The URLs mentioned in their blog article all have a wrong certificate (different host name).

I am sure if they fix it Google’s system would reclassify the sites as safe.

• Mail with all the bells and whistles (been there, done that – but I just want this to work and not care about details).
• Dynamic DNS because I just need to tell someone my non-static IP so they can connect that with my domain name.

They not only force their user to buy their crap, they also intentionally and maliciously frame the AGPL in a certain way.

There – of course – won’t be a singular official source stating “Hey guys, we’re open core now”. You need to put this together bit-by-bit.

Here are some links for research

• Official statement on the takeover
• Gitea Enterprise/Gitea Cloud hiding features behind a cloud solution and a paywall which makes Gitea itself open-core
• Open Letter to the new Gitea owners with a summary and a reply, signed by a lot of Gitea devs and FOSS scene people.
• As @gratux@lemmy.blahaj.zone mentioned: A fork under the name Forgejo was done due to new Gitea owners did not care much about the concerns. (Started as asoft-fork but with 10.0 it became a hard fork.)
• Gitea owners made it mandaroy to remove copyright headers and set the corporation as copyright holder. Here, here, and here

Never heard of 99% in that list.

Also, Gitea should not be there. It is a corporate -owned open core project that was hostilely taken away from the community.

Authentication with NPM is pretty straightforward. You basically just configure an ACL, add your users, and configure the proxy host to use that ACL.

I found this video explaining it: https://youtu.be/0CSvMUJEXIw?t=62

NPM unfortunately has a long-term bug since 2020, that needs you to add a specific configuration when setting up the ACL as shown in the video.

At the point where he is on the “Access” tab with all the allow and deny entries, you need to add an allow entry with 0.0.0.0/0 as IP address.

Other than that, the setup shown in the video works in the most recent version.

How do you handle SSL certs and internet access in your setup?

I have NPM running as “gateway” between my LAN and the Internet and let handle it all of my vertificates using the built-in Let’s Encrypt features. None of my hosted applications know anything about certificates in their Docker containers.

As for your questions:

1. You can and should – it makes managing the applications much easier. You should use some containerization. Subdomains and correct routing will be done by the reverse proxy. You basically tell the proxy “when a request for foo.example.com comes in, forward it to myserver.local, port 12345” where 12345 is the port the container communicates over.
2. 100% depends on your use case. I purchased a domain because I host stuff for external access, too. I just have my setup to report it’s external IP address to my domain provider. It basically is some dynamic DNS service but with a “real domain”. If you plan to just host for yourself and your friends, some generic subdomain from a dynamic DNS service would do the trick. (Using NPMs Let’s Encrypt configuration will work with that, too.)
3. You can’t. Every georestricting can be circumvented. If you want to restrict access, use HTTP basic auth. You can set that up using NPM, too. So users authenticate against NPM and only when it was successful,m the routing to the actual content will be done.
4. You might want to look into Cloudflare Tunnel to hide your real IP address and protect against DDoS attacks.
5. No 🙂

What is this scam and why is it still here?

What do you think the “v” in “vps” stands for?

You don’t need to freeze the state of the RAM, you freeze the whole virtual machine - including the virtual RAM.

If it is in the RAM, they can read it. Since it is a virtual server they can freeze and clone the current state and connect to that copy and read all data that is currently encrypted/opened without you even knowing.

Today I learned that there are THREE Sonic movies.

That poor IT support person:

Most rich people make it easy to hate them.

I said it elsewhere already, but the new logo reminds me of a broken OSD from a really old CRT television where the channel number wasn’t overlayed but directly added to the video stream by the tuner hardware.

That the Empire State Building is a restaurant named Empire Steak Building.

They’re not so different, after all.

You need more training then.

This is why centralized social media (and messengers, too!) should be avoided at all cost.