Public money, public infra and public funding? :)

Same, using the default storage template.

I’ve not been able to make it work reliably with photos backed up using immich on my android phone, is if working for you? I read somewhere storage templates are not very robust/reliable.

If they have an issue with copyright infringement, they should discuss with OpenAI, Microsoft, Google, Anthropic and more.

Google can’t control the device if you’re not running Google. GrapheneOS will still work like before, allowing you to run the apps you want. But the jury is still out on how long… I hope we can have a long term GrapheneOS solution regarding hardware.

I salute the effort, but it would really drive the point home if you also tracked changes to the settings available as well, as in settings disappearing and new settings appearing. The default values for those new settings is also crucial, and finding out about a setting no longer being available could also be useful.

Interesting setup. Funnily, I have one specific subdomain hosted on an actual cloud provider, publicly and all other subdomains are private and local. It works just fine :)

In the end, there’s like a tradeoff between enjoying your system as is and pouring I don’t know how many hours in setting it up when it’s a new idea haha

I’m not trying to expose it to the internet and there are indeed multiple solutions to get HTTPS. This one works with a real domain name is what works best for me :)

Yes it does. Are you using Firefox? And you can’t resolve local ip addresses, so that’s why you are setting this exception?

Wouldn’t that require me to use tailscale even at home on my home network? It also does not provide HTTPS unless you maybe use magic DNS, but then we’re back to using a public domain I guess.

Since it knows the DNS will always be public, it also knows that the 192.168.10.20 address is not routable on the internet where it found it.

That is in fact not it. I left the default firefox DNS setting. I simply enabled network.trr.allow-rfc1918 from within the about:config which allows the resolution of local IP addresses. It now works. All my DNS are public, I make no use of any private, local DNS.

This was not required in my case, but maybe it solves other issues?

Works flawlessly with my tailscale setup :) Thanks for asking! I’m not trying to expose anything to the open. Just for me personally, from home or remotely using my VPN.

Thanks for your response. Indeed, this is only for myself within my home network. No split DNS required, the public DNS record mentions my local private IP address which of course will only resolve to my homeserver from within my home network and will not lead anywhere for anyone else from any other network. That’s all what makes this great. Yes, I did the DNS challenge as I mentioned in my OP and retrieved a wildcard certificate for all my local needs :)

Yes, I now managed to make it fully work on firefox too, needed to set network.trr.allow-rfc1918 to true in the about:config settings! :)

so some apps (like Firefox) with internal hard-coded DNS functions

Thank you! This was the information I needed! It landed me on this page https://support.mozilla.org/en-US/kb/firefox-dns-over-https which shows When DoH is enabled, Firefox by default directs DoH queries to DNS servers that are operated by a trusted partner, which has the ability to see users' queries and lead me to this page https://wiki.mozilla.org/Trusted_Recursive_Resolver where I was able to read more about it. That explains why it does not work, I appreciate the insight!

No, it is not fully working. Many have tried to explain to you that your setup only works for YOU on YOUR subnet.

That’s exactly what I want. I don’t know why you thought I wanted something else? I’m trying to reach services in my home network from home, using HTTPS, without requiring a local DNS or to load self-signed certificates.

EDIT: I realize I maybe could’ve made a better job at explaining that the intention was for it to work exclusively for me on my home network.

Yes, it was an attempt at doing on step at the time, but I realize I’ve been able to make it work in some browsers and on some DNS using HTTPS, as hoped. I’m now mostly trying to solve specific DNS issues, trying to understand why there are some cases where it’s not working (i.e. in Firefox regardless of DNS setting, or when calling dig, curl or host).

Opening up the network developer tools in Firefox, I’m seeing the following error: NS_ERROR_UNKNOWN_HOST, though I haven’t been able to determine how to solve this yet. It does make sense, because it would also explain why curl is unable to resolve it, if the nameserver is unreachable. I’m still confused though, because cloudflare, google and most other DNS’s I’ve tried work without issue. Even setting google’s dns in firefox does not resolve it.

This was a good suggestion, indeed other browsers seem to work just fine, I updated my post with a new edit. I’m making progress, it seems I’m having some specific issue with Firefox, my default browser. And your last point was also spot-on, though I only understand now what you meant now that I figured out the port-80 resolution loop trap.