great, looks promising, i’ll keep an eye on it as well! Problem for me seems to be invidious not creating a valid rss feed for playlists. I managed to setup yt-dl to watch a youtube playlist (these are valid), but not for invidious.
my plan was: add video to invidious playlist > trigger ytdl to download video from the watched playlist > sync video to phone > add directory to antennapod.
Would’ve loved to gotten one of those. But the power consumption of a Xeon is a bit higher than I’d like. This was a nice to have, not need to. It was a Christmas gift from my wife 🥰
I’m using a workstation board in my server. Asus Pro WS W680M-ACE SE along with a Core i5-13500. Intel support ECC for consumer CPUs but only when using workstation motherboards :/. The IPMI on this board works well though.
Don’t have some Intel CPUs Intel vPro making you also able to control the PC in a LVM manner?
I havent tried it yet but my (so far) research suggests its possible and it would be a useful feature for those repurposing old workstation pcs as servers.
I think some other CPU/MBs also have this feature.
But I would giess they are only implemented in business scopes like the Pro/EliteDesk line from HP and the other SIs equivalent.
It’s a KVM in the same sense but instead of switching it provides the functionality over a web interface so that I can manage my server from my workstation or laptop instead of crawling in the space beneath the stairs where my server is if something goes wrong. Compare with IPMI.
This. And, yt-dlp and/or youtube-dl used to have an issue where if the url started with the video ID instead of the playlist ID, it just downloaded the video not the whole playlist. Not sure if that is still around, then just be aware.
Yah, it’s been trash from the start. I tried it 2 years ago and the unpredictable weird shit it did was useless to try to troubleshoot. It was worse than trying to run Docker on Windows, if that can be believed.
Debian with the Docker convenience script is the way to run Docker.
Learn the fundamentals of IPv4 and IPv6. (Absolutely learn to count bits for IPv4)
Learn and understand the use-cases for routers, switches, and firewalls.
Learn about DNS. (Domain Name System)
Learn about DHCP. (Dynamic Host Configuration Protocol)
Learn important Port Numbers for important Services. (SSH is Port 22, for example. The range of port numbers from 1024 to 49151 are “registered ports” that are generally always the same)
Learn about address classes. (A, B, C are the main ones)
Learn about hardware addresses (MAC address) and how to use ARP to find them.
And more! This is just off the top of my head. Until you’ve studied a lot more, please, for your own sake, don’t open your selfhosted ervices to the wider internet and just keep them local.
And just for fun, a poem:
The inventor of the spanning tree protocol, Radia Perlman, wrote a poem to describe how it works. When reading the poem it helps to know that in math terms, a network can be represented as a type of graph called a mesh, and that the goal of the spanning tree protocol is to turn any given network mesh into a tree structure with no loops that spans the entire set of network segments.
I mean, isn’t it important to understand the fundamentals so you can understand VLSM better?
Like math, a lot of this knowledge works better when you know the fundamentals and basics, which help you conceptualize the bigger ideas.
On a personal level, I would have had a lot harder time understanding VLSM if I hadn’t had the basic fundamentals of traditional subnetting and classful networking under my belt.
There’s nothing inherently important to classful networking you learn that’s necessary for VLSM. They amount to common convention based on subnet size, and even then nearly nobody actually uses A or B sized subnets except as summary routes, which again, is not inherent to classful networking.
Classful networking has been obsolete for thirty years for good reason, you gain nothing from restricting yourself in that way.
How are you “restricting” yourself by learning that it exists? Nobody is saying “learn about it and use it and never consider anything else.” They asked what fundamentals they should know for networking, and I dumped what I considered the “fundamentals.”
Nothing actually uses classful networking anymore. Any situation where classful network concepts are implemented is necessarily limiting the capabilities of the network. As such it’s completely useless to bother spending time learning it.
Proprietary when flatpak exists, and it doesn’t properly address how apps should dynamically request access to things they need. Every time I’ve used either solution I’ve run into some permissions problem.
For desktop apps maybe. How do you run a flatpak from the cli? “flatpak run org.something.Command”. Awesome.
Both suffer from not making it obvious what directories your application can access and not providing a clear message when you try to access files it can’t. The user experience sucks.
A reverse proxy takes all your web-based services, e.g.
plex on port 32400
octoprint on port 8000
transmission on port 8888
and allows you to map these to domain names, so instead of typing server.example.com:32400 you can type plex.example.com. I have simplified this quite a bit though - you need DNS configured as well, and depending on your requirements you may want to purchase a domain name if you intend on accessing content from outside your home without a self hosted VPN.
