Large portions of Lemmy feel similar to places like /r/sino on Reddit. Personally I like to look at that stuff from time to time just to keep tabs on that flavor of propaganda, but it’s pretty detached from reality.
You could do it, especially if you’re running Truenas Scale since that’s Linux. On Core you could do it inside a VM (I have Jellyfin set up inside an Ubuntu VM with persistent samba mounts to access my media).
On Scale the recommended way would probably be through helm charts, though config might look a bit different than the Docker Compose files here. There are charts for I think all the services mentioned: truecharts.org/charts/description_list
Personally I’m planning on waiting just a little bit longer for Scale to become more stable and then I’m going to migrate, rather than trying to set up all these services in a VM on my Core machine today.
I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I’m not sure how secure it is, and I keep getting random requests from all over the world. It’s my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice...
VPN drains my phone battery like crazy, plus eventually I’d like to be able to share my services with some less technical people, and want to keep the barrier to entry low for them, so I’ve been looking at what I’d want in order to be comfortable exposing services publicly.
Services are running on Truenas Scale (k3s).
What I’ve been thinking is:
Isolate services’ network access to each other and to my local network.
Reverse proxy in front of all services (probably Caddy)
Coraza as a WAF
Crowdsec Caddy module
Some sort of auth layer in the proxy, like oauth2-proxy (kind of tricky because not every service would work well with this, especially without client support). Probably would start with a 3rd party identity provider rather than rolling my own, especially since 3rd party will probably do a lot more monitoring around logins, patterns, etc.
Thinking of hosting the reverse proxy piece on a VPS. Probably not completely necessary because I don’t think hiding my home IP really buys me much security, but Caddy might be easier to configure on the VPS compared to Truenas (though I guess I could run it in a VM on Truenas).
Each app could run a wireguard sidecar to connect it to the VPS.
Curious what others think about this setup, or if the recommendation is still to keep things behind a VPN.
Why? Are we not doing enough? (file.coffee)
by fedidb.org
The complete guide to building your personal self hosted server for streaming and ad-blocking powered by Plex, Jellyfin, Adguard Home and Docker. (lemmy.dbzer0.com)
The complete guide to building your personal self hosted server for streaming and ad-blocking....
Mangadex and Batoto extensions have been removed due complaints from copyright holders (file.coffee)
Batoto extension isn’t working anymore 😭 while mangadex extension is fine...
Pornhub pulls out of Montana, NC as age-verification battle rages on (arstechnica.com)
Random requests to my private Jellyfin instance
I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I’m not sure how secure it is, and I keep getting random requests from all over the world. It’s my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice...
Take back the memes! (lemmy.ml)
Task failed successfully (lemmy.today)