brewery
@brewery@feddit.uk
- Comment on Nginx Jellyfin, both Docker containers 1 week ago:
Sorry, the post didn’t have the formatting I expected and is generally quite unclear now I’m reading back through it. I was trying to point out a few different things that I’ve had to learn the hard way when things go wrong! You learn the terminology to search for or have to search for lots of acronyms until you learn them haha.
Public IP
So your server is on a fixed IP address. Do you men locally that the machine has a fixed IP within your home lan setup (like e.g 192.168.1.10) or is your public IP fixed (this will depend on your ISP)? Most home providers, like mine, have dynamic IP so every once in a while my public IP will change so everything would go down as my DNS is pointing to the wrong address. Some providers use CGNAT which is even worse and won’t accept any connections originating from outside.
If dynamic, you can use a DDNS tool like cloudflared to keep checking your public IP and updating your DNS records if it changes. Your services will only go down for however long the polling on this is set. Note that cloudflared does a few things and this is just one one aspect of the tool.
If you have CGNAT you have to use cloudflare tunnels or similar to create the permanent bridge to your server that all external requests can pass through even if originating from outside.
Docker bridge networks
Note this is not essential but can be actually easier to manage and keep more secure. It was hard to get my head around but once I did it was easier.
You can create a bridge network so the containers you add to that network can talk to each other but the other containers can’t. It also means not opening ports in the docker compose so the system can’t access those containers directly using up ports. A container can have multiple networks too.
For instance, my nextcloud main server is on proxy and nextcloud-internal networks. The other containers in that docker compose are on nextcloud-internal. My proxy manager (caddy) is on proxy. The various nextcloud containers can talk to each other on the internal network. My proxy and the nextcloud server can also talk to each other through the proxy network. My server cannot talk to any of them directly (unless you also expose ports). Caddy cannot directly talk to my nextcloud database container. Hope it make sense, I can share my docker compose files if helpful. After this info, my original message may make more sense.
You probably expose ports for jellyfin so can access it locally through 192.168.1.10:8080 or whatever it might be.
Reverse proxy
This is separate to a tunnel but tools like cloudflared tunnels and pangolin combine them.
The reverse proxy is something you setup to pick up a server domain address and deliver it to the requesting computer. It turns cloud.domain.com to 192.168.1.10:8000 and for a website delivers the HTML, images, php etc to client browsers. In the self hosting space it let’s you access different services on one domain (like www.domain.com, cloud.domain.com, request.domain.com as much as you like)
I have caddy on docker but previously used nginx proxy manager, and for each public service I would setup a reverse proxy to the actual service. For my business website I tell it to send and domain.com and www.domain.com requests to my website in a different docker container. For nextcloud I tell it to send cloud.domain.com requests to my nextcloud server container on its port (on proxy network - see above, in caddy I say reverse proxy to nextcloud-server:80 but if exposing ports it could be your internal server IP like 192.168.1.10:8000 or whatever you are using).
Tunnel
This is just connecting two servers or clients and gives them a local IP on each end that can be used to encrypt and tunnel those connections over the internet.
I don’t actually have a tunnel for my external services as I use my business VPS. I do have a tunnel between my home server and my VPS to create an encrypted and usable tunnel between those separate internal networks.
I believe cloudflare tunnels and pangolin work the same way, where a user visits your service.domain.com and the service expects you to login. If logged in, it will forward the requests to your home server through an encrypted tunnel (so your ISP and others can’t see it, and your users never see your public IP address), and it also reverse proxies the request to the correct service on your server (like nextcloud). It does both jobs for you. The authentication stage might be optional, I’m not sure.
It is easier to use these but you’re more tied in to one service.
Cloudflare proxy
If you use cloudflare DNS and opt into their proxy, they will hide your home server’s public IP from external users using services through your domain. If you lookup a domain like “dig domain.com” in the CLI, you will see Cloudflared public IP instead of your own. The connection packets will go to Cloudflare, who internally change it to your public IP so the end client cannot see it. It does mean they can track all your header information and unencrypted traffic, and if it goes down nobody can access your services externally using the domain.
Incidentally, I notice some IPTV services use this to try to hide their public IP but in reality, broadcasters could get the real IP from Cloudflare, especially with a court case.
- Comment on Family Email w/ Custom Domain 1 week ago:
Check out Infomaniak which has more than just email so could be useful if looking for more of a like for like replacement for O365. If you just want email, somebody mentioned mailbox.org which I have also used and is good.
