Amin Yashed edition

previous: >>105957405

READ THE (temp)WIKI! & help by contributing:
https://igwiki.lyci.de/wiki/Home_server

/hsg/ is about learning and expanding your horizons. Know all about NAS? Learn virtualization. Spun up some VMs? Learn about networking by standing up a OPNsense/PFsense box and configuring some VLANs. There's always more to learn and chances to grow. Think you’re god-tier already? Setup OpenStack and report back.

>What software should I run?
Install Gentoo. Or whatever flavor of *nix is best for the job or most comfy for you. Jellyfin/Emby/Plex to replace Netflix, Nextcloud to replace Googlel, Ampache/Navidrome to replace Spotify, the list goes on. Look at the awesome self-hosted list and ask.

>Why should I have a home server?
De-botnet your life. Learn something new. Serving applications to yourself, your family, and your frens feels good. Put your tech skills to good use for yourself and those close to you. Store their data with proper availability redundancy and backups and serve it back to them with a /comfy/ easy to use interface.

>Links & resources
Cool stuff to host: https://github.com/awesome-selfhosted/awesome-selfhosted
https://reddit.com/r/datahoarder
https://www.reddit.com/r/homelab/wiki/index
https://wiki.debian.org/FreedomBox/Features
ARM-based SBCs: https://docs.google.com/spreadsheets/d/1PGaVu0sPBEy5GgLM8N-CvHB2FESdlfBOdQKqLziJLhQ
Low-power x86 systems: https://docs.google.com/spreadsheets/d/1LHvT2fRp7I6Hf18LcSzsNnjp10VI-odvwZpQZKv_NCI
SFF cases https://docs.google.com/spreadsheets/d/1AddRvGWJ_f4B6UC7_IftDiVudVc8CJ8sxLUqlxVsCz4/
Cheap disks: https://shucks.top/ https://diskprices.com/
PCIE info: https://files.catbox.moe/id6o0n.pdf
>i226-V NICs are bad for servers
>For more SATA ports, use PCIe SAS HBAs in IT mode
WiFi fixing: pastebin.com/raw/vXJ2PZxn
Cockpit is nice for remote administration

Remember:
RAID protects you from DOWNTIME
BACKUPS protect you from DATA LOSS

my server runs windows 10 and will never need anything else

>>106010147
>Lol no

>>106010147
Why Win 10 when you could install a Windows Server OS for free ?

>>106010113 (OP)
Currently have my personal domain email paid for via my domain provider (network solutions). Looking to stop wasting the $5 a month or whatever it is, what of these recommended self hosted email softwares are the best / most popular, and what do i need to be aware of when moving from my domain provider solution.

>>106010629
if you want to send yourself emails locally, do it and don't pay anyone
if you want to send emails to other people then you're gonna need to pay up
self hosting email is a dead end due to gatekeeping by big tech

>>106010691
Ah okay, so i cant just cancel my email plan with them and self host? That's unfortunate. Network solutions email site kind of sucks so maybe ill just look into hosting that side instead (recommendations?). I'm looking for more things to host. Currently just game servers and a basic wordpress website for my photography but looks like some of those photo galleries options in the OP might be better than my website

What is the best way to change from using mydomain.com:port to access different services such as website, jellyfin, game servers, etc and move to be able to use something like jellyfin.mydomain.com, minecraft.mydomain.com, etc?

>>106010793
just setup a subdomain and point your reverse proxy on it then? what's your problem?

>>106010820
should i just do that within freedns? That is what i am using to keep my non-static IP up to date for my domain

>>106010843
>>106010820
i have no familiarity with reverse proxies either

>>106010843
yeah that should work. also good time to learn setting up reverse proxy

i personally too lazy to write the syntaxes in nginx, so i just use webui from nginx-proxy-manager. this one is the easier to setup compared to other like traefik/pangolin/haproxy

>>106010843
point all your subdomains at the IP
run your reverse proxy as the host on the address
the reverse proxy like nginx will have entries for subdomains that then forward the request from port 80 or 443 to whatever port your web application runs on.

>>106010887
>>106010882
I've been trying to do all of these self hosted things in containers so far for reproducability (right now main a few games, dockovpn, and transmission. I see there are nginx docker methods, any reason to not do it that way?

>>106010939
>>106010887
>>106010882
one more question, does this mean those ports that are currently in use still need to be forwarded, or do i essentially just need 80/443 forwarded to the server and the other port forwarding rules can be removed from my router?

>>106010939
Use whatever you want
>>106010950
You only need to expose your reverse proxy to the outside world and ideally your reverse proxy adds SSL so you don't have to copy certs all over the place.

>>106010939
i think the default doc to setup nginx-proxy-manager is using docker so try with that.
if you need docker examples i usually stole from this repo https://github.com/JamesTurland/JimsGarage
>>106010950
you should be able to do it by port forwarding 80/443 alone, your other app port can stay in private IP as long as the reverse proxy can reach it

>>106010976
>>106010961
Shouldve looked into this a long time ago, (hopefully) much easier than having to login to router and forward a bunch of ports

Does anyone here have any minisforum PCs? I'm looking for a system that can be used on the go if necessary and some of their higher end stuff looks good on paper but no idea what the build quality is like.

I am currently building a NAS and was wondering if a HBA is worth getting?
I can get 6tb exos drives for about €75 each. Sata drives go for €85 for 4tb.
So is it worth getting a HBA to get cheaper drives, or should I just stick to SATA?

>>106011575

Avoid Seagate. All of their disks fail at an alarming rate.

>>106011625
meme

>>106010976
>>106010961
okay running into some trouble with getting my website working. I started working with nginxproxymanager via docker compose, and ive been able to get my jellyfin working as well as default website by changing apache2 settings to 82 and 444 ports, however i cannot get the transmission docker image to work. Can get to it just fine with http://192.168.0.56:9091/ still but http://transmission.mydomain.com/ gives and ERR_NAME_NOT_RESOLVED. Any idea what im doing wrong here?

Why would I bother having anything I host face the outside world when I can use wireguard to connect everything to my network and not have any headache?

>>106011962
actually, the jellyfin.domain.com is giving 502 errors as well. It was working from my personal phones cell data though

>>106010113 (OP)
Not in the cuck shed!!!!!

>>106011575
You should specify you mean SAS drives because exos aren't just SATA and your question doesn't make sense if they're SATA

>>106011962
some apps are gonna require front end proxy configuration so they allow the host name that's different than the IP.

>>106011985
>when I can use wireguard to connect everything to my network
you should benchmark wireguard vs regular connection, this will answer your question

>>106001489
what about one of these yolonas models? also frigate 0.16 has support for more models afaik

>>106012223
the jellyfin one is really strange, i turned it to just http and i was able to get to it but the now suddenly i get ERR_NAME_NOT_RESOLVED but on some devices i can get to it, very strange. No idea about transmission though

>>106011954

It's not a meme. I've experienced so many failures and all of them have been Seagate. I've had plenty of barracudas and the infamous 3TB -> All started erroring out, the 3TB one actually destroyed my pool. I've had multiple 8TB ironwolfs and Exos, all of them started reporting shit. Right now my disks are exclusively Toshina MG, N300 and WD Gold. Not a single problem with them. I'm running a 10x10TB array in the main server.

