You are right. This is the least I can do.

Thanks for the words of encouragement.

☹️

I hate that you are right. I really wanted to do something to make a difference, but it’s saddening to see no one batting an eye to this.

Even if we get people to shift to privacy respecting or encrypted apps, the problem still stands. They could just ask you to give access to those services. If you don’t, it would come with its own legal challenges.

Section 247(1)(ii)–(iii) mandates individuals and businesses to disclose passwords or encryption keys and permits officers to “override the access control” of any device or account. If you don’t hand over your phone passcode or email password on demand, officials can hack into the device. Any refusal is now explicitly punishable as non-compliance.

End-to-end encrypted messaging services like WhatsApp or Signal could be forced open during a tax raid.

Solving the issue would need to come from challenging the law itself.

I’ve been using your application for my services for almost a month now, though I just have one redirect link at the moment. I just forgot about it after the setup, although you could consider it to be a sign of a good product?

I wish if there could be additional analytics or logs for the links like a timeline, unique + existing visitors etc, however I completely understand if they cannot be implemented for the sake of keeping the app simple. Thanks for your service regardless!

Absolutely lovely animation. This just made my day. Thank you kind stranger.

Thank you for your suggestions. From the thread it is highly apparent that I would need IT’s support on this.

As for the hardware, we could still consider a machine with Linux as the server instead. Though the remote access issue would need to be resolved.

Honestly, after considering the security implications of enabling access to the university’s network, I think I would first warn the team about this before setting up anything and let them decide how to proceed afterwards. I’ll also inform them to ask the IT department for the in-house VPN solution and identity management.

I don’t believe there would be need for the team to access anything in the network apart from the computer itself. Is it possible to arrange a solution that disables connections to intranet devices through the server by default just to be safe?

I wasn’t able to get a clear response but I can say that they are primarily going to use it for writing and storing code like a Github repo, plus installation of 2-3 programs whose names I couldn’t recognise.

They could use Github itself, but I know they know this too so but deliberate chose to work this way. I could probably suggest a software like Gitea or Forgejo for this purpose, but I suppose they aren’t in need of that.

Mostly it boils down to laziness. They for sure have the ability to set up the server themselves but they can’t be bothered to unless it’s for a larger number of machines. They have essentially given a thumbs up to proceed with the setup but haven’t offered assistance themselves. I think the team might already have reached out to them, but were let down which is why they tried to contact me.

The server will be stored in the personal office of one of the members of the team. It should be physically secure.

I don’t think I would completely lose access to it, rather it’s just that I won’t be allowed to personally SSH to the server with my own devices. I may still be able to connect to it through one of the members’ devices or onsite. The team member earlier mentioned will take care of the system after the setup.

I don’t know what’ll happen to the server after the project is over, nor am I in a position to assume something.

They already have gotten the permission for this.

However the IT department wouldn’t be helping with enabling public access to the computer via the university’s intranet. So it is up to me to figure out an alternative connection strategy like tunneling or VPN.

I was proposed to set up the server knowing that I have limited knowledge on managing stuff like this. They already have an sysadmin in the campus, but I think their setup is simple enough that they were willing to approach me. Besides I do consider myself to be experienced enough to work my way around CLI and troubleshoot issues even if I haven’t had experience with hardware like this.

I don’t think negotiating for a different computer would be possible. The main challenge would be to make best of the hardware I’m provided, with additional peripherals if needed.

I do plan on asking them the nature of the work to be done on the server, but I wouldn’t expect it to be too niche or computationally intensive since they have separate computers for that. In any case, I will relay the points highlighted in this thread to them and get a clear idea of what is needed to be arranged.

Part of the reason why they left so many details vague was to give me some freedom on what to setup in the server based on what I think is right, although I do agree there needs to be clarification for some points.

Could you give me a hint on what I should additionally ask regarding their server needs?

Could you suggest what would be the most appropriate backup solution in this case? I could also ask them to arrange a backup drive or a cloud provider if needed.

I was told the some team members work in different universities, so we would need to accommodate them as well

Sorry if I am unable to provide specific details for the queries. I don’t have answers to most of them myself which is why I was hoping what the safest bet for these situations would be to implement.

1. Highly likely they would be installing new software

2. I don’t know much about its use case, although it won’t be too intensive since they probably have a separate machine for heavier work.

3. Backup storage option wasn’t proposed at all. I’m thinking of proposing to implement one.

4. I expect between 10-20 users.

5. User permissions requirements wasn’t discussed as well, although I wouldn’t expect there to be any need to grant everyone admin privileges

6. Don’t know about the criticality of data. I could only speculate to be considerable by default.

The server should be no problem to the university as long as it’s set up to do what I was told it would do.

Is it okay to use macOS too? I thought Linux was more prevalent among servers. Although if there is no significant change in operating one compared to Linux, then I’ll just stick to macOS after all.

Thanks a ton!

I would never have found this on my own otherwise. I feel any amount of gratitude would fall short of compensating for how much time and effort it has saved me. Thank you regardless.

If possible, can you share how I can achieve the same effect with SFTP?

I’ve set up Pangolin on my VPS and had no problems accessing docker services on my homelab remotely. However, I don’t know how I am supposed to SSH or SFTP to my homelab. Will I connect to my VPS instead? Would I need to break Pangolin or expose a vulnerability to do so?

Honestly I am in need of a proper networking tutorial at this point.

Thank you for your assist. I found the underlying issue to be with the DNS from the domain provider. I switched to Cloudflare DNS and now it works flawlessly.