If you have an iPhone, it’s a pain over Tailscale because Tailscale frequently likes to disconnect for various reasons and this isn’t something Tailscale can fix, it’s something with the way Apple manages background processes.

If you’d like an alternative, you can host your services directly to the internet via a reverse proxy like Caddy or Nginx, and then use mTLS to secure that access with a certificate you load only onto your devices.

Perhaps some kind of teaser that hints at what your strategy is before going into full detail?

There’s nothing wrong with just using a VPS for this. Despite what some mouth-frothing hobbyists will tell you, it’s still well within the realm of self hosting. There’s just no reason or difference for hosting a blog on your UnRAID server vs a VPS.

If you really want to be some kind of purist and only use your own hardware, then you could configure a web server that can reverse proxy on your UnRAID server and forward port 443 in your router to your UnRAID box, but you’d have to change your UnRAID access port to something else. You’d want to keep this web server docker container up to date, and preferably see if you can implement some kind of WAF with it or in front of it. You’d then forward the requests from this web server to your ghost container.

A better idea would be to use a different piece of hardware for this web server reverse proxy, like a raspberry pi or something, and put it on a different subnet in your house. Forward 443 to that, then proxy the connection back to UnRAID, in whatever port you bind the ghost container to. Then you can tighten access that raspberry pi has. Or hell, host the blog on that hardware as well and don’t allow any traffic to your main LAN.

There are half a dozen better ways to do this, but they all require you to rely on a third party service to some extent.

Every update always has an impact on your battery life. An iPhone’s battery life is highly dependent on software tricks and background management systems that sleep and terminate processes without you knowing, based on the app and your usage of it. Updates throw a lot of “known” information out of wack and it takes awhile for your phone to sort it out again. This is not even counting the fact that there might just be bugs causing apps to use more battery than they should be when you’re using beta versions of iOS.

Did invidious find a way around Google’s blocking? I remember a headline a week or so ago that Google had managed to completely block them.

I dig it

Getting all the functionality of Pihole into Unbound would be a good deal more than “a little work” lol. And for no real practical reason when all you’re trying to do is set up secure DNS with some ad blocking on your network. And this is coming from a professional who wouldn’t have to “learn” anything to do it. If it was really that little work, Pihole + Unbound wouldn’t be the go-to solutions for so many people.

I mean if you want to build something around Unbound to do ad blocking and set up a monitoring stack for metrics and all that jazz that’s great, more power to you. But you already have two things built for purpose, there’s no reason to go out of your way to do that. And I don’t think OP here is prepared to do all that.

For the same reason you’re running AdGuard and not just pointing all your devices at the recursive upstream.

You’re using AdGuard / Pihole as an ad sinkhole, not just to cache and forward DNS requests. Like if you really wanted to you could hack together something in Unbound to do that, but why would you do that when Pihole already exists? You have two things built for purpose.

If you want to run your own recursive DNS server, why would you run two separate DNS servers?

I’m not sure I understand your question. A recursive DNS server and a local DNS cache/forwarder/are two different things with two different purposes. You will always need both. You yourself are using AdguardHome and that is just connecting to recursive DNS server upstream. In my scenario you’re just running both yourself instead of you running one and then letting a 3rd party run the other for you.

Your outbound queries will still be unencrypted, so your ISP can still log them and create an advertising profile based on them.

You can encrypt the recursive queries through your ISP if you want to. Though the effectiveness of any profiling your ISP would do to you are minimized by Qname minimization that Unbound does by default.

If you’re just using DoH then you’re just shifting who’s making that advertising profile on you from your ISP to whoever is hosting your upstream recursive DNS server. It doesn’t matter how much encryption you do because on the other end of that encrypted connection is the entity who you’re giving all your queries to.

I would say Pihole is a better choice than AdGuard home because PiHole just runs on top of dnsmasq. Throw Unbound on there too as your upstream recursive resolver and you’re set. You don’t even need to worry about an encrypted session to your upstream anymore because your upstream is now your loopback.

I think you are right but I wasn’t sure. Like technically you’ll still see the details if you open the certificate but… who’s doing that?

The point of paid SSL at this stage in the game are the higher tiers of verification. Instead of just verifying that you own the domain, you can verify that you are who you say you are. These are called Extended Validation and Organizational Validation certificates. This has historically been desirable by businesses. It used to be that these higher tier certs would not only give you a lock icon in the address bar of a web browser, but also a little blurb confirming your organization is legit. Not sure if this is still the case though. You will see the extended validation when you check the sites certificate though for sure.

As far as encryption and security, there’s no difference. Also side note, the Comodo brand still technically exists but it was bought by Sectigo like 7 years ago.

Yeah but also even when you’re paying, you’re still the product.

And here I am with 256GB that’s never even half full.

I’m loving the new photos app layout. Gets rid of the different “screens” and just has everything on one page. It’s just good UX. Always hated the old photos

Because it wouldn’t be a repeat, you never gave an actual answer the first time. Are you a bot?

Why would somebody not post updates to a regularly updating thing?

As opposed to what, posting the same unchanged poll every day?

Yes you did, you quoted it.

who, by comparison, warmly embraced Walz on Wednesday