Why would you need an expensive switch for CF tunnels??

It bypasses the switch and forms a tunnel directly to the machine and you don’t need to change any configuration on the switch

Both options can expose any service as long as the machine has internet

first your questions

Is the tunnel solution appropriate for jellyfin?

Yes but also no. the tldr is It will work, but video streaming is against CloudFlare rules. I ran this way for about 2 years with Plex just for my own use, so for about 15 hours a week on 480p and I never got my service suspended, but I’ve heard stories of others getting suspended… So just know it’s a risk

I suppose it’s OK for vaultwarden as there isnt much data being transfered?

That’s a good use of tunnels

Would it be better to run nginx proxy manager for everything or can I run both of the solutions?

You can definitely run both solutions (tunnel points to npm, npm towards to all other services), and it saves you setting up tunnels for each service

Now for my 2 cents

As others have suggested, tailscale funnel is a valid option. A reverse proxy using a VPS is also a valid option. And as I pointed out, doing the CloudFlare tunnel is an option if you’re willing to accept the risk.

My current setup is using a free Oracle VPS with a small nginx docker container forwarding all port 80 and 443 traffic through a tailscale. On the other end is a nginx proxy manager docker container that points to all my services across the network. I have my CloudFlare details configured in nginx proxy manager to generate a wildcard SSL certificate that I apply to all my local services

Inside the network, I use adguard to redirect the domain to the local LAN IP of the nginx proxy manager server to avoid traffic going through the internet.

Then all you need to do is point the domain on CloudFlare dns to the Oracle server, and you’ll have several layers of separation between the internet and your local LAN , as well as SSL certs both internally and externally on any services you share

It might not be the most elegant setup, but I share my Plex server (as well as about 30 other things) with several other people and can handle multiple 1080p streams going through it without any issue and it’s been nice and stable for over a year without any issues

Ok but western Australia has everybody here beat

I have a machine rinse my kidneys 3 times a week… Today is not one of those days

Or black

The US isn’t the only country giving aid and weapons… other countries have provided extra stuff in the meantime

It’s definitely getting far worse lately. It used to only be in promotions but now I’m seeing it in updates too. In promotions it’s about 1 ad to every 2-3 emails now when it used to be 1-2 at the top and that’s it

Not sure this would entirely replace portainer for me since that manages multiple machines, but I am keen to play with this

And one of the main reasons they haven’t surpassed the US in military spending is because CCP controls the entire production there and don’t pay 600% markup on anything military

I can see hundreds of downloads and none are mine lol

It also thinks I’m in North America when I’m in Australia (currently no VPN to view it), which is the first site that put me outside the country

I’m from Australia and on disability pension. And yeah, I have 3 Linux boxes to play with haha

Yeah life tends to get in the way of hobbies like that… as for me, I started the Linux foundation certified systems administrator course recently but only got a little into before my health went down and a few other things, but hopefully can get back into it soon

How goes the new hobby?

Not only is it acceptable in “any way”, it’s the only acceptable way to handle it

Check out tubearchivist. Now has Plex plugin so can grab the videos from subscribed channels automatically

I get blocked with ublock origin but not with ublock lite

It’s not hard to setup a pi as a backup DNS on your local network, but how I’ve setup a few friends who have limited hardware is to have the primary DNS as the local adguard and the secondary DNS as adguards public adblock DNS

That way if the local falls over, you still get some as ad blocking from their public one. If your setup allows it, they also have a public doh and dot encrypted dns for a bit of privacy

Congrats on your new slippery slope haha

ike I fire up a docker image which plays music (if that’s even possible?) it has to have access to the disc, sound drivers, maybe interactive stuff etc on the host PC right?

So the main things you’ll want to read up on for that are mounts. Mounts will let you attach files and folders from the host computer into the docker container that it sees as if it’s inside the container.

A lot of docker apps will run a web host, so instead of accessing them like a normal application, you load up the website that’s located at the IP address, and the exposed port. Then just like running Netflix or anything, it already has access to local sound and video devices through that

This also means that you can open them up to other computers/devices on the home network… so your phone could load it up and play music or your windows PC could, and it’s all served from that docker container

If you’re interested in hosting media, you could look into Plex or jellyfin, they are media servers that can stream self hosted videos, music and photos over the network.

There’s a lot of other options that are more specific, and what’s right for everybody else might not be right for you so it’s worth playing around with various options

No worries, in terms of docker, if you want to see some of the more useful docker things along with explanation of how to get them running, check out https://noted.lol and https://mariushosting.com

Noted has a lot of writeups on various projects that are nearly entirely docker based. Marius focuses more on docker projects on Synology but for many of them you can go to the project home to get the generic docker instructions and just read his one for project descriptions and intially setup guides

Docker/kubernetes and VMS are similar in that they are all virtualisation but the similarity kinda end there. Love them or hate them, Each has its own important role in IT infrastructure.

First off, docker itself needs a host operating system to run. Secondly, Docker are containers. Each image is built on a cut down version of the operating system generally to perform one specific task or run one specific application. The environment is preconfigured to work exactly as intended so generally speaking, you don’t get the whole “but it works on my machine”

Kubernetes I’m not the most qualified to speak to, but pretty much someone said “ok docker is great but we want redundancy, scalability, etc” and made kubernetes.

A vm is a full virtual machine. You can give it virtual harddisks, virtual network cards, etc. You then install a full operating system on it, could be windows or Linux or whatever you need.

From there you can install docker if that’s what you want, or can install specific apps. This is the first difference, is if you install the app compared to a docker container, you need to make sure you have all the prerequisites met, all the correct compatibility, etc. It’s up to you to make sure your system is correct for the software.

Another major difference is docker containers are all seen on the network as coming from whatever the host machine’s IP is.

Whereas the network views each vm as it’s own device on the network, giving each it’s own IP (if using dhcp) and allowing things like vlans and things.

As for my setup, I have 3 VMs with docker servers, each with between 20-30 docker containers, 3 VMs running adguard DNS, 1 vm acting as a tailscale entry point, then a few application specific VMs. It’s handy just being able to fire up a blank Ubuntu instance to play with me software, and if anything goes wrong just delete the whole machine and start fresh.

Then for storage behind it all, I have a qnap ts453d with 4x 8tb drives.

Then outside my home, I have 2 X Oracle hosted VMs, one hosting about 22 websites and all the stuff they need, one acting as a tunnel into my home services since I’m behind a CGNAT, and then another physical server located in the local data centre running email for a few small businesses and myself