Ah yip, makes sense, thanks!

Ah haha, I actively avoid using google so don’t log in to an account. If you don’t mind me asking, if corporate surveillance isn’t what you’re avoiding, what’s the main reason you’re using a VPN?

No it’s a paid VPN, and it starts fast but after the first 500GB or so it slows right down.

I do suspect many of the issues are from activity on the VPN rather than specific VPN blocking, but that doesn’t change the issues.

How do you handle the Google Captchas that never end? That was the worst part for me.

I have, thanks. The impossible to complete captchas are the worst for me, so many sites that are basically broken.

Browsing lemmy is probably fine, but the general internet is a god damn nightmare to browse on a VPN. Can’t load that one reddit search result with what you need. Endless google captchas making you do traffic light after traffic light and won’t let you pass no matter how many you do, on sites you didn’t even know used google. Downloading games from GOG is capped at like 0.5Mbps. And I’ve had plenty of instances of cloudflare blocking VPNs to certain sites.

How so? I have HTTPS on internal sites, I just use DNS validation to get the certificate.

What is the security risk of adding HTTPS to a site going via VPN?

I highly recommend spinning up a Nextcloud AIO instance. It’s the recommended and supported method, and it will likely run a lot nicer because all the database, redis, etc tweaking are done for you in a known good setup.

If you try that and it’s still no good, then OCIS might be worth trying depending on exactly what you are trying to achieve.

I’m also here on AIO with a great experience. It’s snappy and the website loads faster than Onedrive ever did.

I had a docker install prior to AIO being available, and there was a lot of tweaking to get it running nicely (though it did run nicely). AIO takes care of it all for you.

Others might have suggestions. I run everyhting in docker. I then use Traefik as the reverse proxy in docker, where you add labels to the containers you want it to handle and it works things out on it’s own. I have also configured it to do certificates automatically, including automatic domain validation using a Cloudflare API.

Caddy and Nginx Proxy Manager are other popular ones that can configure HTTPS certificates for you.

You don’t have to overthink it. Choose a reverse proxy you like. If it does automatic certificates, that’s great. If not, Let’s Encypt (which most of these services use for the free certificates) have a certbot program you install and run on a cronjob to renew certificates.

Owncloud Infinite Scale was a rewrite of the codebase to get away from PHP. In theory this should be better able to run on lower end hardware. People tend to say they use it if they are only wanting the file part and not all the apps. Personally I use Nextcloud because I want the apps.

Automatic certificate renewal is built into many reverse proxies, and can be done for free, so I don’t see a reason not to do it.

Nextcloud has federation of some features so I’d guess that would be a key reason you can’t change the domain (you also can’t change a Lemmy domain once set up). However, you’re using it for file sync for yourself, right? Regardless of what you pick (even Nextcloud), you could surely just set up a new instance under the new domain then move all your files over.

I don’t think it’s really true these days that it needs a lot of config. Maybe reverse proxies will do it for you automatically without much setup.

I am curious what the security risks are for HTTPS for a service that will already be accessible remotely?

OwnCloud Infinite Scale might be the option you missed?

Nextcloud was forked from the PHP Owncloud some years back, and they added all the apps and things. But Owncloud is like Nextcloud but focused only on the files.

I am a bit concerned that you’re talking about not wanting HTTPS and see it as a bad thing that something requires it. Given you can get free certificates these days, why would you not want a secure connection? Even if you’re accessing via a VPN to server tunnel, I see no reason not to have it.

Ooh I think I know how to pronounce that one!

I’m sure you have a backup and that you’ve tested restoring it. Just have another machine that is available in the case something happens to the first.

E.g. I somehow fried the motherboard of my server while cleaning it. It took me days to troubleshoot the issue.

But I also have an old laptop strapped to the back of my TV that is used to stream media using Kodi. When this event happened, I installed a more appropriate OS on the TV laptop and restored my backup and was up and running in an hour or two. Then I could take the time to troubleshoot my issue and resolve it on my main server.

I liked Speaker for the Dead! I can’t remember what it was about but I remember liking it.

A very different book from Ender’s Game though.

Install an extension to hide it, I just tried this and it works for me: https://extensions.gnome.org/extension/545/hide-top-bar/

You can install extensions by searching for it in the GNOME extensions manager. Once installed, you can edit the settings in the same place (I found I had to move off the window to another application before hiding was applied).

Works with Kagi and Brave too!

NASA and SCUBA are two acronyms that show acronyms clearly don’t have to be pronounced like their source words as a rule.

I’m starting to wonder if a mailpit instance is a bad idea. Just a page you go to where any email goes, make sure it’s not externally accessible.