WYGIWYG

  • 0 Posts
  • 157 Comments
Joined 6 months ago
cake
Cake day: September 24th, 2024

help-circle


  • The DMZ is the right idea. But it’s the old way. You definitely want whatever is serving your website to be separated out from your house. You’re hosting should be on an isolated VLAN. The internet should only be able to talk to the server it needs to talk to, no other ports. That box should only be allowed to talk to what it absolutely must talk to and only on the ports that are required. You should run an independent firewall on each one of the boxes that are involved in the hosting with only the proper ports open.

    Giving up your private IP Will definitely give away your general location to everyone and your precise location to the authorities.

    I would highly recommend using cloudflare or one of the other funnel options. A lot of people don’t like cloud flare because they can capitalize on your traffic, The cloudflare also just won’t shut you down and sell you out like your ISP will at the first request, They don’t do shit about anything until there’s a warrant or a court filing. On the upside you don’t give out your private IP to anyone. You have DDOS protection, and a reasonable layer of anominity.

    You need to check daily to make sure all of your software is updated. We’re talking OS, middleware, plugins, application. Preferably via automation. All of the software and plugins you use for this type of hosting end up getting vulnerabilities.

    Security is especially difficult on forums. There’s lots of opportunities there for skilled people who are pissed off at what you or someone else is saying to get butthurt. People know exactly what you’re running, then they do some magic behind the scenes next thing you know there’s a bunch of admins you didn’t create.

    You don’t need to be hosting your own email but you are going to need an SMTP provider, most free services won’t let you masquerade the from address.


  • It’s your media you do what you want with it.

    Pick a busy movie with a bunch of stuff going on, and then pick a really dark movie.

    Try different encodings with each one of those. You’re playing a game of time versus quality. And you keep in mind, the electricity for those encodes isn’t free either.

    Try them with a fixed bit rate, try them with the two pass. If the fixed rate doesn’t look good try bumping the rate up. You’ll get a feel for it eventually.

    Back when I was hard up for disc, I made everything 1080p HEVC single pass constant rate. I don’t even remember exactly what the bit rate was but I would just encode everything and then watch a sample out of it. If one of them turned out bad I would reincode it with better settings.

    Dual pass will get you a little smaller and better output, But it takes forever, and you’re sitting there burning watts all night long.

    In the end you just need to fiddle with it, and weigh the output versus your resources.


  • Different people have different needs.

    If someone has a lot of time and not a lot of money re encoding video is a decent answer.

    I’ve been there and done that before.

    Replacing (or adding a 10TB USB to your ) single 2 tb drive isn’t a horrible idea. It’ll take you quite a while to go through that 10 tb. In the meantime you look toward getting an old case and some kind of modest motherboard and setting up an Unraid. It’s a journey, and unless you are made of cash you’re not going to get to your endpoint all in one jump.

    Unraid is budget friendly because you can add whatever size disc you want to do it, It supports a parity drive so you have some support against failure. The only truly difficult part is that the parity drive must be as big as the largest drive in the box.

    In the end only you can decide what works for you. If you want to re-encode your stuff, 2 pass is best. You are going to lose quality, that’s unavoidable, But if you’re watching it on a TV 12 ft away, You’re going to forget about any quality as soon as you get in grossed in anything you’re watching.






  • They don’t even have the excuse

    just for ref, I’m not downvoting you. They do offer some things that cost them dev/money/time. And some of those things are pain points on Jellyfin.

    They give you SSL and dynamic DNS style stuff behind the scenes. They give you a remote service that tells you if you’re remotely visible. They cache the tvdb and manage some subscriptions for EPG and do a pretty good job partnering with (and presumably caching) open subtitles.

    None of that makes up for their rug-pulling bullshit.

    You used to be able to download shit to your phone then become a local server so other people on your local network could watch off your device.

    You used to be able to run 3rd party plugins improving libraries and storing off youtube meta

    They’re scrapping watch together

    They’re scrapping free remote

    They’re spiraling the drain… But I won’t miss them, I’ll miss what they once were.










  • Non SSL behind your ingress proxy is acceptable professionally in most circumstances, assuming your network is properly segmented it’s not really a big deal.

    Self-signing and adding the CA is a bit of a pain in the ass and adds another unnecessary layer for failure in a home network.

    If it really grinds your gears you could issue yourself a real wild card cert from lets encrypt then at DNS names with that wild card on your local DNS server with internal IPs, but to auto renew it you’re going to have to do some pretty decent DNS work.

    To be honest I’ve scrapped most of my reverse proxies for a nice tailscale network. Less moving parts, encrypted end-to-end.