brewery

@brewery@feddit.uk

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨79% of smart dash cams we tested had security flaws and concerns, and in some cases they were breaking the law - Out of 28, only six didn't have any concerns.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
79% of smart dash cams we tested had security issues Out of 28, only six didn’t have any concerns. Find out what problems we uncovered and how to keep your dash cam secure Callum Pears Researcher & writer

Callum pushes tech to its limits and has spent nearly three years bombarding antivirus with malware, taxing routers and inspecting computer monitors

Which? dash cam tests found security flaws and concerns in the majority of smart models we tested, and in some cases they were breaking the law.

Smart dash cams have wireless connectivity and features that use the internet. This could be tracking technologies, motion detection, voice assistant controls and voice alerts, as well as more advanced features such as automatic cloud backup, real-time alerts and remote viewing.

You’re also able to transfer footage wirelessly to the companion app on your smartphone, which is much quicker and more straightforward than traditional dash cams, where you’d need to remove the SD or micro-SD card and copy the files over to your computer.

Although these features make a dash cam a more useful tool for drivers, they also expose you to potential security risks.

Our testing found numerous dash cams with multiple security vulnerabilities. In fact, of the 28 smart dash cams we tested, only six lacked security concerns.

Find out what problems we encountered, which manufacturers took action to fix the problems we uncovered, and what you can do to keep your dash cam secure.

Best dash cams: compare dash cams from Garmin, Nextbase, Road Angel and more What were the issues we found? A person watching dash cam footage on their smartphone

Of all the issues we found, weak default wi-fi passwords were the most concerning security vulnerability because they mean that nearby hackers could connect to the devices and access data such as journey information, saved recordings and other personal information.

Since 2024, manufacturers have been obliged to ensure that default passwords aren’t easily guessable. This can be resolved by enforcing a mandatory password change or by assigning unique default passwords.

We contacted each manufacturer to share our findings and gave them an opportunity to comment and resolve our concerns.

Road Angel successfully addressed the issue with its dash cams, which now require changing the default password.

Miofive initially responded and released a firmware patch that fixed some of our other concerns, but didn’t resolve the default password issue. Miofive didn’t respond to our follow-up messages, and we received no response from Kitvison and Orskey.

In addition to weak passwords, we also found mediocre encryption on some dash cams. There were several exploitable security weaknesses that made it possible to intercept data, access, and potentially modify stored video files.

To do this would be difficult for hackers. In most cases, they would need to be very close to the dash cam to exploit it – but it’s not impossible. Many of these issues are also exacerbated by the poor default wi-fi passwords.

Nextbase resolved our concerns with firmware patches. Miofive and Road Angel fixed some issues but not others, and we’re continuing to work with Road Angel to get remaining concerns resolved.

Garmin reviewed our findings but stated that it believes that numerous factors ‘limit the exploitability of any purported vulnerabilities such that there is no practical risk to our customers’. Kitvision and Orskey did not respond.

In an age of growing cyberattacks and sophistication among hackers, dash cam manufacturers should be placing the greatest emphasis on their devices’ security, even if they think it’s difficult to exploit or a niche weakness.
Why is PSTI important? Dash cam showing the road ahead

The Product Security and Telecommunications Infrastructure (PSTI) Act came into effect in April 2024. It mandates that manufacturers, importers and distributors (such as retailers) have a duty to protect devices that can connect to the internet or other networks.

It states ‘UK consumers should be able to trust that these products are designed and built with security in mind’.

The PSTI Act specifies the publication of information on how to report security issues, details on how long manufacturers will ensure security patches are released and the banning of universal default and easily guessable passwords.

These factors are important for strengthening security defences and ensuring that manufacturers release updates to keep products safe from new threats.

Although the Act gives manufacturers time to bring their products in line with its standards, they’re now duty bound to investigate compliance failures and take action if required.

If manufacturers fail to act, then the Office for Product Safety and Standards (OPSS) will intervene. The OPSS is an enforcement authority responsible for ensuring compliance.

Strong legal protections and vigilant enforcement mean UK consumers can use smart devices – including dash cams – with confidence, knowing that non-compliance by manufacturers will have consequences.

Which? takes this seriously too, and we’ve already informed the OPSS about our findings, the responses we received from manufacturers and the concerns we still have. Get more from tech

free newsletter

Cut through the jargon with our free monthly Tech newsletter.

