Yeah, an IP range totally works. Figure out the subnet info and add that to a whitelist. It’s a pain, but it should keep the script kiddies at bay.

I have my smart TV access it over my local network. If you’re using a friend’s instance, you could set up a WiFi SSID that tunnels everything over your VPN.

If that’s onerous, you can make it publicly accessible, but only for whitelisted client IPs.

I love Jellyfin and use it. I also think the security issues are very serious and it’s irresponsible to not fix them. At the very least they can make a new API and give users the option to enable or disable the insecure one until clients get updated. But they don’t.

I’ve decided to remove public access to my Jellyfin server until it’s resolved, though it’s still accessible behind my VPN.

Docker is at least two of those, AIO vs non-AIO image.

Some notes:

• syncthing - a little complex, and the file format isn’t flat files, but they have a FUSE driver you can use if you want “flat” files; it’s wicked fast at syncing data
• OCIS/OpenCloud - default file format isn’t flat, but there is an experimental POSIX driver to get that flat file layout, in case you prefer that for backups
• Pydio - don’t know much about it, but it seems designed for large, clustered deployments

I’m playing with OCIS/OpenCloud and it seems like a good fit. I’m mostly holding off until I can figure out which to use (leaning toward OpenCloud).

Yup:

• ownCloud -> NextCloud
• ownCloud Infinite Scale -> OpenCloud

I’m testing out OCIS, and will probably switch to OpenCloud.

Porkbun is a domain registrar, so I’m guessing OP is using their API to edit a DNS record with the challenge so Let’s Encrypt can prove ownership of the domain. Caddy can automate that, however, you need a Caddy build with a plugin for the registrar (use xcaddy), and then supply login details in the Caddyfile.

Here’s the plugin for porkbun, and the README documents how to use it.

I prefer doing it this way so I don’t need to expose my service to the internet to get a TLS cert, and I can also keep port 80 blocked.

I’m guessing they are doing DNS challenge for getting Let’s Encrypt certs.

That’s what I did for Cloudflare and it works well.

and to be able to connect to your web service and fetch a secret to prove you own the domain

This part isn’t true, you can use DNS challenge and they don’t need to connect to your service. I have several services on my LAN that have never been accessible from the internet that have Let’s Encrypt certs.

That sounds like the method OP is trying to use.

Sure. I do run some things on the host, but I do default to containers unless I have a good reason to avoid them. Containers make it really easy to move to a new piece of hardware, and I want my disaster recovery process to be as close to:

1. set up new device
2. restore data
3. copy down container configs
4. start containers

Some UPSs communicate over the network, and if that’s what you have, containers are a fantastic solution. If you have a USB or serial (??) one, then yeah, maybe the host will give less trouble, just make sure to not forget to document the setup and config.

all new posts and comments inside that community will be mirrored to your instance

And that’s my biggest issue w/ Lemmy. It seems to scale okay, provided you have enough users to make all that traffic worthwhile. However, I’m unlikely to actually self-host since I really don’t want a copy of literally everything I sub to. Ideally, I could host my own authentication server and only the communities I host (which would probably be 0), and I’d just fetch whatever I needed from wherever it’s hosted.

What problems?

A VM certainly seems like overkill, but a simple podman container should be pretty problem-free.

I’m considering it. Our storage needs are modest (8TB capacity, 2-3TB stored), our HDDs are getting long in the tooth, and I want to downsize so it can fit under my bed and plug directly into the router (it’s currently connecting over wifi). So something relatively inexpensive could convince me to switch.

PCIe 3.0 is 1 GB/s per lane. So nothing life changing, but still reasonably fast (way faster a HDD). If you rarely need swap, you should be fine for the few times you do.

Sure. I just don’t see myself needing more than 8GB RAM, especially w/ fast NVMe drives as swap. It’s a simple NAS running Jellyfin (max 1-2 clients) and a handful of other services.

If I need more RAM, chances are I’ll also need more CPU as well, in which case a larger upgrade is in order. If I truly only need more RAM, I could pretty easily move some services to an SBC like a Raspberry Pi.

It’s certainly a bummer, but not a deal breaker. If the price is right and I can find inexpensive enough NVMe drives, I can compromise a bit on RAM.

Yeah, my NAS uses 3GB out of my 16GB total. I don’t think I’ve ever seen it use more than 5GB.

Eh, 12GB is plenty for me. I’m currently using ~3GB out of 16GB, so I’m nowhere close to that cap. My NAS really doesn’t do much.

I’ve been on the lookout for a quiet, inexpensive NAS that I can put under my bed and forget about. I currently have 2x8TB in a mirror, and I’m only using 2-3TB.

In fact, I might even feel comfortable eliminating the RAID w/ SSDs once I clean up our backup strategy (yes, RAID isn’t a backup, I know and I feel bad).

My current nas sucks down about 120-140w 24/7, so…

Ouch. I’m around 50W, and my HW isn’t anything special: Ryzen 1700 + 2 HDDs + 1 SSD.