|
Rad
|
#
?
Apr 13, 2024 04:12
|
|
|
|
| # ? May 8, 2024 02:50 |
|
|
Does that actually work?
|
|
#
?
Apr 14, 2024 04:54
|
|
|
No idea and never ever going to try and find out. If your phone has Ubuntu Touch available for it this would be a far saner approach ay the moment.
|
|
#
?
Apr 14, 2024 04:57
|
|
|
Zapf Dingbat posted:Does that actually work? I was gonna give it a try and tell the thread... but step two is "rebuild the kernel for your phone with certain features turned on" and in the process of following Sony's instructions to build their xperia kernel I got to a step that said "btw you better have 400gb of hard disk space free during the build process". I don't quite feel like deleting a whole buncha stuff off my desktop to make room.
|
|
#
?
Apr 14, 2024 06:09
|
|
|
Frankly unless you're somewhat familiar with most of the steps in the guide you're probably going to hit showstoppers that aren't worth the time to work out how to get past. Just by a raspberry pi and be done with it.
|
|
#
?
Apr 14, 2024 06:15
|
|
|
Yeah, when I wanted to add Wireguard to my phone as a kernel module for the increased battery efficiency I had to download like 500GB of Android source code. There's probably a way to do it without having to get the entire repository but I'm not enough of a computer toucher to figure that out.
|
|
#
?
Apr 14, 2024 06:16
|
|
|
Aware posted:Frankly unless you're somewhat familiar with most of the steps in the guide you're probably going to hit showstoppers that aren't worth the time to work out how to get past. Just by a raspberry pi and be done with it. Bah, where's the fun in that? And yeah I do have some experience in code-touching, just not kernel stuff. Looking around stackoverflow and reddit it seems some people have an "easier" route that involves just running an alpine linux vm, either through qemu on termux or via apps that run a VM directly directly like alpine-term or NeoTTY. Although I expect the performance in a VM would be noticeably worse and I probably wouldn't be able to do much more than an IRC bouncer or, like, tt-rss server on there.
|
|
#
?
Apr 14, 2024 06:40
|
|
|
May as well give it a go if it's easier - I've got an S21+ I frequently consider the same line of thinking about but then I think about the underutilised i7 8700/32gb ram unraid NAS I already have and give up.
|
|
#
?
Apr 14, 2024 07:52
|
|
|
I upgraded my internet plan so the 300Mbps max throughput on the RPi 3B+ working as my Wireguard server has become a bottleneck. The recycler had a tiny 710q come in (i5 7500T, 16GB memory, 256GB NVMe) so I picked one up to replace the Pi for stuff I want to host at home but not on the same machine as my NAS (TrueNAS Core, i3 4330, 32GB of ECC). Until now I've been used to the handholding of TrueNAS plugins and powering on/off VMs for stuff like game servers or 24/7 video streams of wildlife. The services that immediately come to mind that I want to get running are Wireguard, Immich, and NextCloud so I can start saying goodbye to Google photos/MS OneDrive. Is a good way to start and learn is with Fedora Server + Podman? I'm new to containerization, but from what I understand it's kinda like FreeBSD jails where you can segment stuff away from each other like VMs, but host resources are more efficiently allocated?
|
|
#
?
Apr 14, 2024 08:20
|
|
|
Building out my first homelab / NAS and now looking to plan the software stack. My initial goal is a Jellyfin server that can be used at home and by friends. JF will also be backed by radarr/sonarr and want to have jellyseer (fork of plex overseer) to enable friend's to self-request their content. May have posted here before about this but one of the side-goals of this project is to practice/improve devops type skills like containers, virtualization and ci/cd ("gitops" style). So much of this is overkill for the initial project, what I'm looking at right now is: Proxmox to virtualize: - TrueNAS - Ubuntu* with Rancher Desktop** for apps (JF etc.) Now the debate I'm having is with the security setup. I want to be as "zero-trust" as possible so I'm debating options right now for client-access, and I'm debating about the value that something like Tailscale brings to my setup. I'd still look to setup proper TLS with a reverse-proxy (mainly to deal with nagging warnings and such), but I guess I'm having trouble understanding the difference between a reverse-proxy and a VPN like tailscale. What exactly is the difference or security tradeoffs between setting up Tailscale versus setting up something like a reverse-proxy and Keycloak? Additionally, if the only thing I'm exposing to the internet is JF and TrueNAS (by extension) and the rest is virtualized and containerized, what additional security does Tailscale offer for a client device that could infect/damage those services? * no particular preference, just familiar. If there's good reasons to I'd look at another distro ** Used at work so figured I'd just get some familiarity. Oysters Autobio fucked around with this message at 22:16 on Apr 14, 2024 |
|
#
?
