We’re all fine with piracy because of enshittification and the spread of shows/films across too many services. Happily paid for Netflix when it was good but it slowly got worse and worse. If there was one fairly priced single (maybe max across 3) source(s), I’d switch back.

In terms of stream vs arr’s. Quality of video and sound matters to us but not for everything we watch. I actually use Stremio with Debrid for most items, especially my family choosing what to watch. When I want top quality I will use my arr stack. When stremio fails I’ll use my arr stack. For TV shows we watch regularly we use the arr stack, partly to remind us when they’re released. For TV shows we regularly re-watch I use the arr stack.

I can’t seem to login to the root user on two different mariadb databases to make those changes so must be doing something wrong

Awesome idea then, I’ll have to kook into it.

Just to clarify for my simple brain - vps1 has just 80/443 open, vps2 just has a wireguard port open (51825 or whichever). Vps2 has no domain pointing to it’s public IP, vps has your domain pointing to it. Vps1 and home server have wireguard configs pointing to the vps2 public IP, so punch through automatically. Is that all correct?

I think I have the same setup but with vps1 + 2 combined but that means it’s public IP is easily found by the domain (one includes a public business website) and has WG ports open (although my understanding is this in itself is not an issue as WG gives no reply)

Have you opened an SSH port on both vps1 and vps2 for backup or happy to rely on wireguard? Thinking about it, you could open up the port on the vps but use the providers firewall to block the port - if needed can login to their site, open the port and then SSH in - would this work? They have KVMs for emergencies but just trying to think of worst case scenarios.

Good point, Romm can integrate well with MuOS, Playnite and other client side software you and others can install onto their actual devices. I’ve used Playnite on my devices to manage the emulator side and download the ROMs from the ROMs server.

In theory, you could also try a sunshine server and moonshine client to steam the games from you’re server but guessing it would only work well over a local network, not over the internet to friends

It’s great to have options! Never heard of this one so will check it out too. That’s part of the fun isn’t it haha

Check out Romm. Not every romm can be streamed but think it meets your needs.

I have a mix of Debian and Ubuntu servers. I’ll update manually anyway but for future cases, would unattended-upgrades set to security upgrades run daily be enough to stop this type of issue?

Did some one ask for dust cos I got plenty! Also have one desktop with 30TB of memory, separate small form for HA and Pihole, networking equipment, cooling fans and a UPS all packed into one (un)tidy cupboard. The door doesn’t quite close but enough to hide it from my partner!

Depending on your download speed, you can manually download a TV show episode in seconds to minutes. By the time you watch that episode, at least the next one will be ready. It is quite rare to have to do this though, me and my family mostly add shows on Seer when we find them (recommendations, adverts, etc) and by the time we’ve sat down to watch it’ll be ready.

I did the whole lists thing others have mentioned but to be honest, we found there was too much choice, lots of crap and quickly ran out of space. Taking an active role in choosing shows and films works better for us and I’ll have a short list at any time to watch.

I’m an accountant and tax professional but have always been into computers. I had a social media account breached although it was no issue as hadn’t used it did years. I used a terrible password as thought it did not matter but made me realise I needed to be better generally so started using a password manager.

Then Netflix stopped account sharing. I had just got a 4k TV and only their top level with 4 screens supported it so was pissed off. The fragmentation across services had started so was getting annoyed anyway. This led me to the arr’s.

I decided I could no longer trust Microsoft and hated their pricing structure so was interested in Nextcloud. By then I found the self hosted community (on reddit), bought a desktop PC and after getting the hang of it plus many mistakes I loved my services so will never look back.

Joined the migration to Lemmy. Am based in the UK and joined the anti-US feelings so am setting up more storage, better redundancy and more services for my family. A few family members are interested in helping so can share backups.

I would highly suggest a UPS. I use random external hard drives without RAID as part of my media setup. The electric went out overnight last year. I knew it had happened as my oven was flashing. The server restarted itself so thought everything was fine.

Then some things were glitchy and it took me a few days to release one of the drives was not mounting. Luckily I did not lose the data but it still took a while to fix. It takes even longer to restore a backup.

To mainly save myself time and effort, I bought a basic UPS with 2 plugs. It keeps the server and main router on for 15 minutes but I’ve set it up to send a command to shut down asap just in case. My server seems to automatically switch on when power comes back so not had any issues since.

I have a vps (hetzner dedicated server auction) as well as my home servers. The vps has a fixed IP so ive setup wireguard endpoints to all point to it with forwarding on so can access every device indirectly through the vps. It allows them to work across DDNS or remotely.

I used this guide (https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04). Tried different tools gui’s and other methods but always came back to this to work the best

Yeah, first try your ISP to see if you can get a dynamic or fixed IP instead. Check if their website/FAQ mentions dynamic IP or cgnat. They might outright reject it, or try to upgrade you to an extortionate business package though. I signed up for my service and checked the cgnat before signing up but they hadn’t got around to updating their website that they changed their policy. After the surprise of being behind cgnat and after screenshotting their own website, I complained and hit upgraded to a higher level package for free.

You can use tailscale to get around it, but then you need to install it on all devices and login. You can use cloudflare tunnels and think you can set it to not require login for some services. Both rely on third parties. Both are also safer than exposing directly to the public internet.

If you want full control, you have to rent a cheap vps and setup a tunnel between that and your home server, then use the public IP of the vps for your services. Wireguard is probably the best choice for VPN. You could try pangolin, which is an open source cloudflare tunnel so is more complicated than a VPN but also includes a reverse proxy.

