You don’t have a mini generator in your home lab XD.

Xdg. Its the only attempted standard for where to put things. Persistent data in ~/.config/docker/service. Others in similar directories under ~/.local/share, ~/.cache, etx.

What security holes? I think the bigger problem here is relying on a media platform to also maintain security protocols. Use authelia or plug some other well maintained and hardened security mechanism on top of jellyfin. Then put it in front of everything else like the arrs, etc. Its weird to me to just setup jellyfin, make it Internet facing, and believing everything is just gonna be safe and secure with no issue. Frankly id prefer if all these services came without security. Its a royal pain to bypass it for localhost or proxying with something like authelia.

I’ve never had this issue but I run basically everything through docker and presumably it bundles this by default.

I would recommend just using caddy. It removes the complicated part of ssl management. For a local network it’ll setup a local self signed certificate authority and you can just install those certificates to any devices on your LAN that you want to have access. For a public setup it’ll use letsencrypt. You will still need to setup dns if you want wildcard routing.

Ddns-updater and porkbun.

OMG this is pure gold.

I funnily had the same use case. Two different jellyfin servers for complete separation. Both routing through gluetun. The reason this doesn’t work is because the network mode setting you have basically makes all three containers operate in the same network. Meaning if one binds a port the others can no longer bind the same port. Their different hosts but all sharing one network and port range. To expose the ports you can move that ports setting from C1/C2 to the gluetun service definition. This’ll still work because when C1 binds to 1234 it’ll be reachable through the gluetun service.

Note: as mentioned if C1 and C2 cannot use the same port if you also want to have service gluetun set. More likely than not you start C1, it binds to the port, start C2, it tries and fails to bind to the port and crashes. I fixed this by making one of my jellyfin containers use a separate port. If you can’t configure the ports of your services then there’s no real recourse FWIU.

If you want a richer login authelia + caddy is good.

I use docker so don’t really have to worry about reproducibility of the Services or configurations. Docker will fetch the right services and versions. I’ve documented the core configurations so I can set them back up relatively easily. Anything custom I haven’t documented I’ll just have to remember or find I need to reset up.

In general yes. You can think of each container in a docker network as a host and docker makes these hosts discoverable to each other. Docker also supports some other network types that may not follow this concept if you configure them as such (for example if you force all containers to use the same networking stack as one container (I do this with gluetun so I can run everything in a vpn) all services will be reachable only from the gluetun host instead of individual service hosts).

Furthermore services in a container are not exposed outside of it by default. You must explicitly state when a port in a container is reachable by your host (the ports: option).

But getting back to the question at hand, what you’re looking for is a reverse proxy. It’s a program that accepts requests from multiple requested and forwards them somewhere else. So you connect to the proxy and it can tell based on how you connect (the url) whether to send the request to sonarr or radarr. http://sonarr.localhost and http://radarr.localhost will both route to your proxy and the proxy will pass them to the respective services based on how you configure it. For this you can use nginx, but I’d recommend caddy as it’s what I’m using and it makes setting up things like this such a breeze.

That’s not helpful, these are developers… even if you think those lines are useless they can inform the code-path the devs need to trace through or help them understand why you’re facing this issue.

I disagree with this almost on principle. GitHub was a mistake. We don’t need these large, bloated, isolated forges that are just going to be acquired and converted into social networks. Forgejo> is the future. Any new forge not even trying to support federation and independent hosting out of the box is dead in the water to me. You wanna build a github style accessible platform above forgejo go right ahead, the thing github did best was make all of this accessible.

I find that claim so dubious. Like they list running on the smallest VMs as a feature but give no specific requirements for hosting or running the service. This whole article reads like buzzword salad. I question if the creators even know what a git forge is.

Its not a fronted, you don’t purely commit and manage code from github. It’s a platform for hosting git repositories that supports integration with CI/CD tools. At its heart git is simple (enough), it’s a version control software. Github is a Web platform that hosts projects version controlled with git and adds in features like pull requests and reviews or github actions for building/linting your project.

I thought you were being overly pedantic but my god, they keep repeating the point. They seem to have no idea what the difference between a platform hosting code repositories and an individual repository is or even what version control software is. What the bloody hell is this.

I have the utmost respect and appreciation for mullvad but I don’t need a vpn without port forwarding so I cancelled my sub. They are still objectively the vest vpn, this is the only sticking point.

I thought unverified content was removed because of rampant unchecked abuse. Ah, maybe it was that that spurned the companies to make pornhub remove it.