if I close the 8123 port and remove my cache, firefox will warn me, if I click on forward anyways it will forward to a website from my router for some reason saying that the DNS-Rebind-Protection has blocked my attempt and that there is some issue with the host-header.
Instead of forwarding ha.yourdomain.com to 192.168.178.214 (which I assume is the lan ip address for your machine), you should forward it to a hostname called homeassistant (which is the hostname for the home assistant instance inside your docker compose network).
What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.
I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
Mainly I want to expose it so I can access my stuff remotely. What would you recommend otherwise? Traefik looks alot more difficult to me from the get go but I haven’t tried it out yet (because I dont know where to start) Issue is just that I have a basic understanding about docker/ubuntu stuff now (or I know how to manipulate stuff like I want) but basically everything with Web and https is a big black hole for me which I can’t seem to grasp yet.
Yeah, it’s a lot. It’s a very large field, and you’re playing in two or three areas here.
Look at a couple of overlay options. ZeroTier is the one I remember off top of my head. There are others, Google alternatives. These use a coordination server. Some are a hosted service, but there’s some that you host yourself. These are supposed to be pretty easy. You watch a couple of videos on these, I bet you’re be fine.
Wire guard offers more traditional VPN. You can tunnel your device back to your network. Some routers offer a VPN option. There’s open sense, ddwrt, etc. Again, lots of videos.
Since you said you mostly wanted remote access, I strongly suggest not opening services to public and use VPN.
You can still learn reverse proxy too, but just do it internally, even though it wouldn’t technically be needed. This will be much safer and learner friendly.
I have ridiculous amounts of services running, but I use gateway router VPN to access most of them.
using a vpn or similar is not really an option as I have famiy members accessing it and I dont want to always connect using a vpn just for example to open my garage or accessing my shopping list. Security wise I just use 2FA so I dont think thats the issue.
I got a small network running with Linux, android and Windows, but seldom use it. Windows install worked fine, but it remember it was not well documented (needed to use some argument for it to setup the service). Don’t use nextcloud but I do have vaultwarden working over it.
I’m planning to move to headscale due to the certificate management overhead.
It’s auto installs and updates. Just need to forward the DNS for your instance to whatever domain name you like. It’s pretty straight forward from the documentation.
I hadn’t heard of CasaOS before; looks very cool. I am currently on TrueNAS and it’s been fine, but I had been running it in a VM because it wasn’t a good fit for running other things along side it. This seems like an interesting solution, thanks!
I’m using a NetApp ds4246 to hold 24 drives, and it’s glorious - embrace the rack mount life. Although my computers themselves are all HP Prodesk minis, which are tiny and amazing, 1 u high and can fit two across on a shelf.
I have been looking to do this as well, I’m just not 100% sure how it all connects together. Do you have the disk shelf connect to a server with lots of sas cards?
I don’t think you can change your lemmy instance’s domain yet. Afaik there is no official way to do it. FMHY lost their domain (they are using a free domain and lost it) and was attempting to switch to a new domain for their instance and developing a tool to migrate to a new domain, but somehow decided to start fresh and discard their old data instead. No idea what happen with the migration tool they were working on (is it actually working? did they actually released the code?), so save yourself some headache and make sure to never lost your domain, which means don’t use free domain because that domain isn’t actually yours and can be yanked without any notice.
Yeah, AFAIK ActivityPub itself heavily relies on the domain being part of your identity - so its not really possible to change the domain on any of them, along with other federation implementations such as Matrix.
This is why while Mastodon allows for profile transfers, it doesn’t transfer your post content - it simply just sends a signal to your followers to unfollow your old account and follow your new one. The actual content itself is intrinsically tied to your identity on the old domain.
That seems like an oversight. ActivityPub should rely on some sort of certificate or cryptographic signature instead of a domain which might have to occasionally change.
ActivityPub does use cryptographic keys for Actors (“users” in this case) - so even in theory if you were to destroy your instance and then set it up on the same domain and recreate the user, things would be quite broken still… But unfortunately it still does rely on the domain name itself, so I agree.
I think the problem is, without the domain name, there is no way for you to lookup who @russjr08 would be, or where to send data to them. The domain effectively acts as a mailing address (a well suited analogy considering that ActivityPub also uses inboxes/outboxes) so that Instance A always knows that User B can be found on Instance B.
I doubt its an impossible challenge to solve, but probably quite a difficult one I’m sure.
Don’t worry about the UDP ports, they’re only needed on the LAN and only in certain conditions. Basically Jellyfin uses them to “announce” things to the LAN.
On 7359 it announces clients where to connect; this can help you when first starting a client to let it connect automatically instead of you having to enter IP or jellyfin.mydomain.com.
On 1900 it advertises itself as a DLNA server. This is only relevant if you have other DLNA-capable devices. DLNA is a cool protocol that allows devices to act as server, controller or renderer and to cooperate to cast streams. For example you can use your phone as a DLNA controller to get media from Jellyfin acting as a DLNA server and cast it to a TV acting as a DLNA renderer. If your TV has DLNA capability then you may be interested in the BubbleUPnP phone app which can act as a controller, and that’s when you may be interested in enabling 1900.
Or you can comment out the “ports:” section in your config and say “network_mode: host” instead and all 4 ports will be mapped automatically and work as intended (it’s what I do).
Good to know. I thought there was some issue with those ports and the reverse-proxy because the DLNA function doesn’t seem to be working but from some googling this seems to be more of a docker problem in general when you are not using host mode for networking.
So far so good. The URL is correct, because its the external address. You also don’t need to publish both http and https ports. I only map external https to internal http but you can do https to https. No serious modern browser tries http first and because I always force https anyways, it doesn’t need to be public. Only the reverse proxy may need it, for Let’s Encrypt.
Both UDP aren’t needed for public access. I only have mapped 8096 to my reverse proxy and it works.
selfhosted
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.