How do you guys get music recommendations? I want to make my last.fm scrobbling more advanced with something like:
>algorithmically generate playlists of new music on a semi regular basis
>send playlist to downloader service like lidarr
>download, tag and concatenate new songs to local navidrome playlist
>5 star rating system to guide algorithm and delete disliked songs
Right now I manually grab things in soulseek and import them with musicbrainz picard. I have everything starred as I like it but there's no good way to get new music into navidrome unless I go looking for it first.

>>106011575
Where can you find drives at those prices anon?
Best I can find (new) is a 4TB WD purple for 95€.

>>106012417
yeah this nginx shit is confusing as hell. Was kind of working then i removed the 8096 port forward rule and now it doesnt work at all. Maybe because im just doing it through the management gui

>>106013019
just learn to do it with nginx the config files aren't hard and you can configure logging and everything. you just have to read the manual. I know most people can't read manuals but it's worth it.

>>106013134
Nowadays you don't even need to read the manuals anymore for standard shit like nginx you can unironically just ask the google search ai widget thingy and it will shit out a working config with comments for you.

>>106013336
>>106013134
Is this not the same as what youd get doing it manually? I can try removing it fully and starting from scratch but this looked like what i had seen

>>106013354
yes it's that easy.

>>106013383
but if its just generating the same shit i dont really see the point. Especially why it wouldnt be working (or did work inconsistently). Guess ill try though

>>106012593
I just shuffle around

Running my nginx server on my shitty old laptop. How do I fuck with bots testing exploits? pic related

Currently I'm just redirecting to rickroll. Was wondering if there's anything like an HTTP equivalent to a zip bomb or something like that?
I can safely do anything with requests direct to my ip, my actual server stuff goes through cloudflare.

May have found part of the problem, or at least a problem when im trying to redo this following jim's garage. Im getting this error when trying to pull certs and it looks like its because im using freedns. Is there some was to still get these cloudflare certs with my setup. Freedns has been working very well to keep my domain pointed correctly to my dynamicIP
Certbot failed to authenticate some domains (authenticator: dns-cloudflare). The Certificate Authority reported these problems:
Domain: .com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.woodruff.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-cloudflare. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-cloudflare-propagation-seconds (currently 15 seconds).

>>106013863
you could do a slow loris attack, but on them lmao
or you can do as you said
ThinkBroadband — offers test files from 1MB up to 10GB:
http://ipv4.download.thinkbroadband.com/10GB.zip

SpeedTest files — test files of various sizes:
http://speedtest.tele2.net/10GB.zip

Hetzner Speed Test — files from 100MB to 10GB:
https://speed.hetzner.de/10GB.bin

you could redirect them and that's it, or maybe even make a whole redirect loop

>>106013863
Why not actual zip bombs renamed like selfies.zip and passwords.zip

>>106013863
pretty much why I stopped exposing anything but wireguard to the internet.

>>106014381
Sure but I dont want to have to vpn back to my homeserver every time I want to look at a photo that's not stored locally, for example. Besides, this breaks Immich link sharing as well unless everyone you share with connects via wireguard too

I'm happy with the level of risk. An exploitable nginx 0day would be incredibly surprising and would fuck up much more than my shitty homeserver. An immich etc. 0day is more likely but I reckon still relatively low risk

>>106014223
I'm pretty sure trying to slow loris multiple external IPs from a single IP will just backfire and fuck up my homeserver, lol

Large files could be a move, but I'm sure these bots will be programmed to drop requests after a certain amount of bytes transferred/time spent.

>>106013863
https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
there's also one to block common exploit (some lua scripts but i forgot the repo name)
also, crowdsec can be integrated to nginx. the free blocklist is more than enough for those kinds of exploits

>>106013968
either change the dns challenge to freedns instead of cloudflare or setup the acme challenge into using port 80 instead (http challenge)

>>106015052
I had found these sh scripts https://gist.github.com/AnthonyWharton/a0e8faae7195a5c1dea210466eda1c92 and https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_freedns.sh but i dont really understand how this the certbot part would be modified, or how you are getting the cert from these scripts

>>106015502
>but i dont really understand how this the certbot part would be modified, or how you are getting the cert from these scripts
just dump everything into chat.deepseek or chatgpt, they're unironically smart enough if you feed them the whole docker compose file, ask to provide explanation, then tell it what you need along with explanation what's been changed. nobody here is going to speenfeed you in detail since it's actually a really basic shit to do

>>106015816
ive found the acme program i need from https://github.com/acmesh-official/acme.sh/tree/master. I did ask gpt because the --debug wasnt helpful so guess ill have to try again tomorrow which is unfortunate

Dumb question from dumb idiot here. I recently bought two 26TB drives that have allowed me to consolidate my old external drives' contents onto them. Now I'm left with five 8tb drives and not much a clue what to do with them.

...so what do I do with them? Server's just a Debian desktop that's running a handful of docker containers.

>>106015862
are those 8tbs still plugged in? if i were you i'd use them to have extra copies of my backup
>>106015836
yeah that's lets encrypt rate limiter just wait it out. there's a staging api you can use just to ensure your setup is running correctly but it won't give you a valid certificate

>>106015916
They are not. I guess that's the right call.

So is it not possible to add additional drives at a later date to truenas raidz2? I bought 4 20TB drives and was planning to do raidz to in order to have 60TB usable but i was not aware that this is generally considered risky and bad practice. 40TB would probably be enough for some time but i do not want to be in a situation where i would have to somehow backup the entire 40TB of data and then recreate the array with the added disks or just create a full new larger raid. I knew it was possible to add drives to a raidz but when i started looking into the same for raidz2 it seems like its not? Most of those threads were pretty old though at this point, is that still the case. Ideally id do raidz2 with these 4 drives and get another 2 or so sometime later when i see how my usage is growing.

>>106010887
cant you do this with srv records, you dont need a reverse proxy

>>106013134
ChatGPT helped me configure nginx, a reverse proxy, a NextCloud instance, and securely locking it all down. I didn't know a fucking thing.

>>106016305
asking chatgpt tells you to use the proxy manager gui

>>106016304
sure, local only. good job anon you're smart.

should I buy the cheapest 2x10gb port switch with 802.3bz support and an arista 7050tx-64 switch for roughly the same cost as a new 8 port 10g switch with native 802.3bz?
or should I just get the 8 port switch and not fuck around with old datacenter shit I dont really need a 48port but funy

>>106015042
I don't want to block the bots. I wanna waste their time, tarpit them, break them if possible.

keep it or sneed it?

Is there a good alternative to Lidarr around? Seems like it's going the way of Readarr currently.

>>106010147
You're exactly like the "experts" who insisted on using Windows 7 after it went out of supprt.

>>106018002
>not NICGIGA

>>106016697
I refused to use unmanaged switches.

>>106018002
>>106018380
people will truly buy WHAT THE FUCK EVER for networking equipment and buy the absolute newest poweredge server. you should be nailed to a cross.

