I don’t remember which one I specifically used, but theres plenty that show when you DDG “mtls nginx”. There’s probably others specific to other reverse proxies too.

I’ve been preferring mTLS recently. I still use a VPN for management, SMB/NFS, and anything important. But I use mTLS for web services that I’d like to access without having a VPN active all the time. Although, if your web service had a mobile app, usually they don’t play nicely with mTLS, so a VPN would be required for me, but Home Assistant and TrilliumDroid do have mTLS support.

Haha I love how this has progressed, from ‘What free VPS?’ then ‘Free VPS doesn’t work’ and now we’re at ‘What can I do without a VPS?’.

Anyway, I was self hosting from home well before I started playing with VPSs, so it’s a good way to get started before having to spend money. And I still self host most of my infrastructure just because I prefer upfront costs to subscriptions.

Edit: I meant to add if you don’t have a publicly routable IP or don’t want to port forward, you can use something like Cloudflare Tunnels to proxy everything through their servers.

I found a post on the forum:

https://forums.truenas.com/t/scale-build-git-repo-going-closed-source/64313

This is only their old build system which they weren’t using themselves, the rest of the OS will remain open source. However they also said some worrying stuff about including “proprietary pieces of the OS”.

Nginx also has support for rate limiting built in.

On the topic of blocking, I block useragents starting with Mozilla/5.0 that are using HTTP/1.X, since all modern browsers default to HTTP/2.0 and anything else is usually always bad bots. You can also return 426 with the Upgrade: h2c header to let some older browsers know to use HTTP/2.0.