Configurator if you have a MacOS device already and want the OG. Plus it does allow for device supervision. Although you may have to register as an enterprise system for that. That’s really going to be the key thing here as last time I recall signing my org up for MDM we had to provide tax documents.
Apple uses JAMF, and their prices are so low and it’s so easy that for strictly Apple devices I’d go that route. I do believe there is an on prem version of Jamf as well, but you still pay yearly for it.
There’s also Hexcloud, whatever VMware is calling there’s now, and technically sccm can do device MDM.
Main benefits come from supervised mode. On iPads you can enable multi user support with sign in. You can remove access to messaging or other apps, but beyond that the differences between MDM and parental locks aren’t as wide.
Ah, I didn’t realise it might be difficult on the apple side registering as a company etc. Maybe it’s not worth the effort, but I’m gonna look into the options you mentioned
Supervised mode gives you basically all the cool options post IOS 12. That said, it’s been about 4 years since I’ve done any of that registration stuff and I know it changed a lot during the pandemic. So it could be easier now.
I found TrueNas scale to be what fits my needs but I tried unraid (trial) and open media vault first. Also not this is not my first rodeo as I’ve done “from scratch” Ubuntu, and bsd.
I just built a server from older parts off eBay. An i7 2600, Asus p8z77, a Silverstone c382 nas case, 32gb of 1333, a pny P600 video card and a 9200+8i hba card. Then I used TrueNas on an SSD and another SSD for docker containers and cache.
4k Plex streaming no issues, system is fast and the only issue I had was the old Asus boards don’t use pwm fan control.
Open Media vault just confused the heck out of me, I ran it for a few months and donated money to the team for their effort but it was too restricting for my needs. It was definitely a capable nas os but it didn’t feel like it fit my style which is more hands on.
TrueNas has snapshots and replication. I run 4 12tb disks for my live data, striped raid 1’s. Then I have two more 12tb’s in a raid 1 for my replication read only. It’s not enough space if I filled my live drives but I havent needed more yet for the backup. And I can always expand my backup set.
I also have a qnap tr004 das with some random drives in a hardware raid 5. That’s my third copy I do every so often.
The funny part is I didn’t want to pay for a Synology but ended up spending more on parts. However it’s incredibly powerful for what it does so I’m using that as my “happy little mistake”. It’s going to last a long time and run as many services that I could possibly want as a home user.
I’ve been very happy with OMV, for the short time I’ve been playing with it. Its FOSS and the web interface makes it very clear all the layers of abstraction you can use to manage a NAS. I highly recommend it.
And proxmox is good too, also FOSS (proxmox VE). I also has another slick web interface to manage stuff. I like the web interfaces because, albiet intimidating, it exposes alot of options available to me, which give me opportunities to research and understand how it works.
But I’m still working on getting everything with it set up, so take my suggestion with a grain of salt!
Unfortunately, the only people who would actually want to see my home videos (family) live several thousand miles away. I’m also not sure they would even know what to do with an external HDD. Not a bad idea, though.
I did it with blob storage, ended up being much cleaner and cheaper. You’ll need to toy with it a bit, but from scratch will be a lot easier than the migration I had to do. You’ll easily eat up 100+GB in pictures, which on the cloud on a VM’s drive that’s a fair chunk of money. Object storage is pennies.
Yup Yup! I’ve got it uploading objects. It seems to be an issue with fetching them. The hash is either mismatched or it’s not correctly trying to grab from the sled repo. So, I get a 500 error in store response. Not really sure how to fix it.
Are you sure Youtube doesn’t pick video quality based on connection speed? It will frequently drop down to 360p when my connection speed is particularly shitty that day, and I’ll have to manually increase it (I’d rather have occasional buffering than a blurry mess).
Not self hosted, but Tabby is the closest I’ve found. But I still don’t like it as much as Termius. And from what other, more experienced people have said, Tabby is bloated, requiring way more system resources than a terminator emulator app should.
Also, I asked a related question here if you want to read some other suggestions.
The problem about the “automatically adjust resolution and bitrate” can be done in two ways:
Using a GPU to transcode the 4k video in real time (generally unavailable on VPS)
Encoding the video in multiple resolutions and bitrates, using much more disk space
Both solutions are expensive on a VPS.
In this case when I need to share stuff in 4k 60 (basically never) I just host on YouTube unlisted and having Google foot the bill. Maybe think like this: the content really deserves to be 4k 60 fps? Home videos that I share with my family are downgraded to 720p as anyway they will watch it horizontal on a vertical screen
I honestly didn’t know that Youtube “unlisted” was even a thing; I’ve never posted a video to Youtube before, but this might be a promising idea. I’m assuming they still inject ads into unlisted videos, which is a major barrier for me… I hate ads.
I’ll admit that I’m a snob when it comes to video and audio quality; 4k/60 might be overkill, but I think at least 4k/30 has some merit in this case. Most modern phones and tablets (and TVs) are at least greater than 1080p, so assuming they’re watching the video horizontally, 1080p video would still result in a loss of quality. Would they care? Almost certainly not, but the idea of watching a UHD video source in a lower resolution bothers me far more than it should.
