Generative Engine Optimization (GEO)…ugh.
30 years of SEO slop and here we go again.
👋 Hola, I am Nick.
Software architect-turned-marketer. Focused on APIs and SaaS. Worked agency-side and client side. Built, tested, executed, and optimized marketing strategies for startups and Fortune 500 brands. 😁
This site is mainly for me. Instead of keeping notes in a ton of different apps and files, it will all go here. I’ve got thousands of files with notes. It’s going to take years. This should be fun.
Still…feel free to look around.
Explore
Section titled “Explore”Stalk Me
Section titled “Stalk Me”Latest Updates
Over the last couple of years I’ve used Tailscale to easily connect home servers and VPSs. Tailscale is pretty special. It’s almost idiot-proof. Exposing web apps internally was stupid easy.
For external use, I used the Cloudflare Zero Trust stack, like Tunnels and Access. There was a learning curve especially if you were connecting Cloudflare to a reverse proxy like Caddy instead directly to the ports of the web apps. Still with a bit of Googling, it was doable.
Now, not that I think Tailscale or Cloudflare would peek into what I was doing on the servers, all their tools running as root which made me wary. Tailscale clients are open source and no one has complained about Cloudflare doing hinky stuff, but I had a little internal voice telling me to find alternatives.
My first thought was replacing Tailscale with Headscale, but you can’t do that exactly. Headscale replaces Tailscale control server so you don’t have to depend on Tailscale’s infrastructure. Even after replacing Headscale, you’d still keep using Tailscale clients since they allow you to set whatever control server you want to use.
It took some time to substitute in Headscale, but it was never 100% solid. Clients would randomly stop responding here and there. I’m pretty sure it was my fault in terms of how the servers were set up but the debugging started getting tedious. I got to the point where I wanted to wipe servers clean and start over, but I didn’t have the stomach for that.
I went back to thinking about alternatives. Over the last few months, I’ve heard Pangolin ↗ mentioned a lot. Pangolin is more like Cloudflare Access than Tailscale. You have a Pangolin server that is accessible externally. All the other servers run Newt, which connects the servers to the Pangolin server. The Pangolin server does all the reverse proxy work and provides a great dashboard to configure domains and routes.
After getting Pangonlin set up and all the servers connected to it, I decided I wanted to lock down access a bit more. So I went down the mTLS rabbit hole. All I can say is that journey sucked, but I wrote up instructions for setting up mTLS in Pangolin.
Next, I need to look into ssh certificates. Reading instructions for setting that up makes my eyes glaze over.
I haven’t fully found a replacement for Tailscale/Headscale functionality to easily ssh into any server on the same tailnet yet, but it’s on my todo list. You can kinda do it with Pangolin, which can reverse proxy raw TCP/UDP packets, but that doesn’t like the best plan. We’ll see.
I’ve been putting off upgrading this site to the latest version of Astro due to breaking changes related to Tailwind. Those types of upgrades never go well.
That’s where Claude Desktop came in. Using the git and codemcp MCP servers, I got it done in a couple of hours.
Serioulsy, it would taken me a couple more years to update if it hadn’t been for LLMs. Not like it’s a major deal since this is a static site, but that’s real productivity right there.
Just finished Project Hail Mary ↗ by Andy Weir. It’s the best science fiction book I’ve read in some time. Andy Weir wrote The Martian.