>>106016697
C3850-12X48U

>>106017872
i'm pretty sure someone already done that, the bloke was seething over the AI scraper so the web server is set to send slow, long, and gibberish nonsense

What's the easiest way to power four or more normal 12V 4-pin fans without a PC as either a power source or input signal for the fan speed? My rack has a mesh on the top that perfectly fits 4x200mm fans and I already got a mounting mechanism half ready so I can flip it to push out warm air in the summer and draw in cold air in the winter via an external duct but seriously how do I power this without having to drill a hole in one of the servers to lay out a stupid fucking extension cable to a fan hub in the top of the rack?

Why there aren't any more fanless mobo?
Unless I opt for chinese crap?

>>106018728
Get a i3 with a decent heatsink no fan
There you go, fanless

>>106018740
Yeah looks perfect thanks.

>>106018760
still bad idea.

What are free option to access selfhosted services without doing port forwarding?
Twingate?

Quick guys I need a guide to build/buy a NAS ASAP before all the porn gets banned.

>>106011092
UM680 here, the overall build quality feels fine but the chassis & bottom cover have plastic clips which don't seem very durable eg. dismantle the thing mroe than 10 times and they are done.

>>106019115
>buy HDDs
>ZFS
>???
>hoard porn

>>106019149
Doesn't sound ideal but I'm planning to just stuff it with M.2s once and then never internally touch the thing again if I don't have to. Is there anything else I should know about?

>>106019092
Well then enjoy your ootb fanless 2012 celeron motherboard

>>106011962
I literally just setup exactly what you’re doing now on nginx with my ip port forwarded to a domain with jellyfin a web app and qbittorrent. I had issues with the nginx config file until i just asked claude to make the config file

I am once again asking for opinions on this chinkshit
https://www.kickstarter.com/projects/oricotechs/orico-cyberdata-ai-powered-nas-with-gpu-dock-and-raid-cabinet/description

>>106019115
What's your budget and how good are you with computers?

>>106019943
Better off building it yourself and not paying a premium for chink shit. Come on dawg have curiosity

>>106019943
>ZFS for Extra Security
Oh yes sir very good product very extra security

>>106019296
Please I'm dumb I need a little bit more than that.
>>106019960
>how good are you with computers
I can put parts together and can follow instructions well. I have been known to be able to Google my way out of a bind or two.
>What's your budget
No clue really, I haven't got a plan.

>>106016305
>>106016305
>>106019791
I spent hours last night trying to get jellyfin to work with nginx reverse proxy using chatgpt the whole and didnt get anywhere. The best i could get is that going to my domain.com would serve me jellyfin but not jellyfin.domain.com These were the configs before i gave up and just turned it back to normal so it remained usable.

Jellyfin
#docker-compose.yml
version: '3.8'

services:
jellyfin:
image: jellyfin/jellyfin:latest
container_name: jellyfin
volumes:
- ./jellyfin/config:/config
- ./jellyfin/cache:/cache
- /path/to/media:/media
networks:
- proxy
restart: unless-stopped

# tried with and without these port lines, did not see a difference
ports:
- "8096:8096" # Optional if you want to access it directly

networks:
proxy:
external: true

This configuration was also tried, did not make a difference


nginx
#docker-compose.yml
version: "3"

services:
nginx:
image: nginx:stable
container_name: nginx-reverse-proxy
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/html:/usr/share/nginx/html
- ./nginx/certs:/etc/nginx/certs
- ./nginx/logs:/var/log/nginx
networks:
- proxy
restart: unless-stopped

networks:
proxy:
external: true


this was tried with the name xginx.conf as well
#nginx/conf.d/jellyfin.conf
server {
listen 80;
server_name jellyfin.domain.com;

location / {
proxy_pass http://jellyfin:8096;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}

>>106020801
use caddy, is much easier

Does anyone run
changedetection.io
is it worth without proxy? what timings should I use?

>>106021072
I suppose ill give that a try, it seems like everyone doesnt really have any issue with nginx, i really don't know whats going on with mine. ChatGPT clearly didnt either because it started to just loop around on itself with the troubleshooting.

>>106020801
Assuming this is all on the same machine (otherwise none of this makes any sense) this
>proxy_pass http://jellyfin:8096;
needs to be
>proxy_pass http://127.0.0.1:8096;
The rest looks fine from a quick glance assuming you didn't fuck anything up outside of the config files

>>106019332
No, some say their customer support sucks but I'm never gonna use it so I don't care. Oh and mine didn't output from DP port when I used either DP-DVI or DP-HDMI cable but DP-DP works fine.

Also memory limits might be just recommendations, on paper iGPU supports 2 GB but with 48 GB total I could arrange 16 GB to GPU just fine.

>>106021371
*And to correct, mine is 690 Slim, not a 680.

is 330€ a good price? someone suggested i get one of these for starting out my homelab..

>>106013863
I think you should be returning 444 on direct ip connections

>>106021265
hm this still isnt reachable from my browser but when i run "curl -H "Host: jellyfin.domain.com" http://localhost" i get this 502 bad gateway now instead of just nothing. When i feed any of this back into gpt it tells me to put it back to proxy_pass http://jellyfin:8096;

502 Bad Gateway

---

nginx/1.28.0

>>106016202
can i get some opinions on this? These drives get here today and I'm starting to think i made a mistake. I went with 4 20TBs because i figured id just get 4 big drives and have a RAIDZ setup and be okay not realizing thats an issue with drives of this size. It seems like if i raidz2 these im wasting a lot of money on the drives especially if i want to add in another vdev down the line itd be the same situation. Should i return these and get a larger quantity of smaller drives, like 8-10 refurbished 10TB drives? Or maybe just bite the bullet and order another 1 (or 2) 20TB drives and continue with the RAIDZ2. I really thought id be fine with raidz with the 4, that was my plan. I dont really know when the threshold of too large of a drive is for this to be considered unsafe.

>>106020801
>chatgpt

>>106021613
does jellyfin resolve to anything?
normally in nginx, resolvers are fucked.

you should define
upstream jellyfin {
server YOUR_JELLYFIN_SOCKET_CON_HERE;
keepalive 16; # adjust this, for making nginx hold some tcp sockets open for performance.
}


then you should be able to proxy_pass to http://jellyfin

>>106021765
I think chatGPT is trying to use docker-compose inbuilt resolve containers by name feature but I am also sure you can't use it like that in the nginx sites config so the way he had it set up would lead to nowhere, jellyfin doesn't exist as far as nginx is concerned. Also I'm pretty sure if he wants to use the inbuilt network function he needs to remove the entire network -proxy thing.
Then again I only ever set up three docker containers because I hate docker so what do I know.

Post racks

>>106018412
Well it isn't an option because I'm not going to spend the coin on a managed one of a actual company that is new enough to do 802.3bz (because my home modem is 5g ethernet port)
>>106018619
>C3850-12X48U
Does it support 802.3bz/NBASE-T/5g ethernet?