It definitely seems like VPS hosting is out of my budget. I think that hosting multiple version of the same video (and paying for more HDD space) would probably be cheaper than a VPS with a GPU resources, but the recurring fees are probably more than I’m willing to spend.
Maybe Jellyfin, where I believe you can force a low bitrate for every remote client. It wouldn’t be “adjust to internet speed” but you could minimise buffering that way.
Of course. Youtube and the like “pre-transcode” it so that would be one way for Jellyfin to better solve it, at the cost of a significant amount of disk space.
You can get an intel arc a310 for ~$90 and it has absolutely insane transcode performance, so depending on how large your library is it might even end up cheaper than buying more storage to just live-transcode everything.
I suspect the delay would still be longer than a Youtube like implementation which may need to switch transcodes multiple times, but that’s probably unrealistic at this point anyway.
Transcoding everything to AV1 could be a solution too, since high resolutions can look quite good at low bitrates, so you could limit it to 5mbps or 10mbps for any resolution and be done with it. But I’m not sure Jellyfin supports that, and at least from the UI it doesn’t give you particularly fine grained control over resolution/bitrates. Perhaps having a secondary library of just AV1 transcodes that you handle manually (perhaps even using a software encoder) could be an option for some.
The client side is also an issue, with not that many devices supporting hardware decoding (although I’ve found it’s fast enough in software with most modern smartphones at least).
if you’re switching between formats yeah it’s going to need to start over on the transcoding. If you don’t it’s actually better because it just caches it on disk. From that point it’s basically native.
Jellyfin does support limiting external network speeds, and individual client speeds, so if you setup your transcoding correctly, and the clients support those codecs, it’ll work.
I’m a big fan of Jellyfin. I run it at home with a dedicated Nvidia A2000 for hardware transcoding. It’s able to transcode multiple 4k streams with tonemapping faster than they can play.
As much as I’d love to use Jellyfin, there are two major issues: My internet connection is so slow, that I’d be lucky to stream 720p at a low bitrate. I’d spend the money on a faster connection, but I live in an area that doesn’t even get cell phone service. My options are DSL and Starlink, and I have both; the DSL is just slow, and Starlink uplink speed isn’t much better, plus I have plenty of obstructions that make it somewhat unreliable. The second problem is that Jellyfin has too steep of a learning curve. Telling my relatives “oh, if it starts buffering, just lower the bitrate” isn’t an option. Not to mention, I’d have to run it on a VPS, and hosting a VPS with the resources required for this is way too expensive for me.
Use encryption, using vpns for such a trivial task is a “really bad idea”
There are many cases when somebody wants to have their dns public, maybe they want to share with their friends, family, community, audience (not everyone is a solo server user)
Also, it’s good to use your dns even before connecting to the vpn. Just use encryption, it’s safe and nice
Keeping 53 opened is not that bad, the only thing you will notice is an increased load on your server if somebody tried to ddos somebody’s server using your dns
P.S. Or as somebody mentioned below, use rate limiting. It’s described pretty well in some other comments. Not just “spooky internet port”
Use a public dns provider. Cloudflare, route53, dyndns (are they still around?), etc. Cheap, reliable, no worries about joining a ddos by accident. Some services are better left to experts until you really know what you’re doing.
And if you do really know what you’re doing you’ll use a dns provider rather than host your own.
Host your own private DNS - yes, knock yourself out. I highly recommend it.
Public DNS? No - don’t do that.
There are two services homegamers should be extra cautious of and should likely leave alone - DNS and email. These protocols are rife with historic issues that affect everybody, not just the hosting system. A poorly configured DNS server can participate in a DDOS attack without being “hacked” specifically. A poorly configured mail server can be responsible for sending millions of spam emails.
For a homegamer you probably only need a single public DNS record anyway (with multiple CNAME if you want to do host based routing on a load balancer). You take on a lot of risk with almost zero benefit.
From outside? Set up a Cloudflare account and point the NS from your registrar to it.
From inside? Set up unbound on a docker host and don’t open it to the internet. Use that one when you’re local and the normal public DNS when you’re outside. But everything I’m seeing in here makes me sure you shouldn’t even consider opening ports in your firewall to expose inside host services. Use a VPN when you’re roaming, and only use your DNS for local servers/hosts via that VPN. The only use for your outside domain name should be to point a single hostname to your outside IP address so you can use it for your VPN endpoint.
Use DNS challenges for LetsEncrypt cert requests and remove host entries from your Cloudflare after you get your cert.
I use a DNS server on my local network, and then I also use Tailscale.
I have my private DNS server configured in tailscale so whether on or off my local network everything uses my DNS server.
This way I don’t have to change any DNS settings no matter where I am and all my domains work properly.
And my phone always has DNS adblocking even on cell data or public Wi-Fi
The other advantage is you can configure the reverse proxy of some services to only accept connections originating from your tailscale network to effectively make them only privately accessible or behave differently when accessed from specific devices
This is why the concept of running services until different ports than default isn’t a real security measure, it doesn’t actually take any effort to figure out what kind of service is running on a port.
selfhosted
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.