If you’re not familiar with it, check out lowendbox.com. You can very often find good deals there; not all of them are reliable in the long run, but I’ve found several hosts that have been just great.
Check into Cloudflare tunnel or Tailscale funnel. Those are two of essentially the same type of product that take out most of the work of getting you around CGNAT.
You can do this with something like Nextcloud. Just set up a folder shared by a link and you’re able to make it a drop box of sorts that anyone can upload to.
Obviously, be careful allowing arbitrary uploads from the whole internet. I’d set a time limit on the share so people can’t upload junk forever.
Hey, it definitely doesn’t have to be just a subdomain. You can have a record for example.com point to your VPS’s IP at the same time you have www.example.com, nextcloud.example.com, and jellyfin.example.com. Have as many services and domains as you like and the reverse proxy will direct the traffic to the correct local server based on the domain name.
One way you can do this flexibly is to have two records in your DNS: an A record pointing example.com to your VPS and a CNAME pointing *.example.com to example.com. That way, any subdomain will go to your VPS and you only have to add new services in the reverse proxy.
I don't have a particular guide to reocmmend, but assuming you have a VPS already, you'll basically need just a few components:
A VPN (I'd use wireguard) tunnel between your network at home and the VPS
A reverse proxy on your VPS (nginx-reverse-proxy is a pretty user-friendly implementation) to forward traffic to the correct host on your local network
A DNS record for your subdomain that points to your VPS's public IP address.
That should basically do what you need. The reverse proxy will see the domain (https://whatever.example.com) and pass it on to the machine on your local network (e.g. 192.168.1.111:8888) via a VPN connection (which will push the routes so the VPS knows how to get to your local network).
The folks replying here have pretty much hit the nail on the head. Adding your home network to that AllowedIPs line in the confit file should do the trick.
Someone else mentioned Tailscale, which would be another great option—with a web UI to dial in routes.
There’s not a lot of information to go on here, but my first thought is that you haven’t configured your VPN to route to the local network. So, while you may be getting a connection to the VPN server, your computer doesn’t know where to send traffic for
Cockpit.
There is usually a way to push those routes to the client from your con server.
I think you can do this with key files and a systemd-timer at boot. I’m not near a machine right now to post how I’ve done it in the past, but I’ll try to remember to come back to this when I can.
It may be helpful to know that the former r/zfs community has migrated to a Discourse server at practicalzfs.com. Might be worth asking there for some expert advice.
One more option to consider would be doing HA with shared ZFS storage. Basically, if you have a zpool on each system with the same name and add it as shared storage, you can set up replication and have HA run off that. It’s a pretty simple setup and you can get by with just a couple extra disks per node rather than a whole separate machine.
This is the route I’d go. I use FreePBX for all this, but my voip provider could do most of the work (voip.ms). There are decent softphone apps (Zoiper, Linphone, etc.) to initiate calls from and porting a number to the voip provider isn’t too difficult.
I’ve been meaning for years to set up a solid archiving system that I don’t have to manually babysit. I’ve had my eye on mailpiler (https://www.mailpiler.org/), but haven’t found the time to get up to speed on it. I’m the meantime, I drag messages to a local folder like a barbarian.
I’d second this. I’ve installed Proxmox installed on some Mac Minis and they do a credible job of it. A beefy Max Pro would be all the better.
I’ll add that if the main purpose is to be a NAS something like TrueNAS will be much more set-and-forget.
This is grossly overpowered for a firewall, so I wouldn’t go that route unless you want to do a virtual firewall on top of a general purpose hypervisor.
Haven’t tried netbird, but I do like Tailscale and headscale. Last time I looked at all these, I landed on Netmaker, which might be worth a look. It’s WireGuard based and has a nice web ui for management.
Hey, as others have said, you can definitely set up OPNSense in a VM and it works great. I wanted to take a second and answer the first part of your question: it cannot run in Docker. Containers in Docker share their kernel with the Linux host machine. Since OPNSense isn’t a Linux distribution (it’s based on FreeBSD), it can’t make use of the shared Linux kernel.
There’s a pretty interesting series on the topic at Tall Paul Tech’s YouTube channel (here’s the most recent: https://youtu.be/WFso88w2SiM). He goes into quite a bit of detail over the course of a few videos about how he handled everything and highlights some of the trials and tribulations with the isp. It’s not a guide per se, but definitely stuff worth thinking through.
I agree completely with this. At my office, I’ve started installing Krita in place of photoshop for people who need to edit images. It has its own learning curve, but it’s been a wonderful alternative.
I think what you’re describing can be accomplished with docker-compose’s depends_on option. I’m not certain how it works across compose files, but that would be the first place I’d look.
I think there’s an Odoo module that does this. Might be overkill for just that, though.