• 0 Posts
  • 8 Comments
Joined 2 years ago
Cake day: June 30th, 2023
  • CriticalMiss@lemmy.worldtoSelfhosted@lemmy.worldHow do you handle SSL certs and internet access in your setup?English
    2·
    6 months ago
    1. I don’t think this is a problem with tailscale but you should check. Also you don’t have to pipe all the traffic through your tunnel. In the allowed IPs you can specify only your subnet so that everything else leaves via the default gateway.
    2. in the DNS server field in your WireGuard config you can specify anything, doesn’t have to be RFC1918 compliant. 1.1.1.1 will work too
    3. At the end of the day, a threat model is always gonna be security vs. convenience. Plex was used as an attack vector in the past as most most people don’t rush to patch it (and rightfully so, there are countless horror stories of PMS updates breaking the whole thing entirely). If you trust that you know what you’re doing, and trust the applications you’re running to treat security seriously (hint: Plex doesn’t) then go ahead, set up your reverse proxy server of choice (easiest would be Traefik, but if you need more robustness then nginx is still king) and open 443 to the internet.
  • CriticalMiss@lemmy.worldtoSelfhosted@lemmy.worldThe Immich core team goes full-time | ImmichEnglish
    1·
    1 year ago

    For the license to be changed every team member needs to submit a written agreement that he agrees to the change, otherwise their contributions must be removed as they were written under a different license, the only exception is usually permissive licenses such as MIT/BSD 3 clause.

    Usually, to rugpull FOSS contributors, companies who maintain FOSS software ask contributors to sign a CLA which waives their rights and lets the control their contributions. Immich isn’t doing any of that, and it will likely remain AGPL forever because changing the license will be a big hassle for them with the amount of contributors.