I think if you use a SIP provider, they’ll have an app or a description on their website how to connect with third-party software. Just install it on a device you take with you, and configure it as per their description. Examples for Android SIP softphones are Linphone and Baresip.

Other options: you have a AVM Fritzbox at home and install their app. Or you set up an entire PBX like Asterisk or FreePBX or one of the other ones. That’s rather complex and involved.

Nah, I don’t think there’s a lot on IPv6 in that book. I think OP’s concern is valid. Accessing devices at home isn’t unheard of. The amount of smart home stuff, appliances and consumer products increases every day. And we all gladly pay our ISPs to connect us and our devices to the internet. They could as well do a good job while at it. I mean should it cost extra to manage a static prefix, so be it. But oftentimes they really make it hard to even give them money and obtain that “additional” service.

I wonder how often the assigned prefix changes with most of the regular ISPs. I’d have to look someone else’s router since I’m still stuck on an old contract. But I believe what I saw with some of the regular consumer contracts: the prefixes stay the same for a long time. You could just slap a free DynDNS service on top and be done with it.

But yes, I think this used to be the promise… We’d all get IPv6 and a lot of gadgets like NAS systems, video cameras and a wifi kettle and they’d be accessible from outside. Instead of that we use big capitalist cloud services and all the data from the internet of things devices has some stopover in the China cloud.

Of course. These all are different issues. Encrypted messaging has nothing to do with handing out my phone number to everyone.

I can’t remember why I skipped SimpleX. I tried it some time ago, maybe it sucked too much battery on my old phone… Should I have another look at it? Respectively, is it any good for someone like me who already uses a Matrix messenger? I mean not theoretically, but for every-day use.

Yes, this. And with WhatsApp or an dedicated app they’re either directly on your phone. Or have your (personal) phone number. Which isn’t great. With eMail you can just have another spam address. And that’s more complicated with phone numbers and most people don’t have a second one dedicated to spam and advertisements…

Maybe have a look at https://nginxproxymanager.com as well. I don’t know how difficult it is to install since I never used it, but I heard it has a relatively straight-forward graphical interface.

Configuring good old plain nginx isn’t super complicated. It depends a bit on your specific setup, though. Generally, you’d put config files into /etc/nginx/sites-available/servicexyz (or put it in the default)

server {  
    listen 80;  
    server_name jellyfin.yourdomain.com;  
    return 301 https://$server_name$request_uri;  
}  

server {  
    listen 443 ssl;  
    server_name jellyfin.yourdomain.com;  

    ssl_certificate /etc/ssl/certs/your_ssl_certificate.crt;  
    ssl_certificate_key /etc/ssl/private/your_private_key.key;  
    ssl_protocols TLSv1.2 TLSv1.3;  
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';  
    ssl_prefer_server_ciphers on;  
    ssl_session_cache shared:SSL:10m;  

    location / {  
        proxy_pass http://127.0.0.1:8096;  
        proxy_http_version 1.1;  
        proxy_set_header Upgrade $http_upgrade;  
        proxy_set_header Connection 'upgrade';  
        proxy_set_header Host $host;  
        proxy_cache_bypass $http_upgrade;  
    }  

    access_log /var/log/nginx/jellyfin.yourdomain_access.log;  
    error_log /var/log/nginx/jellyfin.yourdomain_error.log;  
}  

It’s a bit tricky to search for tutorials these days… I got that from: https://linuxconfig.org/setting-up-nginx-reverse-proxy-server-on-debian-linux

Jellyfin would then take all requests addressed at jellyfin.yourdomain.com and forward that to your Jellyfin which hopefully runs on port 8096. You’d use a similar file like this for each service, just adapt them to the internal port and domain.

You can also have all of this on a single domain (and not sub-domains). That’d be the difference between “jellyfin.yourdomain.com” and “yourdomain.com/jellyfin”. That’s accomplished with one file with a single “server” block in it, but make it several “location” blocks within, like location /jellyfin

Alright, now that I wrote it down, it certainly requires some knowledge. If that’s too much and all the other people here recommend Caddy, maybe have a look at that as well. It seems to be packaged in Debian, too.

Edit: Oh yes, and you probably want to set up Letsencrypt so you connect securely to your services. The reverse proxy would be responsible for encryption.

