Yeah, I’ve only got a handful of services I want to run. It’s possible that the bug bites me and I want to go deeper into this stuff, but for the here and now, I’m only eyeing 8-10 things I want to host, and they ought to work across a mini PC and a NAS.
Why do I need that? From my perspective, it seems like it would be more useful if I had far more services that I intended to run than what I’m actually planning for.
I plan on putting just about everything I can in Docker containers, but I don’t think what I’m doing requires VMs, unless you spotted something that’s eluding me.
I’m not happy with Bazzite for this purpose. Its previous purpose was to be a game console, but I’m reassured by the recommendations for Debian.
Then use a GUI. The extra memory used is trivial and your system will be way over-powered for a reverse proxy to a home network anyway.
It will be more than just a reverse proxy, but I suspect it will still be more than powerful enough for the extras. Thanks.
Are you going to update frequently?
Yes, just so long as I’m the boss. I don’t want any downtime that I’m not in control of.
Your DNS servers would be the ones where you register your domain.
The tutorials I’d been looking at were showing them overriding the DNS servers at the domain registrar with servers from Cloudflare or elsewhere. Is that just because there may not be an automated way to update the IP dynamically with the domain registrar, but there is for Cloudflare?
I think the tunnel method you’re suggesting is different than what I’m after, and a lot of the “complexity” in learning this stuff is coming from all the different methods we have available to achieve similar results. I ought to be able to just expose 443 once I’m fully up and running, and it will route to the various services through the reverse proxy and subdomains. My “zero trust” separation for security ought to be my VLANs. So if I’m not going exactly that route, where would my DNS servers come from, and why would I need something other than what’s there by default?
I know the CLI is effective. My daily driver has been Kubuntu since 2017, and I dabbled with Ubuntu for a decade before that. But I’m so much slower on the command line, because I have to think so much harder about each command, and the outputs are often unintuitive to read and parse out what I’m looking for.
Thanks. My NAS comes with a Docker GUI that I’m fairly comfortable using at this point, but I figured I’d end up using Portainer on the mini PC. So CertBot is the software that will get me a self-signed certificate until I’m ready to expose it to the web? And I can install that via Docker container? Desktop Debian is totally cool for the mini PC OS?
4x18TB in RAID5. I went with 18s because it was the best value for $/TB when I bought them, which was just before prices spiked. That gives me almost exactly 50TB of usable space after formatted capacity and space lost to RAID. If I bought drives today for the same price as what I paid earlier this year, that 50TB shrinks to 35TB. I’ve only got DVD and Blu Ray rips on it; Jellyfin counts 120 movies (105 of which are Blu Ray, 15 DVD) and 1166 episodes of TV (10 series on Blu Ray, but number of episodes per show varies wildly). This is the full fat rips with MakeMKV, all special features, no video compression via Handbrake or anything; almost exactly 11TB used. So I’ve got a lot of room for expansion, and I plan on also using this NAS for other things that will probably be a rounding error compared to my Jellyfin library.
Gotcha, thanks for taking the time to humor me. I never would have guessed.
Maybe you said so in some lingo that’s foreign to me, but what upsets that reputation? What kinds of configurations do they not like, and why is it not set and forget? Sorry for asking for a dissertation, but I never had any idea e-mail could be more complicated than set and forget.
What is your reputation in this context? And what does losing it cost you?
Would you care to give some additional context here? I haven’t had the itch to host my own e-mail, but what kinds of misfortune do you encounter when you’re not in the good graces of Google of Microsoft? And what could land you in that situation?
One of the best lines from that entire series.
Thanks. I’ve been doing a lot of research, and the beginning of it took a while to stick, so it’s good to hear I’m not a complete idiot. What “multiple purposes” are you referring to that would make the VLAN setup less effective? Because I’ll acknowledge that this could lead to two devices being completely compromised if I’m breached, but that will only cost me time to get set back up, as opposed to compromising personal devices on the main VLAN.
I’ve got a firewall. I also have two managed switches to route the VLANs that I’ll be setting up in the coming days. I’ve got a handful of guides I’ve visited and will be revisiting in order to do it the way I want, which I believe will be a reasonable level of security. Acknowledging that you were just trying to be a friendly neighbor, does this plan still hold up to your wisdom thus far?
Again, still learning, but my understanding is that that’s what VLAN rules can protect against.
There is no personal information on anything in that proposed VLAN currently, and in the future, the most personal stuff it will include is a chat program to replace Discord. In all, I’m assuming I can run the reverse proxy and most services (not even a dozen) on a mini PC, and then somewhere between 1-4 on a NAS. Two devices total on this VLAN, unless I learn of something that would change this plan.
I’m learning a lot of this as I go and have not exposed any services to the internet yet, but would VLANs not contain the damage to a limited portion of the network? Because that’s the plan I’m working toward. Not just for Jellyfin but a handful of other services.
A lot of people would consider the period just after 2005 to be a lot of the best TV ever made.
Gotcha. I hear you can run a utility outside of Plex to do the conversion, but I do have the luxury in this case of starting from scratch, myself.
But why use one DNS service over another? Sorry if you’ve covered this already and it’s just not clicking yet or something.