Yes and no? It’s not quite as black and white as that though. Yes, they can technically decrypt anything that’s been encrypted with a cert that they’ve issued. But they can’t see through any additional encryption layers applied to that traffic (eg. encrypted password vault blobs) or see any traffic on your LAN that’s not specifically passing through the tunnel to or from the outside.

Cloudflare is a massive CDN provider, trusted to do exactly this sort of thing with the private data of equally massive companies, and they’re compliant with GDPR and other such regulations. Ultimately, the likelihood that they give the slightest jot about what passes through your tunnel as an individual user is minute, but whether you’re comfortable with them handling your data is something only you can decide.

There’s a decent question and answer about the same thing here: https://community.cloudflare.com/t/what-data-does-cloudflare-actually-see/28660

Admittedly I’m paranoid, but I’d be looking to:

1. Isolate your personal data from any web facing servers as much as possible. I break my own rule here with Immich, but I also…
2. Use a Cloudflare tunnel instead of opening ports on your router directly. This gets your IP address out of public record.
3. Use Cloudflare’s WAF features to limit ingress to trusted countries at a minimum.
4. If you can get your head around it, lock things down more with features like Cloudflare device authentication.
5. Especially if you don’t do step 4: Integrate Crowdsec into your Nginx setup to block probes, known bot IPs, and common attack vectors.

All of the above is free, but past step 2 can be difficult to setup. The peace of mind once it is, however, is worth it to me.

Better than using what? All I see is a bunch of stars.

Nah that one attaches to the twisty rod thing that you get on normal blinds. I need something more like this but I can’t find a non-Aliexpress version. Not that it matters cos I’d need 5 of them and that puts the idea out of my price range for the foreseeable future.

TIL they’re called plantation blinds! The slats swivel open and closed as opposed to the entire thing raising and lowering but I assume that’s what you meant. No external rod or handle, all of the slats are linked inside the frame somehow.

Edit: Actually knowing what they are has helped my search massively. Looks like there’s options on Aliexpress, albeit not particularly cheap. Thanks!

Yeah that’s exactly what I’d done but it was insisting on trying to redirect me to the site on port 4443 for some reason.

Fixed it in the end by reverting the NPM config to default (no advanced settings) and instead using Pihole’s VIRTUAL_HOST=pihole.mydomain.internal environment variable in the Docker compose file.

Cheers for your help anyway!

Just tried this myself and mine does the same thing but I don’t have anything set in the custom locations tab. What did you do to resolve it?

Synology has Container Manager, which is their GUI frontend for Docker, so if it’ll run in Docker it’ll run on a Syno NAS. I’m running Pihole on mine just fine.

As for the M.2 drives, you can use non-Synology ones as storage. Don’t quote me on it but I’ve a feeling it “just works” in the EU where they’re not allowed to force you to use specific brands, but if it doesn’t then there’s a script that removes the restriction: https://github.com/007revad/Synology_enable_M2_volume

You should check their repo as they have other useful scripts. I’m using the one that enables dedupe on non-SSD volumes myself.

Mind officially blown! I’ve just spun up a Debian KDE instance and it’s running beautifully. Exactly what I wanted, thank you!

Yes, big fan of XCP-ng, we use it extensively in work, but I’m not convinced it’s my best option in this case.

I’m using plenty of containers, accelerated and otherwise, but I also want a full-blown desktop that I can access from wherever. Even on a wired LAN, streaming that desktop is slow and laggy when it’s hosted on my NAS, which I think is due to the lack of hardware acceleration on that system. I want to move the VM to a host that has that feature (currently running Ubuntu Server) but I need a hypervisor that doesn’t require its own desktop system to be installed in order to manage it.

Plenty of good replies here to help me though.

Well indeed, that’s why I want to move the VM off the NAS and onto something with some hardware acceleration. Are there any remote frontend options for KVM?

Thanks, I’m going to have to put some research into this!

I’ve heard Shelly bandied about quite a lot in the HA circle but this is the first thing that’s made me sit up and take notice. You’re saying they’re far more customisable than, say, your standard ZigBee light switch?

Yes of course! I enabled experimental features to use a template add-on, but I later removed it and turned the option off.

Either they A/B tested this or they accidentally released some of it early because I got all of that new UI stuff a few months ago, complete with addons appearing in the HA updates section. A few days later, just as I’d got used the change, it disappeared!

At least I now know I wasn’t going mad.

To be fair the Synology lineup is confusing, but if you get the right model - one with a Ryzen processor and support for 32GB memory (officially; they can take more) - then you’ve got yourself a proper little workhorse with low power consumption, a stable, reliable OS, and super easy expansion thanks to the hot-swap drive bays and their Hybrid RAID option. My 8 bay model is running a couple of full-blown VMs and what must be two dozen or so docker containers while barely breaking a sweat. The DS723+ is the equivalent 2 bay model.

For things that need some acceleration like Plex and Immich I’ve added a little N100 box (a Beelink S12 Pro) with Ubuntu Server and another Docker instance, and mounted the NAS storage via SMB. This also sips power even when transcoding 4x Plex streams at once.

All of which is to say you don’t need to do a complex, potentially power hungry and difficult to expand self build to do what you want.

Ohhhhh I see. The wording on that page could be so much better!

I don’t get it. What’s it supposed to be doing?

This is excellent but alas I can’t get it to work in nginx-proxy-manager. Keen to see if anyone else can figure it out.