high-level: in the USA, download TV and movies and watch them on the TV without having to connect a cable from my computer to my TV.
I have mullvad on my phone, but when I installed it on my Pi it blocks all ssh connections (which was how I was using the pi), some googling told me this was expected behavior and I should configure my proxy/reverse proxy first with the VPN built in.
the webserver, as I understood it, is so I can watch the movies when it’s done, but again as I understand it, has to be configured alongside the VPN to let me in to watch stuff, but not show the government/police/whatever that I am watching stuff
this is what I’m trying to do. I’ve played around with the Arr apps and they work as far as I can tell - but don’t want to use them until the network/VPN stuff is secure and safe
I have an ATT router in pass-through to an Eero mesh which I control through an app on my phone. there doesn’t seem to be anything about installing a VPN on a router I can find online except for specialist routers
"Network Settings: In Jellyfin’s network settings, make sure it’s set to listen on the correct network interface associated with your VPN connection.
"Port Forwarding: If you’ve previously set up port forwarding on your router for Jellyfin, you may need to reconfigure it to forward the VPN-assigned IP and port.
“Local IP Addresses: Check any configurations in Jellyfin that reference local IP addresses and update them if necessary to reflect the IP assigned by the VPN.”
<span style="color:#323232;">
</span><span style="color:#323232;">as I said in my post: no instructions on how to configure it to "forward the VPN-assigned IP and port." or even what it really means (like I know port forwarding is where data comes in on an address, and is sent to another address, but how one reconfigures those, especially w/r/t a VPN I have no idea)
</span><span style="color:#323232;">
</span><span style="color:#323232;">edit: I also believe that the port forwarding is where docker-compose is telling the pi where each app can be accessed via the .YML
</span><span style="color:#323232;">
</span><span style="color:#323232;">but all of these words I hadn't even heard of until a few weeks ago when I started this process, so there's a lot I don't understand
</span>
very little network experience but I’m using Ubuntu to ssh into raspbian on a pi4. All of which is new to me, I can get sonarr radarr qbittorrent all working on it (i think - not willing to test without vpn), but it’s the VPN / Jellyfin stuff that’s really kicking my butt.
but if I’m turning off the VPN to watch something, doesn’t that make expose me because of all the seeding etc through qbittorrent?
that’s part of the issue! If you actually look at the trash guides you’ll see most of the guides just say “There is no special set up required.” and the rest of the page is blank.
That page you linked to shows how arrange your directory structure for hard links (but not how to mount the drive to match /mnt/ or, with exception of a single screenshot, how to configure the software to hardlink)
all of which were things that took me several hours to google, experiment and understand.
I do really appreciate your help - but unfortunately things like “just configure your VPN to allow local traffic” isn’t that helpful when my VPN is just me typing “mullvad connect” into a command line. There isn’t anything obvious to configure, and the moment you start looking into it, it’s insanely complicated.
edit: OK, so with some googling this morning I found “allow local traffic” is set with “mullvad lan set allow” (which is in the help doc, but again - zero explanation, it just lists the command amongst other commands)
edir2: apparently I need to run mullvad inside gluetun, so that’s the next thing
edit3: gluetun installed… step 1: “Required environment variables: VPN_SERVICE_PROVIDER=mullvad” that’s it - no other text. Does that go in docker .env or does it go in the compose.yml or is it set by the command line and where does it go in those files?Who knows?
Apparently gluetun is running on port 8000 - point browser to it “unable to connect” so either I fucked something in installing it or there’s no GUI browser interface - which is it? no idea.
edit4: .env has “VPN_CLIENT=‘openvpn’” - is that the same or different to “_SERVICE_PROVIDER”? should the client be gluetun and the service provider be mullvad? Or neither? Or both? or vice versa? No one knows.
edit 5: After more looking around I glimpsed that line in the last edit in a .yml file so im guessing that means “environment variable” is different to .env - still no idea what VPN_CLIENT should be.
edit 6: no, apparently thats all wrong. It should go in override.yml instead…
Generated private key, downloaded json, extracted the keys put them into the yml (why do these lines get hyphens at the start but nothing else does in the yml? hope i didn’t fuck it up!)
edit 7: did all that, took over an hour, docker restart gluetun no errors and whatsmyipaddress.com shows me where I actually am so its not working. Another complete waste of time with no idea what went wrong or how to fix it
<span style="color:#323232;">
</span><span style="color:#323232;">
</span><span style="color:#323232;">Also, "to use Jellyfin ... Just add content" in this case means "just" configuring ombi to talk to radarr to talk to qbittorrent to download a file to be "moved" with hardlinks which you previously configured.
