Same — rsync to a pi 3 with a (single) ZFS drive at family’s house. Retain some daily/weekly/monthly snapshots.

I have a (free) VPS with static IPv4 which is how I connect everything.

Both the VPS and the remote site have limited network speed (I think 50Mbps for VPS), so the initial sync was done sneakernet (well…“airplane net”). Nightly rsync is no problem bandwidth-wise, and is mostly just any new videos I’ve uploaded to my local Immich instance.

My comment from another thread: https://startrek.website/comment/16491624

tl;dr: tiny production, would be astonished if they got $6k out of it, and that’s not counting time, props, transportation, etc.

It’s for 5 performances on the calendar, tickets are $30. It’s a 49 person theater — and some of those seats are sure to be friends and family comps. Venue costs between $200-$250 per performance.

It would be a miracle if they got $6k from tickets after venue fees. And that’s not counting time, cost for props, transportation, etc.

This is small time artsy theater. Suggesting that it’s a cash grab is a bit insulting to those involved.

And you’re worried that the show is starting small???

I didn’t say I was worried; the headline left a lot of wiggle room for interpretation, I was adding some detail.

Looks like it’s Taylor Street Theatre, a 49-seat venue.

We’re expecting a baby. Do people travel with a baby? Is it safe? Is it insane? I think we’re just gonna have to stay put for 3 years or so.

If your baby isn’t super fussy, the transportation difficulty (in our experience) is more in the logistics getting to/from airport, and dealing with other ground transportation. We just flew 5+hrs (coast to coast, US) with a 2mo and a ~3yo, and it was a piece of cake (typing that, I’ve jinxed the return flight…).

We haven’t done international travel with our kids yet, but we will eventually. When I was 2 my family went to Europe — some countries were meh with respect to kids, but Italy (from my folks’ retelling) was fantastic, as there is (or was) a big cultural love for young kids.

YMMV of course, but it’s absolutely doable! Kids — even starting as babies — have personalities, and you’ll get a sense of what’s appropriate with yours. Good luck!

Fail2ban config can get fairly involved in my experience. I’m probably not doing it the right way, as I wrote a bunch of web server ban rules — anyone trying to access wpadmin gets banned, for instance (I don’t use WordPress, and if I did, it wouldn’t be accessible from my public facing reverse proxy).

I just skimmed my nginx logs and looked for anything funky and put that in a ban rule, basically.

50kW class laser.

Another source claims 1um wavelength with individual 1.5kW lasers in a hex pattern — unclear if it’s a phased array (would be awesome) or just trained on the same target (source mentions they are “combined using a mirror” so probably the latter).

Sounds like maybe high power YAG?

“South Korea as a nation dodged a bullet, but President Yoon may have shot himself in the foot,” said Danny Russel, vice president of the Asia Society Policy Institute think tank in the United States.

I bet my man Danny came up with that line in the shower. I dig it.

UN-Verified

Unfortunate abbreviation…

It’s mostly so that I can have SSL handled by nginx (and not per-service), and also for ease of hosting multiple services accessible via subdomains. So every service is its own subdomain.

Additionally, my internal network (as in, my physical LAN) does not have any port forwarding enabled — everything is over WireGuard to my VPS.

My method:

VPS with reverse proxy to my public facing services. This holds SSL certs, and communicates with home network through WireGuard link configured on my router.

Local computer with reverse proxy for all services. This also has SSL certs, and handles the same services as the VPS, so I can have local/LAN speeds. Additionally, it serves as a reverse proxy for all my private services, such as my router/switches/access point config pages, Jellyfin, etc.

No complaints, it mostly just works. I also have my router override DNS entries for my FQDN to resolve locally, so I use the same URL for accessing public services on my LAN.

Getting TLS certs will be complicated

I just use Let’s Encrypt with a wildcard domain — same certs for public and private facing domains. I’m sure this isn’t best practice, but it’s mostly just for me so I’m not too worried :)

Yeah I don’t expose Jellyfin over the Internet, so it doesn’t matter for me, and wouldn’t work at all over WAN (unless VPN’d to home network).

Also, it’s all reverse proxied, and there’s nothing preventing having two Jellyfin hostnames, e.g., jf-local.mydomain.com and jf-public.mydomain.com.

Another fun trick you can play is to use a private IP on your public DNS records. This is useful for Jellyfin on Chromecast for instance — it uses 8.8.8.8 for DNS lookup (and ignores your router settings), so it wants a fully qualified domain name. But it has no problem accessing local hosts, so long as it’s from 8.8.8.8’s record.

I have set up local DNS entries (with Pi-Hole) to point to my srrver, but I don’t know if it possible to get certs for that, since it is not a real domain.

So long as your certs are for your fully qualified domain there’s no problem. I do this, as do many people — mydoman.com is fully qualified, but on my own network I override the DNS to the local address. Not a problem at all — DNS is tied to the hostname, not the IP.

Any chance you have a DMZ set up on your router?

On your router, are there any settings specific to any host (other than the server maybe)? For example, a static IP or a port forwarded rule.

Do you have a VPN on the phones? Can you traceroute from your phone to the server and post that? (I like PingTools for Android.) You should have 1 hop (you -> server, nothing in between).

Can you verify that you are on the same wifi including same wifi channel? Phone on 5GHz but Linux box on 2.4GHz, for example.

Some mobile clients make it easy to accidentally downvote. I sometimes see that I accidentally downvoted a comment from time to time.

PingTools has been useful for me (though I mostly just use it for iperf).

Is there any automation available for this? Do you fix them sequentially or can you parallelize the process? How long did it take to fix 450?

Real clustermess, but curious what fixing it looks like for the boots on the ground.