
ohshit604
@ohshit604@sh.itjust.works
- Comment on just realized whoogle is dead now 13 hours ago:
from an actual search company that values privacy.
California company obliged by FVEY? While I appreciate their efforts, American based companies don’t exactly scream privacy respecting when they can be turned into Data Collectors under the Patriot Act.
- Comment on just realized whoogle is dead now 14 hours ago:
Entirely depends on the instance admin and whether or not they keep it maintained and up to date.
- Comment on what's the simple way to map services to subdomains instead of specifying the port number? 17 hours ago:
Web browsers look for either port :80 or port :443, your reverse proxy sits on those ports, hence why you don’t need to input a port at the end of the domain.
- Comment on Xbox One X to Linux Questions 1 day ago:
Little late but I doubt Microsoft wants to relive the horrors of JTAG Xbox 360’s hence the locked down systems.
- Comment on "Ultimate" guide for literal beginners 4 days ago:
If you manage to get Docker Compose installed on that Mac (I don’t know Dockers limitations with Macs) but create a docker-compose.yaml file with the contents of;
services: jellyfin: image: jellyfin/jellyfin container\_name: jellyfin # Optional - specify the uid and gid you would like Jellyfin to use instead of root user: uid:gid ports: - 8096:8096/tcp - 7359:7359/udp volumes: - /path/to/config:/config - /path/to/cache:/cache - type: bind source: /path/to/media target: /media - type: bind source: /path/to/media2 target: /media2 read\_only: true # Optional - extra fonts to be used during transcoding with subtitle burn-in - type: bind source: /path/to/fonts target: /usr/local/share/fonts/custom read\_only: true restart: 'unless-stopped' # Optional - alternative address used for autodiscovery environment: - JELLYFIN\_PublishedServerUrl=http\://example.com # Optional - may be necessary for docker healthcheck to pass if running in host network mode extra_hosts: - 'host.docker.internal:host-gateway'
Then run;
sudo docker compose up -dIn a shell while in the folder with the docker-compose.yaml file you just created.
- Comment on Homepage - Selfhosting Dashboard 5 days ago:
Every homepage made with Homepage.dev looks the same to me, no matter how much you configure their settings.yaml or services.yaml it all looks the same.
- Comment on Is they're an easy way to make my Jellyfin accessible outside of my home network 6 days ago:
To say it’s debatable if it’s a suite of tools is just wrong.
How is it wrong to say it is debatable when Traefik and WireGuard have quite literally done majority of the development. Pangolin is just a man in the middle.
Pangolin uses gerbil with newt for those wireguard tunnels. That’s a massive improvement already. It also adds a bunch more features like vpn.
According to the Newt ReadMe -
Newt is a fully user space WireGuard tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Newt, you don’t need to manage complex WireGuard tunnels and NATing.
Seems to me that WireGuard is their primary dependency, without WireGuard what use is it?
you can crowdsec
According to Pangolin docs they rely on the Crowdsec middleware offered by Traefik.
By default, Crowdsec is installed with a basic configuration, which includes the Crowdsec Bouncer Traefik plugin
- Comment on Is they're an easy way to make my Jellyfin accessible outside of my home network 1 week ago:
I can’t be much of a help with Caddy however, for Traefik you can use the OIDC Middleware to forward requests to your authentication service.
Plus I worry I set something up wrong and expose my network
The only port that would need opening is :443, leave port :80 closed so that people cannot connect to your services insecurely. Slap fail2ban or geoblock on it and call it a day.
Also, DDNS allowlist for that deny-first approach.
- Comment on Is they're an easy way to make my Jellyfin accessible outside of my home network 1 week ago:
Traefik is what it uses to proxy things. You’re comparing a full suite of tools with just one piece.