Apr 14, 2024 18:39
|
|
|
Holy smokes. I thought that above request was joking.
|
|
#
?
Apr 14, 2024 20:53
|
|
|
Oysters Autobio posted:Building out my first homelab / NAS and now looking to plan the software stack. I can't speak to JF specific since I use Plex but my setup is roughly as follows: Plex - router port forwarding 32400 from Internet to it Overseer - nginx reverse proxy (let's encrypt cert for request.xxxx.com) - CloudFlare proxy - internet Vaultwarden - (same as overseer but for vault.xxxx.com) Witeguard would fit in if I didn't want to expose Plex to the internet - but my friends and family would need to run the witeguard client to use it which is never going to fly in a million years especially as most of them use my Plex from a mix of Android/WebOS/Apple TV decices. I do use Wireguard for my own remote access for administration purposes and as a gateway when I'm overseas and want to use my netbanking or domestically blocked video streaming services like Sports.
|
|
#
?
Apr 14, 2024 23:13
|
|
|
Aware posted:I can't speak to JF specific since I use Plex but my setup is roughly as follows: You can use Plex's auth system to let someone access your Plex server. As long as the other person sets up a Plex account (free) you can add them as shared account under "Manage Library Access" and you allow remote access under: Settings -> Remote Access Then they can log in at https://app.plex.tv/desktop to accept the share. Then it should show up on any of their devices they log into plex on, be it on their TV, tablet, etc. I do this for my parents even though I do have a reverse proxy and domain just because it makes their login process much easier. I recommend also going into "Mange Library Access" and setting a restriction for your user to either whitelist/blacklist shows via lables so that they can only see the stuff you want them to see. I, for instance, did not share all the anime I have on my Plex with my parents (except Apothecary Diaries) because they don't really care about that.
|
|
#
?
Apr 15, 2024 00:26
|
|
|
Nitrousoxide posted:You can use Plex's auth system to let someone access your Plex server. As long as the other person sets up a Plex account (free) you can add them as shared account under "Manage Library Access" Yes this is how Plex sharing works, however if you don't allow them to hit your Plex server directly via port forward you are limiting your users to 1-2mbps of transcoded poo poo quality via plexs proxy servers. Plex will try and use UPnP for this so you may be unaware your router is opening a port for this if you didn't explicitly create one.
|
|
#
?
Apr 15, 2024 05:02
|
|
|
Aware posted:Yes this is how Plex sharing works, however if you don't allow them to hit your Plex server directly via port forward you are limiting your users to 1-2mbps of transcoded poo poo quality via plexs proxy servers. I have mine behind a reverse proxy. As long as you set a custom server access URL in your settings you don't need to open anything other than 80/443 and they don't have to suffer through the Plex proxy.
|
|
#
?
Apr 15, 2024 15:15
|
|
|
That's cool but it doesnt really add much unless you want people to access your Plex via your own domain directly (vs via Plex.tv) The original question I think was about if Wireguard is something to deploy for your remote streaming users and generally the answer is no, you need to expose it to the internet in some way unless you have particularly savvy users who use a phone or PC only to watch Plex. Aware fucked around with this message at 15:52 on Apr 15, 2024 |
|
#
?
Apr 15, 2024 15:49
|
|
|
Going via plex.tv also lets people add multiple plex servers to their same account and access them all in one place. You can also up the upload limit on the "Remote Access" settings of your Plex server. My parents have no issues streaming 4k from my server.
|
|
#
?
