doable easily on OpenWRT yet, but it may be an option

Very easy to find good deals (and parts) on these 1L business PCs!

Testing an image post from Voyager client…

I only own the gear marked A and B, which lives above the couch I call home.

A is my web services 24/7 Proxmox box, an Intel 8500T; 2 routers; an 8TB HDD; and a Back-UPS Pro so old its ethernet surge protection is rated for 100bT, with a brand new LFP battery in it. The UPS powers both A and B.

B is my personal Proxmox box, an AMD 5750GE, which I use for development and running desktop OSes which I remote into, plus a GL.iNet Slate AX router. These come with me if I stay someplace other than the couch (not pictured). That’s why they’re on different shelves. Also, there’s a USB wifi dongle w/antenna connected to B which I used when some stupid website demands I drop my VPN (all traffic from everything pictured is routed thru 24/7 private VPN endpoints, aka a $2/mo VPS or three).

Check out ServeTheHome’s “Project TinyMiniMicro” on Youtube for a great overview of ultra-small form factor (“1 liter”) business PCs.

The big three PC makers each have standardized products in this form factor with (relatively speaking, compared to smaller manufacturers) tons of spare parts available.

Personally I’d go for as big a UPS as I could afford, but I serve some public-facing stuff from my homelab and I live in an area with outdated infrastructure and occasional ice storms. I currently have a small UPS and have been too tired/overwhelmed to set up automated shutdown yet. It’s not too hard though, I’ve done it before. And even without that in place, my small UPS has kept things going thru a bunch of <10 minute outages.

I would never open those types of services to the Internet. Wrap it in a VPN first yeah?

I have this exact model machine as a web app server running Proxmox btw. Works great. I did need to get a genuine power supply for it as it refused to run above 800MHz with a generic!

There isn’t a guide yet that I’ve found. I slowly & painfully assembled all the info and beat my head against the task until I had something working & stable.

I’m currently building a comprehensive one, but due to circumstances beyond my control, it’s taking forever.

I think civilization just hasn’t gotten there yet, but I suspect I’m not the only one working on this, so I bet the reverse proxy tunnel HOWTO situation will be way better in a year or two…

FWIW I use nginx on the front end, and rathole for my tunnels - the latter is a very straightforward way to set up the tunnels.

Currently I have a bastion host running a hardened distro, which establishes a reverse proxy tunnel to its ssh port via my $4/mo VPS using rathole, an excellent reverse proxy utility I switched to from frp.

I also maintain a Tor hidden service pointed at the bastion host’s ssh port and another on a different internal host. These are so that I can still get in if the bastion host, my VPS, or certain aspects of networking are down for some reason.

Eventually I will implement port knocking / single packet authorization by deploying fwknop on some or all of these services to further enhance security.

But my hate for Snap runs so deep that I’ve started using Debian w/ GNOME more and more often over the last year or so.

As a Linux Mint user I’ve seen the writing on the wall and will be switching to Linux Mint Debian Edition next time I reinstall my desktop.

so far not been disappointed by Ugreen

Thanks for posting this. It’s nice that people are working on more accessible ways to do this, every way I’ve done it so far has been pure command line. And while that’s fine, it takes longer to understand and set up for simple installs.

Edit: posted to wrong tab, doh

Good question, I’m not entirely sure as I have never used mesh features per se.

I do currently use a GLi Creta as a wifi extender to a GLi Slate AX, but that’s likely not what you’re asking about (I believe it’s a layer 3 (?) bridge from WWAN to WLAN/LAN). It does work pretty well in this role, all factors considered.

Just wanna put in a good word about GL-iNet routers … they are more travel- and pro-sumer focused than a lot of what’s been mentioned here. They run a proprietary front end on top of OpenWRT, but if you don’t like that, most of them have full support in vanilla OpenWRT.

These are definitely more for the tinkerer market, their documentation and firmware can have quirks, but that being said (and as somebody who wouldbe wary at that caveat) I have been using GLi routers with manufacturer firmware as a daily driver for 3+ years and once you get them set up they are very solid.

Might be a good option for the digital nomads among us who need a smaller device which can connect to a host network and then send all traffic over a VPN with very easy setup.

It’s not (yet) a good solution, but I suffer with voip.ms, and it is slowly improving.

If you want to avoid SMR performance penalties, the 1TB HGST Travelstar 7K1000 HTE721010A9E630 is one of the biggest CMR 2.5" drives I’ve found, and it’s 7200rpm and rated for 24/7 operation to boot.

I have a background (in the distant past) as a PHP dev, and currently make my income doing mostly Wordpress work.

For a very long time I took a jaundiced eye towards big PHP apps for the exact same reasons. That being said, I just two days ago finally installed Nextcloud in my homelab and exposed it to the world.

It’s worth noting that a lot of PHP’s bad rep comes from Wordpress, which is terrible in security terms in large part due to a huge and very poorly vetted ecosystem of plugins written by coders of all skill levels.

PHP itself had a number of anti-features which made security difficult in the past. A lot of those issues have been worked on. As somebody who was up to my eyeballs in PHP for years during the bad old days, I’m now confident installing big PHP apps if I think the dev team and dev process are reasonably mature.

Not the above guy but I believe it’s a database.

I’m ever so slowly teaching myself Zabbix, need something full-featured because I also need monitoring for my hosting clients etc

That’s awesome :)

I started by self-hosting an autoDJ to pipe music into Second Life, later did a weekly show on a tiny internet radio station for maybe 18 months … trying to make a name in order to get a DJ spot on-air at a local community radio station that was indie/alt-rock format at the time. Sadly my life took a turn and the community station changed hands and changed formats, but it was a cool experience nonetheless!