80/443 is all that's necessary for Headscale as a control server.
UDP/3478 is STUN for the embedded DERP. I recommend hosting a distinct DERP server, thus decoupling the control and data planes. DERPer is open source from Tailscale.
50443 is for GRPC. I'd not expose that, even if it is protected by authentication (and tested).
I'm absolutely hooked on Caddy. Just developed an AITM phishing tool like EvilGinx2. Challenging project, but Caddy's modularity really brings it all together. Need encrypted landing pages? Just string together a few modules. Need conditional forward proxies to make sure requests originate from geographic regions? Placeholders to the rescue.
Another interesting point is that VPN providers have access to server-side keys and, obviously, the processes. This just makes the VPN provider the new ISP.
There's no guarantee that VPN traffic isn't being decrypted and inspected
It's relative to personal preference, economic status, and general logistics. If your living conditions and/or lifestyle support EVs, do the thing if you want. Stick with ICE otherwise.
Although, I do have to say that I think EV benefits can materialize without national adoption.
If the majority of people were to prefer EVs in a densely populated city, for instance, then conditions would likely improve for everyone who lives within the boundaries of said city due reduced emissions. Not to mention minimized road noise! It seems like every other car in Atlanta is a Hellcat and 02:30 is their doughnut hour (kill me plz).
In an ideal world, we could use EVs for daily life and high speed rail for long distance travel. But that'd involve tax dollars and that'd take away from the military industrial complex's bottom line, and we can't have that!
UDP/3478 is STUN for the embedded DERP. I recommend hosting a distinct DERP server, thus decoupling the control and data planes. DERPer is open source from Tailscale.
50443 is for GRPC. I'd not expose that, even if it is protected by authentication (and tested).
reply