Ooo, interesting.

I am going for public access here, so it wont work. But i think this is how some routers are set up. Like i think asusrouter.net is set to 192.168.0.1, so anyone with the router can go to the same url / domain and itll send them each to their own router. Found that out the other week and thought it very clever.

So i had done this (with Adguard rather than pihole) and i think i was getting caching issues. Whether or not i was, though, i removed it and it looks like my router is handling it all just fine without the rewrite on the local DNS server.

Some folks mentioned “hairpin NAT” - i was reading the wiki on NAT last night but didnt get to hairpin, but that appears to be what is happening.

The conclusion is - my setup had been doing what i want the whole time without any DNS fiddling. I updated the original post with the speedtests.

I guess I should say that I think there were caching issues, but the problem was coming from an iphone and the Bitwarden app (connecting to the self-hosted vaultwarden).

i think this is what I was doing with Adguard and using the re-write rules, but then the client (my phone, for example) would cache the IP address and it would fail when I was out of the house/network.

Or am I misunderstanding what you are saying here?

ok, well that’s easy to set up if that is how it just works! i wonder if maybe i should (at least temporarily) self-host some sort of speedtest app on the server and check the speed from my phone while i’m on wifi using the IP, wifi using domain name, and off wifi using domain…

Server is running the password manager for myself and family, and that needs to stay on while gone (there are ways of handling local copies and they sync later, but when ive accidentally had to troubleshoot that it sucks).

Then ive got nextcloud, which while i don’t normally need things on there i do enough that it is nice to have.

A “TLD” is a Top-level Domain, examples of which are .com and .org. They sell names within their domains.

You’d just be buying a “domain name” within some TLD and redirecting traffic from that domain name, not from the TLD.

For a domain name:

You go to something like NameCheap.org and buy a name (hackers4life.xyz or something cool like that). Then their web interface has a place for you to enter the IP address that you want associated with that name. Whenever someone then types “hackers4life.xyz” there will br a series of computers asking other computers “do you know the IP address for this?” until they do.

If you have that Pi in your house, there are (at least) two steps for you then: (1) Getting your home IP address (2) Forwarding the port

(1) Your router admin panel may have this, or else if you search the web for “what is my ip” there are sites that will tell you (basically, you connect to their webpage and they just print out the IP they are sending data back to). There are two concerns here, though.

(a) Do you have a unique IP? There arent enough IPv4 addresses in the world for all the computers connecting to the internet. To get around this, ISPs will essentially group customers together under the same IP and then they figure out how to get the traffic to the right place. If you dont have a unique IP, you might be screwed (but i havent looked into dealing with that much).

(b) If you have a unique IP, you still probably dont have a stable IP. Your ISP might reallocate all the addresses in their network every day/week/month/whenever. This is the case for me. Namecheap (or whatever other domain vendor) has a process for you to use a script to send them your IP address, and so you make a script to recheck it and send namecheap updates every hour or something like that.

(2) Forwarding the port

Some other machine on the web knows your IP (because it is associated with hackers4life.xyz) and so they try to connect. This comes down the wire from the street into the side of your house/apartment, into the modem, and into your router. If your router isnt expecting it (or prepared to do something with it), itll just ignore it. You want the router to instead send it to your Pi. To do this, you go to your router’s admin settings and forward the messages based on the port they are coming in on. The standard ports for HTTP and HTTPS are 80 and 443, and so you can forward those ports to the Pi. Making sure that then the Pi does the right things with those is outside the scope of me writing right now.

I turned off QoS and immediately am getting 930 on speedtest.net from the desktop browser!

Also, very helpful to know Issue 1 here. I assumed that the router would be the best spot to test since it is farthest upstream (other than the modem). I didn’t know it could pass traffic faster than it can decode, but that makes sense that people would have tried to make that the case. The router is still getting ~500 Mbps while the browser is much closer to the full 1000.

fast.com gives 500 Mbps

going to librespeed.org got me 482 down

that makes sense, and I’m looking now. However, the only thing that has anything other than zero in the ‘Real-time rate’ on the router is the computer i’m typing this on, which is at ~30KB/s up and down

I’ve got a coax cable (not fiber) coming into the house, in the USA. My understanding is that there is some amount of shared network with the neighbors.

That is the correct question, and mostly no, I don’t have any specific problem.

The biggest motivator for me looking at it is probably just hobby/interest/how-does-this-work.

That said, my partner and I both work from home ~50% and are often pulling files/data that are a couple GB from the work network, and having those go faster would be nice. Probably the limiting factor in those, though, is the upload from the work network and so faster download for us likely wouldn’t matter, but I’d like to be able to say “I looked into it, honey.”

“DO NOT EVER TURN THIS SERVER OFF - CALL RON” is very good

If you arent an actual journalist who is being personally, specifically hunted then you probably don’t need to take the same precautions as one.

And yea, the guide boils down to “none of these things are 100% safe but they are realistic things you can do that can offer more protection than not doing them.”

Your skimming of the article missed how they do indeed talk about the shortcomings of every suggestion they have. For example, the article also does indeed talk about how you can turn off gps but your phone will still ping towers revealing your location, and goes on to say that you can put your phone in a faraday bag but that isnt practical for most people but is indeed an option if you want to do it.

it is indeed infrequent, but the modern world has trained me to expect convenience and instant-ness. Last time i wanted a 12-year-old email I was in the car with friends and and to pull it up. it wasn’t anything important at all, to be clear, but i’m hoping to search my 12-year-old emails with the same convenience as last month’s.

I think that that is right that I fundamentally want an archive, not what a normal mail server provides. Part of my thought on looking at mail servers is that those would integrate directly with whatever other front-end/client that I’d normally use, whereas an archive maybe would not.

And regarding archive-specific stuff, I am seeing some things on a search, but I guess i’m wondering if folks here have any recommendations. When I look at , for example, nothing comes up for email archive, just for email servers. That, plus what I see when searching, makes me think that the archive-specific stuff is either oriented to business or oriented to a CLI (like NotMuch, which was mentioned in the discussion here and does look cool).

This looks like a good backend for sure, but the web frontends look a little lacking and I’m not seeing anything about a mobile frontend (other than if a web one was up, which would be fine). Have you tried any of the web frontends?

The nsa wants to watch people who are watching the pornhub video of someone else watching porn. The third level there is more difficult to find