>>106018619
No, people here will spend 10k on network gear only to hang three raspberry pis and an N100 that's probably part of some botnet behind only the finest 50/10 copper internet.

>>106021765
>>106021791
where would i define that stuff you listed? I have been trying to move things to docker (especially docker-compose files) as i like that i could easily recreate them or move them to another system more easily. I'm not sure if this is part of the problem, but that jellyfin.conf is the only nginx conf i had, i did create this now but didnt seem to make a difference. I'm not sure the docker-compose changes anything does it? It would be the same if i was using docker without the compose file if i gave it the same name

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $host [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
keepalive_timeout 65;
client_max_body_size 0;

include /etc/nginx/conf.d/*.conf;
}

>>106021791
FYI.......if you're using docker compose and don't know what you're doing, you should consider simpler automated stuff like:

https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/

>>106021900
you'd define it in the http block.

>>106021907
How is using whatever you're shilling going to help him when he's clearly fucked up his network config based on chatgpt's output?

>>106021855
Nvm, I just bought one, what the fuck why are they so cheap? This seems broken, this is the same switch my work just put in not too long ago, and they were extremely expensive allegedly

What's the point of jellyfin?
I mean even old hardware from 2012 can play 1080 with software decoding just fine.
And if you need something powerful to decode then a server isn't your first priority.

>>106022017
Convenience. Sure you can manually organize thousands of movies, series, etc but not all of us have terminal autism.

>>106022044
You already need to organize it

>>106010793
You can set up wireguard + a dns server to just create private entries that you can reach from wherever once you're VPN'd in. Like I've got 'jellyfin.wg', 'homeassistant.wg', so on and so forth to reach things on my LAN transparently, you only need to have an ip or dns record pointing to your WAN egress on your home LAN. No need to dick with certs or registering dns records, and from shodan POV, you're exposing some random high level port.

>>106022017
>Why do I need a home streaming server?
Maybe you don't. It's for presentation of your pirated movies or shows with purty metadata, tracking what you've watched, with an 'app' for your Google™ TV. If you're just watching movies on your laptop with no pants, you don't need it, obviously.

>>106022017
Getting all the features you want without giving in to the Plex jew. I run plex and have a lifetime pass, but the stuff they're locking behind the pass at this point is so retarded that if I hadn't already bought it I'd be dropping them hard. You literally can't even do remote streaming without the pass at this point.

What the best *arr equivalent for ebooks these days? Started looking at Readarr only to see I guess they broke everything related to metadata and are abandoning it, is there something else that's widely used and has the same kind of easy search and grab automation that stuff like sonarr and radarr does?

>>106013968
You could just use something like this instead of Freedns
https://github.com/favonia/cloudflare-ddns

Been working fine for me

Recently done setting up my home server; any advice on how to get my non-tech savvy friends to access it and watch shit together? I already have jellyfin set up and WireGuard for personal use (which also sends the traffic from all my devices to my raspberry running AdGuard home), I was thinking about using caddy and set a domain for them to join with and making accounts that they could use. I'm just not sure about the load in the server and my connection, I have a 2.5gbps connection and the server uses a 12700kf with a 1070 for transcoding, so I think it should be ok for 6 people? Also, is just the browser enough for anime and movies? I normally use mpv-shim, so I wouldn't really know of well it fares, and my filesizes are fairly large, as I try and keep everything uncompressed with anime episodes averaging 3gb each and movies even over 50gb.
Also, any advice on how to improve sync play? Last time I tried it on the same hardware it was rather glitchy, freezing at random on some clients but not others

>>106010113 (OP)
Please stop recommending Nextcloud. It's the slowest, most resource wasting piece of shit. For some reasons someone had deployed it at work, it needed 128GB of RAM in order to serve about 87GB of data without being slower than glacier movements

>>106010793
Personally I use caddy and A records, no idea how secure it is but it works
In the A record set your subdomain, your ip address and it's done, while caddy specifies the port it's going to use

I'm trying to use gluetun with protonVPN free plan.
But It doesn't seem to work, and keep getting to check my authentication.
Is this a bug?

>>106022566
just have senpai pull up in a discord call and screenshare it frfr

>>106022508
i hadnt realized cloudflare let you do things for free which is why i am using freedns. But at this point i kind of dont like that cloudflare runs like half of the internet and since freedns working for me i dont see the reason to change

I have somehow made progress, sort of. jellfin.domain.com does not work. But domain.com will bring me to jellyfin and try to have me setup a fresh instance. But if i do domain.com:8096 i get to the normal working jellyfin instance. The compose file running jellyfin is this, there is only a single jellyfin docker instance running and ps shows only one process with the name as well. I'm not sure how this is even possible but it does feel like progress, if only slightly.

version: "3.8"

services:
jellyfin:
image: jellyfin/jellyfin:latest
container_name: jellyfin
networks:
- proxy
ports:
- "8096:8096" # Optional if you want to access it directly
volumes:
- /home/luke/HostedApplications/jellyfin/config:/config
- /home/luke/HostedApplications/jellyfin/cache:/cache
- /mnt/media:/media
restart: unless-stopped
environment:
- TZ=America/Denver

networks:
proxy:
external: true

>>106022904
>and since freedns working for me i dont see the reason to change
cause your ssl shit isn't working

>>106018170
are the experts in the room with us right now?

>>106022904
How are you routing traffic on jellyfin.domain.com to port 8096 internally?

>>106022451
There is LazyLibrarian but my experience with it was not that good desu

>>106023047
looking into it a bit more, I guess there's this that's supposed to override readarr retarded closed source metadata provider and fix it, so I guess I'll try that first, cause yeah most of what I've seen is people recommending LazyLibrarian but also saying it sucks
https://github.com/blampe/rreading-glasses

>>106023029
i though thats what the ports: and proxy: settings in the compose files and then nginx.conf was doing, i havent seen anywhere else i would be doing that. Isnt that what the nginx.conf is doing, saying listen on 80 for jellyfin.domain.com then the location / part proxy_pass to 8096?

>>106023000
yes it does, the current simple wordpress site i run via apache2 has ssl/https, i believe i made a self signed certificate, its been a while. I found some githubs for generating / renewing certificates for freedns as well. That's not really my issue right now.

>>106023142
the actual forwarding of external traffic to your internal port is handled by your reverse proxy, sounds like nginx in this case, but what you were describing sounds like it's not forwarding correctly. Honestly save yourself some headache and just spin up an nginx-proxy-manager container instead of trying to do shit through nginx.conf, you can even have it handle SSL generation for you if you want.

>>106023073
It's been a while since I used it, I don't read as much as I would like and therefore don't really need Readarr or LL like I need Sonarr and Radarr

>>106022451
Lazylibrarian works but it's kinda messy.

Rreading-glasses """works""" but Readarr was still a shitty application from the start.

Chaptarr is moving towards beta and seems really promising.