Logged in as which.canteen191@passmail.net. Not you? Log out

Our free Tech newsletter delivers tech-related content, along with other information about Which? Group products and services. We won’t keep sending you the newsletter if you don’t want it – unsubscribe whenever you want. Your data will be processed in accordance with our privacy notice. 3 steps to keep your dash cam safe and secure A person installing a dash cam in a car

There are some simple steps you can take to boost your dash cam’s security, regardless of what manufacturers do or don’t do.
1. Update wi-fi passwords
The most important thing we would encourage every smart dash cam owner to do right now is to update the wi-fi password.

This is used to connect to paired smartphones and transfer footage wirelessly to them. A weak or easily guessable password could, under the right circumstances, allow others access to your dash cam and its library of footage.

As our testing has found many manufacturers still fail to either enforce a mandatory change, or provide a unique default password – it’s highly recommended that users update them independently to a strong, but memorable, alternative. Check out our guide to creating secure passwords for help with this. 2. Install firmware updates

In addition to resolving software bugs and performance issues, firmware updates also provide important security updates.

It’s important to update both the dash cam itself and any companion app. These updates ensure both are equipped to deal with newly discovered or recently resolved security vulnerabilities. 3. Keep footage backed up elsewhere

It’s good practice to ensure that captured video footage – particularly important footage (such as that showing an incident, accident, or crash) – is backed up securely and separately from internal storage and any subscription-based cloud storage you may be using.

The risk to footage located exclusively on the internal SD or micro-SD card is that it could become corrupted, damaged, lost or stolen.

Cloud-based storage is typically part of a subscription service (either from the dash cam manufacturer or a third party). The risk here is ending the subscription and losing access to the stored footage, which the provider may later delete after you’ve unsubscribed.

Back up footage on your computer or smartphone to keep it safe. Alternatively, for additional peace of mind, consider investing in a USB storage device or external hard drive to store your backed-up dash cam footage. Make sure to pick a model with a healthy amount of storage, as video files tend to be large.

The latest dash cams we’ve tested BlackVue DR970X-2CH Plus BlackVue DR970X-2CH Plus dash cam BlackVue DR970X-2CH Plus Amazon Marketplace UK £529.95 Amazon UK £529.95

The DR970X-2CH Plus is a forward-facing and rear-facing dash cam with a 4K camera for the front windscreen and a Full HD camera for the back.

It has a range of smart features and functionality, and you can review footage using the companion BlackVue app or the BlackVue Viewer web software.

You can also follow footage on a virtual map using the collected GPS data, helping you identify where key events occurred.

Through the BlackVue Cloud service you can access more advanced features such as push notifications to your smartphone, live view and cloud storage. Some of these features require a subscription at an additional cost.

Read our BlackVue DR970X-2CH Plus review to find out how it fared in our tough tests. Garmin Dash Cam X210 Garmin Dash Cam X210

Available from Garmin (£260)

The X210’s 2K camera is an upgrade of the earlier X110. It’s comparatively small, making its footprint on the windscreen minimal, especially compared with some models.

Motion detection, GPS tracking and voice controls are all notable smart features.

The Vault Subscription Plan Advance grants you access to Garmin’s secure cloud-based storage feature. This is accessed through the Garmin Drive app.

Take a look at our Garmin Dash Cam X210 review to see how it compares to others we’ve tested. Nextbase Piqo 1K Nextbase Piqo 1K dash cam

Available from Halfords (£99), Nextbase (£99)

The Piqo 1K is one of the more affordable dash cams we’ve tested, but it doesn’t come with a supplied SD card, which can easily catch you out.

It has a solid array of additional smart features, including GPS tracking, motion detection and the ability to access footage via the companion Nextbase app.

Footage is listed with thumbnails in the app, making it a doddle to cycle through them.

