I recommend posting in !selfhosted@lemmy.world, really helpful community there (although I’d refrain from specifically mentioning piracy).

I’ve heard Hetzner is quick to crack down on piracy. Some VPS hosters advertise that they don’t acknowledge DMCA requests, such as Njalla and 1984 (I’ve never used these, just found them by searching Lemmy). If you want to go with a traditional hoster I’ll echo what the other person said and recommend Gluetun to bind your container to a VPN service.

For security, if it’s just for you and your partner I’d just setup a Wireguard server on the VPS and tunnel into it that way. You’ll have to setup the VPN on any device you want to access your server with, which is a hassle, but I’d much prefer the small hassle than the constant worrying of hosting publicly-accessible services. Otherwise, I’d setup something like Crowdsec or Fail2Ban.

This person pops up every time someone on Lemmy mentions web browsers to aggressively deride Mozilla for being mostly funded by Google (which is a fair point that I agree with) and then they turn around and recommend Chromium-based browsers.

I’ve tried and I found it difficult to engage in good-faith conversation with them.

They meant pinging your server from another device, I assume.

What error(s) do you get when you try to SSH into your server?

By “can’t access containers”, I assume you mean via devices you’re trying to connect to the server with? Can you still access the stuff you’re running in the containers directly on the server via localhost?

I’ll echo what the other commenter’s have said and you need to give us more info. “I added two containers” is pretty much useless if that’s all we have to go off of to start troubleshooting. More details on what exactly you did, any troubleshooting steps you’ve already tried, what specific errors you get, etc.

The app you’re thinking of is StreetComplete!

Which reminds me, I should really download it and start contributing to OSM.

I can only assume it’d be a bridge for Nextcloud Talk.

I was having issues getting my Android device to use my local DNS server over VPN, what worked for me was setting it up through RethinkDNS. There’s a setting to prevent DNS leaks by capturing all traffic on port 53 and directing it to the DNS server you set. It doesn’t feel like an elegant solution but hey, it works.

Note, you’ll have to make sure your private DNS setting is off, in the internet section of the system settings.

From a quick Lemmy search, I’ve seen Njalla and 1984.hosting being recommended for these kinds of uses.

On desktop I really like FreeTube, if you’re interested in an alternative. I don’t usually want apps for things that should be websites, but I use YouTube enough (and Google invests so much energy in making youtube.com a miserable experience) that it justifies having a dedicated app for it, in my case.

I’d rather not open ports I don’t have to. I don’t see why I’d have to open a port when Unbound works on my local network and I have access to my local network via Wireguard. I can access a whole slew of services through that one Wireguard port, why wouldn’t Unbound work?

Thanks anyway for trying to help, bud.

I could do that, but I want to avoid opening ports on my router’s firewall apart from the one necessary for Wireguard. I can access all my other stuff through Wireguard, but I can’t wrap my head around why it seemingly can’t access Unbound on the local host.

The reason for the VPN is to have access to my Unbound DNS on my phone from anywhere, not only my local network. If I just wanted to configure the DNS on my local network, I’d set up static IP for my network in Android’s settings and input the DNS server manually. This works fine when I set it up, but like I said I want to use Unbound on my phone anywhere via Wireguard.

I’m not sure what’s the second thing you want me to clarify! Sorry for the confusion, I appreciate you trying to help out :)

Android doesn’t let me add an IP address under private DNS, it needs to be a domain (like dns.quad9.net rather than 9.9.9.9).

I tried adding a quick DuckDNS domain to my reverse proxy towards port 53, where Unbound is listening. It works, as in I can nslookup using the DuckDNS domain on my desktop (or on my phone when not connected to Wireguard) but if I try to set that domain as my private DNS on Android it says it can’t connect, whether or not I’m on my VPN.

I tried this, as well as manually editing the DNS servers on the client side, but whether I use my host’s private local IP or my host’s docker interface IP it doesn’t seem to work.

I think you misunderstood part of my post, because there’s only one VPN tunnel, from the WG client on my phone to the WG server on my laptop.

I want my phone to use the Unbound DNS server, which is hosted locally on the same laptop that runs my Wireguard server.

EDIT: Note, I don’t want to setup the DNS router-side via DCHP because I want to use Unbound to block a bunch of stuff that my roommates use, like Facebook.

When connected through wireguard can you access anything on the local network?

Everything works as expected with Wireguard otherwise, I can ssh into my server or my desktop, and access the other things hosted on my server (although these are all through Docker, which is why I suspect container isolation to be an issue).

Does this issue also happen when you’re on another network and vpning back?

Yup, same issues whether I’m on the local network, the WiFi at work, or on LTE.

According to their stats page, Let’s Encrypt’s certificates are used by around 500M domains.

It depends on if you want to access it from anywhere (or give others access), or if you’re only accessing your server from specific devices.

Since I only ever access my server from my phone or my desktop, I use Wireguard via wg-easy. You set it up as a docker container on your server and it gives you a neat web UI (defaults to port 51821) from which to add Wireguard clients. Once connected through Wireguard, you can access your services as if you’re on the server’s local network.

Note, you’ll of course have to open up a port for Wireguard on your router for this to work, the default being 51820.

No, it’s not like stealing a physical item from a store.

I’d argue stealing physical items from massive corporations is also morally acceptable. If you shoplift from a small mom & pop store, you’re actively hurting your community, however, if you shoplift from Wal-Mart, you’re actively hurting an entity which is hurting your community, therefore helping your community.

Woah cool, thanks for the heads up on Madari! I’ve been hoping for something like this for ages.

There are a dozen Firefox forks though. Mulch, DDG, TOR, Fennic, Bromite, etc.

Mulch is also Chromium-based (not to mention also developped by the DivestOS team so as of now unmaintained) and DDG’s browser is based on WebKit.

Only 2/5 of the browsers they mention are Gecko-based.