</span><span style="color:#323232;">
</span><span style="color:#323232;">Then I also can't "just start" jellyfin because the VPN blocks ssh connections as mentioned.
</span><span style="color:#323232;">
</span>
It is a little frustrating that you advised me to ask AI to tell me what to do, I posted the answer verbatim and you said it’s not necessary. Is that because you know the real answer but don’t want to tell me, because the AI is wrong, or something else?
the issue isn’t plex v jellyfin ease of use, its mullvad or privoxxy on gluetun through docker via compose …ease of use.
but I can’t just have one device connected to the VPN. I have to be able to tell it what to download (from a device) and then watch it (from a device)
edit: also, from your link there
“Did you adapt the rules to your setup (IP, port etc)? What if you add a counter to the rules? Can you see them trigger on incoming packets with nft list ruleset?”
No, I have not adapted and counted the rules to trigger on incoming packets with an nft list ruleset because I have no idea what that means
From the link inside that link
“the following rules should be applied.
table inet excludeTraffic { chain allowIncoming { type filter hook input priority -100; policy accept; tcp dport 2010 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; } chain allowOutgoing { type route hook output priority -100; policy accept; tcp sport 2010 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; } }”
no idea what any of this means, nor what to do with it, what to change, or where to put it.
I can’t be a complete idiot for thinking this seems overwhelmingly technical. Like surely you can’t believe you can show that to the average person on the street and they’d be like “ohhh just table inet exclude traffic! of course!”
and “exclude traffic” sounds like the opposite of what I want - which is to include my ssh traffic.
Forgive my ignorance, but doesn’t the mullvad need to run through gluetun, or at least in its own docker container to be secure?
Or to put it another way, whats the benefit/cost of installing it via dpkg as opposed to running it in a container, as opposed to running it in in gluetun (in a container)?
i thought everything was supposed to run in a container if it’s touching the web
popularized from the Young Thug and Future track of the same name:
My bitch can’t sleep at my house
Make her sleep at a hotel now
And when you talk, man, you talking off cap
And your diamonds they looking like tap
I was always ducking from the paps
Keep an R&B bitch in my lap
Out in Beverly Hills, I adapt
But I still had to ride with that strap
Yellow diamonds like banana, that’s cap
Put some dirty in Mello Yello, no cap
Rocking Maison Margiela’s, that’s cap
Red bitch, Cinderella, no cap
I can turn perroI can turn Pedro
Bad bitch out the ghetto
I’m the guy who designs those. They pay me the big bucks to make sure a hacker feels at home when violating our Gibson, after all. We’re one big family here.
We picked our own because we each have to wear it every day, might as well like it. Been together a decade, married for 6 years. Sometimes big sweping “romantic” gestures are for the movies.
I’ve fretted for a long time about whether I was the fuck up for "micro-"managing someone on my team but this post makes me realize it really was just them. Marketing not engineering.
They would get really nasty when I would feedback with "you can’t just make your task names “write marketing email” 5 times, you have to specify what the email is about, and for what project, otherwise I can’t check if the email will go out on time.
And also they would go totally off piste - a blog on disaster recovery rigs for data centers came back totally about rebuilding cities after earthquakes, nothing about attacks or power failure or database backups.
I’ve worried myself for a long time that I was micromanaging and I’m a bad person for it, but it really honestly was them.
want to get started but finding the technical side really overwhelming
I’d really like to get started with this stuff but finding the technical requirement exhausting....
Reddit API blew up and now I run Linux? (lemmy.dbzer0.com)
I feel like I’ve been gaslit into running FOSS but every success only brings me closer to fighting god
SHEEEEEEEEEEEEEEEEEESH 9/11 Was Cringe (lemmy.world)
Blue Fluid !!! (lemmy.world)
Every goddamn time (sh.itjust.works)
A wholesome relationship (lemmy.world)
Decentralized [Work Chronicles] (startrek.website)
Website: workchronicles.com/comics/
a miniature vase made on a potters' wheel, glazed and fired (cat for scale) (sh.itjust.works)
Dreams reveal was lackluster.. (lemmy.ca)
eww (lemmy.ml)
Evolving (lemmy.world)