Just wanted to add… After reading your initial post I did some more digging on adding tracking headers, etc… especially by T-Mobile.

While it’s definitely a thing, it only applies to HTTP traffic. Even HTTPS blocks their ability to add those headers. So any traffic that’s using any other protocol (DNS, email, ssh, or just gaming, etc…) would be safe from your ISP from at least trying to add these tracking headers.

Yes but while the service is targeted for home use there still is remote work which generally requires a VPN back to the company network. They wouldn’t be able to block this. Now sure they might be more inclined to block Mullvad but they’d impact too many businesses by blocking wireguard as a whole.

And assuming they did block Mullvad but not wireguard… Just rent a VPS and install a wireguard server and client there to bridge back to Mullvad.

I know this doesn’t help much but I use T-Mobile cell towers with an always on VPN with no issue. But I don’t see why they’d block Mullvad. (I’d be more concerned that they’d block them than wireguard in general). But there’s completely legitimate reasons to use both so I don’t see them really bothering to block either.

To also add to the other comments: because the government doesn’t want or even need to have a balanced “checkbook”.

Assume for example you want to buy something from me. But you only have “don bucks”. So you buy a widget from me and I charge you 10 “don bucks”.

Problem though, through taxes you’ve only got 5 bucks left. So you just create 5 bucks and add it to your pile. (Deficit spending) Now if you don’t balance that with a loan, your “don bucks” are now worth less because why would I want one of your “don bucks” when tomorrow you could just create a million of them for no reason. (Hyperinflation) So you instead borrow 5 bucks from a friend of yours with a promise to give him back 6 tomorrow. (Bonds)

I still sell you my widget for 10 “don bucks” but now what can I spend my newly acquired “don bucks” on? Well, since everyone has their own currency I ultimately have to spend it on you. This means I end up giving you those 10 bucks back in hopes that you’ll either give me more in return (another loan/bond) or give me back my own currency from money I’ve traded to you.

So in the end spending more than you make (at the nation state level) can be a net boon on the economy as you effectively create a vendor lock in, similar to how companies push their gift cards, etc … because that money is only good in one place. You just have to make sure not to spend too much beyond your means because every dollar you create this way adds to inflation a little bit. So if you create too much then inflation gets out of hand and you end up with hyperinflation and now every one of your citizens wants to get rid of your money because they’ll lose too much before they can give it back.

If it was a certificate issue I’d expect youd just get an error from your browser saying the cert is invalid or expired.

If I had to guess though you’re running into a nat reflection issue: https://nordvpn.com/cybersecurity/glossary/nat-loopback/

Read up on that. But you may need to provide different DNS entries if you’re inside or outside your LAN or add a NAT hairpin rule to your router. But this is only applicable if you’re exposing the same service to the WWW.

Some other things to try though:

• Have you tried just pinging the address? Is the DNS resolution returning the address you expect?
• Whats in your nginx logs? Do you see anything when you try and connect?
• Within your nginx container can you ping your service directly? Is something blocking nginx from accessing the site?

I’ve tried commenting out the ports in the compose file, which should make them only available on the internal network, I thought. But when I do that, the containers can no longer connect to each other.

Did you create an explicit network for them to talk on? Otherwise the default docker network doesn’t support internal DNS queries.

https://docs.docker.com/engine/network/#container-networks

Specifically you need a network using the bridge driver: https://docs.docker.com/engine/network/drivers/bridge/

Yes it would. In my case though I know all of the users that should have remote access snd I’m more concerned about unauthorized access than ease of use.

If I wanted to host a website for the general public to use though, I’d buy a VPS and host it there. Then use SSH with private key authentication for remote management. This way, again, if someone hacks that server they can’t get access to my home lan.

Their setup sounds similar to mine. But no, only a single service is exposed to the internet: wireguard.

The idea is that you can have any number of servers running on your lan, etc… but in order to access them remotely you first need to VPN into your home network. This way the only thing you need to worry about security wise is wireguard. If there’s a security hole / vulnerability in one of the services you’re running on your network or in nginx, etc… attackers would still need to get past wireguard first before they could access your network.

But here is exactly what I’ve done:

1. Bought a domain so that I don’t have to remember my IP address.
2. Setup DDNS so that the A record for my domain always points to my home ip.
3. Run a wireguard server on my lan.
4. Port forwarded the wireguard port to the wireguard server.
5. Created client configs for all remote devices that should have access to my lan.

Now I can just turn on my phone’s VPN whenever I need to access any one of the services that would normally only be accessible from home.

P.s. there’s additional steps I did to ensure that the masquerade of the VPN was disabled, that all VPN clients use my pihole, and that I can still get decent internet speeds while on the VPN. But that’s slightly beyond the original ask here.

By default there’s no way to hotlink, if you will, to a post on any platform. Now some apps might be doing something special to get around this, but out of the box this isn’t supported at the moment.

