Matrix runs great out of the box but once you start joining large rooms your server has to synchronize with every instance, this is very taxing on the network and in my experience was essentially DDOS’ing me until I started a cache at the reverse proxy level and forced it to use my secondary PiHole.

Huh, swear I’ve seen this somewhereX

Oh I am fully aware it just cosmetic, that’s why I added this line In my original comment:

but be warned if you take this route that the CSS can be re-enabled on the login screen using your browsers element inspect

hence why I also suggest just outright blacklisting all IP’s and only whitelisting the known few at the reverse proxy level.

I’ve been looking at VPNs, but it feels weird, to route everything through my home IP when I’m also trying to use a commercial VPN for privacy / to combat services fingerprinting me based on my IP.

My ASUS WRT router (running Merlin Firmware) forwards my Home WireGuard VPN server through one of my Proton VPN clients, I get all the added bonuses of being connected to my home network, utilizing my PiHole an such, while benefiting from appearing across the world.

I’m currently considering a reverse proxy setup with an authentication provider like authentik or authelia, but as far as I understand, that wouldn’t work well with accessing services through an app on my mobile device (like for jellyfin music for example.)

This is correct, you cannot host an authentication service in front of Jellyfin’s proxy otherwise the Jellyfin Media Player will not connect to your server however, there is a Jellyfin SSO plugin for authentication which is what I use and I disabled the manual login form via CSS but be warned if you take this route that the CSS can be re-enabled on the login screen using your browsers element inspect, I wish you can disable it outright but it’s heavily baked into Jellyfin from what I’ve read.

I suggest setting up a IP-Blacklist for Jellyfin and only whitelisting the known IP’s.

Jellyfin isn’t the most secure piece of software out there, I would avoid giving it permissions it doesn’t need.

Step 1) Check /dev/dri for the GPU

user@debian:~/compose$ ls /dev/dri
total 0
drwxr-xr-x  3 root root        120 Jan 25 11:50 .
drwxr-xr-x 18 root root       3360 Feb 11 03:03 ..
drwxr-xr-x  2 root root        100 Jan 25 11:50 by-path
crw-rw----  1 root video  226,   0 Jan 25 11:50 card0
crw-rw----  1 root video  226,   1 Jan 25 16:39 card1
crw-rw----  1 root render 226, 128 Jan 25 11:50 renderD128

Documentation indicates renderDXXX typically refers to Intel GPU’s

Make sure at least one renderD* device exists in /dev/dri. Otherwise upgrade your kernel or enable the iGPU in the BIOS.

2. Edit your docker-compose.yaml and add this In your Jellyfin block

devices:
 - /dev/dri/renderD128:/dev/dri/renderD128

3. Start your container and enter it to verify the device is recognized.

sudo docker compose up -d; sudo docker exec -it jellyfin bash

Once inside ls /dev/dri to confirm the GPU is recognized inside the container, once you confirm it then you can exit the container.

user@debian:~/compose$ sudo docker exec -it jellyfin bash
I have no name!@jellyfin:/$ ls /dev/dri
renderD128
I have no name!@jellyfin:/$ exit
exit
user@debian:~/compose$

4. On the Jellyfin dashboard go to the hardware acceleration page and follow the notes left by Jellyfin devs.

For a while my GoAccess instance wasn’t working properly so I couldn’t visualize my access logs from Traefik, got lazy trying to fix it and left it as is, well in the meantime I wasn’t lazy enough to setup Synapse and begin federating on my home network.

Finally fixed my GoAccess today to be surprised to see Synapse hits labelled as crawlers, well over a million hits.

I’m considering doing Jellyfin, but I’m not a huge movie/shows consumer,

Well, if you’re paying for [Insert Streaming Service Here] than I’d say it’s worth it. Save yourself the extra 10, 15, 20 dollars a month and use it on a company (or open sourced project!) that actually cares about its consumers, this can be said for Music streaming and “cloud” storage as well.

deleted by creator

Setting up Element Call on my instance was difficult on its own, I understand why Synapse doesn’t come with it out of the box, essentially you spin up Matrix’s JWT service for authenticating clients and it if approved forwards the connection to the Livekit ports which must be opened on your firewall (ie port forwarded), otherwise people will not be able to connect to calls.

Big PITA and in my experience, on my home network, can conflict with games with VOIP chats so don’t follow the default 50000:55000 port range Livekit recommends or you’ll run into issues like I did, each person consumes 2 ports so adjust the range to your need.

Edit: I don’t suggest running Element Call standalone, it has issues of its own, once you get Livekit and JWT running and follow This guide you should have your element call support in Synapse now, pro-tip for those running synapse behind docker and get confused on the whole ./well-known part of the documentation you can edit your ./well-known in your homeserver.yaml file like such:

serve_server_wellknown: true

extra_well_known_client_content:
  optional: client
  "org.matrix.msc4143.rtc_foci": [
      {
          "type": "livekit",
          "livekit_service_url": "https://livekit-jwt.your.domain/"
      }
  ]

Element and Element Call, although no streaming audio support on the horizon anytime soon.

I stand corrected, apologies.

deleted by creator

You don’t necessarily have to host another Jellyfin instance, I would find a server somewhere in-between the middle of your current Europe server and your Asian homies and setup a reverse proxy there and point it to your current Jellyfin instance.

The only hassle with this is you’re going to need a way to expose your Eu Jellyfin to the new server, a VPN would prevent port forwarding 443, perhaps split tunneling?

Not the most elegant solution but at least this way you can make an attempt at optimizing the connection.

Edit - (if you wanted to go the second Jellyfin instance route): Could also copy your current database to the second server, host a second Jellyfin instance and have something like sshfs or sftp sharing the directory to your media library, reverse proxy it as something like asia-jellyfin.your.domain and keep it separated from your Eu server.

This software is more meant to be ran in a server environment, it’s suppose to be a replacement to subscription based photo/video cloud storage. I would not recommend you run this on a desktop you use daily as it’ll consume resources in the background slowing your desktop down, this is kinda why NAS storage systems exist.

Once you get a grasp on the BASH shell I would suggest playing around with docker and docker compose in a headless environment (headless = no desktop environment, shell only) as there are loads of applications you can self-host over your network.

Pretty sure Bibliogram was inspired by Nitter before it became deprecated. Hope to see this flourish.

Yup, it works 90% of the time. Happens on all devices so I suspect Searx is just running into an error of some sort. Too lazy to investigate.

I host my own SearXNG via docker compose, reverse proxied it via Traefik, added a few security headers, restricted access to my country to help prevent abuse.

Use it daily, the only complaint I really have is it occasionally doesn’t search when you type in the address bar of a browser. What I mean is I’ll type a search query and instead of redirecting to the query (searx.yourdomain.tld/search?q=test) it’ll just redirect to the homepage of my SearXNG instance (searx.yourdomain.tld) forcing me to retype my query. Annoying but not the end of the world.

I don’t use Home Assistant personally as I also use Apple products, if you read into Homebridge it’s a piece of software that turns smart devices that are not HomeKit enabled devices into HomeKit enabled devices, and enables new functionality to devices that are already HomeKit enabled. Definitely worth considering.

This was significantly cheaper than converting all my Apple products into android products.

To quickly spin it up I would suggest reading into Docker and Docker compose, docker takes applications and containerizes them and lets them run over your network.

Finamp certainly needs some work but it’s far better than the native Jellyfin application, at least for iOS/iPadOS, I can now listen to music in the background.

Hell the Finamp contributors took my suggestion on a way to sort playlists and actually implemented it so I gotta say much props to them.