Gemini is just like “can we get back to work already”

They come pre-oxidized? Damn that’s a real Time Saver

You can actually fix this in the settings there’s an option for permanent prompt tunings and you can add things like “focus on concise answers” or my favorite " i don’t need to be glazed , I don’t need to be told that it’s an insightful question or reaches the heart of the matter. Just focus on answering the question"

Because propaganda has convinced people that a car is useless if it can’t go 300+mi AND only take a few minutes to be ready to do it again. Range anxiety, even though they only fill up maybe once a week and could easily charge an ev at home with just a standard outlet not even a special charger and keep up with their actual real daily use

Oh yeah definitely, fun fact you can easily get two smarts comfortably into a standard US parking spot I have a friend that also has a smart and when we go somewhere together we will use a single parking spot because it’s funny

I have one of these cars (in the US no less) and i absolutely do that sometimes. No tickets yet

Was surprised to see this here. But yes absolutely, they are expensive don’t get me wrong. But they are worth it. Their shit just works, i have their washer and heat pump dryer, dishwasher, and CX1 canister vacuum. Each are the best version of that thing I’ve ever used. Dishwasher will clean anything no rinse/soak needed even for baked on pasta or cheese, vacuum is powerful but also shockingly quiet, dryer sips power (700w avg load) but dries everything just fine.

Had em for the years now, i am NOT gentle with the vacuum i drag it outside to clean the car and other various things it’s not really for, toss it around use it as a footstool sometimes and it shows no signs of the wear. You get what you pay for with them

Eh, i just use pubkey only Auth config (so password entirely disabled as an option) and put ssh on a non standard port to reduce script kid noise. (and no 2222 is not non-standard it may as well be the default)

Fail2ban triggers false too often for my taste in a high traffic environment.

If you ran nginx as a non privileged user it wouldn’t be able to bind to 80/443 as those are privileged ports. So you would need to use iptables to forward them to an unprivlaged port

I mean it WOULD work you would just need a von on every device you wanted to use.

The REAL answer is never host them DIRECTLY, always use a reverse proxy like nginx. Many projects (i believe jellyfin is one of them) explicitly recommend this for better security. Which it looks like you did so congrats

For extra bonus points you can setup nginx to run as a non privileged user and use iptables to forward the lower ports (80/443). A pain but closes out a large chunk of nginx as a risk.

Only female bees have stingers tho

That sounds like a lack of port forwarding on at least one side. Ensure the vpn port is properly open on both sides. There is also an option you can add to the wireguard config for keepalive set it to something like 1min

I feel like im missing something here. This is pretty trivial and the comments i see are over complicating the hell outta everything. All you need is your VPN tunnel working. Personally i use wireguard for this. Then you just use nginx as the reverse proxy it talks to services on the other side of the VPN.

The nginx server config looks like

server { listen 443 quic; listen [::]:443 quic; listen 443 ssl; listen [::]:443 ssl; server_name my.domain.tld; http2 on; http3 on; quic_gso on; tcp_nodelay on; error_log /var/log/nginx/jellyfin.access.log; ssl_certificate /path/to/ssl/fullchain.pem; ssl_certificate_key /path/to/ssl/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; add_header Alt-Svc ‘h3=“:$server_port”; ma=86400’; add_header x-quic ‘h3’; add_header Alt-Svc ‘h3-29=“:$server_port”’;

location / {
    proxy_pass http://10.159.4.12:8096/;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;
}

}

I have no idea how to do the proper code block i guess so have a paste from my reverse proxy hosted pastebin lol https://paste.kitsuna.net/upload/snail-seal-pig

More of a NCC-1701-E man myself

I’m not, and I’ll never give it up on any network i control. It’s simple, easy to remember, i don’t personally need 255 ip addresses so ipv4 space is just fine for me. And i don’t need my devices to be individually addressable globally i can port forward if something needs to be accessed externally.

IPv6 makes sense at the carrier level but at the endpoint networks especially just for homes there is literally nothing wrong with ipv4

It must be, every time I’ve ever had a problem with electricity if you look back far enough it was an electrician that set it up. Coincidence? I think not

Have you never used a modern-day LED flashlight they can make them tiny with small dials and still make them brighter than the goddamn Sun lol

Can you not just setup an nginx reverse proxy at the network edge to handle the ssl for the domain(s) and not have to worry about the app itself being setup for it? That’s how I’ve always managed all software personal or professional

There is literally a thread somewhere on my Lemmy I need to try and find just recently that shows this perfectly. Someone made a thread asking how they can self host their images for backup from their phone and naturally everyone pointed them to immich. And they immediately started complaining and bitching that they could not access it from outside their local network. Instead of asking how to fix that they were like what the hell is the point if I have to be on the same Wi-Fi this is stupid. And they basically did not want to engage with the people being like hey you need to either make a reverse proxy or open a port on your router. They should not be self hosting

You need to open a port on your router for it to be accessible from the outside world (example your phone on LTE or a different wifi) , this is not a limitation of the software but a security feature of your router