Xanza

Then I found out my services would work better with Caddy

Exceptional idea. Cloudflare is nice, but Caddy will always win IMO. Additionally, considering you were able to get Caddy working, that simply drives home that unfortunately your reverse_proxy didn't work because it was somehow misconfigured. Caddy is also a reverse_proxy.

My comment is pretty much what I said. You have an extremely complex environment that you're not fully making use of. For example, you're having issues with a reverse_proxy, but you had Tailscale presumably the whole time. Why not just use your VPN to reverse_proxy your requests if you were having issues?

Also using Caddy + Cloudflare is fine if you want to use cloudflare for DNS, however, Caddy handles all certificates itself. So you have Caddy, which can handle all the SSL certs itself, but you put Cloudflare on top of it to manage SSL certs. It's just convoluted.

It's a good environment, but a little overkill.

As someone who's set up and managed critical business applications I would say that it's perfectly fine to host your own provided you have decent hardware that's capable of doing what you need and as a dedicated business line to provide connection.

If you try to run mission critical business applications on a home internet connection you're going to have a really bad fucking time. But hosting business critical applications on appropriate hardware and a 1Gb/s business connection with an SLA is going to meet 95-98%% of all business applications.

If something like that sounds expensive or too difficult to do then it's too expensive or too difficult for you to host yourself. Just go with a provider and sidestep self-host.

Debian, baby.

Chest freezers are exceptionally energy efficient. It's not a very good comparison.

I really love home labs but this sounds incredibly over engineered for its purpose... I would expect a set up like this for an enterprise environment...

I very highly recommend that you take the time and just switch. Caddy is simply fabulous. It's designed to work (assuming it's compiled with the module) with containers and use docker networks for routing. It makes it easy to spin up containers and directly reference the container names instead of remembering IP addresses and particularly comes in handy when your entire environment is containerized.

You can pull the caddy image and run it in docker and as long as your environment is configured correctly you can simply reverse_proxy @container and you're done. Caddy pulls all the relevant port information directly from the container API.

I get such a nerd boner thinking about it.

If the government scrubs my devices for evidence they're going to find a hell of a lot more than some fabricated antifa PDF. Lol

It's all perfectly legal to have but still. They would have absolutely no problem framing me with terrorism. Lol

Light + TIF                     https://sky.rethinkdns.com/1:AAkACAQA
Normal + TIF                https://sky.rethinkdns.com/1:AAkACAgA
Pro + TIF                 https://sky.rethinkdns.com/1:AAoACBAA
Pro plus + TIF               https://sky.rethinkdns.com/1:AAoACAgA
Ultimate + TIF              https://sky.rethinkdns.com/1:gAgACABA

Light + TIF                 https://dns.dnswarden.com/00000000000000000000048  
Normal + TIF                 https://dns.dnswarden.com/00000000000000000000028  
Pro + TIF                 https://dns.dnswarden.com/00000000000000000000018  
Pro plus + TIF               https://dns.dnswarden.com/0000000000000000000000o  
Ultimate + TIF              https://dns.dnswarden.com/0000000000000000000000804  

Light                https://freedns.controld.com/x-hagezi-light
Normal                https://freedns.controld.com/x-hagezi-normal
Pro                https://freedns.controld.com/x-hagezi-pro  
Pro plus                https://freedns.controld.com/x-hagezi-proplus  
Ultimate                https://freedns.controld.com/x-hagezi-ultimate
TIF                https://freedns.controld.com/x-hagezi-tif

Rethink DNS, DNS Warden, and ControlD with Hagezi blocklists via DoH/3. I highly recommend the '+ TIF' as they are threat intelligence feeds which are up to date lists of bad actors/malware.

Every single action that he does even if it only takes a day to undo took decades to get implemented. Will probably take just as long to get it back.

Imagine working for NOAA tracking weather patterns across the ocean or some crazy shit and a 23 old fucking virgin loser comes up to you and tells you you're about to lose your job. Lol

No actual professional company or job of value is not going to check your curriculum or your work history.... So like sure you may get that job at quality inn as a night manager making $12 an hour because they didn't fucking bother to check your resume...

But you're not getting some CS job making $120,000 a year because they didn't check your previous employer. Lol

You're completely missing what he's saying, and how that number is calculated. It's an average connection speed over time and you're anecdotally saying your internet is superior because you have a higher connection speed, which isn't really true at all.

You have residential internet which is able to provide 3Gbps intermittently. You may even be able to sustain those speeds for several days at a time. But servers maintain those connections for months and years at a time...

800TB/mo is 2.469 Gb/s sustained for 30 days. They may be on a 10Gb/s connection, but that doesn't mean they have enough demand to saturate it 100% of the time.