Yes, you can do it on your server with a simple iptable rule.
I’m a little rusted, but something like this should work.
iptables -t nat -A PREROUTING -d [your IP] -p tcp --dport 11500 -j DNAT --to-destination [your IP:443]
You can find more information searching for “iptables dnat”. What you are saying here is: in the prerouting table (ie: before we decide what to do with this packet) tcp connections to my IP at the port 11500 must be forwarded to my IP at port 443.
Not anymore, it supports txt records now
You can use the flag
–add-host myname=host-gateway
in your container “myname” will resolve as the IP of your host.
documentation at: https://docs.docker.com/reference/cli/docker/container/run/#add-host>
I use backblaze and rclone to encrypt and sync. It was the cheapest and most flexible solution when I checked a few years ago and I didn’t find any reason to change it so far
I use rclone, which is essentially rsync for cloud services. It supports encrypion out of the box.
Yes, you are right, I already use DNS validation. But it is just it is easier to request a single wildcard certificate for my domain and have all the subdomains that I use for the local services defined only in my local DNS. I cannot fully automate the certificate renewal because namecheap requires to allowlist the IP that can call its API, and my ip is dynamic. So renewing a single certificate saves me time. Also, the wildcard certificate is installed on a single machine, so it is not the I increase a lot the attack surface by not having different certificates for each virtual host.
The advantage of wildcard certificates is that you don’t have to expose each single subdomain over internet. Which is great if you want to have https on local only subdomains.
I’ve used https://www.bestheating.ie/btu-calculator to decide the power of my new boiler, so far it is working well. But as other said, this is likely a very rough approximation.
https://shadowsocks.org/ should be a good option, easy to install, encrypted, and password protected
For a simple dynamic DNS, I have been using https://www.duckdns.org/ for a few years and been happy so far
The main storage is a Nas that is mounted in read only most of the time and has two drives in raid mirror. Plus rclone to push a remote and client side encrypted backup to backblaze.
A lot of technical aspects here, but IMHO the biggest drawback is liability. Do you offer free storage connected to internet to a group of “random tech nerds”. Do you trust all of them to use it properly? Are you really sure that none of them will store and distribute illegal stuff with it? Do you know them in person so you can forward the police to them in case they came knocking at your door?