I mean, that’s debatable. Taking a look at their
docker-compose.ymlthere are 3 containers they recommend running, with a 4 optional container.- image: docker.io/fosrl/pangolin:latest # Pangolin itself
- image: docker.io/fosrl/gerbil:latest # WireGuard server
- image: docker.io/traefik:v3.6 # Traefik Reverse Proxy
- hhftechnology/middleware-manager:latest # Optional middleware manager for Traefik
To say this is a “full-suite” is a bit much when majority of the heavy lifting is done by Traefik, the middleware’s you assign to Traefik and WireGuard. Pangolin if I’m reading this correctly;
“Pangolin combines reverse proxy and VPN capabilities into one platform.”
Which is great! However as I mentioned previously, does not integrate well when these services are already setup to work standalone.
- Comment on Is they're an easy way to make my Jellyfin accessible outside of my home network 1 week ago:
and used a cloudflared tunnel to direct traffic to Caddy
There is also a way to use the cloudflared tunnel for free that gives you a domain as well (sort of anyways).
This is DDNS, a popular, free alternative would be ddclient. Essentially updating an A Record so that your dynamic IP is remains associated with your domain.
While cloudflare is also my registrar as well, I don’t use any of the “features” they offer, and opted to use Keycloak for my authentication needs.
- Comment on Is they're an easy way to make my Jellyfin accessible outside of my home network 1 week ago:
Free vps in oracle cloud with Pangolin
If I’m not mistaken I tried setting up pangolin to work along side my already running Traefik setup and it was just an absolute nightmare.
I just don’t have the time nor energy to reinvent my already running configuration.
- Comment on Is they're an easy way to make my Jellyfin accessible outside of my home network 1 week ago:
Device -> VPN Tunnel (ideally WireGuard) -> Home Router / Server.
The only port that needs to be opened is your WireGuard server which typically is :51820.
The issue with this is you have explain VPN’s and WireGuard to people which, in my experience turns people away as they see it as a hassle.
Alternatively buy a domain, setup DDNS so that your home IP is associated with your domain, setup a reverse proxy and open port :443 on your router however, I would suggest a blacklist-first approach and only whitelist the few known IP’s you can trust.
- Comment on Latest success Jellyfin rocks! 2 weeks ago:
I’m always going to say Windows is too heavy to be placed in a server environment but congrats nonetheless.
- Comment on Is there a solution to use tailscale (or pangolin) alongside a traditional VPN on grapheneos? 2 weeks ago:
Might sound like a dumb question, but have you opened the port on your router?
My ASUS router handles my WireGuard setup, I can forward my home VPN server through one of Protons VPN servers essentially creating a multi-hop setup.
- Comment on Security considerations about hosting Immich from home 4 weeks ago:
I suggest having your setup as a deny-first approach. Meaning denying every IP and whitelist the known few, Traefik offers a middleware for this.
Alternatively you can blacklist by country of origin however VPN’s are a thing, I would only recommend this on low-risk applications such as Invidious instances, dashboards and such.
- Comment on Rule 3 - Updated 4 weeks ago:
Can vibe-coded apps be flagged as low effort, they steal code from other developers and claim it to be their own.
- Comment on Anybody out there self hosting Searxing? 6 months ago:
Yup, it works 90% of the time. Happens on all devices so I suspect Searx is just running into an error of some sort. Too lazy to investigate.
- Comment on Anybody out there self hosting Searxing? 6 months ago:
I host my own SearXNG, reverse proxied it, added a few security headers and restricted access to my country to help prevent abuse.
- Comment on FFS Plex, the server is on my local network 9 months ago:
If I’m not mistaken Emby started to do some sketchy stuff which birthed Jellyfin.
- Comment on What is the current state of Matrix? 9 months ago:
As the end use my biggest gripe with Matrix is with voice communications, it’s almost as if you sneeze wrong you’ll lose connection to the voice group, screen sharing is horrible, no audio and the window is not adjustable, cant even make it full screen.
Now they’re reducing people’s usage by putting in a subscription and locking certain features, at least on the home server.
Disappointed nonetheless.