Thank you! What would such a competitive amount would be? 2 per each region covering east and west? or something more distributed such as 1 in a radius of 1,000km?

I certainly don’t need anything as robust as 1 per 1000km. I currently utilize ClouDNS as my main slave DNS provider. ClouDNS give me POPs in the capital city of every economically-relevant country.

I don’t necessarily need something that robust for a backup slave provider. Something like 2 POPs per continent would be more than enough, say South Africa, North Africa, Sydney, Singapore, 1-2 in Europe, 1 in JP/KR, 2 in USA, and one in South America.

That should give decent-enough coverage.

I do, indeed, use slave DNS servers, in fact, I’m currently in the market for a second independent provider.

What features am I looking for? Honestly, a competitive amount of POPs and ability to accept AXFR in. I don’t need much more than that.

Oh and pricing: I’m looking for something on the level of AWS or cheaper. I’ve tried approaching some other players in the field like ns1 and Hurricane Electric’s commercial service and those are quoting me $350+/month for < 100 zones and <10m req/month. No thank you.

This is not a question for /r/selfhosted. This is a configuration issue — that I am inclined to ascribe to installing too much unnecessary software — and would suggest directing to a more generalist tech support forum.

Tailscale is beautiful but it is not selfhosted so

Headscale is a thing. Tailscale themselves promote it.

I’d seriously consider using a relay/jumphost/etc VPS between your home network and roaming clients. That way, you can even continue using tailscale.

You can get this easily for under $3/month even without black friday.

I’m not sure if google-fu is glitching as much as imagination. You have three clean options:

• docker container ls (shows container name and ports)

• netstat -ban (shows all ports in use on the system + the binary running the service)

• Just write documentation for yourself when you bring up a new service. Doesn’t have to be anything fancy, a simple markdown or YAML file can be used. I use YAML in case I ever want to use it programmatically.

netstat -an is your friend.

Documentation is your second best friend.

I am not sure I understand your requirements. What functionality of Filebrowser do you want to see? Read only or or read-write?

Firefox has (had?) FTP support, you could just run an FTP server and connect from your normal browser.

You could use autoindex built into your web server. That’ll be the most lightweight option possible.

If these are not what you are looking for, we need details. Lots more details.

I think you are overcomplicating and undercomplicating things at once.

Proper VPNs will allow split tunneling  —  only the traffic that needs to go through the VPN will go through the VPN.

So, the solution would be:

• Set up a VPN capable of split tunneling — vanilla Wireguard and tailscale should work
• Set up split horizon DNS so that you get are pointed to the internal/VPN-facing IP address of your server while connected to the VPN *???
• Profit

I would submit that there is a distinction between not caring and not being aware of something. Therefore, ‘legally blind’ would indicate someone is not aware of something, and not not caring about that something.

If I said I’m legally apathetic, that would imply I don’t care about law and piracy.

Depending on your existing monitoring stack, some options might be:

• Grafana Loki
• Sentry can be self-hosted for application logging
• Logstash is self-explanatory, use with other parts of Elastic’s software like Kibana for visualization.

Never used it, don’t trust random github repos with only 3 stars, and I don’t feel comfortable using turnkey solutions or “configuration scripts”. I am a firm believer in the maxim that configuration is a deeply personal thing. Therefore, I would not use someone’s configuration scripts because they are configured as he wants it, not as I want it.

Running Docker Desktop on Windows is not exactly hard. And once you have docker desktop running, it is not exactly hard to run whatever other software / media server you might like.

Windows is my primary workstation OS because I am legally blind and Windows has the best on-screen magnifier on the market. No other product, whether commercial or free, whether standalone or baked into the WM, comes even remotely close. So I use Windows. But within Windows, I leverage both WSL and Docker to run linux tools properly. All of my remote servers are linux. My home server is linux. More than half of my virtual machines are linux.

Python has entered the chat.

I’m a smidge confused on what you are trying to achieve and how you think it will work.

As I understand you, you want to connect “embedded” devices where you do not control the software to a VPN network?

VPNs do need some kind of client (otherwise how does the network stack know to use the VPN protocol?) so how do you envisage this working without an app?

What is your desired topology like? Do you just want your smart TV/etc to connect to a remote media library over a VPN? If that’s the case, then you are overthinking it with approvals etc.

You can achieve most of what you want with router configuration. Just define routes saying “Traffic from IP address 10.20.30.40 (TV) should go to 10.20.30.30 (gateway)” and then have the “gateway” handle the tunnel.

You can also look at tailscale’s subnet routing (should work with headscale backend too).

Good luck.