Check out the Nextbase Piqo 1K review to see if it’s the right dash cam for you.
⁨Comment⁩ on ⁨Scrapping North Sea windfall tax would not reduce UK energy bills, say experts⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Why not leave them alone for now and then when the rest of the world has run out, we’ve still got the option to use them or hopefully, the best thing possible for humanity - they never get used! We do run the risk of being invaded though - by USA or Russia (can’t remember the name but thinking of a Scandinavian drama about that)
⁨Comment⁩ on ⁨Is *arr stack a real Netflix replacement?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Depending on your download speed, you can manually download a TV show episode in seconds to minutes. By the time you watch that episode, at least the next one will be ready. It is quite rare to have to do this though, me and my family mostly add shows on Seer when we find them (recommendations, adverts, etc) and by the time we’ve sat down to watch it’ll be ready.

I did the whole lists thing others have mentioned but to be honest, we found there was too much choice, lots of crap and quickly ran out of space. Taking an active role in choosing shows and films works better for us and I’ll have a short list at any time to watch.
⁨Comment⁩ on ⁨Birmingham Crowned The Least Walkable City In The UK⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
So true. It’s just purely a weird way of calculating this. Birmingham has come on leaps and bounds with walk ability in the city centre and suburbs. On the few occasions I’m there, I love taking a walk around the city centre noticing the changes and less cars you have to deal with. Nobody would be able to change that you need a bus to get to a suburb housing this attraction.
⁨Comment⁩ on ⁨UK recruiter emerges from insolvency for third time, avoiding millions owed in tax⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
It feels to me that the only mentions of patriotism are generally against immigrants, who don’t really do shit like this and have been shown to be a positive to the exchequer.

Anyone who has done this to avoid legitimate taxes, anyone who moves to Singapore / Dubai / Monaco etc to avoid taxes, and especially anyone who took advantage during Covid to make a quick buck instead of helping during an international crisis, are deeply unpatriotic and should be vilified by everyone
⁨Comment⁩ on ⁨Asylum seekers who break law to have support removed⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
They have learned nothing from the by election. Stop fucking pandering to the supposed reform vote that is not real.
⁨Comment⁩ on ⁨Rural drivers to face steepest bills under UK’s mileage-based electric vehicle tax⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Surely this is already the case where petrol taxes are higher if you drive more. I don’t think it’s fair for me to not be taxed less in an urban environment considering I drive much less
⁨Comment⁩ on ⁨British inflation hits lowest in almost a year⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Not sure I care anymore. The UK is for the wealthy only and we can only try to struggle through, whether it’s through inflation, poorer services or more tax. Until we address the power dynamics, wealth inequality and tax havens (City of London, Jersey, Guernsey, etc), I could nor give a flying fuck what inflation is quarter to quarter. Prices and housing costs are already fucked
⁨Comment⁩ on ⁨Police Wasted £10m Enforcing Unlawful Palestine Action Ban⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I’m really torn about this. We want police by consent and to have some discrepancy to do the right / moral thing but don’t want to give them too much power to choose what laws they enforce. You don’t want Nazi type “just following orders” but you don’t want them targeting left-wing protestors more because they lean right-wing (the Met police at least who let’s not forget, targetted/target women, queer people, black people, etc much more than the right wing)

The laws are made by Parliament and the current labour government should take the full blame for proscribing this group. The anti terrorism laws are so harsh that I can believe the police had no choice but to arrest them.

The absurdity of arresting the numbers they did, the type of people they did, and this £10m cost should have made the government change the law itself.
⁨Comment⁩ on ⁨Who is billionaire Sir Jim Ratcliffe and how did he make his money?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
ABAB - All billionaires are bastards. Case in point (from Wikipedia): In September 2020, Ratcliffe officially changed his tax residence from Hampshire to Monaco, a move that it is estimated will save him £4 billion in tax.
⁨Comment⁩ on ⁨If you are not in a tech field, what got you into self-hosting?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I’m an accountant and tax professional but have always been into computers. I had a social media account breached although it was no issue as hadn’t used it did years. I used a terrible password as thought it did not matter but made me realise I needed to be better generally so started using a password manager.

Then Netflix stopped account sharing. I had just got a 4k TV and only their top level with 4 screens supported it so was pissed off. The fragmentation across services had started so was getting annoyed anyway. This led me to the arr’s.

I decided I could no longer trust Microsoft and hated their pricing structure so was interested in Nextcloud. By then I found the self hosted community (on reddit), bought a desktop PC and after getting the hang of it plus many mistakes I loved my services so will never look back.

