eddie

joined 1 year ago
[–] eddie@fig.systems 1 points 1 year ago

You know I think you’re right. I might be grandfathered into an old plan. I’ve been using mailgun for over 3 years

[–] eddie@fig.systems 2 points 1 year ago* (last edited 1 year ago) (1 children)

I'd make sure you're forwarding http (port 80) to that same internal host too. I'm assuming thats your jellyfin server. Your browser might not be appending https to your domain and connecting to your router port 80. You can test this by going to both https:// and http://.

On your local network, does going to https://192.168.1.4 present you with what you actually want?

[–] eddie@fig.systems 4 points 1 year ago (2 children)

I'm using mailgun and have had zero issues with it. Hard to beat since it's free.

[–] eddie@fig.systems 3 points 1 year ago (3 children)

If vising jellyfin.mydomain.com presents you with your routers config that means you don't have port forwarding working correctly for ports 443. You should google your router's name + "port forwarding".

[–] eddie@fig.systems 2 points 1 year ago (1 children)

If you're a beginner or just for most use cases, using cloudflare with proxied dns records along with Nginx Proxy Manager will provide a good amount of coverage for your homelab.

[–] eddie@fig.systems 3 points 1 year ago

That's where nginx security options and other tools like fail2ban come into play. I could've mentioned it better in my first sentence but a reverse proxy gives the capability to make it more secure than any options jellyfin will give you.

I'd rather put nginx with modsecurity in front of jellyfin than not.

[–] eddie@fig.systems 2 points 1 year ago (5 children)

So the reason you'd want a reverse proxy is because it handles security and would do a much better job of it than an exposed jellyfin port.

Public FQDN -> your home IP -> your router allows 443/whatever to your reverse proxy -> it handles SSL and being hit by the internet (look into nginx security and even fail2ban) -> proxy serves up whatever insecure site/app you'd like.

[–] eddie@fig.systems 1 points 1 year ago

We solved this with a local service account that has sudo permissions. You can try become_user and become just on the task as needed.

become_user

set to user with desired privileges — the user you become, NOT the user you login as. Does NOT imply become: true, to allow it to be set at host level. Default value is root.

[–] eddie@fig.systems 2 points 1 year ago

This is all spot on advice. The motherboard and case manual should be open and nearby as you build the pc.