The problem is that the main container can (and usually does) rely on other layers, and you may need to pull updates for those too. Updating one app can take 5-10 individual pulls.

You don’t have to install drivers or CUPS on client devices. Linux and Android support IPP out of the box. Just make sure your CUPS on the server is multicasting to the LAN.

You may need to install Avahi on the server if it’s not already (that’s what does the actual multicasting). The printer(s) should then auto magically appear in the print dialogs on apps on Linux clients and in the printer service on Android.

On Linux it may take a few seconds to appear after you turn it on and may not appear when it’s off. On Android it shows up anyways as long as the CUPS server is on.

From what I understand OP’s images aren’t the same image, just very similar.

Any PC can do that, it’s called “status after power off” or something like that.

It’s impossible to tell how meaningful Backblaze’s numbers are because we don’t know the global failure rate for each model they test, so we can’t calculate the statistical significance. Also there are other factors involved like the age of the drives and the type of workload they were used for.

buying more reliable devices can definitely save you time and headache in the future by having to deal with failures less frequently.

That’s a recipe for sorrow. Don’t waste time on “reliability” research, just plan for failure. All HDDs fail. Assume they will and backup or replicate your data.

Any difference you personally experience between the three big brands is meaningless. For any failed HDD you have there’s going to be another person who swears by them and has had five of them running for 10 years without a hitch.

But whatever’s cheaper in your area and stop worrying. Your reliability should be assured by backups anyway not by betting on a single drive. Any drive can fail.

For home setup you don’t care because you should have either redundancy or backup (preferably both).

So that typically means buying the cheapest HDD that’s new and from one of the established brands (Seagate, Western Digital, Toshiba) that’s in the correct size for your needs, and you can afford to buy it at least twice (for the aforementioned backups or redundancy), or even thrice, and replace as soon as needed.

In other words there’s no need to speculate on how long an HDD will last, you simply replace it when needed.

Please also note that HDDs over 10 TB are starting to get increasingly replaced with enterprise models which run hotter and make more noise.

This is not a new problem, .internal is just a new gimmick but people have been using .lan and whatnot for ages.

Certificates are a web-specific problem but there’s more to intranets than HTTPS. All devices on my network get a .lan name but not all of them run a web app.

As opposed to what, the domain certificate? Which can’t be air-gapped because it needs to be used by services and reverse proxies.

If you mean properly signed certificates (as opposed to self-signed) you’ll need a domain name, and you’ll need your LAN DNS server to resolve a made-up subdomain like lan.domain.com. With that you can get a wildcard Let’s Encrypt certificate for *.lan.domain.com and all your https://whatever.lan.domain.com URLs will work normally in any browser (for as long as you’re on the LAN).

Then why do they offer a separate, distinct DDoS mitigation feature on the enterprise plans? And did you notice they call them “mitigation” and not “protection”? 🙂

Look at the description of each one, the free one “stops illegitimate traffic at the edge”. Meaning they’ll serve from cache, it’s not getting through to your actual site. You can get caching from any CDN service, it doesn’t have to be CF. All CDN services are distributed and will try to serve for as long as possible because their whole purpose is to deal with traffic spikes.

And if you want to know for how long CF (or any service) will serve from cache and how far they’ll go for an account (especially a free account), you want to check the terms of service not the plans. The plans are made to sell to you, the fine print is in the terms.

Anyway, I really don’t understand people’s obsession with DDoS, particularly self-hosting people. The chances of their little website ever being the target of a DDoS are astronomical. Many of them don’t take proper backups, and don’t worry about theft or fire or electric spikes, which are far more likely, but go frantic when they hear about features they’ll never use.

Use your common sense. They’re not going to expend any significant resources to keep up a free website.

They have a small capacity available for mitigating DoS for free accounts together, while resources last. If you happen to fit in that capacity at any given time that’s nice, if you don’t, you go down.

If anything ever happens that involves [the lack of] DNSSEC or CAA you’ll have to buy another domain because the old one will be on every block list.

You don’t have to worry about DDoS:

• DDoS is an advanced technique and the people who can do that spend a lot of time and effort putting malware on machines that can be ordered to perform DDoS on command. They usually sell that attack capability and it ends up getting used against worthy targets, we’re talking attacks that disrupt entire industries, elections, warfare etc. Do you really think what you’ll be hosting will attract that kind of attention and be impossible to take down with simpler methods?
• To survive a DDoS attack you need a lot of resources, from a professional platform (like CloudFlare). The stuff they offer for free is not going to get you through a DDoS. If you’ll read their terms you’ll see it’s worded just ambiguously enough to mean nothing. If you ever actually get targeted by an actual DDoS and you haven’t paid a lot of money to a platform like that, everybody will simply drop you instantly (your ISP, your VPS provider, your tunnel provider, your VPN provider etc.) and possibly kick you off their service too.

If the stuff you’ll be hosting is static files you can use a CDN service. CDN’s are designed to be distributed and redundant so they’re somewhat resilient to DoS attacks by default. They’ll still kick you off if it gets to be too much but maybe you can weather shorter/moderate attacks.

If you’re hosting a dynamic/interactive service forget about it.

CAA and DNSSEC aren’t obscure. I would not even consider managing any domain nowadays without them.

Neither are ALIAS/DNAME/HTTPS, which you’ll be running into more and more in the future if you haven’t already. You could argue there are multiple competing standards at work there but Afraid doesn’t implement any of them.

what record types are you referring to not being supported?

AFAIK it only supports a small subset of all the types currently in use.

It lets you change reverse proxy or run a website with TLS completely independently of the certbot. The certbot deals with obtaining certs and leaves them in a dir, and the proxies or webservers just take them from that dir. If the proxy container breaks the certbot still does its thing etc.

It also makes it easier to do stuff like run different proxies in paralel for different things, chain proxies (for instance if you need to use a VPS because you can’t forward ports) and so on.

But it’s all for advanced setups, for basic stuff I’d still go with NPM.

You don’t run your own DNS, they are services hosted by someone else, just like Afraid. The difference, on top of the interface, is that they support modern record types, they have redundant servers all over the world, there’s a team working on them instead of just one guy, they have APIs that can let you manage your many domains easier, they have zone backup and restore etc.

I’ve used Afraid too, back when I was starting out and didn’t know any better, but once I’ve seen some of the other services out there I’ve never looked back. You’ll never know what extra features you could want if your current service doesn’t offer you any.

I’m currently in the process of separating the certificate renewal service from the reverse proxy completely.

But if you’re just starting out Nginx Proxy Manager makes it so easy.

I was assuming that you don’t own a domain. If you do why would you use Afraid? There are lots of reliable DNS services to choose from and you can have interface and features that aren’t frozen in 1995.