Joined the migration to Lemmy. Am based in the UK and joined the anti-US feelings so am setting up more storage, better redundancy and more services for my family. A few family members are interested in helping so can share backups.
⁨Comment⁩ on ⁨Reform faces police investigation over ‘concerned neighbour’ byelection letters⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Surely you would read the leaflet first to double check it is correct before posting. Everyone knows printers can make mistakes. You check first before actual use. No excuse, they just don’t care about the law
⁨Comment⁩ on ⁨UK: Should artists get a basic income like they do in Ireland?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I’m all for this. The arts really suffered for years under austerity and cut backs. Right now it feels like enjoyment only for the rich (who can afford tickets, can afford not to work or nepostism). The UK has deep cultural heritage and needs to nurture and develop it in all parts or society.
⁨Comment⁩ on ⁨Could there be a social media ban for children in the UK?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Does that include Lemmy? Im trying to device if I could spend less time on here as my only type of social media
⁨Comment⁩ on ⁨NHS ADHD spending over budget by £164m as unregulated clinics boom⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
That don’t mention the harm that comes from people not being able to access support from their local GP or NHS service, who struggle through the system without help, with a stigma that they are somehow faking it because the numbers have shot up, without the drugs or support they need to operate and work.

Yes, some people take advantage and use it as an excuse. Most people however just want to function day to day and have a job that they can do with the right medication.

It’s an anecdote but I have some relatives - 3 brothers. They always struggled with something but we had no idea what it was. They muddled through life doing pretty well considering but could have been better. One got diagnosed with ADHD in his 40s, which led to the two others getting diagnosed after. One was in Australia for years with a diagnosis, medication and support both from his doctor and work. He had a really good fill time job. He then moved back to the UK to be closer to family. His local GP would not give him medication he was using and would not use the reports he got over there. He had to push to get on a list locally just to start the while process again. He struggled so much, unable to find the motivation for job hunting, unable to keep the occasional job he found, all while knowing the issue but unable to get the medication and support he needed. He ended up being on the dole but did not want to be there! He got depressed making it even garden.

After a year or so, he found out about right to chose and after another 6 months wait, finally got a diagnosis, support and medication. He’s now found work and has the things he needs to actually do it. This is why right to choose has bloomed!
⁨Comment⁩ on ⁨Upgrading storage to usb drives⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I would highly suggest a UPS. I use random external hard drives without RAID as part of my media setup. The electric went out overnight last year. I knew it had happened as my oven was flashing. The server restarted itself so thought everything was fine.

Then some things were glitchy and it took me a few days to release one of the drives was not mounting. Luckily I did not lose the data but it still took a while to fix. It takes even longer to restore a backup.

To mainly save myself time and effort, I bought a basic UPS with 2 plugs. It keeps the server and main router on for 15 minutes but I’ve set it up to send a command to shut down asap just in case. My server seems to automatically switch on when power comes back so not had any issues since.
⁨Comment⁩ on ⁨Where are you running your wireguard endpoint?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I have a vps (hetzner dedicated server auction) as well as my home servers. The vps has a fixed IP so ive setup wireguard endpoints to all point to it with forwarding on so can access every device indirectly through the vps. It allows them to work across DDNS or remotely.

I used this guide (digitalocean.com/…/how-to-set-up-wireguard-on-ubu…). Tried different tools gui’s and other methods but always came back to this to work the best
⁨Comment⁩ on ⁨What DDNS providers you guys recommend?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Yeah, first try your ISP to see if you can get a dynamic or fixed IP instead. Check if their website/FAQ mentions dynamic IP or cgnat. They might outright reject it, or try to upgrade you to an extortionate business package though. I signed up for my service and checked the cgnat before signing up but they hadn’t got around to updating their website that they changed their policy. After the surprise of being behind cgnat and after screenshotting their own website, I complained and hit upgraded to a higher level package for free.

You can use tailscale to get around it, but then you need to install it on all devices and login. You can use cloudflare tunnels and think you can set it to not require login for some services. Both rely on third parties. Both are also safer than exposing directly to the public internet.

