• 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: June 29th, 2023

help-circle
  • My setup is this:

    1. cloudflare dns mapping my domain to an oracle cloud vm. 2)oracle always free tier, 1 core amd vm, with apache reverse proxy. I also have tailscale running on this machine. You have to setup the networking rules in the oci networking area, and setup ufw/iptables as well. So then jellyfin.whatever gets mapped to tailscale_ip:jellyfin_port at home.
    2. My server at home with tailscale as well so it has its own ip, but you can expose routes and use the same internal ip. Jellyfin server runs here. There is a dedicated user with appropriate access to my nas aswell.
    3. This server has a vm on it that runs prowlarr/sonarr/radarr/lidarr and qbittorrent. I have an airvpn account running here with a killswitch, and also qbittorent is only allowed to use the eddie interface. I port forwarded a dedicated port on the airvpn site and told qbittorrent to use that.

    So me, my partner, parnets, and friends when outside my network can go to jellyfin.domain.whatever and login to my jellyfin. No ports open to the internet except 80/443 on the reverse proxy, and no ips to remember. That will give you some things to google to get started to replicate a similar setup for your needs.


  • I came here to comment basically this. Except I did it last year and accidentally broke that system. Was trying to do the working directory and mistyped and did the root dir.

    For those that don’t know, so many elevated permissions commands fail if permissions are too open. And even ssh breaks because your certs and authorized_keys need to be only readable by you.

    I luckily was able to wipe and just restore an older image backup.