>>106023222
>spin up an nginx-proxy-manager container
I had tried that earlier in this thread and people said to not use the gui all of >>106011962 stuff was me. Thats where some of the certificate stuff came into play but that shouldnt be causing this to not work. Maybe ill give that one more try but might be better off trying caddy

>>106022904
I'm very confused when looking at your setup. You're trying to get Cloudflare certs with certbot when you're not using Cloudflare? And I don't get why you're doing this network: proxy: stuff. And your nginx.conf must not be doing what you want if port 8096 is the ports that available publicly

>>106023297
hadn't seen those earlier posts, but
>people said to not use the gui
Why? It works fine if you use it right.

>>106023327
i dont know what i was doing with cloudflare, it was just what was done in whatever tutorial i had found, i hadnt started looking into something for freedns specifically until i pretty much abandoned that. I figured cloudflare could still issue me a cert but i have. Maybe i should just switch to cloudflare, but it just seems like one more thing that i might fuck up as the cronjobs i have keeping my domain updated with my ip work fine

>>106023373
unless youre retarded. I dont even particularly need this, using the port is fine but it would be much nicer to not have to use them. Especially as i am planning to setup more things like nextcloud when i create a nas

>>106021876
ubiquiti counts as "what the fuck ever". 10k on "networking gear" you mean.

>>106023427
Shut down anything running on port 80 and run certbot, something like 'certbot certonly --standalone -d domain.com -d jellyfin.domain.com' and add all the different subdomains (-d subdomain.domain.com) and you'll get a letsencrypt cert for everything. You might also wanna post your nginx.conf or the individual confs inside conf.d that has to do with jellyfin to get help with unfucking it.

I have maybe 300 tutorial/reference videos saved over the years now and Jellyfin isn't the most optimized for quickly finding specific ones again 20 months after I last viewed it. Anyone know of a tag-based video database of some sort, or another better way of managing such collections?

>>106023427
bro you probably just turbofucked something using chatGPT to try to set up proxy rules, wipe it all out, reinstall npm, and just use the interface invented for retards to set up your shit

>>106023603
I had stopped the apache2 running on port 80. This is the nginx.conf, i removed any other conf files

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $host [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
keepalive_timeout 65;
client_max_body_size 0;

server {
listen 80;
server_name jellyfin.domain.com;

set $jellyfin 127.0.0.1;

location / {
proxy_pass http://$jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
}


>>106023857
>wipe it all out, reinstall npm
Whats the best way to wipe it all out? I dont have npm installed as far as i see, at least the command npm just prompts be to do an apt install.

>>106023959
you said you had it running in a container before, did you already kill that and remove any volumes/configs, etc.? What are you running now, just nginx on baremetal? Get rid of nginx, all your confs, rip it all out, just install the npm container and use the baby mode interface. You're making this all way harder than it needs to be.

For some reason I can't make le funny code blocks on 4chan, not sure why. But here is a pastebin link to what I use to make it work and include SSL. https://pastebin.com/UH6UsEvm

>>106024050
Oh you just meant the container, when you said npm i defaulted to thinking you meant like the node js npm. That was my plan for trying the manager again but hearing about caddy makes me think that might be the better route

>>106024163
>>106023959
Forgot to reply to you

if I have mdadm RAID 5 (grouped with LVM) and put BTRFS on top. Do I still need to scrub the RAID array with mdadm or will btrfs suffice?

>>106024309
>>106024163
thanks for the attempt anon, i dont want to deal with the certs right now and such and it wont start without it. Tried to make some tweaks to just keep what is relevant and stay on 80 instead of 443 but still no luck. Im just giving up on this, will try caddy instead i think since it seems like that might auto work better. Or ill give the qui manager of nginx another try. Probably will just keep things the way they are until i have the NAS built and start setting up things like nextcloud

>>106025908
I don't understand what the problems with certs for you are, if you followed >>106023603 it literally just werks

can you actually setup subdomains with nginx when using those free dynamic dns servers? thought they were subdomains themselves

Has anyone imported an opnsense config before after reinstalling(changing ufs to zfs)? I'm not worried about the normal settings but I'm worried about the process of getting back the plugins from the mimugmail repo and if it's going to break settings or something while they're not installed. Does it tell you which ones are missing?

>>106011954
I've been burned by Seagate so many times...

>>106021855
It was an option after all...

>>106026544
this was a long time ago
check backblaze stats
seagate ST16000NM001G and hgst HUH721212ALE600 are currently the most reliable by far

especially those 16TB seagates are something else, we're talking around 40 failed drives out of 30000

>>106022017
Transcoding is more for data speeds, and the actual codec being used. You probably don't want to be streaming high bitrate 4k video on your phone data, or it may not be fast enough in the first place, also not everything can play hevc for example. I set up jellyfin for the syncplay feature.

>>106023603
>>106025981
First i didnt even notice that certbot command, but it fails for the jellyfin part. Do i need to add a wild card entry in free dns for my domain? I've not seen that mentioned anywhere and it doesnt seem like the kind of thing any DNS entity should be doing unless i'm wanting them to specifically route some subdomain away from where i control. I also have a feeling that even with the certs im going to have the same problem as i am now with that file. I dont see anything in that 443 nginx.conf file thats materially different from the 80 version. It seems like there is something else underlyingly wrong and it seems like its no longer worth the effort. At least until ive tried other avenues
Domain: jellyfin.domain.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
jellyfin.domain.com - check that a DNS record exists for this
domain; DNS problem: NXDOMAIN looking up AAAA for
jellyfin.domain.com - check that a DNS record exists for this domain

are there any decent options besides wd red plus if i want somewhat quiet drives for my shoebox apartment? shit's so expensive compared to refurbed enterprise drives

>>106026830
>if i want somewhat quiet drives
2.5" 5TB for the same price each

>>106016202
>>106021716
just do raid10 if you want it to be easily expandable in pairs

>>106026922
it seems that truenas did add the ability to add drives to existing raidz pools. With that since they both give the same amount of storage raidz2 would be safer since any 2 drives can fail, in raid10 if 2 drives fail in the same mirror youre fucked. That's the main difference i believe?

https://www.reddit.com/r/homelab/comments/1i1746f/raidz_expansion_is_officially_released/?share_id=dYwx6XShyw2EFtRqnw2g7&utm_medium=android_app&utm_name=androidcss&utm_source=share&utm_term=1

>>106026826
Brother, go into your domain registrar/whatever you use and add the fucking subdomain ffs. Some allow for a *.domain.com subdomain so you can make a cert for any subdomain but I wouldn't count on it. I personally specify every domain specifically but I have severe autism and want everything to be tightly controlled.

>>106026785
>phone
why do you want to watch anime on phone?

>>106027004
>Brother, go into your domain registrar/whatever you use and add the fucking subdomain ffs
Am I just extremely retarded? No video or blog tutorial mentioned this at all. I thought that was a major part of why you would use these systems in the first place. It takes 24 hours sometimes for domain changes to happen with registrars, every video i watched about this was just boom done there we go now fuckme.domain.com points to a clickable dildo game

>>106027137
Yeah they're kinda shit in general, usually their either not up to date or assume you know everything about DNS already. You need to enter DNS records for subdomains. That's why these threads exists so you can get help from autists that know what the fuck is going on.

