I do vaguely remember something about it getting changed, but yeah, as you said unless you’re sharing it with a bunch of people, it’s probably not enough to trigger anything on their side anyway

I think theres a nice variety of methods out there now that there’s no “one right way” to do it which I think is great compared to just a few years ago where your only real options were a reverse tunnel or CloudFlare tunnels

Why would you need an expensive switch for CF tunnels??

It bypasses the switch and forms a tunnel directly to the machine and you don’t need to change any configuration on the switch

Both options can expose any service as long as the machine has internet

first your questions

Is the tunnel solution appropriate for jellyfin?

Yes but also no. the tldr is It will work, but video streaming is against CloudFlare rules. I ran this way for about 2 years with Plex just for my own use, so for about 15 hours a week on 480p and I never got my service suspended, but I’ve heard stories of others getting suspended… So just know it’s a risk

I suppose it’s OK for vaultwarden as there isnt much data being transfered?

That’s a good use of tunnels

Would it be better to run nginx proxy manager for everything or can I run both of the solutions?

You can definitely run both solutions (tunnel points to npm, npm towards to all other services), and it saves you setting up tunnels for each service

Now for my 2 cents

As others have suggested, tailscale funnel is a valid option. A reverse proxy using a VPS is also a valid option. And as I pointed out, doing the CloudFlare tunnel is an option if you’re willing to accept the risk.

My current setup is using a free Oracle VPS with a small nginx docker container forwarding all port 80 and 443 traffic through a tailscale. On the other end is a nginx proxy manager docker container that points to all my services across the network. I have my CloudFlare details configured in nginx proxy manager to generate a wildcard SSL certificate that I apply to all my local services

Inside the network, I use adguard to redirect the domain to the local LAN IP of the nginx proxy manager server to avoid traffic going through the internet.

Then all you need to do is point the domain on CloudFlare dns to the Oracle server, and you’ll have several layers of separation between the internet and your local LAN , as well as SSL certs both internally and externally on any services you share

It might not be the most elegant setup, but I share my Plex server (as well as about 30 other things) with several other people and can handle multiple 1080p streams going through it without any issue and it’s been nice and stable for over a year without any issues

You can do this pretty easily using asterisk and then just point your VoIP clients to it’s IP address

But…

Whatever you do, unless you’re an expert with network security, don’t leave it on its default port if you’ll expose it to the internet.

You’ll have that many bots trying to get in that it’ll DDoS you within a few hours of setting it up. Even if you have it on a different port, you’ll have lots of bots trying to get in.

If you ever see those “unlimited international calls” cards sold in third world countries for like $5-10, those are mostly hacked VoIP systems that have accounts or access to a phone line

This looks great, I don’t suppose you plan on a pre-made docker container?

For a bit of context for those not too familiar with CDN stuff. My web server hosts about 20 small business websites. None are heavy on images or video or anything else. Most sites have well under 1k visitors a day, some are under 100.

Each month CloudFlare CDN saves me between 40-60gb of traffic which is nothing my server couldn’t handle, but over a year is ~600gb in saved data so it adds up

If you had a Lemmy instance with even just 100 active users, with all the images and videos and all the federated background communications, that would add up extremely quickly.

It’s a shitty situation that’s causing mods and users alike a lot of frustration and might be a bit before it’s sorted.

Unfortunately I think this is something that will need to be dealt with Federation wide before it’s under control… But even then it’ll still add a lot of extra ongoing work to the mods of instances and communities just to clean up anything that gets through

It’s not just this community, or even just Lemmy… Mastodon and other Federation services all struggling with the same issue at the moment

Not exactly what you’re asking but you can push specific images to a private repo to keep specific versions… Then you can just use the cleanup tag or prune to clear them off the system and if you want to pull them again it won’t need to download it from the internet

Minimised Ubuntu server I think only wants like 2.5gb of space and cuts out a lot of things you’ll never use

If you’re only using it for Plex and nothing else, it probably won’t make a lot of difference which you use.

My old setup was Ubuntu running Plex as an install… if you just run a server without a gui, it’s like 3 lines to install Plex

I also have a pi as a portable setup running the docker version which works pretty well but I don’t think it will handle hardware encoding very well, but I could be wrong

My current setup is 3x Lenovo m920q (soon to be 4) all in a proxmox cluster, along with a qnap nas with 20gb ram and 4x 8tb in raid 5.

The specs on the m920q are: I5 8500T 32gb ram 256gb sata SSD 2tb nvme SSD 1gbe nic

On each proxmox machine, I have a docker server in swarm mode and each of those vm all have the same NFS mounts pointing to the nas

On the Nas I have a normal docker installation which runs my databases

On the swarm I have over 60 docker containers, including the arr services, overseerr and two deluge instances

I have no issues with performance or read/write or timeouts.

As one of the other posters said, point all of your arr services to the same mount point as it makes it far easier for the automated stuff to work.

Put all the arr services into a single stack (or at least on a single network), that way you can just point them to the container name rather than IP, for example, in overseerr to tell it where sonarr is, you’d just say http://sonarr:8989 and it will make life much easier

As for proxmox, the biggest thing I’ll say from my experience, if you’re just starting out, make sure you set it’s IP and hostname to what you want right from the start… It’s a pain in the ass to change them later. So if you’re planning to use vlans or something, set them up first

Tailscale also has the funnel option to open up a single service to the outside world without needing a reverse proxy and has its own ssl certificates

I second Lenovo tiny. I have 3 x m920q with a gigabit switch and total combined power draw is about 53w

Not sure this would entirely replace portainer for me since that manages multiple machines, but I am keen to play with this

I’m from Australia and on disability pension. And yeah, I have 3 Linux boxes to play with haha

Yeah life tends to get in the way of hobbies like that… as for me, I started the Linux foundation certified systems administrator course recently but only got a little into before my health went down and a few other things, but hopefully can get back into it soon

How goes the new hobby?

Congrats on your new slippery slope haha

ike I fire up a docker image which plays music (if that’s even possible?) it has to have access to the disc, sound drivers, maybe interactive stuff etc on the host PC right?

So the main things you’ll want to read up on for that are mounts. Mounts will let you attach files and folders from the host computer into the docker container that it sees as if it’s inside the container.

A lot of docker apps will run a web host, so instead of accessing them like a normal application, you load up the website that’s located at the IP address, and the exposed port. Then just like running Netflix or anything, it already has access to local sound and video devices through that

This also means that you can open them up to other computers/devices on the home network… so your phone could load it up and play music or your windows PC could, and it’s all served from that docker container

If you’re interested in hosting media, you could look into Plex or jellyfin, they are media servers that can stream self hosted videos, music and photos over the network.

There’s a lot of other options that are more specific, and what’s right for everybody else might not be right for you so it’s worth playing around with various options

No worries, in terms of docker, if you want to see some of the more useful docker things along with explanation of how to get them running, check out https://noted.lol and https://mariushosting.com

Noted has a lot of writeups on various projects that are nearly entirely docker based. Marius focuses more on docker projects on Synology but for many of them you can go to the project home to get the generic docker instructions and just read his one for project descriptions and intially setup guides