- Comment on Nginx Jellyfin, both Docker containers 2 weeks ago:
Did you open ports in docket for 80, 443 for nginx and a port for jellyfin (in docker compose under services add these but with tabs not spaces ports: - 443:443)
Do you have ufw or a firewall running? This might be blocking the ports for jellyfin and/or nginx.
It might be easier to create a bridge network called proxy (docker network create proxy) then in docker compose add the following under services networks: - proxy
And at the bottom of the compose file
networks: proxy: external: true
Then in your nginx setting redirect to jellyfin:8096 (service name in docker compose: internal port jellyfin uses I.e. right hand side of ports mapping. Are you using straight nginx or nginx proxy manager (might be worth using this).
Can you access jellyfin locally on your network (internal-ip-of-server:8096 on a browser)?
Has your DNS been setup to point to the correct ip your router is on? Are you behind a dynamic IP or cgnat? If cgnat, you have to use cloudflare tunnels. If ddns look into cloudflared docker image.
Does your router forward those ports to the correct internal ip of your server? Have you fixed the internal IP of the server machine?
Don’t share your certificate details but you can share your docker compose with personal information redacted or replaced
It’s probably not a good idea to publish jellyfin to the internet. Look into tailscale or cloudflare tunnel with login security, or wireguard.
- Comment on Dashcam data retention recommendation? 3 weeks ago:
Dash cams record on loops and you can usually change the video lengths. Mine has a button you can easily press to mark that video (and the one before/after if less than 1 minute in/to go) which moves that video to a different folder and prevents it being overwritten. It also does that automatically if it senses a crash. If you have a large enough SD card you won’t have to transfer it anywhere for quite a while depending on how much you want to save. I go a few months of saving the odd thing before moving them over to my laptop
- Comment on moving from nextcloud to opencloud 3 weeks ago:
Is it possible just to copy your files on your laptop\desktop to the opencloud folder once it’s setup and wait for them to sync? It might take a while but would be the easiest, plus giving you a backup copy on your hardware.
- Comment on Should I replace NPM? 3 weeks ago:
Thank you, I really appreciate the responses and other options.
- Comment on Should I replace NPM? 3 weeks ago:
Thanks for this. To be honest it just did not cross my mind! Horserace, I am not sure I want to rely on Cloudflare too much though in case they so something in the future like put those things behind paywalls. My domains are through someone else so can easily switch nameservers to them for DNS. It does sound much easier and safer though so will have to consider it
- Comment on Should I replace NPM? 3 weeks ago:
That is not published externally - I only forward ports 80 and 443, and only access the admin interface locally or through a vpn to my router. Would this be ok? Thanks for your input
- Comment on Should I replace NPM? 3 weeks ago:
Actually this happened to me about 6 months ago too - I wanted to switch to add crowdsec support but just could not get it to work so gave up and switched back to npm. I just assumed I wasn’t doing it right and never got around to trying again
- Comment on Should I replace NPM? 3 weeks ago:
I might have done exactly this, thanks for pointing it out. Is Nginx proxy manager considered secure enough to use on extremal sites?
- Comment on Should I replace NPM? 3 weeks ago:
To be honest I forgot about it. I tried it two years ago when setting up my lab but struggled compared to NPM. Nowadays it seems like all the talk I used to hear about it is now about caddy.
- Submitted 4 weeks ago to selfhosted@lemmy.world | 23 comments
- Comment on UK Intel Warns Politicians of China and Russia Spying Efforts 1 month ago:
Says a lot about the state of our politicians that they have to be reminded or warned that these are going on but surely this has always happened, although now maybe it’s easier because of instant communications and the internet. I am sure we are doing the same to them in these countries too! It’s such a shame we all waste so much time trying to compete with each other rather than working together on global issues
- Comment on What's the best chat to self host? 1 month ago:
Thanks! I didn’t know about this and it is from the developers of prosody (currently mentioned in the top reply) so will definitely be trying it! blog.prosody.im/introducing-snikket/
- Comment on Backup recommendations 1 month ago:
Also look at github.com/creativeprojects/resticprofile and github.com/garethgeorge/backrest for tools built on top of restic cli
- Comment on UK universities offered to monitor students’ social media for arms firms, emails show 1 month ago:
For fucks sake, what is wrong with them! Surely this would be a GDPR breach at the very least
- Comment on UK: If it looks, sounds and behaves like an enemy, why are we calling China a ‘challenge’? -- [Opinion] 1 month ago:
I am more concerned about technology connections with Israel, Russian money / property, India’s ethno-national activities, and the close links with the USA in all areas. I don’t want any of these regimes or China but why single China out in particular. USA is top of my list to decouple from.