Now there is an issue on lemmy itself which I’m exploring that should “fix” this: https://github.com/LemmyNet/lemmy/issues/2987

But I’m not sure how that might translate in a mobile app.

Originally it just looked like a collapsable title. (https://www.digitalocean.com/community/tutorials/android-collapsingtoolbarlayout-example). Then I just happened to tap it trying to find out how to change my default sorting. Although I’m not sure why Sync doesn’t just use the default from my profile?

Totally understand that. And personally, $20 to remove ads forever, seems reasonable. But the other features under Ultra currently don’t add up to the price tag for those features at the moment.

None of the current Ultra features really stand out to me except tagging/highlighting users. Push Notifications will be a game changer but they aren’t in the app yet.

First I want to preface that I actually never used Sync for Reddit, I always used RIF but I wanted to give Sync for Lemmy a shot and see what it was all about.

A few things from my perspective:

1. So I’m using the combined BottomNavigation style, but finding settings or other options doesn’t seem all that intuitive. Some of the things, like how to switch from Everything to Subscribed for my feed, I found by accident. Where to buy the Ad removal was also rather hidden, etc…
2. The elephant in the room… Pricing… as a developer myself I get needing to make enough money to sustain your projects, and I get that there’s a lot less users on Lemmy than Reddit, but the prices for the subscriptions just seem outrageous. The problem as I see it, is that there’s already a healthy competition for Lemmy Apps out there today and most are completely free and have no ads as-is. Some may even be operating in the red, but still $2/mo, $17/yr, $100/lifetime still seems a bit much for essentially:

• No Ads (I’ve got a PiHole, so honestly I don’t see any ads at the moment anyway)
• Cloud Backup – backup of what? My login? My app settings? The former seems concerning, the later I don’t see much value as I only have a single Phone. If I get a new phone, sure it might save me a few minutes re setting it back up. There’s not that many settings at the moment that needed customizing. And adding too many makes the app too confusing.
• Highlight / Tag users – Ok this seems interesting but not quite worth $2/mo IMO.
• Translate text – I can do this in the web app already just by highlighting a comment. But to be critical here, /most/ of the content is already in English, and I don’t subscribe to any foreign language communities at the moment, so this at least doesn’t have any value to me.
• Select text from image – Ok, another interesting feature but still not quite at $2/mo
• Push notifications (coming soon) – I’m really wondering how this is going to work personally, but this is a much needed feature, at least just for private messages. Probably the feature I’m most excited about.
• Import / export subscriptions – This honestly needs to be built into Lemmy itself, but there’s also a handful of user scripts and other tools other developers have already written that can do this.

Keep in mind I don’t have a frame of reference for what the prices were in Sync for Reddit, but cut the prices to about a 1/3rd or 1/4th of what they are now and they seem to be more inline with the value that the app provides over the other apps.

3. The privacy policy. It’s a lot longer than I’d hope for a Lemmy app. I’m assuming most of the data being collected is for advertising, but it’s still concerning to me.

I don’t mean to sounds critical in all of this. The app is probably one of the smoothest and best looking out there so far, but the value to money ratio just isn’t there.

Tap the everything label at the top

Think of Lemmy as email. Each post or comment is just an email sent to a distribution group (a community). If your email server goes down, all of those users and distribution groups are gone. Now I’ll still have the emails I sent to you in my email box but you won’t be able to see them as your email server is offline. Sure you could create a new account on a new server but you’d have to tell everyone about your new address (federate) but there’s nothing to associate your old user with your new one and there’s no way to backfill data. I could reply-all or forward (comment) on to your new address but there’s still no way to associate those old posts with your new account.

You can always try constructing the URL manually. I know this sucks, but it might be a workaround.

https://lemmy.ml/c/songaweek@lemmy.world

Long story short you just have to go to lemmy.ml and then add /c/ followed by the community name @ the instance it belongs to.

Not necessarily. I have several servers behind Cloudflare for free. I’m just limited on analytics, some advanced firewall settings, advanced cache management and maybe a few other features that I don’t use. But the basic service is free.

https://www.cloudflare.com/plans/free/

https://www.gardeningknowhow.com/garden-how-to/soil-fertilizers/what-is-fallow-ground.htm#:~:text=Fallow ground%2C or fallow soil,five years%2C depending on crop.

i.e. appears to be unused farmland?

https://www.search-lemmy.com ?

If an instance goes down (permanently), federation of all of the communities hosted by that instance essentially stop. The content that has already been posted remains but anything new added to those communities only remain on your home instance. The only way for federation to resume is for that instance to come back online with the same domain it started with.

It searches the title and body. It also automatically searches for similar words like. Like ‘bike’, ‘biking’, ‘bikes’ (aka stemming). Granted though, I’m still improving the page ranking as time goes on.