Cloudflare is a DDoS mitigation service, a caching web proxy, and a DNS nameserver. Most users here would probably be using it for Dynamic DNS. You can use it in combination with a reverse proxy as a means to mask your home IP address from people connecting to your self hosted web-based services remotely, but on its own it cannot be used as a reverse proxy (at least easily - would not recommend attempting to). Do note that Cloudflare can see all the data you transmit through their systems, something to bare in mind if you are privacy conscious.
In my opinion though, it would be much better for you to use a self hosted VPN to access your self hosted services (can be used in combination with the reverse proxy), unless there is a specific need to expose the services out to the internet
Edit: fix minor typo, add extra info about cloudflare
So a reverse proxy is a way to manage subdomains? I read somewhere that it allows multiple different services to be hosted on the same port and I think I know that that is probably a lie.
Depends what you mean by same port. A reverse proxy would allow you to expose everything of 443 and then the proxy would route to particular app ports and hosts.
Each service runs/listens on its own port, including the proxy (typically 80/443). When you connect to the proxy using its port, it will look at the domain name you used and proxy your connection to the port for the service that name is setup for.
So when you go to expose these to the network/internet, you only have to expose the port the proxy listens to and the clients only ever use that port regardless of how many services/domains you host.
Edit: whoops, got a little bit sidetracked and didn’t talk about cloudflare at all. I’ll leave it up nonetheless as it contains info.
The reverse proxy only listens on port 80 and 443, so yes, all your services will be accessible through just one/two ports.
The reverse proxy will parse the http request headers and ask the appropriate upstream service (e.g. jellyfin) on localhost:12345 what it should send as a reply. Yes, this means that you need to have a http header so that the reverse proxy can differentiate the services. You don’t need to buy a domain for that, you can use iPhone to make your made up domain map to a local IP address, but you need to call the reverse proxy as sub.domain.com. 192.168.0.123:80 won’t work, because the proxy has no idea which service you want to reach.
I found it really easy to set up with docker compose and caddy as a reverse proxy. Docker services on the same network automatically resolve their names so the configuration file for caddy (the reverse proxy) is literally just sub.mydomain.com { reverse_proxy jellyfin:12345 }. This will expose the jellyfin docker, which is listening on port 12345, as sub.mydomain.com on port 80.
That’s halfway correct - I’ll try and break it down a bit further into the various parts.
Your subdomains are managed in using DNS - if you want to create or change a subdomain, that happens here. For each of your services, you’ll create a type of DNS entry called an “A record”, containing your service’s full domain name, and the IP address of your reverse proxy (in this example, it is 10.0.0.1)
The DNS records would look like the following:
plex.example.com, 10.0.0.1
octoprint.example.com, 10.0.0.1
transmission.example.com, 10.0.0.1
With these records created, typing any of these domains in a browser on your network will connect to your reverse proxy on port 80 (assuming we are not using HTTPS here). Your reverse proxy now needs to be set up to know how to respond to these requests coming in to the same port.
In the reverse proxy config, we tell it where the services are running and what port they’re running on:
plex.example.com is at server.example.com:32400
octoprint.example.com is at server.example.com:8000
transmission.example.com is at server.example.com:8888
Now when you type the domain names in the browser, your browser looks in DNS for the “A record” we created, and using the IP in that record it will then connect to the reverse proxy 10.0.0.1 at port 80. The reverse proxy looks at the domain name, and then connects you on to that service.
What we’ve done here is taken all 3 of those web-based services, and put them onto a the same port, 80, using the reverse proxy. As long as the reverse proxy sees a domain name it recognises from its config, it will know what service you want.
One thing to note though, reverse proxies only work with web-based services
Another user already gave you the answer, but one thing to bear in mind is that Cloudflare only “speak” HTTP(S), and nothing else. So if for example you want to run Minecraft, CloudFlare’s free plan will not allow you to route it through port 80/443 as they don’t know how to “speak” the Minecraft protocol.
So far, I have WireGuard set up, and activate it when I need access.
This year I have considered Cloudflare tunnels to enable them only to issue SSL certificates (instead of signing my own like I did last year). But not sure if it is worth it or if I should just keep signing myself.
(Cert is mainly to avoid SSL warnings on iOS and browsers, so far I am the only one using what I host)
Might also be nice to not have to configure each device to use a different dns server (my own), but not sure the benefit is worth having that dns record “out there” and Cloudflare “in here”.
The DNS-01 challenge [1] allows for issuing SSL certificates without a publicly routable IP address. It needs API support from your DNS provider to automate it, but e.g. lego [2] supports many services.
I personally leave my Wireguard VPN always on, but as its only routing the local subnet with my services, it doesn’t even appear in my battery statistics.
selfhosted
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.