Never found a service that don't work with nginx reverse proxy.

My jelly fin does.

Don't run photoprims tough...

You might use LDAP, but its total overkill.

I have not yet worked jellyfin with authelia, but its more or less the last piece and I don't really care so far if its left out.

A good reverse proxy with https is mandatory, so start with that one. I mean, from all point of views, not login.

I have all my services behing nginx, then authelia linked to nginx. Some stuff works only with basic auth. Most works with headers anyway, so natively with authelia. Some bitches don't, so I disable authelia for them. Annoying, but I have only four users so there is not much to keep in sync.

Agreed. First of all that would make running backups more complex, and would require either manual interaction, or very careful automation of some kind.

And any public facing service (like blog and some stuff) would still need to be accessible somehow, so...

I found way easier to setup via pip, but ofc YMMV. Note that Garmin integration is a separate container if you go that route.

I want to go directly to the source, i mean, if i want to resolve, for example www.polito.it, i want to ask "it", then "polito.it"... This is what Unbound should be doing.

Instead, i can resolve it:

server /etc # dig it @127.0.0.1

; <<>> DiG 9.16.48 <<>> it @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59860
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;it.                            IN      A

;; AUTHORITY SECTION:
it.                     3194    IN      SOA     dns.nic.it. hostmaster.nic.it. 2024062114 10800 900 604800 3600

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun 21 14:50:06 CEST 2024
;; MSG SIZE  rcvd: 86

Instead i cannot resolve polito.it:

server /etc # dig polito.it @127.0.0.1

; <<>> DiG 9.16.48 <<>> polito.it @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60832
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;polito.it.                     IN      A

;; Query time: 1180 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun 21 14:50:40 CEST 2024
;; MSG SIZE  rcvd: 38

Nothing appears in the logs. It resolve fine using 8.8.8.8 as upstream DNS.

I have followed this guide, but still no way. "it" is resolved, but "polito.it" does not resolve, for example.

Thanks! Good to know

Thanks for pointing out! I was thinking to use abs, but requirement for a specific subdomain is a turndown for me.

Yeah i could, but that would be annoyng as fuck

Fellow Gentooer, Gentoo rocks!

Nephele looks great. After some fiddling i couldn't make it work with sub-paths (/path/path) so i will keep using Apache as WebDAV server, which fits my bill so far. Unfortunately Joplin notes are NOT plain text (not even .md) as far as i can see, so that is not an option.

Mmm, not really? This is what i get by opening a "d8c18c2732b5476c932be62a292750f8.md" file from my Joplin storage folder:

id: d8c18c2732b5476c932be62a292750f8 parent_id: 661a69f5c0df4c7fb1a2bf0657f0e198 item_type: 1 item_id: e66b22624674439582bfd11582e0e1db item_updated_time: 1705987325033 title_diff: "[]" body_diff: "[{"diffs":[[0,"/Spaces\\n"],[1,"\\nNotesnook.com\\n"]],"start1":119,"start2":119,"length1":8,"length2":23}]" metadata_diff: {"new":{},"deleted":[]} encryption_cipher_text: encryption_applied: 0 updated_time: 2024-01-23T05:22:05.194Z created_time: 2024-01-23T05:22:05.194Z type_: 13

not really human readable to me (yes, readable, but...)

Only choice for those who cannot seed. Like no public IP and no port forwarding...