Deep level packet inspection, they detect patterns or whatever in encrypted traffic (and the lack of thereof) and ban the destination ip china-wide.

How they do I have no idea, but they do, on my direct first hand experience. Its not based on domain names, directly straight and total ip ban. All ports, all domains on that ip get banned forever just because you started using a VPN (OpenVPN in my case, it was a few years ago).

It will work for a bit, then they will detect VPN traffic and just block the destination ip for good. Any ip you will use will be shortly unreachable for you, so be prepared to that.

LOL you madre me laugh…

Anyway being security conscious is important, and better be safe than sorry…

100% agree.

One point: use an SSO like authelia or authentic. Way better than basic auth and you get the fancy login form too preserving all the benefits, and you can also use OIDC with those services that require more complex setup for proper auth

Yes. The fearmongering of the security freaks is not necessarily true. We selfhosters are not big targets and nobody cares about our files or our devices.

Of course, until you get hacked.

But beside SMTP and ssh and known services like WordPress or PrestaShop there is little actual brute force bots trying hard.

Thank you! This is exactly why I do my wiki, so that people can use and benefit from the work I did before.

Mmm as for the admin console, I will add that, it had slipped from my wiki it seems!

My personal experience with conduwuit is very positive.

Everything worked including sliding sync for Element X.

Bridges works fine. Threads too (limited to client support ofc), session verification works fine, element call never tried, you need to install a dedicated server anyway, but that’s true also for synapse.

I was replying to the links post, must have got it wrong :)

So yes, I ended up thanking myself. Well, I always thanks myself anyway for not having screwed up too badly anyway so… ;)

Currently just setup conduwuit, tuwunel will require some more time to be up and ready, but they promised full compatibility upgrade.

See my wiki https://wiki.gardiol.org/doku.php?id=matrix%3Aconduwuit

There are also instructions for all main bridges.

Synapse is meant for heavy duty and is a pretty resource intensive python implementation.

Conduwuit and derivate is in rust and blazing fast on small footprint.

Tuwunel, the sequel of conduwuit.

Go with conduwuit today, then upgrade to tuwunel as soon as they release.

There is a post about that in this community.

Why synapse?

Its a good choice for max stability, but its by far the heaviest and most resource intense server out there, and probably overkill for a few user installation.

Well, wow. That feels mentally broken somehow. Probably also brilliant.

Thanks, very informative.

No, if you are batted, you will need a vps or some kind of real public address and tunnel to it for external to internal access. A VPN with port forwarding will also work.

Agreed, but still, its a serious loss for matrix, which is already a bit of ashitshow.

Is this shit true? I have been using conduwuit for quite some time with total satisfaction (as far as matrix goes OFC) and woulduch likely delete my matrix presente than sricking back to that shit show of synapse.

I read the link, and feel like i want to know the other side of the story.

But, honestly, don’t care for the stupidity of people and the toxicity. I care for the technical side and conduwuit is just the best out there. Losing it, it is a big loss for matrix globally.

Another point: 8gbps is mostly pointless. I would stay at 1gbps inside home and don’t bother to rewire and replace all my home equipment. That’s a long con game over the years slowly when each device has to be replaced anyway.

Maybe plan for 2.5gbps inside for the time being of you can do that a zero cost like reusing wiring.

I wouldn’t count on WiFi in any case, at best it’s a jimnick at that speed.

Get a nice hardware capable of running opnSense and use that immediately after your new ISP device. Just ignore their WiFi router, it will be crap whatever it is, unless you cat reflash with OpenWRT.

Be prepared that the new ISP will .most probably have CG-NAT.

Note: opnSense is based on *BSD so make sure the hardware you buy has supported 10gb network cards, at least two.

Radicale is an amazing light and efficient CardDAV/CalDAV server. Pair with Dav5x on android and you are fully setup.