>>106027203
they're*

>>106027203
In that case maybe i will just let cloudflare win and move over to them. Freedns looks like you have to pay for them to let you do wildcard. It does say their global propagation time is only 1 hour for the free account but its more of an annoyance to have to do them individually. This ddclient looks like it's probably easy to use too and i can just comment out my crontab entries

>>106027252
You still have to add every subdomain for the DNS to actually work on Cloudflare, just so you know. The wildcard thing is only for the cert

>>106027252
Also should add, with Cloudgay it's usually more like 30 seconds unless you have DNS cache that has a long TTL

>>106026578
It's true, its just that it doesn't have 100g up link like the arista would or support for sonic I think

>>106027279
>>106027296
When i looked it up it looks like they added wildcard dns records for even free accounts, unless im not understanding this? The only thing this stipulates is it can only be the first label

>>106027252
>>106027279
>>106027296
So to make it a bit easier for you, it doesn't really matter, either you download a cert from Cloudflare or run the command in >>106023603 it really doesn't matter for complexity or anthing like that, sure with certbot you have run the command every 3 months but you can just make an alias for it in .bashrc like 'alias certupdate='sudo certbot certonly --standalone -d domain.com -d jellyfin.domain.com && sudo cp /etc/letsencrypt/live/domain.com/fullchain.pem /whatever/fucking/path/to/mount/the/container && sudo cp /etc/letsencrypt/live/domain.com/privkey.pem /whatever/fucking/path/to/mount/the/container'

>>106027442
Didn't know that, makes my life 1% easier I guess

>>106026031
if you're talking about one of those shady providers that gives you a free yourdomain.ourfreescamdomain.com type thing then yeah nah you can't usually create subdomains of those cause you don't control the DNS for the domain itself.

>>106011575
Just get recert enterprise drives off ebay from a trusted seller and get bigger drives. You can get 16TB drives for like $150 a pop

>>106027279
Nah, you can wildcard the subdomain in cloudflare, I've got my shit setup like that and it works fine

After moving to cloudflare and adding wildcard domain jellyfin.domain works with NPM. For some reason i had so semi resetup / login and i dont seem to have my admin privileges anymore even though its pointing at the same jellyfin data. Media is all there

>>106029095
nevermind, apparently i had 2 accounts for myself. I can't believe the only problem was the DNS record

>>106029124
It's always DNS

>>106027442
>mfw I get banned for not worshipping used pussy like the mods https://www.youtube.com/watch?v=467jWY21YkI

>>106029149
guess i spoke too soon, somehow i completely broke jellyfin, everything gives playback error now even using domain.com:8096

>>106016598
just sue a vpn like every other glowie

I'm going crazy, how do I setup gluetun for qbittorrent? I'm using Proton with Wireguard

>>106029710
gluetun is a pain in the ass, just use this
https://github.com/binhex/arch-qbittorrentvpn

>>106027252
Sorry man, mods are homogay and won't allow any non-lgbtq2+aaaaaaaa opinions, good luck, I got bigger fights to care about. Sieg heil, tnd, tttd, ttwd

>>106029845
Things somehow clicked together and I actually finally managed to get it working. However, for whatever reason my Proton port keeps on changing every few minutes? Weird, maybe I'll check yours anyway. Does it auto update qbittorrent's port to match ProtonVPN's?

Thinking of putting navidrome from an old intel nuc i got from work. What’s the advantage of using docker instead of just putting it on an ubuntu server vm?

Why was the /self hosting general/ deleted, but we have 19 different AI threads? Jannies here fucking suck

>>106030992
Most of the posts shilling that forum seem to get deleted.

>>106031028
Sir you're drunk. It's time for bed.

>>106029856
I dont understand what part of what you said got those deleted. Nothing even seemed slightly problematic except maybe autism reference? Docker is kind of a bitch, for some reason it gives playback errors now even without nginx. I had to go back to just running it as a service.

Also, ddclient and cloudflairs api are retarded. For some reason ddclient container was giving error reading config.json. I ended up just giving up and using an sh script and a crontab entry that updates it every minute. At least for the time being.

Almost made it to 300 movies on my media server anons

>>106031509
Very nice, how much storage is it? I'm at ~2.5TB with a similar amount of movies. I have duplicates of several though due to 1080p vs 2160p and things like remasters

>>106031592
>>106031509
Also, what kind of setup are you using to manage file names and any automated moving the downloads of movies vs shows into the correct directory? My setup is janky and I'd like to make it better. I end up just manually moving the default video file into my movies directory or sometimes the entire folder if there are separate subtitle files. And sometimes i do folders for film series or studios like Ghibli, as I have a hard time putting other anime films into my movies directory for other people that use my server.

Also, question for everyone; when i watch anything I access them via file browser directly on my HTPC to use MPC-BE due to transcoding issues in some media like pic related in Harry Potter. I partially use mpc because its faster use with a keyboard for skipping around, but I would like to avoid this issue

>>106031592
gotta step of those numbers. theyre rookie numbers.

>>106031592
>>106031667
I put a 2TB in an older thinkpad laptop and it works great.You're probably having a problem with the folder/file permissions. I had issues with Jellyfin having the correct read/write permissions on certain folders of my server but im a noob so I just host my media files on the folder "mnt" of my server and it just worked for me

>>106030637
software updates via docker. also if the docker image gets fubared might not affect your files especially if you mount a folder read only.
reduces security issues if like your sharing the files on the same sevrer as a media server . keep them in seperate containers.
you can probably do it with acls on the filesystem. just easier with containers.

>>106031836
Thanks might do the docker route, can also help me study more about it and freshen up my resume i guess

>>106018728
Based anon.
I never understood hardware gatekeeping many /hsg/ lurker endorse.

>>106015502
>he cannot write his own hook for certbot and uses the poorly maintained acme.sh plugins
LOL

>>106020801
>I spent hours last night trying to get jellyfin to work with nginx reverse proxy
>using chatgpt
Please leave this website.

>>106012391
50MB/s through wireguard is plenty for me.

>>106022369
you can just fine, they just made the brainlet filter paid

>>106026830
>intel
>>106027442
Don't tell me this is on cl*udflare
>>106031509
>>106031808
>>106031592
Where is Synecdoche New York?

>>106032183
I was looking for a readily available solution so my domain would be updated as i had already changed the domain records to cloudflare. I'd rather use ddclient but i wasnt in the mood to troubleshoot.

>>106032204
I figured i'd give it a try, someone in this thread or the last said they did it to setup their reverse proxy

>>106032251
i felt the need to brag because i wrote my own hooks. my DNS-01 and wildcard compliant free DNS provider had good documentation and it was 3 tiny text files and setting up some SSH key and HTTPS API token, of which either work

but all my domain names are lame

>>106020801
>chatgpt
You can't use that to solve a problem you don't know how to solve in the first place. It's literally impossible except perhaps out of sheer random luck.
The only use of LLMs, when it comes down to it, is to do the things you already know how to do, just faster. This applies to every field.

So I've successfully setup a home server and through a cloudflare domain can access jellyfin, jellyseerr, and the lounge irc client externally. Are there any checklists/guides for best security practices I can consult to lock everything down as much as possible?