- Comment on UK police caught slacking off by jamming their keyboards while working from home 1 month ago:
Makes me like them more! Sometimes you just got to be online and if the management just require presenteeism then you get this. If theres good management that require output but realise we are humans who sometimes need to chill out for a time, this isn’t an issue. If they’re doing this all the time so there’s no output, that’s on the management really. In the office it would be tea breaks, chatting to colleagues, the general chat at the start or end of meetings, going for breaks, etc
- Comment on UK is ‘worst country in Europe’ for drug prices, says Mounjaro maker 2 months ago:
Great news!
Our response should be to negotiate on copyright / trademark laws or whatever allows their fake monopolies then. If you don’t sell it at a reasonable cost we’ll allow others to make it for us as genetics
- Comment on More than 150 lawyers and refugee NGOs report being ‘pressured into silence’ by far-right protesters 2 months ago:
How is this not terrorism? If a Muslim group did this to anywhere their group would be shut down so fast…
- Comment on General Medical Council examines doctor’s Reform speech linking vaccines to royal family cancer 2 months ago:
Hope they strip him of his licence. I’m not a doctor but an part of a regulatory body. If I said something out of line with most guidance and other people, I’d have to have pretty strong evidence backed up by at least one but sometimes two independent reviewers. If it was just a hunch I’d be stripped of my title so fast. This is in a field which does not directly impact peoples health or risk to life so really hope they throw the book at him
- Comment on Data Backup Solutions 2 months ago:
I also use restic for backups. I actually switched from Borg because it kept getting stuck and failing but couldn’t work out why. Not had issues with restic (so far, touch wood!).
I use resticprofile with yaml configurations though (github.com/creativeprojects/resticprofile), which made it much easier for me to figure out.
I use borgbase for offsite backups.
- Comment on UK banks face lawsuits over mortgages that left people with huge debts 2 months ago:
I’m against most of the activity banks do or did but was this really unfair given they had to take legal advice and were advised it’s an unusual product they chose to take? They got money for nothing, no repayments and they’ve benefited from a substantial house price increase regardless. The bank is taking their share of that increase but they still get 25% of the increase plus use of that original 25% cash payment for years with no repayment. I mean, considering how hard it is to get a house now, I don’t have much sympathy here
- Comment on The correct way 2 months ago:
According to flaginstitute.org/…/Flying_Flags_in_the_United_Ki…:
Union Flag - If hung horizontally or vertically, the broad white diagonal should be uppermost in the top-left corner.
- Submitted 2 months ago to unitedkingdom@feddit.uk | 41 comments
- Comment on Today marks the beginning of His Majesty's fourth year on the throne. May His Majesty have many many more! God save the King! 2 months ago:
Also, thank you to Sir Keir Starmer for one year as our PM, 9 years as an MP and many years as a civil servant, tirelessly representing the British public’s interests. We may not all agree with the politics and decisions made but it’s clear how many hours you must spend working so hard for our country. Rule Britannia!
- Comment on 18% of people running Nextcloud don't know what database they are using 2 months ago:
They really push you to install the aio container so it’s not surprising to me.
- Comment on Massive disparity in availability of allotments across UK, analysis reveals 2 months ago:
I’m not sure about allotments, they don’t seem to work that well to me but it’s just anecdotal knowledge. My dad started sharing one two years ago so I went around a few times. More than half the plots were completely unused. A few plots were very used but felt like a private place to escape. I looked up the waiting list and it was over 60. They said if you don’t use them you lose them but it didn’t seem to be enforced at all. Anybody not involved in an existing one was not allowed or welcome in.
Surely it would be better to have lots of community gardens run by the same people who have the allotments but where anybody can take part and local people are encouraged to help. Get school groups involved. I appreciate it’s a lot of effort but otherwise, does it really matter.
- Comment on What external services do you use for your selfhosting setup? 2 months ago:
For personal stuff, i use an external email, and borgbase for backups (highly recommend them if using Borg or restic).
- Comment on Looking to get a new phone with FOSS on it. What should I look into? 2 months ago:
I got a fairphone 5 earlier this year and am very happy with it. There is a version with /e/os installed but it was out of stock so I bought the android and it was really easy to install /e/os myself with no technical knowledge needed. I use f-droid for as many apps as possible. It has a version of play store (app lounge) for other apps, most of which have worked. For the odd one that didn’t, I’ve just added a shortcut to the mobile website for quick access. Theres no google pay but I can use the curve app fine with NFC so can even buy stuff, something I didn’t expect to be able to do.
