This is actually really interesting, I might have to try this.
I currently use a USB stick with a key file on it that I need to plug in on boot. Something like this but it wasn’t that easy for me. https://openterprise.it/2022/07/fedora-unlock-luks-full-disk-encrypted-system-using-usb-stick/
Edit: I wonder if yours will work on my VPS… I’d love to encrypt that.
I host pingvin for people to send stuff to me. To send, usually I’ll just move the file into a folder that exposed to Nginx with indexing and send that link. Otherwise I’ll also just use my pingvin instance.
I’ve had no problems with the normal nextcloud apache container for the last couple years. I lock to a major version and let it update itself on the minors until I feel like like changing the yaml to the next major. I’ve gone from 24 to 30 this way without issue.
Actually, I do have to install the contacts and calendar apps from time to time but that’s only when I want to use the webUI for them, caldav/carddav has always worked.
Thinking more about it, If you just want to host and not mess around like I do, I would use your current computer, install Docker on it and see how you like it. Host a example website see if you can get it to work, Try a Minecraft server and see if it works… If that’s not for you then you can try VMs with an entire OS. This will be a lot more overhead but it will also work.
After you know what you like (Docker containers or an entire VM), I’d design what you want to do. Are you going to have a lot of people on your Jellyfin and Minecraft servers? how much RAM, CPU, Storage do they use?
Once you have that information, Look at prices, Do you want one big PC and will it do everything you want? If you need to buy several, maybe it’s better to get a bunch of small ones?
If it’s one big PC then you’re done. Get it, install Docker/VM and go.
If you want to play around or you need to get many PCs, do you want to cluster them so Minecraft server can move to a different PC if that PC fails? then do Swarm or K3s if you’re okay with docker.
If you need to do small PCs, maybe you install Docker normally on each and manage them separately.
In the end it’s totally up to you what you do. I use K8s :)
I’ve never actually used swarm so I could be wrong. However, I was under the impression that Docker swarm is a lot easier to use with a lot more examples for people to deploy their Containers.
With K8s/K3s I find myself translating a lot of docker examples into deployment yamls with Services, Network Policies, PVCs, secrets, etc, etc. It’s just a lot more lines in the .yml files. This also assumes you know that anything that you run in docker you can run in K8s with 1 replica and more is not ideal.
https://docs.docker.com/engine/swarm/
Yeah, so you have more than one PC and they will talk to each other and decide who hosts what.
For example, you host nextcloud and the cluster will decide (unless you tell it differently) it goes to PC1. Then you host Minecraft and the cluster will put it on PC2.
Now, PC2 dies, you unplug it, or generally something bad happens. The cluster will see that Minecraft isn’t running, PC2 is down, and start Minecraft on PC1. The best part, just keep adding cheap computers as you need more compute power. One container (Plex,emby,etc) can not run on two or more computers. If you need to transcoded then you’ll want one with a GPU or a more powerful CPU depending on how many people will use the service.
This all assumes you’re not using local data. Meaning if the Minecraft save and config files are on PC2 and it dies, starting it on PC1 will either not work or be 100% new. There’s other self hosted software to replicate the data to more than one computer or you can have a NAS of some sort.
It’s a bit more advanced but a lot of fun if you enjoy that kind of thing. It allows you to work on your stuff with minimal downtime. Of
I have 3 raspberry PIs, 4 various lenovo tiny PCs all in a kubernetes cluster and it seems I need more RAM than CPU. Storage is on a DIY NAS with 8*8TB disks in a raid 6.
I run bookstack, nextcloud, 2007scape, gitea, synapse, the *are stack, Plex, and a bunch of other things.
If I was just starting out I’d grab a used lenovo tiny or two, set up a docker cluster and play with that. There is software to replicate local storage across nodes that I’ve never touched but I’d try out a few of them also if you don’t want to use a NAS. Worst case, just use local storage and the containers will be locked to that host.
I think Proxmox let’s you run VMs and Containers too if you prefer that route.
There’s free domains too. I can’t recommend any but I know .tk should be free.
This… Is what I’ve wanted but never looked up if it was possible. Thank you. I’ve been manually renewing my cert for ages…
I double NAT. My ISP box gives off WiFi for consoles, guests, some IOT. UPNP is enabled and I generally don’t care what goes on there.
My FW is an OPNSense box and everything I do is behind that. I’ve opened ports, run Tailscale, etc and have had no problems at all. All it is is an extra device to open a NAT rule in if I want to open something up.
What makes you keep them separate?