Edit2: And many projects have descriptions in their documentation. Jellyfin has documentation on some major reverse proxies: https://jellyfin.org/docs/general/post-install/networking/advanced/nginx

You’d install one reverse proxy only and make that forward to the individual services. Popular choices include nginx, Caddy and Traefik. I always try to rely on packages from the repository. They’re maintained by your distribution and tied into your system. You might want to take a different approach if you use containers, though. I mean if you run everything in Docker, you might want to do the reverse proxy in Docker as well.

That one reverse proxy would get port 443 and 80. All services like Jellyfin, Immich… get random higher ports and your reverse proxy internally connects (and forwards) to those random ports. That’s the point of a reverse proxy, to make multiple distinct services available via just one and the same port.

Right. Do your testing. Nothing here is black and white only. And everyone has different requirements, and it’s also hard to get own requirements right.
Plus they even change over time. I’ve used Debian before with all the services configured myself, moved to YunoHost, to Docker containers, to NixOS, partially back to YunoHost over the time… It all depends on what you’re trying to accomplish, how much time you got to spare, what level of customizability you need… It’s all there for a reason. And there isn’t a perfect solution. At least in my opinion.

I think Alpine has a release cycle of 6 months. So it should be a better option if you want software from 6 months ago packaged and available. Debian does something like 2 years(?) so naturally it might have very old versions of software. On the flipside you don’t need to put in a lot of effort for 2 years.

I don’t think there is such a thing as a “standard” when it comes to Linux software. I mean Podman is developed by Red Hat. And Red Hat also does Fedora. But we’re not Apple here with a tight ecosystem. It’s likely going to run on a plethora of other Linux distros as well. And it’s not going to run better or worse just because of the company who made it…

Sure. I think we could construe an argument for both sides here. You’re looking for something stable and rock solid, which doesn’t break your stuff. I’d argue Debian does exactly that. It has long release cycles and doesn’t give you any big Podman update, so you don’t have to deal with a major release update. That’s kind of what you wanted. But at the same time you want the opposite of that, too. That’s just not something Debian can do.

It’s going to get better, though. With software that had been moving fast (like Podman?) you’re going to experience that. But the major changes are going to slow down while the project matures, and we’ll get Debian Trixie soon (which is already in hard freeze as of now) and that comes with Podman 5.4.2. It’ll be less of an issue in the future. At least with that package.

Question remains: Are you going to handle updates of your containers and base system better than, or worse than Debian… If you don’t handle security updates of the containers in a timely manner for all time to come, you might be off worse. If you keep at it, you’ll experience some benefits. Updates are now in your hands, with both downsides and benefits… You should be fine, though. Most projects do an alright job with their containers published on Docker Hub.

I don’t think so. I’ve also started small. There are entire operating systems like YunoHost who forgo containers. All the packages in Debian are laid out to work like that. It’s really not an issue by any means.

And I’d say it’s questionable whether the benefits of containers apply to your situation. If you for example have a reverse proxy and do authentication there, all people need to do is break that single container and they’ll be granted access to all other containers behind that as well… If you mess up your database connection, it doesn’t really matter if it runs in a container or a user account / namespace. The “hacker” will gain access to all the data stored there in both cases. I really think a lot of the complexity and places to mess up are a level higher, and not something you’d tackle with your container approach. You still need the background knowledge. And containers help you with other things, less so with this.

I don’t want to talk you out of using containers. They do isolate stuff. And they’re easy to use. There isn’t really a downside. I just think your claim doesn’t hold up, because it’s too general. You just can’t say it that way.

But that’s very hypothetical. I’ve been running servers for more than a decade now and never ever had an unbootable server. Because that’s super unlikely. The services are contained in to several user accounts and they launch on top of the operating system. If they fail, that’s not really any issue for the server booting. In fact the webserver or any service shouldn’t even have permission to mess with the system. It’ll just give you a red line in systemctl and not start the service. And the package managers are very robust. You might end up with some conflicts if you really mess up and do silly things. But with most if them the system will still boot.

So containers are useful and have their benefits. But I think this is a non-issue.

Alright, seems fine. Just make sure you include some privacy statement if you process the user’s IP addresses and location. And maybe give a very rough location only.

