… are you the DaX from the PSP modding scene?!
… are you the DaX from the PSP modding scene?!
Oh boy I went down this same rabbit hole awhile ago. Here is a git repository that will explain why this happens and also offers a fix on how to modify your IP tables to ensure that docker respects the UFW.
I’m going to suggest something a bit more out there. You can setup this whole thing with NixOS. I have a bunch of docker containers that run as a systemd service, declared with Nix and personally, I like it very much. It’s also got everything else you want but the atomic upgrades are top tier in NixOS.
For example if you want NoIP and Cockpit just add this bit to your configuration.nix
environment.SystemPackages =[
pkgs.noip
pkgs.cockpit
];
Adding something like docker or podman is just as easy with a one line like
virtualisation.docker.enable = true;
There is always a bit of a learning curve when doing anything with Nix but I find the buy in to be worth it. Here’s a blog post about converting docker compose files over to the Nix format. This really isnt necessary as you could just make the systemd service run a oneshot against a docker compose file but this blog has a lot of nice examples.
https://mrupnikm.github.io/en/posts/nix-docker-containers/
If you have any questions please let me know :D
It shouldn’t mess with your current routing but if you’re running other VPNs you may run into issues.
After you join the machines to the tailnet, each machine gets a new IP address ( only visible to other machines in the tailnet), by default it’s a 100.x.y.z you can check the tailnet for the device IP.
Now you can keep the port closed on your router and it will still be accessible over the usual lan ip and port. But when you want to access remotely, turn on tailscale and connect using the tailnet IP.
Another cool thing you can do with this setup is turn your home server into an exit node. By default it will only route things that are in the tailnet (100.x.y.z subnet). But if you turn your home server into an exit node you can funnel all your traffic back through the exit node. Instant free VPN back home!
Here you go friend, enjoy! 😁
Unencrypted HTTP can mean that anyone can see your traffic as it passes through their network. Your ISP will see that traffic. If you’re streaming pirated music and you’re in a country that cares about those things, might not go very well. From a security stand point though, you still wouldn’t want to trust the authentication on the open port. A vulnerability may exist that you don’t know about. It’s always better to keep them closed and add another layer or two between your home computer and the public.
Tailscale let’s you tunnel into your home network without opening any ports, and it encrypts the traffic. Much safer way of doing it.
Another tip, please be very careful when exposing ports to the public. With docker you’re already mitigating your attack surfaces but an open port allows anyone to make a connection and there are lots of bots out there looking for open ports and vulnerabilities. A good alternative would be to setup wireguard and instead then connect through that or if you like simplicity check out Tailscale.
Okay… one is closed sourced and the other open. That much I know. With those points out of the way, why is jellyfish superior?
What happened with Emby? I’ve used their service for a long time and have been very happy with their lifetime premium.
Good news, they support OIDC! Haven’t tested it myself so your mileage may vary.
Check out this guide to get started with exposing your services via proxy. I started with v1 and migrated to v2. Until I dug this link out for you, I had no idea about v3; but if it’s as good as the first two I can only imagine how good it is now.
https://www.smarthomebeginner.com/traefik-v3-docker-compose-guide-2024/
Is that from No Country for Old Men?
I believe media hosting is only against their ToS if you try and use the proxy service. In the DNS page you would want to make sure the clouds are not orange. Fair warning though now your IP is exposed to the public.
https://www.linuxserver.io/blog/advanced-wireguard-container-routing
I think what you’re looking to do is route using IPTables. I’ve achieved a similar setup with this guide, just not using a mail server. With this setup the DNS can actually be taken care of by docker. With my phone on wireguard I can resolve by the container name on my VPS, internal server docker container, internal lan, and everything else goes out to Mullvad (direct too thanks to split tunneling). Very slick setup.
Lol how funny. I was also very into modding the PSP growing up. I had a couple of Pandora batteries. The only reason I caught onto it was because my name is also Alex haha hello fellow Alex!