Theoretically, USBC 3.1 has 10Gbit/s from what I’m reading so it sounds like you’re right. My concern is the chipset on the MoBo, how many lanes it has, and what it supports. I haven’t looked into it but I bet this is the limiting factor. Especially if you’re adding a lot of USB devices.
Yep, just an old PC that I moved into a case with hotswap hard drive bays. I also bought a LSI 9300-8i to support the hard drives.
I have a DIY NAS… Not sure of specs any more. Some micro-atx board with a cheaper AMD CPU. All it’s for is an NFS share and I use almost no resources on it.
I have a bunch of PI4 8GB and lenovo m92p tinys that I use for the compute. Their storage is the DIY NAS.
If I was starting out and planned on growing m’y setup, id go option 4. Just do an all in one thing, run everything on it. When you run out of ram/CPU consider a pi or mini like I have. When you need more disk, add it into the NAS.
If you just want something simple option 1. USB will 100% limit transfer speed but what kind of speed do you actually need? What will you run?
Its worth it. Super cool. However, it does need internet to work. It just gets around CGNAT and networks you don’t own (hospital, school, hotel, etc) so you can still access your stuff while you’re not at home.
Your router will get a public IP. For example 1.2.3.4. This is the port your ISP is plugged into. (Perhaps the WAN labeled port) this IP is what you want to access from a different network (cell data, friends house, etc). It’s important that you confirm the WAN IP on your router is a real public IP. Some providers actually give you a private (CGNAT) IP and its a huge pain in the ass. Going to what is my IP or whatever and compare it to your WAN IP on the router website is a good test. They should be the same. If they are, no matter where you are in the world you can access the wan side of your router. If not, tailscale is a good option.
The other port on a router has a private IP, for example 192.168.0.1. This could look 4+ ports but that’s basically just a switch and more or less the same thing.
Anyway, you have to tell your router, if you get something on the WAN port 1.2.3.4 to TCP port 80 you need to forward it to laptop IP 182.168.0.100 TCP port 80.
If this is successful, you need to make sure the laptop firewall allows access to TCP 80 from anywhere. If you can access the laptop website from your phone on WiFi then its pretty safe bet that its allowed from anywhere, unless you told it otherwise.
I like to test public access from on https://canyouseeme.org/
Edit: to add, this will only ever work if you’re at home. Each new network you connect to, you will need to access the router and do the exact same thing to provide access to your laptop. Not ideal, and impossible at something like a hotel or hospital. Overlay network give you a second virtual network that you plug a virtual cable into for all your devices, including phones. If you do this you can just use that second virtual IP to access your stuff no matter where you are.
If you want something publicly accessible (like google, etc) you will have to open a port on your router and point it to your laptop.
If you want something privately accessible (like your router website) then you do not need to touch your router but both devices (laptop and phone) will need to be on the same private network.
What is not possible is to take your laptop to a hotel somewhere, leave it on while you take your phone out in the city and access your laptop via the public internet. You would need access to the hotel router to allow it. I believe this is what you’re trying to do from your post above.
IF you want to do something like what I said. You’ll need an overlay network. It’s basically a virtual private network you can install on your devices. Personally I love tailscale(with headscale) but there are lots. Then you’ll be able to connect to your laptop in a hotel from your phone while you’re away.
I would start with a website that says hello world without SSL/HTTPS. Get this accessible from your phone on the same network, then decide what you want to do and take it one step at a time. SSL next? Public access? Tailscale access? The idea would be to do it all but one thing at a time.
This is what I’d do OP.
I’m a huge fan of the lenovo thinkcentre m92p tinys. Basically the same thing as the dells for ~$150CAD. 3 of them (plus a couple PIs) run my homelab with lots of room to grow.
I’ve read a lot of mixed reviews for Mikrotik. Does yours run hot at all?
The problem with all this, I’m not hosting much from my house so why upgrade? I have symmetrical 500Mbps and sure, 10G would be cool but for what? So my Linux ISO or Game download is super fast? Then I’ll need to get an NVME cache disk, or upgrade my storage raid to SSDs… Where does it end?
My little ~$250 CAD Netgate 1100 handles the 500 Mbps. That’s really all I need. I only ever hit the limit on Usenet anyway.
NOTHING that a typical home user would buy supports the full 1Gbps. At least, not from my research. This is what’s stopping me from 1Gbps internet. My ISP offers up to 8Gbps but my real world FW throughput is about 700Mbps. I’m not dropping thousands on enterprise hardware either. All that’s left for me is DIY If I want true 10GbE
Hang on, why not open the port to jellyfin to the internet?
I have a lifetime Plex pass so its not urgent but I have a containers running emby and jellyfin to check them out. When I decide which one I planned to open it up and give people logins.