So far chatgpt has suggested plugging my domains into https://securityheaders.com/ and following the advice there, which I have done and now all of my domains show a grade of A+.

>>106019100
Guys?

>>106022017
>What's the point of jellyfin?
Playing media on old hardware and that's about it.
I have T60 and the Intel 945GM can't play 1080p h264 without dropping frames.
So I need to transcode it to something more manageable especially since my display is 1024 x 768

>>106022688
Why everyone recommending the gluetun shit?

>>106032631
Because it just works

>>106032891
not for protonvpn

>>106032902
Yes it does. I'm using it myself.

>>106032334
>So far chatgpt has suggested
mate we are not the janitors of your chatgpt replies

>>106033177
what's your compose file?

>>106032226
>>intel
i don't like it either but i need the igpu

>>106033210
I can't check right now but I followed the documentation here: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/protonvpn.md
And then in case you're tormenting through it, you should also get this: https://codeberg.org/TechnoSam/qbittorrent-gluetun-port-update

how do i completely delete any trace of ipv6 from my network?
just disabling at the router level is enough?

>>106031810
No Idea What My Storage Is At...There is more in fact Stuff like Anime Movies etc are in there own Cat, I have some doubles most 4k stuff i really like.

>>106033295
Well anon, I too followed the guide.
I'm getting this error
AUTH: Received control message: AUTH_FAILED

just cross-flashed my 10GbE/40GbIB ConnectX-3 to 56GbE/56GbIB.
It's like downloading more RAM, but real.

>>106031667
Jellyseerr for finding/requesting media, radar/sonarr/prowlarr for grabbing/organizing/renaming, bazarr for grabbing subtitles, qbittorrent through PIA wg for downloads. Shit just works it's great. Hardest part was getting quality profiles and shit configured to actually pull the best versions of everything instead of random French shit, used trash guides and it works pretty seamlessly now.

Regarding the library/storage wank, I'm sitting at 616 movies and 485 unique shows currently. Got 4x16TB drives running in zraid1, just grabbed two more to expand the pool with since I was creeping up on 90% usage.

>>106022698
That's what we normally do, with me doing the screen sharing
But discord is trash and it explodes when it comes to hdr, so we can't watch any modern hdr movies and I have to disable it from windows before streaming
I tried to get them to move to teamspeak since they now support hdr screensharing, but they never bothered even trying

>>106033856
>Hardest part was getting quality profiles and shit configured to actually pull the best versions of everything instead of random French shit
I'm still trying to do that, but it's especially hard for me since I also want stuff with Italian dubs
I kinda gave up and started just manually grabbing the best international release, the best Italian release, muxing the Italian audio, check if it's synced and cry if it's not
Man, I wish the Italian torrent scene was better, everyone is doing shit encodes

>>106033557
If you are running them in IB mode and using IPoIB they will under-perform when doing TCP workloads.

If you are running them in ETH mode they will under-perform for RDMA operations. (RoCE isn't quite as fast as IB for RDMA)

>>106033210
NTA, but I'm also using gluetun with (paid) proton for qbittorrent
If it helps this is my compose
services:
gluetun:
image: qmcgaw/gluetun:v3
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8080:8080/tcp # qbittorrent
environment:
- TZ=${TIME_ZONE_VALUE}
- UPDATER_PERIOD=24h
- VPN_SERVICE_PROVIDER=protonvpn
- VPN_TYPE=wireguard
- BLOCK_MALICIOUS=off
- WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY}
- PORT_FORWARD_ONLY=on
- VPN_PORT_FORWARDING=on
- VPN_PORT_FORWARDING_UP_COMMAND=/bin/sh -c 'wget -O- --retry-connrefused --post-data "json={\"listen_port\":{{PORTS}}}" http://127.0.0.1:8080/api/v2/app/setPreferences 2>&1'
- SERVER_COUNTRIES=United Kingdom
volumes:
- ${PATH_TO_APPDATA}/gluetun/config:/gluetun
restart: unless-stopped

qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
network_mode: "service:gluetun" # Route through Gluetun
depends_on:
gluetun:
condition: service_healthy
environment:
- PUID=${APPUSER_PUID}
- PGID=${APPUSER_PGID}
- TZ=${TIME_ZONE_VALUE}
- WEBUI_PORT=8080
volumes:
- ${PATH_TO_APPDATA}/qbittorrent/config:/config
- /srv/mergerfs/big_data/data:/data
restart: unless-stopped

How expensive would it be to get a basic server running?
I want to get an estimate before I start digging

>>106034454
Define expensive. Electricity? Components? Software?

I want to reuse my old HDD's as a NAS next to my main server, the NAS should be accessible for Jellyfin on the main server.

What hardware do I need to make my own NAS (except HDD's)?

>>106034479
Components mostly, not sure abotu software
Electicity should be covered since I have solar panels and they are jacked

>>106034563
$300

>OpenVPN
>Wireguard
>Tailscale
>Twingate
Which one to use?
I want to access my stuff while I'm away with minimal headache.

>>106034636
Wireguard if done properly

>>106034614
Huh, thats not nearly as bad as i was expecting
I might just look into this

>>106034656
Servers can be as cheap as you want, or as expensive as you want.

$200-300 trashpicked components will do the trick, but it really depends what you're actually looking to do with it.

>>106034651
Is there easy guides to follow?
I mean the last time I looked into this.
I had to set up port forwarding and get a domain name and Dynamic dns and such.

>>106034242
yeah, i've mainly did it for 40GbE (as i don't have a DAC cable for 56GbE, and i could already play with 40GbIB on the old firmware).
I've noticed that Linux IPoIB will not only underperform, but is quite buggy as well (nmap crashes on some assert, NFSv3 TCP over IPoIB can get completely locked up with right workload and mount options), so i've decided to stick with the old and reliable TCP+Ethernet stack. Maybe Mellanox OFED stack is less buggy, but it seems a pain to install on my system.

>>106034852
yep that's what you have to do. get a domain or a static IP. port forward. wireguard itself is easy to set up as well. it's all very easy

>>106034899
Yeah, there is a reason the ConnectX-3 cards are so cheap.


Still good though if you're not really doing anything too fancy.

>>106034454
Literally just buy a decent specs gaming laptop with a busted screen on the cheap from eBay or fb marketplace, you've got babby's first home server with a built in UPS

if you want something less ghetto fabulous look up used enterprise mini pcs like thinkcentres and buy whatever the cheapest thing is that meets your needs.

>>106034490
Same as you need for any server

Case
Motherboard
Ram
Processor
PSU

>>106034907
>get a domain or a static IP. port forward.
Both are things I can't do for various reasons.
>domain
Most are paid
>static IP
Mine is not
>port forwarding
my router is locked
>wireguard itself is easy to set up as well. it's all very easy
I'm sure it is for you, but i never tried it since it require me to get somethings that's paid.

>>106035454
pay for a domain kid, it's worth it.
I mean, all your restrictions imply you're in a pretty shitty situation, but there are ways around it. cloudflare can open ports on their front end for you I think.

