You can run it rootful, then it behaves just like Docker.

Lol, that’s some dangerous waters you’re treading in.

I use HAProxy and Caddy, and for different reasons:

• HAProxy - sni-based proxying to devices on my VPN; lives on my VPS
• Caddy - TLS-trunking (and cert renewal) per device and reverse proxy in front of containers

It works really well. My router is configured as a DNS server to route my domains to my local network, so I get to use TLS even on my LAN, which is neat.

Yup, we’re similar, though I have my SO’s PC and mine to pick from at upgrade time.

I’m a big fan of old PC parts. My current NAS/home lab is my old PC, so a Ryzen 1700 + GTX 750 Ti. It’s overkill for what I need, doesn’t use a ton of power, and I didn’t need to pay anything for it.

If that’s not available, I recommend second hand. Look around your local area and see what’s available, or check online at places like eBay. Be mindful of power usage for server products if that matters to you.

My next option after that depends on what I’m looking for. A mini PC with an external drive enclosure can be really nice, and there are some reasonable ITX-esque DIY rigs with drive bays that look nice. I’ll be a lot more picky when buying new though, so I’m not going to recommend specific setups without knowing your priorities (space? Power usage? Noise?).

ECC is nice, but not a requirement. AV1 on the CPU is nice, but you can get that on a relatively inexpensive GPU if you go that route, or you could encode everything into AV1 at rest in a bulk operation. There are lots of options, so it mostly comes down to what you have access to, your budget, and your priorities.

Depending on the service, you totally can, provided they include some way to recognize them. For example, the first few bytes of SSH are unique, so I made a simple TCP server that would forward traffic to an HTTP(S) server or SSH server depending on those bytes.

Yup, I was reverse proxying early in my career, and I even built my own once for fun (I “hid” an SSH server on my HTTP server by looking at the first few bytes and proxying appropriately).

Well, they said they wanted decentralized, and decentralization comes w/ caveats. I’m just providing options.

Sure, but you don’t necessarily have to use it like that, you can provide your own decentralized storage using it. Put some cheap devices (old RPis w/ large SD cards) at friends’/family members’ houses and have them pin your most important stuff. If they get broken/lost, NBD, you probably have another copy somewhere else.

If a lot of your data isn’t critical and you’re willing to gamble a bit (e.g. movies or something you can re-rip), then IPFS could be a perfect fit, just like torrents are (though IPFS probably isn’t great for large media like movies, but hopefully my point makes sense).

I’m not saying it’s perfect or anything, just that it exists and is in this domain. A lot of similar projects compare themselves to IPFS, so understanding what it is and isn’t is useful what evaluating alternatives.

You could check out IPFS, the OG.

Building stuff is fun, and using something created that does exactly what you want is cool.

Why create a self hosting setup if you’re the only one using it? Same idea.

I build things to solve a problem I have, not to get famous or rich.

1. I’d DIY it, so all on one device. I use an old PC (way overkill) and added some drives, and it does everything I need.
2. Probably? I don’t know much about it, I just use a regular server distro. As long as it gives you enough control to run docker/podman or bare metal services, you should be fine.
3. If your network between the NAS and mini-PC is fast enough, it should work to seed over the network.

Mostly DOS attacks with ridiculously large payloads.

Fortunately, we force everyone to use a password manager at my company. SSO all the things!

If only there was a SQL command that could alter an existing table…

I’m sorry. Is there nothing you can do to fix it?

At least provide email as an option, which might at least be TLS encrypted. If you’re going to screw up security, at least make it something I can somewhat secure.

Which is dumb because passwords should be treated as opaque bytes then salted and hashed. If your code breaks due to invalid unicode, your code is broken.

Yeah, I usually limit passwords to 256 characters, because that’s way longer than anyone needs and still short enough to not worry about overloading something.

A random 12-character password should take years to crack. But they’re probably also storing it as plaintext, so no need to crack, just breach the DB (which is probably also insecure).