Freetube exists for Android also.

Syncthing is your friend. Freetube stores playlists, history, settings and subscriptions as .db-files which you can sync between devices. Android version also allows access to these files if enabled in settings.

This is my solution also. I listen to audio books on my way to work, and read on an ebook-reader in the evening. Can be tricky to sync when the chapter structure is non-traditional though (e.g. Discworld).

Depending on how diverse your taste is, you could always try to branch out to something outside of “similar artists”. Just look up genre names and start checking them out. If you find something you like, you can use the same " similar artists" approach on an entirely new search space.

This is probably where my lack of knowledge in networking shines through more than ever, but I kinda thought that local IPs would be handled locally and not depend on which DNS servers I use? But I guess that if VPN is active and has not been explicitly told to allow local connections through split tunneling, then it actually do make that request with whatever DNS server I use, which obviously couldn’t resolve some random local hostname?

Nice!

Ah, that would explain it. I could set up split tunneling on a per app basis only in my current VPN, and not IP, but it works. However, I am in the process of migrating to ProtonVPN now. Here the “per app”-permission also works, and it does have the option to allow certain IPs, but I was not able to get it to work.

Just checked this, and “Allows local access” is checked in the VPN application, and “Block all non-VPN traffic” is unchecked in Android settings.

About potentially overlapping IPs: I did check, and they were all different (server, laptop, phone).

They are different, but share the first three numbers.

Thanks for the tip. I will be looking into setting up SSH keys fairly soon, and look more into strengthening ciphers et al.

From a practical point of view, what is the likelihood of a brute-force login attempt to succeed? There are plenty of login attempts, but most of them are for root, and as I’ve disabled root-login that will fail no matter what. Other attempts are typically for generic other names such as ‘admin’, ‘user’ and ‘test’ that has no associated user on the server, as well as some weird choices that I can only imagine comes from some database breach.

That sounds convenient, and having looked at some videos, it seems very nice. I can see myself using this for things that I need to work properly, like Nextcloud, and maybe host other services in a more complicated way, to be able to learn more.

A log is a very good tip - I’ll definitely start with that.

Thanks for the description, I’ll look closer into this and see if I can get this to work (on a test server at home first… :)).

This thread is the first I’ve heard of Podman - is this something I should look into in favor of Docker, or would you say it is more a case of “pick one and stick to it”?

Great tip - I don’t see myself running multiple servers, and I will be the only user needing access to them, so I guess ssh keys are sufficient.

Thanks, I’ll look into it. Is it primarily ease of use that makes you prefer this over running Docker on a more standard distribution?

Thanks for your answers!

1. Alright, I guess I should also use the Cloudflare proxy. I could not find the reason I had not enabled it previously.
2. I’m a bit confused as to what a DMZ proxy server is compared to a reverse proxy. Is this a separate server you’ve set up specifically to handle inbound traffic where you’ve set up Traefik, or is this a container on your main server where you also host Nextcloud?
3. As I understand it, Authelia is a SSO solution that seems very beneficial for when I am running several services from the same server. Right now, I only run Nextcloud on the VPS - is there any added security benefit of running it there also, or is this mostly for convenience when hosting multiple services?

Setting up auto update and reboot once a week seems smart. Do you set this up with cron?

Ah, I see. Hope for you that a fiber connection will be available in the not-too-distant future then. I would love to do this at home, but I’m going to need some serious study sessions to better understand home networking (and take appropriate action) before I start exposing services at home to the internet. I do wonder if I jumped onto this too fast, but I was just so incredibly fed up with relying on big tech monopolies for essential digital services…

I guess my last question would be if you had an opinion on whether enabling proxy in Cloudflare is a no-brainer or not?

Thanks, I’ll look into setting that up. So far I’ve only ever used ssh keys for GitHub.

This is one of those areas that often has me confused… For now, the DNS entry with Cloudflare is set to ‘DNS Only’. That is perhaps a mistake on my part, and I should enable the proxy? Right now I can’t remember the reasoning for why I set it up like this.

Originally I wanted to set up Nginx Reverse Proxy to serve other services than Nextcloud on the same server on different ports. That was the way that I found that was easily manageable at the time, and like the AIO container is set up now, accessing the IP address of my server automatically routes to Nextcloud, even if I had another service running. I could maybe configure Apache to do the same job as I want Nginx to do? At the time, I opted to get another VPS dedicated for other, smaller services instead as a temporary solution, that over time turned permanent. However, this will be important to me when/if I start hosting this locally instead, as I would want my server to host other services as well.