>>106035493
>pay for a domain kid, it's worth it.
I don't want to get doxx

>>106035493
>pay
>in thread based on piracy and selfhosting
get out normie
My server cost me 0 $, including the drives from computer dumpster.

>>106034636
Name?

>>106035619
>>106035636
this general went poverty tier really fast

>>106035695
it's /hsg/, you can cosplay as sysadmin somewhere else.

>>106035708
>not already being a sysadmin

ngmi.

>>106035985
>sysadmin
The shittiest job in IT

>>106010113 (OP)
What do we think of proxmox and hyper-v?

>>106036016
>not the helpless desk

>>106036029
They're both good enough for what you probably need.

>>106034563
I'm personally running my server on my old pc parts (12700kf, 1070, 32gb ddr4)
Bought only a new case, cpu cooler, psu, ssd and 2 16tb for it, spent around £650 (but I'm about to add two more 16tb hdds)

>>106035454
Either buy a domain or a static IP (domain is easier and overall a better option) or take your chances with one of the free domain services that give you a shady unreliable generic subdomain that you can set up dynamic DNS on.

These are your options brazilian-kun.

>>106036892
I thought wireguard didn't need that?

>>106036930
You need to have some kind of endpoint to connect to anon, how are you going to figure that out without some known address to tunnel into?

>>106037018
Isn't this what new zero trust is for?

>>106037159
poor and stupid :(

>>106037205
the zero trust model is stupid?
VPN isn't secure by default, and can brute force.

>>106034636
also check nebula (by slack)

>>106035454
Sounds like you need tailscale. Use it with headscale so /hsg/ won't bully you.

>>106037159
Anon, how exactly do you intend to connect to your wireguard endpoint without telling your device where it is?

>>106035315
Any cases to recommend that can have 4-6 HDD's and maybe a smaller mobo factor?

>>106037768
>Sounds like you need tailscale
Yeah, I'm looking at it now.
I really just need a way to access my paperless instance when I'm away.
I don't want to pay to host anything, and I'm fine with some configuration, even self hosting VPN if I have to, but port forwarding isn't really possible since I'm behind triple NAT and don't want to pay for static IP or domain name and dynamic DNS.
>headscale
What's so good about it?

>>106038009
Local validation server that you own/run instead of relying on the one the tailscale group runs.

>>106037784
You can find some pretty cheap 3/4U rackmount (optional) models from Rosewill that have space for a shit ton of drives and fit any of the ATX variant boards.

Do you have specific space constraints you're trying to work within, or any other kind of restrictions?

>>106037784
Fractal makes good tower cases for bulk storage. A little pricey, though.

>>106038038
This would also require static IP/domain name

>>106038345
Show what I know.
Well for what it's worth you can still get tailscale running. Just wont be -quite- as secure/a smaller target as headscale, but if you're really hard pressed with your configuration restraints, I'd still go for it. Just remember to do your due diligence with regards to securing your tailnet. 2FA, self signing nodes/users and making sure our access list is air tight.
Good luck anon.

>>106038490
Shows*
I'm illiterate -and- retarded. Sorry.

>>106038490
>Just wont be -quite- as secure/a smaller target as headscale
how much of an issue is this?
I mean it can only access what I allow it right?

I can't decide how to structure my anime collection to be more jellyfin friendly.

>>106038653
Again, I'm a retard when it comes to this, so I'll probably butcher this. But my general understanding - and if I fuck this up /hsg/ please correct me:
Tailscale on its own utilizes an authentication server that routes some component, (if not all, not entirely sure), of your traffic through it to facilitate access. The traffic itself is encrypted, and obviously the server itself is managed by Tailscale, who ostensibly have better resources/know-how than your average homelab user to secure the device, so -technically- it's secure as one would hope any overlay VPN network is, but given that this represents a centralized "target", there's a greater likelihood that at any given time malicious actors are trying to own it.
How much of a danger is this in reality? No way of knowing for sure - this is a business who's products are supposed to be secure, and it is used and trusted by a ton of businesses, but that's no guarantee of perpetual security forever. There was some kerfuffle on reddit with weird domains allowing people of a similar domain into tailnets a few months back, but that has since been patched (per tailscale), and the due diligence bit I reference earlier would defeat that specific risk entirely.
If you're running headscale, that takes the burden of validating your traffic off of tailscale's validation server and puts it squarely in your hands. So obviously a smaller target, self-managed, and you don't have to think about any component of your (encrypted) traffic running through their validation server. All of these points are obvious pro's, to anyone who really cares about taking ownership of the entire process and decreasing the attack surface of the whole thing as much as possible.
I'm probably glossing over some or more components of that explanation, but that's the general shape of it, from what I've read on /hsg/.
So if I'm fucking this explanation up please correct me.

>>106039026
>So if I'm fucking this explanation up please correct me.
You're spending paragraphs to explain why you use some third party to do a simple wireguard setup. I think you're telling yourself what you want to hear and you aren't going to listen to me anyway.

>>106039111
>You're spending paragraphs to explain why you use some third party to do a simple wireguard setup
No, I'm just trying to answer that one anon's question about headscale vs. tailscale. We've already established that he can't or wont use wireguard.
>I think you're telling yourself what you want to hear
I never even implied what my solution is, nor will I.
>and you aren't going to listen to me anyway.
>>So if I'm fucking this explanation up please correct me.
Stop being a dick anon. If you want to grace the thread with your knowledge you have my formal permission to do so.

>>106039026
>How much of a danger is this in reality?
relax bro dont worry

>>106039183
>There was some kerfuffle on reddit with weird domains allowing people of a similar domain into tailnets a few months back, but that has since been patched (per tailscale), and the due diligence bit I reference earlier would defeat that specific risk entirely.
Can we make an attempt to post in good faith about this topic just once? Please?

Any tips how to setup radarr? I tried following the trash guide, but it says how to setup only if you want either 4k or 1080p, while what I want is to prioritize 4k hdr movies and fallback to 1080p if that version doesn't exist/is not available

>>106039177
use wireguard. you can use some script to tell you what your IP address is when it changes by text or whatever you want if you're hellbent on using a third party to implement a simple VPN because you can't figure out or are too stubborn to get a domain or static IP

>>106039469
Tell that to
>>106035454

>>106039346
Set up a new quality profile with the qualities and only the qualities you want and then tick upgrades allowed.

Bros is resolved just bad?
I've had nothing but subtle problems using it.
Resolver stops working randomly, early boot services with after=network-online.target failing to resolve domain names with "Temporary failure in name resolution"

I don't get it. It's literally the worst thing in the systemd suite.

>>106039469
nta, does wireguard work in the same way that tailscale does regarding exit nodes? What about mobile support for ios or android?

>>106038210
As I currently still live in an apartment I don't have room for a rack mount yet.

My main server is currently housed in a Silverstone GD06 which has room for 4 HDD's and also fits well under the TV. I have been upgrading the sizes of the drives over the years but the older drives are still in a good enough state.

>>106038229
Fractal makes sexy cases indeed, but I was thinking of something smaller than a PC housing, like a QNAP NAS

>>106039571
Would something like this work?