Hacker News new | past | comments | ask | show | jobs | submit login

I recommend checking out Caddy <https://caddyserver.com/>, which replaces both Nginx and Certbot in this setup.

Tailscale <https://tailscale.com/> can remove the need to open port 22 to the world, but I wouldn't rely on it unless your VPS provider has a way to access the server console in case of configuration mistakes.




Caddy also simplifies many common Nginx configurations with a one-liner. The biggest hurdle is when you don’t have a simple configuration, as all the examples are usually only for Nginx ;)


I've recently discovered, that Caddy config file has a neat support for imports: https://pastebin.com/vVQYrpmj


Regarding tailscale, be sure to remove the expiration flag on your server. That's how I lost mine.


For Tailscale backup access, another way is to block port 22 on a firewall and then only unblock it if you need access.


If you depend on the host behind Tailscale to access the firewall from the inside then that's not going to work. Most colos I have hardware at offer a separate network for iDRAC/ILO/your flavor of OOB management, I like to use the console through that to open/close stuff like this.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: