Grandma probably doesn’t do the actually torrenting herself, chances are OP has a overseerr or jellyseerr type of setup, grandma makes the request and things just flow.

“Technically” my jellyfin is exposed to the internet however, I have Fail2Ban setup blocking every public IP and only whitelisting IP’s that I’ve verified.

I use GeoBlock for the services I want exposed to the internet however, I should also setup Authelia or something along those lines for further verification.

Reverse proxy is Traefik.

If you aren’t already familiarized with the Docker Engine - you can use Play With Docker to fiddle around, spin up a container or two using the docker run command, once you get comfortable with the command structure you can move into Docker Compose which makes handling multiple containers easy using .yml files.

Once you’re comfortable with compose I suggest working into Reverse Proxying with something like SWAG or Traefik which let you put an domain behind the IP, ssl certificates and offer plugins that give you more control on how requests are handled.

There really is no “guide for dummies” here, you’ve got to rely on the documentation provided by these services.

So glad my router supports WireGuard/OVPN server hosting, doing it this way also relieves resources off your homelab and for whatever reason your homelab shuts off or loses network access you can at least rely on your router to re-establish the VPN server without further intervention.

deleted by creator

Reverse proxying was tricky for me, I started with Nginx Proxy Manager and it started out fine, was able to reverse proxy my services in the staging phase however, once I tried to get production SSL/TLS certificates it kept running into errors (this was a while ago I can’t remember exactly) so that pushed me to SWAG and swag worked great! Reverse proxying was straight forward, SSL/TLS certificates worked well however, overall it felt slow, so now I’m using Traefik and so far have no complaints.

It’s honestly whatever works for you and what you prefer having.

I agree, hence why I left the note at the bottom of that comment, yes it does encourage bad practices but, if all OP cares about is that it works then it should be fine.

In my other comment I instructed OP to move the volume to their users home directory so they don’t run into permission issues like this again.

Taking a look at your docker-compose.yml I see this volume mount:

volumes: 
- /volume1/SN/Docker/searxng-stack/searxng:/etc/searxng:rw

Whereas /volume1/SN/Docker/searxng-stack/searxng is the directory on your system docker is attempting to use to store the files inside the container from /etc/searxng.

Example of a volume mount that’ll likely work better for you;

volumes:
- /home/YourUser/docker/config/searxng:/etc/searxng:rw

The tilde (~) acts as your current users home directory (aka: /home/YourUser) not owned by root and where docker persistent volumes should be stored.

Edit: I feel like I was wrong here, given that your run sudo in docker compose up -d the tilde will likely not work here and instead point to the /root directory instead. I’ve updated the above to reflect the appropriate directory for your volume mount.

After making the change over to that directory and configuring SearXNG how you like re-create your docker container with sudo docker compose up -d —force-recreate

Apologies for the poor formatting, typing this on mobile.

Edit:

Note: if you want to expose the port do not add the 127.0.0.1 like how I have in my docker-compose.yml.

Edit 2: Corrected some things…

have you checked the directory & file permissions with ls -la /Your/SearXNG/WorkingDir ?

The error in your log is telling you that the container does not have permission to that directory/file, you can essentially bypass this with sudo chmod 777 /Your/SearXNG/WorkingDir/* and sudo chown 1000:1000 /Your/SearXNG/WorkingDir/*

However, if you’re looking for security best practices this is not advisable but if all you care about is that it works it should be fine.

Late to the party but I decided to pickup a 13th gen ASUS NUC with an i7 over a prebuilt NAS, bought a couple external hard-disk bays setup Proxmox running a headless Debian 12 VM and almost everything runs great however, mistake was using Debian 12 because the Linux kernel is pretty far out of date and does not support the CPU properly.

My ASUS WRT router running Merlin firmware offers to host a WireGuard server, I simply use the WireGuard app, dump the config file in and hit connect.

Took a little configuration but eventually got it working how I want it.

Edit: Reason for the Merlin Firmware is because I can route my VPN server through my VPN provider, goes a little like this;

5G/LTE > WireGuard to my router > Router routes that connection to ProtonVPN

This gives me access to the resources in my home while also reaping the benefits of my VPN provider.

This is why I chose an ASUS nuc + external bay-storage for my home networking needs, felt like synology NAS would be a limiting factor.

deleted by creator

Why not just host the stack at home and VPN in? Jellyfin is pretty snappy I don’t think you’ll struggle much network wise.

I picked myself up a Asus NUC 13th gen I7, chose Proxmox VE as the OS (headless Debian 12 for the main VM) and have about 35 services running via Docker Compose essentially 24/7.

Is it the most elegant setup? No, but everything runs beautifully.

Just make sure your Linux kernel supports the Intel chipset as they are relatively new.

This was maybe 2-3ish years ago;

I started with a raspberry pi 4 bundle from Amazon, played around with the Linux filesystem, bash shell, APT package manager and just kept reinstalling the headless Debian 12 OS if I believed to have bricked it beyond repair.

Eventually learned about the Docker Engine & Docker Compose and that essentially gave access to a plethora of software I would’ve have never have used before.

The raspberry pi 4 started to show sluggishness as I started piling more and more services on it so, Instead of buying traditional server grade hardware I liked the small form factor of the Pi so I opted for a 13th gen Asus Nuc with an 12 core i7.

Everything runs beautifully now and I even run Debian 12 on my desktop as well!

Upload to Proton Drive > Create share link > Share link

spin up a second pihole docker and upgrade them separately so they can failover to the other one while upgrading.

Think I’m going to take this advice and put it in action! Thank you!

I think something else may be wrong if it breaks for 20 minutes.

When I originally setup my PiHole many, many, many months ago when I was still learning the Docker engine I had little to no issue.

I don’t know what caused it either being a power-outage or network loss but ever since I’ve been experiencing DNS related issues (I suspect it’s NTP not syncing), some days I’ll wake up before work realizing “oh shit I have no internet access” frantically trying to fix the issue.

I think i might take the advice of other commenters here and host two PiHole servers on separate devices/stacks, just got to hope my router supports it.

I personally couldn’t even get ssl/tls working with NPM, reverse proxying worked but it really didn’t feel right.

Eventually learned about SWAG and had a much better experience setting it up. Now here I am on Traefik thriving.