VPN drains my phone battery like crazy, plus eventually I’d like to be able to share my services with some less technical people, and want to keep the barrier to entry low for them, so I’ve been looking at what I’d want in order to be comfortable exposing services publicly.
Services are running on Truenas Scale (k3s).
What I’ve been thinking is:
Isolate services’ network access to each other and to my local network.
Reverse proxy in front of all services (probably Caddy)
Coraza as a WAF
Crowdsec Caddy module
Some sort of auth layer in the proxy, like oauth2-proxy (kind of tricky because not every service would work well with this, especially without client support). Probably would start with a 3rd party identity provider rather than rolling my own, especially since 3rd party will probably do a lot more monitoring around logins, patterns, etc.
Thinking of hosting the reverse proxy piece on a VPS. Probably not completely necessary because I don’t think hiding my home IP really buys me much security, but Caddy might be easier to configure on the VPS compared to Truenas (though I guess I could run it in a VM on Truenas).
Each app could run a wireguard sidecar to connect it to the VPS.
Curious what others think about this setup, or if the recommendation is still to keep things behind a VPN.
I’d say try requesting on private trackers of the same country/language, or trackers related to the specific subject. I’ve seen multiple packs of mainstream premium podcasts ripped from a national premium podcasts app being uploaded to some private trackers for content of the same language.
You can reduce doorknob turning dramatically by running on a non-standard port.
Scanners love 80 and 443, and they really love 20, but not so much 4263.
I used to run a landing page on my domain with buttons to either the request system / jellyfin viva la reverse proxy. If you’re paranoid about it, tie nginx to a waf. If you’re extra paranoid, you’ll need some kind of vpn / ip allow-listing
The electricity bill shouldn’t be that bad. Seeding torrents doesn’t put a lot of load on the system. Depending on your hardware it could be pretty low power consumption. On the high end it might hit 4kwh a day.
EDIT: To any three-letter agencies who might be reading this post, I was uploading Linux ISOs and scientific research papers. I would never dream of uploading copyrighted material…
But Linux ISOs are copyrighted. The rights belong to all contributors who created them, and licensed them under terms which allow anyone to redistribute them for free.
Do any of your plex users have the permissions required to delete files?
Radarr doesn’t delete video files unless replacing them with a new one, or commanded to delete them. It will delete related metadata files like images, subtitles, and nfo when it thinks a video file has been deleted though.
Your logs repeat with root folder ‘E:/Movies’ was not found while trying to import new media, but doesn’t mention anything else. Does that folder still exist, or was it also deleted? All your movies, or just some? Were other libraries modified? (tv shows)
piracy
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.