Total Commander
I've started recommending Amaze, it's free, open source, and easy to use.
Although I still use Solid Explorer for myself, but only because I've paid for it and know how it works.
Both have SMB support, since copying files to and from my server is pretty much my only need for a file manager.
Commemorative coins are sometimes really expensive here, the Royal Australian Mint has a shop where you can pay hundreds for some special coins.
I'd be quite surprised if they actually support DoH, but OP already said it was set to OpenDNS by default anyway, so if it did it's probably disabled.
I also don't believe DNSSec would affect this, since it just verifies that a DNS zone wasn't modified by a non-authority, not that you're actually talking to the same DNS server you're expecting.
The HTTPS certs are designed to prevent MITMing, but if it's still a worry or the domain is blocked by DNS, you can manually find the IP and add it to your hosts file instead.
I'm not a radio engineer, but my understanding is you're just bouncing signals off the moon itself, there isn't a device that echos the signal back or anything. There are mirrors on the moon to reflect lasers back though.
A reverse proxy by itself doesn't do much security wise. You could possibly setup some sort of authentication, attempt blocking, and rate limiting (in the reverse proxy, don't trust the DVR), but it'll probably also break the DVR even more.
There's bots that port scan and specifically target all sorts of stuff, and DVRs are a very common target. With a VPN in the way, there's no way of knowing what's there. A VPN also shouldn't break the web UI.
I really wouldn't expose a DVR to the internet, and especially not RTSP, those sorts of things get brute forced all the time, and you can find websites full of hacked cameras.
What I would do is run a VPN server (maybe Wireguard) on your Pi, and VPN in when you want to look at your cameras.
No worries! It was shown quite prominently a few years ago, but it seems they prefer downfor.io now, which seems way harder to remember.
It's probably blocked for whatever reason (maybe less than 90 days old?)
My work and Uni do the same thing, they don't do full SSL inspection, so most websites don't need a custom certificate authority; but if the SNI is blocked then they need a custom certificate to hijack and display a blocked message, most browsers will detect this as a MITM and display a not secure message instead.
Some expansion cards use more power in certain slots.
I'm assuming it's a fresh install, so nothing of value was lost if the restore failed. But also I've heard attempting to delete things in
/sysand/devcan brick your computer. So it's not a great idea.