I wish I'd seen this before the minor hell I went through learning how to geoip block via iptables. 😁
It looks interesting. I think my only real concern is security. There's a lot of people using and working on nginx so, presumably, more people to identify bugs and squash them.
And even if you do everything 100% right, your emails will mostly get flagged as spam if not outright blocked anyway. Esp. if you're using a residential IP.
Plus, the internal and external services are running on the same box. Is that where my real problem lies?
It's one of them, yes.
If you want to limit exposure in the case of a compromise you need to put everything public facing in it's own vlan that cannot initiate traffic into your lan.
I agree with everything everyone else has said here but if you looking for the most basic solution it's already in NPM. You can configure basic auth in an access list and apply it to the site.
Id like to centralize auth but I haven't dug into it yet. My concern is, can it be distributed? I have services spread across my homelab and multiple vpses. I don't want to lose auth if any of those is down.
Ok I like this one. I'll be playing it again tomorrow. I'm showing my age but I used to love "Name that Tune" and I think this scratches that same itch.
I'm surprised I didn't see https://guessthe.game/ on this list. I try to play it every day, but you can really get lost going down the rabbit hole of all the previous day's games.
Nightly backups to a repurposed qnap running pbs. I'm fully aware it's overkill but it gives me some peace of mind.