https://lemmy.rip/ doesn’t have a valid SSL which might be a problem.

It sounds like jest plain simple website/forum BUT with specific protocol making it more discoverable/searchable?

Allowing to post comments anonymously… sound like a bad idea in the long run, but who know, make me eat my words.

Hybrid Hard Drive

https://www.techtarget.com/searchstorage/definition/hybrid-hard-drive

I did saw You could also use Tailscale and use their internal signed certificates. Then you can access it both internally and remotly over Tailscale with SSL.

Personally I own a domain for years and just use it.

Totally agreed, but there are pros and cons.

File - harder to steal but once stolen hacker can bruteforce it as much as it wants. Web service - with proper rate limits (and additional IP whitelist so you can only sync on VPN/local network) - its harder to bruteforce. (But yes, you (sometimes) have also full copy locally in the local client, but …)

If it was only for me I probably would also go with KeePass as you will not update the same db at the same time, but with with multiple users it’s getting unmanageable.

I just got triggered as those CVEs are not that bad due to the nature that the app encrypts stuff on the client side so web server is more like shared file storage, while your answer suggested to switch to a solution that doesn’t work for a lot of people (as we already tried that).

Explain how can you use KeePass+Syncthing with 10-50 people (possibly different groups for different passwords) having different sets of access level while maintaining sane ease of use?

The passwords are encrypted in the first place so the security for them is only on the client side.

Because Nginx Proxy Manager exists.

And also because for me it started from web hosting where Apache and Nginx dominate and later because of many easy to understand example configs from the net including many “docker letsencrypt” examples.