In an ideal world this should be the case but I can’t afford to do this practically and my business is a service, based on UK laws and requirements, available to UK residents only. The website is for information only and nothing is new or interesting to anybody but a few potential clients, and if theyre looking at it on holiday, theres something wrong with them! Nobody is going to reach out based on my website from abroad and if they did, I would not trust them at all. They would reach out through personal contacts or linkedin. If the bots stop spamming my site or server, I can stop limiting it.

Another option to reduce (but not eliminate) this traffic is a country limit. In cloudflare you can set a manual security rule to do this. There are self hosted options too but harder to setup. It depends what country you are and where your users are based. My website is a business one so I only allow my own country (and if on holiday I might open that country if I need to check it’s working, although usually I just use a paid vpn back to my country so no need). You can also block specific countries. So many of my blocked requests are from USA, China, Russia etc

I didn’t know that, thanks for sharing

You could be behind CGNAT - I’m not sure the best way to tell but it could be the reason.

I would also highly recommend buying a cheap domain to use - it would be the price of a coffee per year but makes life so much easier and you don’t have to depend on duckdns. You can buy through cloudflare, porkbun or many other options which you can search for a good DDNS service to update them.

Sorry, the post didn’t have the formatting I expected and is generally quite unclear now I’m reading back through it. I was trying to point out a few different things that I’ve had to learn the hard way when things go wrong! You learn the terminology to search for or have to search for lots of acronyms until you learn them haha.

Public IP

So your server is on a fixed IP address. Do you men locally that the machine has a fixed IP within your home lan setup (like e.g 192.168.1.10) or is your public IP fixed (this will depend on your ISP)? Most home providers, like mine, have dynamic IP so every once in a while my public IP will change so everything would go down as my DNS is pointing to the wrong address. Some providers use CGNAT which is even worse and won’t accept any connections originating from outside.

If dynamic, you can use a DDNS tool like cloudflared to keep checking your public IP and updating your DNS records if it changes. Your services will only go down for however long the polling on this is set. Note that cloudflared does a few things and this is just one one aspect of the tool.

If you have CGNAT you have to use cloudflare tunnels or similar to create the permanent bridge to your server that all external requests can pass through even if originating from outside.

Docker bridge networks

Note this is not essential but can be actually easier to manage and keep more secure. It was hard to get my head around but once I did it was easier.

You can create a bridge network so the containers you add to that network can talk to each other but the other containers can’t. It also means not opening ports in the docker compose so the system can’t access those containers directly using up ports. A container can have multiple networks too.

For instance, my nextcloud main server is on proxy and nextcloud-internal networks. The other containers in that docker compose are on nextcloud-internal. My proxy manager (caddy) is on proxy. The various nextcloud containers can talk to each other on the internal network. My proxy and the nextcloud server can also talk to each other through the proxy network. My server cannot talk to any of them directly (unless you also expose ports). Caddy cannot directly talk to my nextcloud database container. Hope it make sense, I can share my docker compose files if helpful. After this info, my original message may make more sense.

You probably expose ports for jellyfin so can access it locally through 192.168.1.10:8080 or whatever it might be.

Reverse proxy

This is separate to a tunnel but tools like cloudflared tunnels and pangolin combine them.

The reverse proxy is something you setup to pick up a server domain address and deliver it to the requesting computer. It turns cloud.domain.com to 192.168.1.10:8000 and for a website delivers the HTML, images, php etc to client browsers. In the self hosting space it let’s you access different services on one domain (like www.domain.com, cloud.domain.com, request.domain.com as much as you like)

I have caddy on docker but previously used nginx proxy manager, and for each public service I would setup a reverse proxy to the actual service. For my business website I tell it to send and domain.com and www.domain.com requests to my website in a different docker container. For nextcloud I tell it to send cloud.domain.com requests to my nextcloud server container on its port (on proxy network - see above, in caddy I say reverse proxy to nextcloud-server:80 but if exposing ports it could be your internal server IP like 192.168.1.10:8000 or whatever you are using).

Tunnel

This is just connecting two servers or clients and gives them a local IP on each end that can be used to encrypt and tunnel those connections over the internet.

I don’t actually have a tunnel for my external services as I use my business VPS. I do have a tunnel between my home server and my VPS to create an encrypted and usable tunnel between those separate internal networks.

I believe cloudflare tunnels and pangolin work the same way, where a user visits your service.domain.com and the service expects you to login. If logged in, it will forward the requests to your home server through an encrypted tunnel (so your ISP and others can’t see it, and your users never see your public IP address), and it also reverse proxies the request to the correct service on your server (like nextcloud). It does both jobs for you. The authentication stage might be optional, I’m not sure.

It is easier to use these but you’re more tied in to one service.

Cloudflare proxy

If you use cloudflare DNS and opt into their proxy, they will hide your home server’s public IP from external users using services through your domain. If you lookup a domain like “dig domain.com” in the CLI, you will see Cloudflared public IP instead of your own. The connection packets will go to Cloudflare, who internally change it to your public IP so the end client cannot see it. It does mean they can track all your header information and unencrypted traffic, and if it goes down nobody can access your services externally using the domain.

Incidentally, I notice some IPTV services use this to try to hide their public IP but in reality, broadcasters could get the real IP from Cloudflare, especially with a court case.

Check out Infomaniak which has more than just email so could be useful if looking for more of a like for like replacement for O365. If you just want email, somebody mentioned mailbox.org which I have also used and is good.