But what exactly do I benefit from adding the firewall directly part of the tailnet?

Protection of the firewall via it’s overlay VPN characteristics, and communication to the server behind the firewall via an encrypted tunnel.

Have you considered using Cloudflare Tunnels/Zero Trust? With Cloudflare Tunnels/Zero trust, you don’t need to open or close ports, fiddle with NAT, or any of that. You install it on your server, connect to Cloudflare, it punches a hole for the encrypted tunnel. I personally use Cloudflare Tunnels/Zero Trust. Their free tier is quite generous and has many options like Anti-AI scrapers, etc. The caveat to using Cloudflare Tunnels/Zero Trust is that you have to have a domain name that you can edit the nameservers thereof to Cloudflare’s assigned nameservers for obvious reasons. Cloudflare will sell you a domain name, but a lot of people just get a cheapy from NamesCheap or Pork Bun. I got one for less than $5 USD that renews at $15 USD annually.

So, in the scenario that I described in my first response:

modem —>wireless router —> managed switch —> pFsense with Tailscale overlay —> server (separate VLAN) with Tailscale overlay

…is all done through Cloudflare Tunnels/Zero Trust with Tailscale on the server and Tailscale on the standalone pFsense firewall as an overlay VPN protection. Additionally, Tailscale makes for a very secure, emergency ‘backdoor’ to your server should you ever screw up and lock yourself out.

on opnsense there is a bug where it would request re-authentication on each restart so that’s an added negative for me when it comes to adding it.

I’ll have to defer to someone more experienced with Opnsense.

Every guide I read online talks about installing tailscale on the opnsense router directly but I do not want to expose it to the tailscale network.

Opnsense is not my forte, but I do run it’s counterpart pFsense. I use Tailscale as an overlay VPN on both the server and on my standalone pfsense firewall as a pFsense package. Is there a reason you don’t want Opnsense firewall via tailscale? My set up is as follows:

modem —>wireless router —> managed switch —> pFsense with Tailscale overlay —> server (separate VLAN) with Tailscale overlay

Not a solution but a comment. I’ve seen several selfhosted medical record keeper/organizers. I would definitely want 2FA on something like that.

I’m not trying to convince you of anything. Succinctly:

• You like Windows - there are caveats to using Windows
• You like Linux - there are caveats to using Linux
• You like Mac - there are caveats to using Mac

None of them are a complete solution for me, and for a lot of people actually. So, until the day when I have one OS that does everything I want it to do, I am forced to use all three of the major OS. I realize that goes against the grain of the anti-Windows coalition, but that is reality.

Thanks for explaining. I really didn’t mean it as a Headscale v Tailscale. kind of thing as far as data security goes. I’ve heard a lot of great things about Headscale. OP was just worried about his data being compromised, and I was just pointing out that it’s pretty tight.

Of course devs cater to Windows. 1 Billion + user base that are consumers. Why not target the biggest market share? I still use Linux, Mac, and Windows, although the latter is a ‘crippled’ version…very heavily modified. Until I can find a Linux version of BlueBeam that matches it feature for feature, then I’ll stick with using Windows, But I’ve never viewed it as a competition. It may seem shocking but I have no real preference other than what it takes to get the job done without handing over all your data. Linux makes that easier, but Windows can be tailored to do pretty much the same. It just takes a lot more work.

Didn’t down vote you but…in general, people follow trends and Windows has been trending for quite a while. Also, people like convenience and I don’t think you will wrest the convenience of Windows out of their hands no matter how much you try to steer them.

Windows is a dead end at this point. Start planning your escape to Linux before the cage door starts closing

That sounds ominous. What cage door is closing? I mean, you and a majority of people here, would agree with you. But I don’t see Windows going away…at least not in the foreseeable future. In as much as Linux has made some great strides, I don’t see it being a Windows replacement for a global population, in the foreseeable future either.

Journiv sure is blowing up!

Same to you bro

There seem to be some people think I shouldn’t have done that last bit, though.

Do your thing man, fuck what they lookin’ at.

Don’t forget to sleep and exercise

Even mild exercise, like getting out and walking, works wonders for me. Gets all the happy chemicals roused and flowing.

I’m currently selfhosting a website that has quite an audience (~2 000 unique visitors/day)

That’s something to crow about. Congrats on the site’s success.

On a whim, I did a search and sure enough there is a dockerized AWStats:

https://github.com/justb4/docker-awstats/blob/master/test/docker-compose.yml

I’ve never used it, so I cannot vouch for it, but it is a thing.

Even with something like no-ip, which some routers support, if the gateway is down, nothing is going to happen.

Music is the window to the soul and everyone’s view is different.

like listening to music (or even playing an instrument),

I have found great solace in music. I’ve been playing stringed instruments since I was 5. I’ve been a fan of music all of my life. I create music and post on SoundCloud. The benefits of just listening to music I think gets overlooked.

My brother…I empathize with your situation. About 25 years ago, I fell from 2 floors up, landed on my skull on a concrete pad and lay there for an undetermined amount of time before someone found me. I suffered a TBI that has gifted me a seizure condition as well as other mental/neuro issues. The right, frontal lobe of my brain looks like a piece of wadded up, cotton candy. I’ve come a long way and I have far to go. I am fortunate and thankful to be alive regardless the situation.

and short term memory [loss]

I spent a week in the hospital after I had a seizure and it wiped my memory. I didn’t know who I was, how to do even simple tasks, or who anyone else was either.

I use selfhosting and computers in general, to do the same thing as you. It keeps me thinking and trying to solve problems. I have problems expressing my thoughts, but the folks here have been patient with all of my silly questions and the occasional inability to grasp the information being presented here at lemmy/selfhosted. I don’t watch TV, but I’ve found structure in reading, and I read a ton of info. I’m more into IT (obviously), history, etc but no fiction.

I truly wish you the very best bro. If I can ever be of assistance, I’m usually around somewhere. We can pair your brain with my .25 brain, and fix something. LOL

I know you’re trying to tell me something brother, but at this moment in time, I seem more stupid than normal, so if you would, unpack that for me in relation to what I was explaining to OP about Tailscale security.

I think I’ll add this feed to my feed.