ShellMonkey

I tend to keep things simple so if I can it's easier to not set up the separate auth middleware when there's already an AD comparable system in place.

Another option I've used before is called Neth Server, but that's more one of those SOHO all-in-one systems rather than a dedicated mail box.

https://community.nethserver.org/

Just beat me to it...

The one thing that they don't have yet last I updated, though they've been working on it for a while, is a prod ready LDAP/SSO connection. I had the dev branch working with Keycloak, but never got plain LDAP to function.

They're a part of the mix. Firewalls, Proxies, WAF (often built into a proxy), IPS, AV, and whatever intelligence systems one may like work together to do their tasks. Visibility of traffic is important as well as the management burden being low enough. I used to have to manually log into several boxes on a regular basis to update software, certs, and configs, now a majority of that is automated and I just get an email to schedule a restart if needed.

A reverse proxy can be a lot more than just host based routing though. Take something like a Bluecoat or F5 and look at the options on it. Now you might say it's not a proxy then because it does X/Y/Z but at the heart of things creating that bridged intercept for the traffic is still the core functionality.

It depends on what your level of confidence and paranoia is. Things on the Internet get scanned constantly, I actually get routine reports from one of them that I noticed in the logs and hit them up via an associated website. Just take it as an expected that someone out there is going to try and see if admin/password gets into some login screen if it's facing the web.

For the most part, so long as you keep things updated and use reputable and maintained software for your system the larger risk is going to come from someone clicking a link in the wrong email than from someone haxxoring in from the public internet.

I have a dozen services running on a myriad of ports. My reverse proxy setup allows me to map hostnames to those services and expose only 80/443 to the web, plus the fact that an entity needs to know a hostname now instead of just an exposed port. IPS signatures can help identify abstract hostname scans and the proxy can be configured to permit only designated sources. Reverse proxies also commonly get used to allow for SSL offloading to permit clear text observation of traffic between the proxy and the backing host. Plenty of other use cases for them out there too, don't think of it as some one trick off/on access gateway tool

A deadline set by a government agency for government workers, NOT a 'Google Pixel Deadline'. Stop writing alarmist headlines to make it sound like Google is gonna shut off your phone if you don't comply. You should update, but knock this writing style off people.

Zabbix or Cacti are nice ways to draw maps that also serve a functional role in keeping track of the activity and alerting.

Looks like was just updated today pending transfer, so either the owner transferring registrars or someone took it over.

https://www.whois.com/whois/funkwhale.audio

Domain expired on the 19th, so it's validly offline. Has always seemed to be a low-adoptiom platform, will have to see the status in the next few days.

Makes sense, I'm so accustomed to making virtual machines and such that it becomes just a thing but inevitably at some point admin access was required to create the hypervisor, the vnic, a virtual switch, etc. Without that restriction a piece of malware could readily exfiltrate data past a local protection by just making it's own new pathway through on the fly or any number of other unpleasant things.

I recall using an app way back when I used to root and haxor all the mobiles that would do this. Kind of a virtualbox for the Nexus phones/tablets, but it needed root to do it. Will have to look into this, would be interesting if it can do so in user space somehow.

Edit: Damn, still needs root. Was a longshot to be able to hook into system resources without it but was hoping for some bridge function.

Exactly, the term has been pretty well claimed by people who host things like, oh say, their own Lemmy service or such.