How do you handle SSL certs and internet access in your setup?

I have NPM running as “gateway” between my LAN and the Internet and let handle it all of my vertificates using the built-in Let’s Encrypt features. None of my hosted applications know anything about certificates in their Docker containers.

As for your questions:

1. You can and should – it makes managing the applications much easier. You should use some containerization. Subdomains and correct routing will be done by the reverse proxy. You basically tell the proxy “when a request for foo.example.com comes in, forward it to myserver.local, port 12345” where 12345 is the port the container communicates over.
2. 100% depends on your use case. I purchased a domain because I host stuff for external access, too. I just have my setup to report it’s external IP address to my domain provider. It basically is some dynamic DNS service but with a “real domain”. If you plan to just host for yourself and your friends, some generic subdomain from a dynamic DNS service would do the trick. (Using NPMs Let’s Encrypt configuration will work with that, too.)
3. You can’t. Every georestricting can be circumvented. If you want to restrict access, use HTTP basic auth. You can set that up using NPM, too. So users authenticate against NPM and only when it was successful,m the routing to the actual content will be done.
4. You might want to look into Cloudflare Tunnel to hide your real IP address and protect against DDoS attacks.
5. No 🙂

Unklar bleibt jedoch, wohin die Reise geht.

Also nur mal wieder blinder Aktionismus? Wie damals, als die öffentlich-rechtlichen kollektiv Twitter Richtung Mastodon verlassen wollten - da ist auch null-komma-null-null was bei rumgekommen.

Ach ne, doch, ein, zwei Publikationen haben einen Bot, der die ansonsten leblosen Mastodon-Accounts sporadisch mit ein paar wenigen Inhalten füllt.

Wenn wir uns mal kollektiv alle nichts vormachen, wird das hier doch genau so laufen. Jetzt wird noh groß rumgetönt, aber in ein paar Wochen sind sie weiter alle auf X, als wenn nichts gewesen wäre.

Exactly this. If you buy quality products and be considerably careful with them, they figuratively last forever.

… und nicht vom Staat betriebene Social-Media-Dienste.

Mmh, maybe around 20-30 years.

What is this scam and why is it still here?

Bundespolitiker sind bestechlich.

What do you think the “v” in “vps” stands for?

You don’t need to freeze the state of the RAM, you freeze the whole virtual machine - including the virtual RAM.

If it is in the RAM, they can read it. Since it is a virtual server they can freeze and clone the current state and connect to that copy and read all data that is currently encrypted/opened without you even knowing.

This versioning is just moronic.

Dumbing things down is a sign of respectlessness towards the audience. So no. I am not doing this. I sometimes write things in a shorter way due to the nature of the medium, though.

But my Mastodon instance is configured to allow up to 5000 character per message, so there is plenty of space if I feel like.

Changelog:

https://wiki.documentfoundation.org/ReleaseNotes/25.2

Today I learned that there are THREE Sonic movies.

Eine Warnung an Elon Musk, es nicht zu übertreiben.

Siehste!

Image is my CSS sheet compared to the crazy amount of CSS sub sheets that exist in bootstrap.

This is what you get when using an absurdly over-complex framework.

headlights so bright that you blind other drivers

I bet there is a market for that.

Ist das Verlust?

Only if he’s flat.