He does refer to the pi as a gateway, so you would be right about it coming before the router. In that case, the pi would be the device handling NAT and forwarding ports.

So I think he’s describing it accurately… it’s just not a common setup to see these days.

I have my reverse proxy in a cluster, so it’ll survive one of the nodes going offline. My router is still a SPoF, though, as is my modem. Not to mention the physical stuff, like a tree falling on the cable lines.

For a home environment, there’s realistically always going to be a couple SPoFs, you can just move it around a bit.

You’ll need a single DNS request, known as a “bootstrap” request. Your ISP will see a single DNS request to Google or Cloudflare or whatever, then everything after that will just look like normal https traffic.

That said, if your ISP is blocking and denying ALL dns requests for some reason (making the bootstrap request impossible), then you could still define the address locally. At that point, though, the ISP is likely blocking the IP addresses, too, so resolving the address is a bit moot.

Are you trying to send the DNS request through the tunnel?

I use DoH, which sends DNS requests through https. It essentially looks like normal https traffic (encrypted), so your ISP shouldn’t be able to hijack it and no additional tunnels are required. CF supports doh at the usual 1.1.1.1 address, even, if you want to keep using them. Otherwise plenty of other providers support doh, as well.

Why are you extracting the data from the video?

For 700+ games, wouldn’t you have needed to keep a spreadsheet or something to make the video from in the first place?

On my router

Typically on their free accounts they use your cert for communication between them and you, and use cert they issue for communication between them and everyone else.

User -> CF cert -> CF -> your cert -> your server.

That’s why I suggested examining the cert on your external facing page.

Regardless, one way or the other, they need to be able to decrypt your data in order to apply their services (WAF, etc).

Unless, again, you’re just using DNS (grey cloud).

Consider what a DDOS attack looks like to Cloudflare, then consider what your home server can actually handle.

There’s likely a very large gap between those two points.

For me, my server will start to suffer long before traffic reaches the level of a modern DDOS attack.

Are you using their proxy or just DNS ?

If you have the little orange cloud (proxy) on your DNS entry, go to your public facing webpage and examine the cert. Chances are it’s not what you think it is.

Saying something is “self hosted” when it’s actually hosted by a cloud provider is sort of like saying something was “self coded” when it was actually coded by an LLM.

I think it’s like this:

Imagine Reddit, but every user stores a random piece of reddit in an instance on their device. They’re all still normal users, so they can’t block users from Reddit or from specific subs, even though their instance contributes to the whole. Their instance doesn’t represent the entirety of Reddit, or even the entirety of a single sub, it’s just a random chunk of Reddit.

BUT a user can be made a sub mod, which now gives them extra power over other users, but only in that one sub. It doesn’t matter whether any portion of that sub is stored on their instance, all that matters is that they’re a sub mod.

So you, as a pleb, have no control over what’s stored on your instance, but a mod has full control over their community (which may or may not partially exist on your instance).

That’s my interpretation, at least.

Depending on what you’re hosting, tor might be an option, too.

It’s actually intended to make you anonymous; encryption and vpns aren’t (despite what the marketing may say).

And why is a tower defense game listed under Automation?

Has the word “automation” in the description, so the AI just assumed it belonged.

I recently added Anubis and its validation rate is under 40%. In other words, 60% of the incoming requests are likely bots and are now getting blocked. Definitely recommend.

should it be in NAND or NOR??

Why not both? My initial idea was to flash to NOR and then configure openwrt to a sort of “minimal usable state”. That is, I’d have the basic functions required run my home network: basic routing between local networks and WAN. Then I’d copy that image to NAND and that would be when I installed the “extras”, like SQM and whatnot. That way, if I ever broke it beyond repair, I could just flip the switches and copy the NOR back to NAND and start over with that minimal usable config.
I sort of followed my plan, but I think things have changed enough that it would not be the simple restart that I hoped it would.
I still think it’s a good idea, though.

The Nest ones? I haven’t seen anything online of folks successfully flashing one. The first steps would probably be to solder on a USBC port and see what kind of access you can get over serial. There’s a picture of a Nest board (not the Pro) here, as well as info on what appears to be the correct usb connector. The OP also mentions that the Nest is lacking the developer button, but my guess would be that the function is still accessible by shorting the correct TPs. It doesn’t seem like that OP ever went through with the project, though, so maybe you’ll be the first!

Interesting. Looks like he’s actually using an R4. I’ve got an R3, myself, though. I use mine as my gateway router and it certainly seems under utilized. I’ve got SQM, adblocking, DDNS, DoH proxying, multiple VPN interfaces, and it’s a ‘router on a stick’ for my home networks (at 2.5gbe). Despite all of that, the CPU load never seems to budge and I’m only using a tenth of the RAM. I’m personally a bit torn on the device; on one hand, it certainly seems like it can do a lot more. It even has a m.2 slot for SATA/nvme, so it could definitely provide NAS or even some bigger applications. On the other hand though, I feel like it’s such a critical piece of infrastructure that I don’t want to introduce a bunch of non-router-related functions and risk one of those extra functions crashing the system and bringing down my whole network.

I’m not able to watch the video right now; is this actually using the gopher protocol?

It’s running!

https://social.k3can.us/@me/statuses/01KAE0DRJN1S20A3P18V4GWHS3

It’s not really “zero trust”, though, right?

Isn’t CF still terminating TLS?