If you want full control, you have to rent a cheap vps and setup a tunnel between that and your home server, then use the public IP of the vps for your services. Wireguard is probably the best choice for VPN. You could try pangolin, which is an open source cloudflare tunnel so is more complicated than a VPN but also includes a reverse proxy.
⁨Comment⁩ on ⁨What steps can be taken to prevent AI training and scraping of my public facing website?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
In an ideal world this should be the case but I can’t afford to do this practically and my business is a service, based on UK laws and requirements, available to UK residents only. The website is for information only and nothing is new or interesting to anybody but a few potential clients, and if theyre looking at it on holiday, theres something wrong with them! Nobody is going to reach out based on my website from abroad and if they did, I would not trust them at all. They would reach out through personal contacts or linkedin. If the bots stop spamming my site or server, I can stop limiting it.
⁨Comment⁩ on ⁨What steps can be taken to prevent AI training and scraping of my public facing website?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Another option to reduce (but not eliminate) this traffic is a country limit. In cloudflare you can set a manual security rule to do this. There are self hosted options too but harder to setup. It depends what country you are and where your users are based. My website is a business one so I only allow my own country (and if on holiday I might open that country if I need to check it’s working, although usually I just use a paid vpn back to my country so no need). You can also block specific countries. So many of my blocked requests are from USA, China, Russia etc
⁨Comment⁩ on ⁨What DDNS providers you guys recommend?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I didn’t know that, thanks for sharing
⁨Comment⁩ on ⁨What DDNS providers you guys recommend?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
You could be behind CGNAT - I’m not sure the best way to tell but it could be the reason.

I would also highly recommend buying a cheap domain to use - it would be the price of a coffee per year but makes life so much easier and you don’t have to depend on duckdns. You can buy through cloudflare, porkbun or many other options which you can search for a good DDNS service to update them.
⁨Comment⁩ on ⁨The Reform-Backed Far-Right Street Patrols Coming to British School Gates⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
What the actual fuck
⁨Comment⁩ on ⁨Nginx Jellyfin, both Docker containers⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Sorry, the post didn’t have the formatting I expected and is generally quite unclear now I’m reading back through it. I was trying to point out a few different things that I’ve had to learn the hard way when things go wrong! You learn the terminology to search for or have to search for lots of acronyms until you learn them haha.

Public IP

So your server is on a fixed IP address. Do you men locally that the machine has a fixed IP within your home lan setup (like e.g 192.168.1.10) or is your public IP fixed (this will depend on your ISP)? Most home providers, like mine, have dynamic IP so every once in a while my public IP will change so everything would go down as my DNS is pointing to the wrong address. Some providers use CGNAT which is even worse and won’t accept any connections originating from outside.

If dynamic, you can use a DDNS tool like cloudflared to keep checking your public IP and updating your DNS records if it changes. Your services will only go down for however long the polling on this is set. Note that cloudflared does a few things and this is just one one aspect of the tool.

If you have CGNAT you have to use cloudflare tunnels or similar to create the permanent bridge to your server that all external requests can pass through even if originating from outside.

Docker bridge networks

Note this is not essential but can be actually easier to manage and keep more secure. It was hard to get my head around but once I did it was easier.

You can create a bridge network so the containers you add to that network can talk to each other but the other containers can’t. It also means not opening ports in the docker compose so the system can’t access those containers directly using up ports. A container can have multiple networks too.

For instance, my nextcloud main server is on proxy and nextcloud-internal networks. The other containers in that docker compose are on nextcloud-internal. My proxy manager (caddy) is on proxy. The various nextcloud containers can talk to each other on the internal network. My proxy and the nextcloud server can also talk to each other through the proxy network. My server cannot talk to any of them directly (unless you also expose ports). Caddy cannot directly talk to my nextcloud database container. Hope it make sense, I can share my docker compose files if helpful. After this info, my original message may make more sense.

You probably expose ports for jellyfin so can access it locally through 192.168.1.10:8080 or whatever it might be.

Reverse proxy

This is separate to a tunnel but tools like cloudflared tunnels and pangolin combine them.

The reverse proxy is something you setup to pick up a server domain address and deliver it to the requesting computer. It turns cloud.domain.com to 192.168.1.10:8000 and for a website delivers the HTML, images, php etc to client browsers. In the self hosting space it let’s you access different services on one domain (like www.domain.com, cloud.domain.com, request.domain.com as much as you like)

I have caddy on docker but previously used nginx proxy manager, and for each public service I would setup a reverse proxy to the actual service. For my business website I tell it to send and domain.com and www.domain.com requests to my website in a different docker container. For nextcloud I tell it to send cloud.domain.com requests to my nextcloud server container on its port (on proxy network - see above, in caddy I say reverse proxy to nextcloud-server:80 but if exposing ports it could be your internal server IP like 192.168.1.10:8000 or whatever you are using).

