Thank you both, I’m starting to get it.

Thank you! I’ll start there and check that I can easily access the logs.

I’ll give it a look. No real reason for fail2ban specifically, it’s just often mentioned as an easy process for beginners.

I’m still not sure what this means. Run fail2ban on the router or on each VM? Caddy does have a fail2ban module if it makes more sense to run there?

This f***ing guy.

It could certainly be written better to more clearly state this, but I believe the intent is to only limit the data requested and stored for the purpose of age verification. This should not impact data collected or retained for other purposes.

Linking to the doc posted on the official.gov site: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

It’ll be painful, but I recommend moving away from that .edu address. Universities are notorious for causing headaches for grads trying to access their .edu addresses in the long run. Register your own domain, create an email under that domain, then use whatever email client you choose.