monotux

servethehome.com has a series about these fanless, multi-gigabit firewall for a while, might be interesting if you have a 200-300 USD budget?

https://www.servethehome.com/tag/firewall/

I've used a very similar setup in the past (J1900 CPU, 4x1 Gbps network ports) and I only replaced it due to reasons. Not noticed any performance bottle necks with that setup.

The latest N100/N200/N300/N305 CPUs from Intel looks really interesting, similar performance as my workstation but at a 10th of the power usage. N305 also has 8 cores in a passively cooled case, amazing stuff!

I'm using a ~30 USD thin client with a 4 port networking card (~20 USD), just using plain nftables on Debian. It routes handles my network just fine (complex rule set with many subnets & rules, 250/100 Mbps connection). Also using codel/cake for traffic shaping, avoiding lousy ping times even when downloading/streaming et c.

I use two TP-Link EAP 245v3 (ancient by now, but I can still use all my WAN speed from all rooms) for WiFi. Works great.

If I would redo it I'd use VyOS, OpenWRT or maybe OPNSense, but still using x86 hardware due to cost/power usage/performance. And then newer ceiling access points.

I’ve thought about it, and nobody will care about your/my elaborate setup after we are gone. It will just be replaced by a ISP router without regrets.

I use authelia. It’s pretty straight forward to get started with, I just use the yaml user file and a SQLite database for sessions. I’m running it in podman with auto updates enabled for the tag I’m using (can’t remember which tag, but not latest).

I then use their tutorials as a base for the systems I want to use oidc with (grafana, miniflux…), or just redirect traffic through my reverse proxy to services that lacks proper authentication (looking at you, *arr stack).

I use caddy and traefik for reverse proxy, and it’s very simple to use forward_auth and similar with it.

It took an evening to figure it out but it’s well worth it!

Also have a look at omnivore as a pocket alternative!

What. That’s amazing!

Is your domain zesfca.com?

Calm down, no need to go crazy here

After all, it just tells time

It's for making your computers clocks be very, very close to each other. Not milliseconds close, but nano seconds. That is more important than one might think, especially for networks.

I'm going to have something similar at home at some point, just need to make a few more cable runs so one GPS can see the sky (= more accurate)

yes, but it's throughput must be measured in Kbps, right?

You missed replacing your domain in this post, so I could try your site. It looks like your rewrite works fine, but getting the 404 here as well.

What happens when you run it locally? (hugo serve) Does it work?

Also, run: ls /var/www/mydomain.com/public/ if possible and share the results here. It should contain folders matching your site setup.