*.local.domain.com -> has its own cert but the * can be anything and the same cert can be used for anything in place of the star as many times as you want and therefore doesn’t need to be internet accessible to verify. That way vaultwarden.local.domain.com remains local only.
The primary reason to put authentik in front of arrs is so I don’t have to keep putting in different password for each when logging in. I disable the authentication for each of them in the app itself and then disable the exposed docker port as well so the only way to access it it via traefik + authentik. It has local access only so isn’t directly exposed to the internet.
10 free accounts on duo is very nice but I hate being locked into things (not self hosted). An open source or self hosted alternative to duo would be great.
CloudFlare is a good place for beginners to start. Setting up a reverse proxy can be daunting the first time. Certainly better than no reverse proxy.
That being said, having your own reverse proxy is nice. Better security since the certificates are controlled by your server. Also complex stuff becomes possible.
My traefik uses keys encrypt wild card domains to provide HTTPS for internal LAN only applications (vault warden) while providing external access for other things like seafile.
I also use traefik with authentik for single sign on. Traefik allows me to secure apps like sonarr with single sign on from my authentik setup. So I login once on my browser and I can access many of my apps without any further passwords.
Authentik also allows oAuth so I can use that for seafile, freshrss and immich. Authentik allows jellyfin login with LDAP. (This last paragraph could be setup with CloudFlare as well).
Any idea if a self hosted all like this can be set as the default PDF viewer for a browser. Firefox and Chrome both have built in pdf viewer when clicking on a pdf, having it open in this instead would be amazing.
I have 3 14tb exos drives. I have them in a Roswell 4u hotseap chassis. Running unraid.
It’s nearly inaudible over the very reasonable case fans. No grinding noises. I can hear the heads moving a bit but it’s quite subtle. Not sure why people have such different experiences with these
Is UI mimics ms office and has comparability with word files.
Not open-source and has some limitations without paying but works on windows and Linux. Can even be self hosted yourself to provide a web UI for access to your own files Google docs style.
Stuff like this is why I moved my docker from unraid to a VM where I can use docker compose. Docker compose is really the only way to get a clean setup with complex stuff like this. That being said I recommend beginners use unraid. You don’t need a full vpn for torrents, a socks5 proxy will be fine and doesn’t require and special docker settings.
My setup uses traefik reverse proxy. Internal HTTPS (let’s encrypte wild card) and external HTTPS depending on what I want.
It uses authentik for single sign on and in this case provides LDAP for jellyfin and also provides web authentication for arr services.
The glutun container can be configured with any VPN and all services can only access the internet via the VPN.
My NAS is unraid, my docker host is a VM on proxmox. Media files are stored on HDDs on unraid and everything else is on on the docker SSD. Volumes are connected to where they need to be via NFS shares.
There are limits for cpu and ram so one container can’t bring everything down.
The containers themselves all communicate via their own docker network and only the reverse proxy (traefik) allows access to the UI.
Borg (specifically Borg Matic) has been working very well for me. I run it on my main server and then on my Nas I have a Borg server docker container as the repository location.
I also have another repository location my on friends Nas. Super easy to setup multiple targets for the same data.
I will probably also setup a Borg base account for yet another backup.
What I liked a lot here was how easy it is to make automatic backups, retention policy and multiple backup locations .
Open source was a requirement so you can never get locked out of your data. Self hosted. Finally the ability to mount the backup as a volume / drive. So if I want a specific file, I mount that snapshot and just copy that one file over.