Tunnel

This is just connecting two servers or clients and gives them a local IP on each end that can be used to encrypt and tunnel those connections over the internet.

I don’t actually have a tunnel for my external services as I use my business VPS. I do have a tunnel between my home server and my VPS to create an encrypted and usable tunnel between those separate internal networks.

I believe cloudflare tunnels and pangolin work the same way, where a user visits your service.domain.com and the service expects you to login. If logged in, it will forward the requests to your home server through an encrypted tunnel (so your ISP and others can’t see it, and your users never see your public IP address), and it also reverse proxies the request to the correct service on your server (like nextcloud). It does both jobs for you. The authentication stage might be optional, I’m not sure.

It is easier to use these but you’re more tied in to one service.

Cloudflare proxy

If you use cloudflare DNS and opt into their proxy, they will hide your home server’s public IP from external users using services through your domain. If you lookup a domain like “dig domain.com” in the CLI, you will see Cloudflared public IP instead of your own. The connection packets will go to Cloudflare, who internally change it to your public IP so the end client cannot see it. It does mean they can track all your header information and unencrypted traffic, and if it goes down nobody can access your services externally using the domain.

Incidentally, I notice some IPTV services use this to try to hide their public IP but in reality, broadcasters could get the real IP from Cloudflare, especially with a court case.
⁨Comment⁩ on ⁨Family Email w/ Custom Domain⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Check out Infomaniak which has more than just email so could be useful if looking for more of a like for like replacement for O365. If you just want email, somebody mentioned mailbox.org which I have also used and is good.
⁨Comment⁩ on ⁨Nginx Jellyfin, both Docker containers⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Did you open ports in docket for 80, 443 for nginx and a port for jellyfin (in docker compose under services add these but with tabs not spaces ports: - 443:443)

Do you have ufw or a firewall running? This might be blocking the ports for jellyfin and/or nginx.

It might be easier to create a bridge network called proxy (docker network create proxy) then in docker compose add the following under services networks: - proxy

And at the bottom of the compose file

networks: proxy: external: true

Then in your nginx setting redirect to jellyfin:8096 (service name in docker compose: internal port jellyfin uses I.e. right hand side of ports mapping. Are you using straight nginx or nginx proxy manager (might be worth using this).

Can you access jellyfin locally on your network (internal-ip-of-server:8096 on a browser)?

Has your DNS been setup to point to the correct ip your router is on? Are you behind a dynamic IP or cgnat? If cgnat, you have to use cloudflare tunnels. If ddns look into cloudflared docker image.

Does your router forward those ports to the correct internal ip of your server? Have you fixed the internal IP of the server machine?

Don’t share your certificate details but you can share your docker compose with personal information redacted or replaced

It’s probably not a good idea to publish jellyfin to the internet. Look into tailscale or cloudflare tunnel with login security, or wireguard.
⁨Comment⁩ on ⁨Dashcam data retention recommendation?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Dash cams record on loops and you can usually change the video lengths. Mine has a button you can easily press to mark that video (and the one before/after if less than 1 minute in/to go) which moves that video to a different folder and prevents it being overwritten. It also does that automatically if it senses a crash. If you have a large enough SD card you won’t have to transfer it anywhere for quite a while depending on how much you want to save. I go a few months of saving the odd thing before moving them over to my laptop
⁨Comment⁩ on ⁨moving from nextcloud to opencloud⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Is it possible just to copy your files on your laptop\desktop to the opencloud folder once it’s setup and wait for them to sync? It might take a while but would be the easiest, plus giving you a backup copy on your hardware.
⁨Comment⁩ on ⁨Should I replace NPM?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Thank you, I really appreciate the responses and other options.
⁨Comment⁩ on ⁨Should I replace NPM?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Thanks for this. To be honest it just did not cross my mind! Horserace, I am not sure I want to rely on Cloudflare too much though in case they so something in the future like put those things behind paywalls. My domains are through someone else so can easily switch nameservers to them for DNS. It does sound much easier and safer though so will have to consider it