LetsEncrypt provides free certificates. I would setup Nginx Proxy Manager and use DNS challenge with your dyndns provider to get HTTPS on your home services.
My problem - and I'm not alone - is that I really don't want to expose anything publicly. Is there a way to do this without exposing anything to the Internet?
I am new at this, but from my understanding, if you want to not expose anything to internet, you would need to create your own CA server to create your own certificates and have the necessary encryption certs for your own https on your home lab.
Gotta live on the edge, man. Open up your router. All ports. Firewalls are for pansies. Connect your laptop directly to the modem. Enable ssh and rdp. What could go wrong?
You can setup a VPS between the internet and your home network to limit the exposition of your home network. When a client pings yourdomain.com, it sees the ip of the VPS and not the IP of your home network.
Otherwise, a VPN + home CA server will make your home network accessible and encrypted as well
You don’t have to expose Nginx publicly. It can exist privately on your network. I have my own domain and DNS server internally. For example nginx.home.datallboy.com and jellyfin.home.datallboy.com will resolve to NPM server at 192.168.1.10. Then nginx can listen for jellyfin.home.datallboy.com, and proxy those connections to my Jellyfin VM at 192.168.1.20.
Since I own my domain (datallboy.com), I let Nginx Proxy Manager do DNS challenge which is only used to authenticate that I own the domain. This will insert a TXT record on public DNS records for verification, and it can be removed afterwards. LetsEncrypt will then issue a certificate for https://jellyfin.home.datallboy.com which I can only access locally on my network since it only resolves to private IP addresses. The only thing “exposed” is that LetsEncrypt issued a certificate to your domain, which isn’t accessible to the internet anyways.
I have a public domain that I only use internally on my home network. I have a local DNS server that handles all my internal DNS records. So I just point my DNS records to my nginx proxy manager's local IP address and let it create certs using DNS Challenge. So I don't need to expose anything external to make it work.
Hetzner.com Storage Box might be worth looking into. I have no personal experience with it yet but I’m considering it.
5TB is about 13€/month. You get 20 Snapshots for data safety. It supports a lot of protocols like cifs and rclone which makes it possible to mount as a network drive and encrypt remote backups with rclone crypt.
I fixed it. It seems to work now. For future reference:
Due to my reverse proxy setup the php container identified it’s own URL as being accessed via HTTP. Settings HTTPS=on in the config did the trick. This will force symfony to assume HTTPS for all communication.
Edit: it seems my comments are not being federated so I could still use some help. Edit 2: it seems all it needed was some patience
I think a wiki of useful software and communities would be great! On reddit, weekly threads were often designed to corral posts so that the subreddit wasn't flooded with similar topics. It seems like that's not a problem here, so weekly posts would have to be pretty open-ended to spur discussion. For example, this week there could be a Black Friday Hardware Deals Post or something (e.g. I hear those 18TB WD hard drives at Best Buy are decent starter NAS material). Next week, there could be a post about shucking the drives.
I'm a big fan of Backblaze; $50 per year for unlimited backup for one device, and you can generate your own encryption key so they can't access your data.
I don't think Backblaze's personal unlimited tier is going to easily support op's Synology. I'm sure there's a way to get it to work, but their B2 service integrates with Synology and is the appropriate route to take. Op's looking for redundancy. I wouldn't want to rely on an unsupported work around to guarantee my data when they offer a service that's targeted towards what they want to accomplish.
Backblaze B2 is probably going to be the cheapest and seamless options since they say it integrates with Synology NAS. It's $5/TB/month.
Microsoft Azure Archive storage looks like it might be cheaper per month, but that's just going based on storage costs alone. This guide has a pretty decent explanation of examples of the cost to upload and store it.
Backblaze B2 has the synology integration and op wouldn't have to think about the costs of being able to access or retrieve the data from something like Azure cold or archive storage tiers, since B2 is sold as a hot storage option.
I’ll also vouch for Backblaze’s B2 plan; works well with Synology, and has great reporting options to let you know if you’re approaching your budgeted value, and web-based browsing tools to verify what data they got successfully sent to them.
The backup service is good, inexpensive and easy to set up, so easy to recommend.
I now use their B2 service with duplicati (available as a docker container, but idk how well it works with Synology). It's dirt cheap and equally reliable, but requires more setup by the user, and you must follow good practise and do a test restore of some files to make sure it works.
So it's really a trade-off, depending on what you want to prioritise.
I'm somewhat tempted by B2 but $5/TB/mo feels a bit steep for a NAS.
For me that would be about $100/mo, and for OP that's $25/mo. It would only take a few months before buying a drive for off site cold backup would be more cost effective.
Considering their personal plan is $7/mo for unlimited TBs, it really invites hobbiests to find workarounds after their first TB. Unless I'm missing something.
If you mean by laying it on its side, I did it because the case has punch out side panels. They're both plexi glass too, so I assume it would shatter under the weight of this pc. (~40kg)
Can you post more pics? It's hard to make out the shape of the computer and space available. I'm interested to see how this is the more space efficient way.
I am running a AMD Athlon(tm) X4 860K Quad Core Processor with 32GiB of RAM, Radeon HD 7450, 16TiB of HDD storage and 256GiB SSD. The only upgrade I am considering is buying 4TiB SSD drives to replace the HDD drives, this is only because I've noticed SSD's have gotten really cheap.
I would plan for Docker and not Virtual Machines, as VM's emulate an entire computer and then you run an entire operating system within them and then the application, the result is they need far more resources to act as a host for an application. Server applications have been moving to Docker because its a defined way to sandbox applications, run them consistently and uses far less resources.
I then deployed Portainer Community Edition on to the server, this provides a Web UI to manage the docker contaners running on the server. I have 9 docker containers currently running on the server.
You mentioned Plex: Plex provide a docker image for running their application that supports NVidia GPU Acceleration and seems to run fine on AMD hardware. You will find almost every server application offers an official docker image.
With my business hat on, think how many docker containers you want and plan for that + 1 cores in your CPU, you can probably look up the applications you want to run and add up their recommended RAM usage, as a home rule of thumb 16 GiB of RAM is the minimum, 64GiB would be overkill.
My network mostly uses NPC and summon names from Final Fantasy XI, because I played that game for many, many years and can associate the personalities of those characters with specific roles the host needs to have. I've also considered using Pokemon names for similar reasons, and with over 1000 current Pokemon species it'd be hard to max out in a home environment.
Nothing wrong with practical. I'll often name a VM by what service is going on to it as a temporary measure until I'm sure it's going to work out and give it its final name.
I saw that Synology Photos is getting some sort of object recognition in an upcoming update. But I love the idea of running your app on a container on my Mac (with lots of cores to run the ML code) while keeping the photos homed on the NAS. Definitely going to play with it :)
im just surprised that there weren't any checks that could have prevented an unknowing customer from exposing their devices. Nothing on the fiber modem was labeled, so im kinda worried how many things could be potentially exposed
Tailscale is my goto. I can just use regular remote desktop like I'm on my home LAN. Having said that - I run this on my own laptop that I bring with me. I'd never set it up on a work computer.
Media (after the character in American Gods). The bots running on her are Snaffle (video downloader), Severina (audio downloader), Bubble (binary media search agent), and Phylos (physical media search agent, which queries that section of my card catalogue).
selfhosted
Destacado
Esta revista es de un servidor federado y podría estar incompleta. Explorar más contenido en la instancia original.