Sure, I think that’ll do. I mean I love to tell people on the internet that they’re idiots… But a simple “Skip” would do, if OP fears this is going to drag down the place. On the other hand… Forcing people to pick an option has its benefits, too. But there’s a limit with user generated questions. (And I’m not even sure if the ones I saw were user-generated. They were mostly productive, proper questions and without spelling errors…)

Very nice. Jury duty is fun. But I feel we need a third option for questions like: “I am a manager of company with 200 employees. We want to introduce a rewards system for perfect attendance (zero sick days or absences). Two days extra holiday or a financial reward.”
Both answers suck, and the correct answer is: you’re the a*hole for incentivising your employees to come in sick, and either infect other people as well, or not take time to recover and get worse.

Sure. With data that might be skipped, I meant something like the Jellyfin server, which probably consists of pirated TV and music or movie rips. Those tend to be huge in size and easy to recreate. With personal content, pictures and videos there is no chance of getting it back. And I’d argue with a lot of documents and data it’s not even worth the hassle to decide which might be stored somewhere else, maybe in paper form… Just back them up, storage is cheap and most people don’t generate gigabytes worth of content each month. For large data that doesn’t change a lot, something like one or two rotated external disks might do it. And for smaller documents and current projects which see a lot of changes, we have things like Nextcloud, Syncthing and a $80 a year VPS or other cloud storage solutions.

Next to paying for cloud storage, I know people who store an external hdd at their parent’s or with friends. I don’t do the whole backup thing for all the recorded TV shows and ripped bluerays… If my house burns down, they’re gone. But that makes the amount of data a bit more manageable. And I can replace those. I currently don’t have a good strategy. My data is somewhat scattered between my laptop, the NAS, an external hdd which is in a different room but not off-site, one cheap virtual server I pay for and critical things like the password manager are synced to the phone as well. Main thing I’m worried about is one of the mobile devices getting stolen so I focus on having that backed up to the NAS or synced to Nextcloud. But I should work on a solid strategy in case something happens to the NAS.

I don’t think the software is a big issue. We got several good backup tools which can do incremental or full backups, schedules, encryption and whatever someone might need for backups.

Privacy would be the main concern. Every single one of your words, documents, pictures will probably end up in some large database over at OpenAI. I don’t like that at all. And as a company for example, it might be against the law to share some information about clients with third parties.

Then you don’t get any of the freedoms we got with Free Software. It’s a service you rely on with very little opportunities to customize, or look inside and tinker. There is little control for the user whatsoever. Additionally we already had companies cease service. So it might become unavailable tomorrow, which is a bad thing if you’re attached to it, invested or built things around it.

And since “the internet is for porn”… We also have a noteworthy community doing those kinds of things. And well… go ahead and ask the big services to generate a lewd story. Most of them even refuse to write a murder mystery story for me, instead they’ll lecture me on how it is not ethical to murder someone. So that would be use-cases where local AI outperforms any of the market leaders.

Personally, I’m a bit opposed to the entire concept of letting other people’s algorithms dictate my life. I don’t want to rely on them. I also don’t want them to pick the bias for my perspective on the world. The algorithms in social media are dwarfed by how dangerous it’s gonna be once people rely on AI more and more. And it gets to choose which information to show and which to drop. What kind of bias to introduce in summaries etc. Teach people how to think. And I already don’t like the way all big AI chatbots talk to me with a lot of emojis and in a “Explain like I’m 5 yo” way.

So to go back to the original question… I think the more “useful” AI is, the more reasons there are to retain some control yourself. What do you think?

By the way, you can still run the Yunohost installer ontop of your Debian install… If you want to… It’s Debian-based anyway so it doesn’t really matter if you use its own install media or use the script on an existing Debian install. Though I feel like adding: If you’re looking for Docker… Yunohost might not be your best choice. It’s made to take control itself and it doesn’t use containers. Of course you can circumvent that and add Docker containers nonetheless… But that isn’t really the point and you’d end up dealing with the underlying Debian and just making it more complicated.

It is a very good solution if you don’t want to deal with the CLI. But it stops being useful once you want too much customization, or unpackaged apps. At least that’s my experience. But that’s kind of always the case. Simpler and more things automatically and pre-configured, means less customizability (or more effort to actually customize it).

I’ve always backed up my SMS to my E-Mail inbox. With something like SMS Gate or SMS Backup+. I think it’s nice to have all messages in my mail program. Of course that only does one way. To reply and get immediate notifications, I use KDEConnect (or GSConnect which is the same thing for GNOME.)