nublug

any other linux distro can do vms and containers, too. arguably it’s easier to do that than with proxmox.

but yeah, i wanted to check it out so threw it on the drive i pulled from my old broken laptop to check it out and discovered the wifi omission. i even tried to install base debian and ensure wifi was set up first then convert to a proxmox install. sadly, proxmox’s network stack is in conflict with any other linux network libs and actively uninstalled whichever one i had set up during the proxmox conversion.

i get their reasoning for not supporting wifi after looking it up but imho completely removing it as a possibility is a bit not cool, bro. i wasn’t trying to do any high availability or multiple nodes or anything like that so it wouldn’t have been an issue for my use case anyway.

desec does offer one free subdomain, and you can use as many nested subdomains as you want for your services. do note you’ll need a wildcard cert for each subdomain level: *.sub.dedyn.io and *.app.sub.dedyn.io if a service needs it’s own subdomains for apis and whatnot.

edit: also a note for any fellow noobs like me it’s deDYN.io not deSEC.io on your account/subdomain. it took me an embarrassingly long time to realize my mistake trying to sign up with every subdomain i tried saying it exists already.

ugh well that sucks butt. i’ll be trying new alternatives tonight i guess lol

any recommendations?

update for posterity: i ditched arcane for just managing compose files manually and lazydocker for logs and restarting containers. it’s plenty good for my needs at the moment. tried komodo and couldn’t get it working and didn’t quite like any others i looked into so i dunno what to recommend for a webgui docker manager.

switched from portainer to arcane recently. much easier on the eyes and the ability to save compose projects without deploying them yet is exactly what i was looking for. one thing is weird and i should prolly make an issue for it: no horizontal scroll or word wrap function in the compose editor, so for those compose files with extensive comments like npmplus you’ll have to have open in a text editor or webpage to read to the end of lines.

oh dang, i thought i saw docs and comments saying ddns would help behind a cgnat too, must be mistaken. it’s just for isps who give semi-static ips that change, not full cgnat. after some quick googling it looks like tailscale or other vpn or cloudflare tunnel are your only options.

EDIT: ddns does not work behind cgnat, only vpns and cloudflare tunnels do. my bad.

cgnat is doable with a dynamic dns service. you sign up free at duckdns, freedns, or desec, set up the subdomain you want (example.dedyn.io), install or host in a container a small ddns tool that will periodically (5 min typically) check what your current ip is and update your dns record with that dns service automatically with an api. some routers even have a dynamic dns setting so you can do it without a separate install.

as far as security, you’ll at a minimum want a long, unique password for any jellyfin accounts, and you should place it behind a reverse proxy like nginx, nginx proxy manager for a gui, caddy, or traeffik for some docker automagic fuckery i still don’t understand. i use nginx proxy manager, set up a wildcard *.example.dedyn.io certificate and force ssl on each service i’m forwarding.

you can get fanicer and have an authentication layer self hosted as well like authelia or authentik, but beware that apparently mobile apps and smart tv apps for jellyfin do not play nice because they use the same http port as web access and do not have the ability to pop open a web portal for a secondary auth and will not work with these yet. so it’s a good extra layer and 2fa sso addition but only if you use the webgui jellyfin and don’t rely on an app, which considering you’re asking about casting is probably not your use case.

what else you can do is set up a crowdsec or fail2ban service that will read logs from either the reverse proxy or jellyfin itself and ban ips thru your host firewall that fail to log in to help prevent bots from brute forcing in.

it’s not perfect but with a reverse proxy, ip banning tool, and strong, long passwords on jellyfin it should be relatively ok.

however it would probably be most secure to setup an openvpn or tailscale to vpn to your host and have a definitely secure link to jellyfin from everywhere. i don’t use these myself so i don’t know about limitations this way such as mobile app or smart tv app compatibility, though. and if you want to share with other users it comes with its own security considerations of letting others have a vpn into your host.

hope some of this helps, also there’s a cloudflare tunnel thing you can use instead of those dynamic dns services for domain redirect to ip behind cgnat, but i haven’t used it either and don’t know what all it entails.

good luck!

this is the second or third article i’ve seen where someone supposedly fixes dumb ai things by checks notes using ai to do it.

this is an ad.

deleted by creator