Apr 15, 2024 15:52
|
|
|
Scruff McGruff posted:I have mine behind a reverse proxy. As long as you set a custom server access URL in your settings you don't need to open anything other than 80/443 and they don't have to suffer through the Plex proxy. Is it only the port thing for you? Are you exposing other service on that reverse proxy? Otherwise this seems a bit pointless and you're adding encryption stress to your reverse proxy (Plex already encrypts data via the plex.direct letsencrypt cert).
|
|
#
?
Apr 15, 2024 16:02
|
|
|
Aware posted:That's cool but it doesnt really add much unless you want people to access your Plex via your own domain directly (vs via Plex.tv) I gotcha, I thought you were saying that the only way to avoid being banished to the Plex relay was to specifically forward 32400. Matt Zerella posted:Is it only the port thing for you? Are you exposing other service on that reverse proxy? Otherwise this seems a bit pointless and you're adding encryption stress to your reverse proxy (Plex already encrypts data via the plex.direct letsencrypt cert). Yeah, I have a couple of other externally accessible services. Setting all of that up just for Plex would probably be excessive. Scruff McGruff fucked around with this message at 16:25 on Apr 15, 2024 |
|
#
?
Apr 15, 2024 16:15
|
|
|
Can I ask a stupid n00b question? I want to setup my own web server (yes I know how to do this part) but I don't have a static ip address. I understand there are ways to deal with this, but I don't really understand the pros/cons of the different options. (1) no-ip.org offers a free DDNS service, where you can pick your own hostname along with one of their domain names (so like cyrilsneer.no-ip.org). You have to re-confirm every 30 days, but whatever. Then, I run their DUC client on my machine. (2) On the other hand, lots of the domain registrars (i.e., namecheap) seem to offer DDNS for free, and provide instructions on how to set it up with your own domain. Thus if one has a domain (which I do), then this would seem to obviate the need for no-ip? (3) In digging into this topic, I inevitably stumble across cloudflare. No matter how much I read about it, I can't figure out what cloudflare does, or how this helps me self-host a website  I'm going to attempt #2, but I just wanted to get some comments on this. Thanks goons.
|
|
#
?
Apr 15, 2024 23:05
|
|
|
Cyril Sneer posted:Can I ask a stupid n00b question? If you own a domain, #2 is as easy as setting an A record for your IP address to your domain or subdomain. This can be automated via software if your IP address is prone to changing. Cloudflare is a domain name registrar (among other things), but you also may have heard of their services like Zero Trust, which basically lets you tunnel traffic through Cloudflare without opening any ports. It is more secure in terms of peeps infiltrating an open port in your firewall, but you give Cloudflare the ability to man in the middle all of your tunneled traffic.
|
|
#
?
Apr 15, 2024 23:10
|
|
|
You don't have to use cloudflare as your registrar to use their DDNS and other services. Once you have a domain you can change the nameservers to let cloudflare manage your DNS for that domain without transferring registrars. There's a variety of free DDNS sites as well besides no-ip. I know duck dns is popular because you can use it with letsencrypt certs for free.
|
|
#
?
Apr 15, 2024 23:18
|
|
|
You can also install cloudflared (Argo) on your webserver specifically to tunnel traffic to CloudFlare and sit behind their proxy. This means you don't have to mess with updating your DNS when your IP changes and you can isolate your webserver properly from your home network and not punch holes through your router with port forwarding. https://github.com/cloudflare/cloudflared
|
|
#
?
Apr 15, 2024 23:30
|
|
|
Thanks. Since I have a domain registered with namecheap, I'm just going to try the A record thing first.
|
|
#
?
Apr 16, 2024 01:22
|
|
|
Cloudflare tunnel is pretty well the best way these days if it's just a website. Gets you free DDoS/waf protection, path routing redundancy, etc. Like obscene that it's free. It's simple to setup, lots of tutorials/walkthroughs online.
|
|
#
?
Apr 16, 2024 02:12
|
|
|
It's the free VMWare tier of port forwarding and DDYNS. Which means it will be ripped away at some inconvenient-for-you point. If your stuff is low value cool. I just have paid DYN for the last 20+ years and am waiting for oracle to ruin it. But I can easily scropt the same thing into any number of other DNS providers including where I actually host my domains.
|
|
#
?
