• 9 Posts
  • 73 Comments
Joined 1 year ago
cake
Cake day: June 17th, 2023

help-circle

  • Pete90@feddit.detoSelfhosted@lemmy.worldWhat's your server wattage?
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    5 months ago

    You most likely won’t utilize these speeds in a home lab, but I understand why you want them. I do too. I settled for 2.5GBit because that was a sweet spot in terms of speed, cost and power draw. In total, I idle at about 60W for following systems:

    • Lenovo M90q (i7 10700, 32GB, 3 x 1 TB SSD) running Proxmox, 15W idle
    • Custom NAS (Ryzen 2400G, 16GB, 4x12TB HDD)v running Truenas (30W idle)
    • Firewall (N5105, 8GB) running OPNsense (8W idle)
    • FritzBox 6660 Cable, which functions as a glorified access point, 10W idle

  • I’d be very careful to publicly host Jellyfin. Although not necessarily true, it basically advertises that you’re pirating content while also giving out your IP. Even if you rip your own media, this can still be illegal. Please be careful.

    Maybe you can put it behind some authentication or, even better, a VPN.















  • Let me know if you need any help with that. I’m still a beginner, but have used the last few months to learn about cyber security. It can be a daunting subject, but if you get the basics right, you’re probably good. I also hosted without a care for years and was never hacked, but it can/will happen. Here are some pointers!

    Get or use a firewall. Iptables, UFW and such are probably good enough. I myself use OPNsense. It can be integrated with Crowdsec, a popular intrusion prevention system. This can be quite a rabbit whole. In the end, you should be able to control who goes where in your network.

    Restrict ssh access or don’t allow it at all via internet. Close port 22 and use a VPN, if needed. Don’t allow root access via Ssh, use sudo. Use keys and passphrase login for best security.

    Update your stuff regularly. Weekly or bi-weekly, if you can.

    Use two factor authentication, where possible. It can be a bit annoying, but improves things dramatically. Long passwords help to, I use random-word-other-word combinations.

    If you haven’t, think of a backup strategy. 3 redundant copys on 2 media, one off site.




  • I did what you suggested and reduced (1) the number of running services to a minimum and (2) the networks traefik is a member of to a minmum. It didn’t change a thing. Then I opened a private browser window and saw much faster loading times. Great. I then set everything back and refreshed the private browser window: still fast. Okay. Guess it’s not Traefik after all. The final nail in the coffin for my theory: I uses two traefik instances. Homepage still loads its widgets left to right, top to bottom (the order from the yaml file). The order doesn’t correspond to the instances, it’s more or less random. So I’m assuming the slowdown has something to do with (a) either caching from traefik or (b) the way Homepage handels the API request: http://IP:PORT (fast) or https://subdomain.domain.de. Anyway, thanks for your help!


  • Thank you so much for your thorough answer, this is very much a topic that needs some reading/watching for me. I’ve checked and I already use all of those headers. So in the end, from a security standpoint, not even having port 80 open would be best. Then, no one could connect unencrypted. I’ll just have to drill into my family to just use HTTPS if they have any problems.

    It was interesting to see, how the hole process between browser and server works, thanks for clearing that up for me!