chiisana

If they’ve got the orange cloud enabled, then Cloudflare will cache, minify, and distribute the static contents to servers closer to your ISP. The result would be that the initial page load appears faster. Dynamic content (such as actually performing a search) would require the server to actually perform actions, and would depend on wider range of factors.

A lot of words to say, yes, if you have static content to serve, Cloudflare is one of the cheapest way to make them go vroom vroom.

If you’re new, something like Uniquiti UniFi stack is very beginner friendly and well polished.

If you’re planning to run your own hardware, the usual recommendation seems to be pfsense or opnsense on a modern lower end system (Intel N100 box for example).

Bearing in mind that a router is only responsible for routing (think directing the packets where to go). You’d also want to have access points to provide WiFi for your wireless devices. This is where UniFi stack makes it easier because you can just choose their access point hardware and control through single controller. Whereas rolling your own you’d be looking at getting something else to fill that role.

At the end of the day, you’re running containers and both will get the job done. Go with whatever you want to start, and be open to try the other when you inevitably end up with jobby job that uses the other one instead.

Pretty sure it’s the same person who thinks expanding WiFi access in Downtown East Side is not news worthy, went on a huge rant about LGBTQ during that Chinatown Lunar New Year parade debacle, and largely supportive of anti-vaxxer/freedom convoy… that kind of person.

It’s uzi. Don’t bother.

On a lot of the image boards described by OP, tagging is managed by the users collectively. That is, almost everyone could not only add but also remove tags from content, as well as collectively maintain wiki on what the individual tags mean. When multiple similar tags meaning same thing come up, they’d alias to one central one; when different usages of same tag come up, they’d take a Wikipedia-esque approach to differentiate them; some even go as far as creating categories for tags so similar concepts can be grouped together. Trouble makers (people who repeatedly use tags incorrectly) lose their tagging privileges and so problem is kind of managed at bay.

Most of the apps I use support external authentication using popular standards (OAuth for most part). This means the clients will also support the said standards out of the box. Having a standardized authentication flow makes logging in much easier as well.

I also don’t want to deal with passwords… because I don’t trust myself to handle passwords. So before settling down on Authentik, I used FusionAuth to do OIDC via Google. Then I discovered I could do WebAuthn / Passkey with Authentik, so the portal really only ever need to know my public key, and approves access based on private keys, which are gated by my devices’ biometric features. This is way more secure than other solutions and I don’t even need to remember a password.

The one edge case I’ve encountered is a couple of apps recently transitioning to mandating authentication, but doesn’t have OIDC integration of their own. Fortunately, there’s a hidden config flag in XML that I can use to tell them that I have externally managed authentication, and I gate access to them via a middleware in my reverse proxy. As for client, my client of choice allows me to add custom HTTP headers, so I have a special “API key” kind of header that my reverse proxy looks at, which allow me to bypass authentication, so everything works nicely together.

In my mind, using the vanilla out of the box authentication feels less secure than me gating things via OIDC or middleware. This is because everyone knows they could Google for “Powered by WordPress” or similar phrase to target specific apps with known authentication exploit. However, by switching it up and using a different mechanism, the common exploit vectors might not be as effective against my deployment.

Admin UI feels okay to me, at most 1/2 a second between page loads/repaints, definitely not several seconds kind of slow. I am running it on my oracle free tier VM and I’ve got only 3 users, so maybe I’m way over provisioned? Have you tried to measure where the latency is coming from? As in, it is the raw page load that’s slow, or if it is subsequent JavaScript triggered requests bottlenecking the performance?

Do you mind elaborating a little on in what sense it is slow for you? It doesn’t “feel” slow for me, but as you’ve identified, it’s a multipage login process with some JavaScript driven content, so it’s not exactly the fastest compared to something more static. The pages generally loads in around/under 1 second for me; and once authenticated, the flow happens fairly quickly and infrequently that I don’t really notice or care for it.

OIDC was a huge thing for me, I used FusionAuth for a bit and it worked great. Then I learned I could deploy my own WebAuthn / passkey password-less authentication, moved over to Authentik, and never looked back.

Humph… I wonder what’s the actual underlying issue here. Such a strange one!! Hope you’re able to figure it out at some point!

If you don’t mind, can you please try disabling all but one or two stacks and see if your homepage responds faster?

I think although your setup may work, and is definitely better than me dumping everything into the Traefik gateway network, I can’t help but to wonder if Traefik picked up some overhead with each additional network it gets added to…?