Apr 16, 2024 02:17
|
|
|
Yeah, if I didnt have to open a port for Plex i wouldnt have any ports open at all. Argo tunnels rule.
|
|
#
?
Apr 16, 2024 02:18
|
|
|
LOL you guys have me waffling back and forth here. Alright, I'll sign up for Cloudflare free option and see how far I can truck along with it.
|
|
#
?
Apr 16, 2024 02:46
|
|
|
I know it’s not needed anymore but has anyone else tried duckdns for their ddns needs? It’s way less naggy than the big providers but pretty simple.
|
|
#
?
Apr 16, 2024 03:01
|
|
|
tuyop posted:I know it’s not needed anymore but has anyone else tried duckdns for their ddns needs? It’s way less naggy than the big providers but pretty simple. If I wasn’t using cloudflare with my own domain, thats what I’d be using.
|
|
#
?
Apr 16, 2024 03:10
|
|
|
Cyril Sneer posted:LOL you guys have me waffling back and forth here. All that matters is you are vaguley aware of the plusses and minuses. You're not gonna got wrong starting out this way. Or any other reasonable way. You're just getting a lot of opinions from a thread that is bound to have opinoins.
|
|
#
?
Apr 16, 2024 03:17
|
|
|
I mean it's not the point of this thread but you'd be just as well served with a $5/month VPS for a website if you're already handling the stack at home and would avoid the entire issue of opening up your home network. It's not without its own considerations but I use Vultr for things like that rather than self host.
|
|
#
?
Apr 16, 2024 03:21
|
|
|
Aware posted:The original question I think was about if Wireguard is something to deploy for your remote streaming users and generally the answer is no, you need to expose it to the internet in some way unless you have particularly savvy users who use a phone or PC only to watch Plex. I mean, don't they just need to login with the tailscale app before booting up jellyfin / Plex? Or are there other considerations? I just prefer the added security that I'm not directly opening up the service online but instead have another layer of sorts.
|
|
#
?
Apr 16, 2024 03:23
|
|
|
Aware posted:I mean it's not the point of this thread but you'd be just as well served with a $5/month VPS for a website if you're already handling the stack at home and would avoid the entire issue of opening up your home network. It's not without its own considerations but I use Vultr for things like that rather than self host. I’d still slap this behind an Argo tunnel.
|
|
#
?
Apr 16, 2024 03:29
|
|
|
What home firewall is recommended these days? I was eyeing FirewallA devices as a replacement for my ancient fortinet device.
|
|
#
?
Apr 16, 2024 04:01
|
|
|
Okay so I went with the A record thing for now, might change it later. Its working, but something's not quite right. If I access my site via http://www.mysite.com its works as expected. However, accessing https://mysite.com is pulling up my router login page! That's no good!
|
|
#
?
Apr 16, 2024 04:42
|
|
|
Cyril Sneer posted:Okay so I went with the A record thing for now, might change it later. Forward your root domain to your a record, and disable the external http and https access to your router.
|
|
#
?
Apr 16, 2024 04:48
|
|
|
Heck Yes! Loam! posted:Forward your root domain to your a record, and disable the external http and https access to your router. Thanks, this sort of worked. I'm actually running a fastAPI site, and enabling https is apparently another level of complexity. Sigh.
|
|
#
?
Apr 16, 2024 05:16
|
|
|
Cyril Sneer posted:Thanks, this sort of worked. I'm actually running a fastAPI site, and enabling https is apparently another level of complexity. Sigh. For https you'll want to put your services behind something called a reverse proxy. You can set up the SSL certificate on the reverse proxy and it wraps your services in an SSL layer. There's several good options for easy enough to setup as well.
|
|
#
?
Apr 16, 2024 05:22
|
|
|
|
| # ? May 8, 2024 02:50 |
|
|
Cyril Sneer posted:Can I ask a stupid n00b question? Also, have you checked if your IP actually changes? I have a dynamic IP in theory, but in practice my IP has remained the same for years on my cable modem.
|
|
#
?
Apr 16, 2024 07:29
|
|
