Please can someone show off how smart and sexy they are by answering these questions. I don’t mind if you just link me to a video or guide explaining it (like I’m 5?) instead of typing it out - but please don’t just send me stuff that says something like “To forward to ports correctly, simply forward the correct ports - but be sure to reverse-p the goeanity-2.0 exposed server flange via qPack*7_bingb (IMPORTANT put 1=2 in /conf!!!)” - which is what all the help documents read like to me right now.
Here’s what I think I know, but I have probably got wrong, and would be delighted if you could not only tell me how wrong I am but what is the right answer instead:
-> I have a raspberry pi 4 running raspbian/debian bookworm, all software up to date.
-> I have installed docker and docker compose. Docker lets you run apps/programs in separate little cages so if they crash or do something insecure they don’t crash or expose the whole computer (the Raspberry Pi), the operating system (Raspbian), or the other apps running in other containers. Docker compose allows you to fine-tune the settings of these apps from outside the container by changing a text file. Each docker container, controlled by a compose yml has a port, e.g. Jellyfin’s is :8096
-> I can set up and configure radarr sonarr qbittorrent to download movies, for this I need a VPN. I paid for and installed mullvad (app) but it crashes a lot (for over a minute every 20 seconds), so it looks like I need to configure something like gluetun to do it instead. For this reason I want to stick with mullvad as I paid for it, gluetun is really confusing.
-> However, downloading is only half the battle - assuming I can get a VPN to work without crashing every 20 seconds so it takes less than 5 hours to download a single movie in 1080p(!!!) - I can only watch stuff by plugging an HDMI cable into my raspberrypi and a monitor and using a mouse and keyboard to navigate to the UI and click “play”
-> If I want to watch them on my TV I need to connect something to my TV that talks to the raspberry pi, so I have an NVIDIA shield with Jellyfin installed on it - but in order for the NVIDIA-Jellyfin to connect to the RaspberryPi-Jellyfin it needs to go through the internet (if this is not the case, how does one point the NVIDIA-Jellyfin at the Raspberry Pi jellyfin?)
-> Because it’s going through the internet I need to hide my activities from prying eyes, and because it’s on the internet it will have a web address (I bought the cheapest domain for a few bucks on namecheap), so a proxy and reverse proxy are neccessary to hide my activity on my end (proxy) and the activity on the internet (reverse proxy) from said prying eyes while allowing me to watch my stuff in peace.
-> I can set up my domain to point to Jellyfin, this means I configure mysubdomain.mydomain.com to point to Cloudflare on the internet. Then I set up Cloudflare to point to NGINX on my raspberry pi. But I really don’t know what this entails or how to do it. I changed my nameservers to Cloudflare’s on namecheap and that’s where I stopped because I didn’t understand any further.
-> So, in practical terms, I’m on my sofa and I want to watch a movie in my Jellyfin on my raspberry pi, I open the NIVIDA sheild, I open the jellyfin app and I tell the jellyfin app to go to mysubdomain.mydomain.com
-> I think I’m correct in saying that mysubdomain.mydomain.com is actually an IP address and a public port, so something like 123.456.7.8:443, then Cloudflare - which is the reverse proxy - gets involved (somehow? how?) to say “ah, 123.456.7.8:443, you obviously want to go to funkless.raspberry.pi:NGINX (or rather something like 987.654.3.2:443)” and then NGINX - which is the proxy-proxy, not a reverse-proxy - goes (somehow? how?) “ah, 987.654.3.2:443, you obviously want to go to 987.654.3.2:8096 which is jellyfin”)
-> At some point in that last step SSL certificate(s?) need to be issued and used on Cloudflare and/or NGINX - but I don’t know how or why - and/or a public and private key
Here’s where the questions start:
If your reaction is “Asking how how to set up port forwarding from Cloudflare to NGINX is a cowardly question - just figure it out!” Please could you at least link me to something that will help me figure it out if all those words just look like gibberish to me?
Thank you so much for your help and time in advance.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Exactly. Doesn’t matter if they’re wired or wifi, or where they are, as long as they’re on the same network you’re fine.
Whether a device is wired or on wifi matters on some routers, because some routers have wifi and wired devices on different subnets by default. It’s unlikely, so I wouldn’t worry, unless you notice accessing it only works wired.
@CalicoJack@lemmy.dbzer0.com
yes, wlan vs eth, right? And then in some providers, tun for the vpn?
Those are usually the prefixes for interfaces which are not quite the same thing as networks. An interface is the surface that connects some device to a network. For example if your router treats its WLAN and its wired network as a single network (i.e. each thing on WLAN can see everything on wired and vice versa) then a specific device might still have a wlan1 and eth1 interface, each one reaching the respective physical network device, while being in the same network.
“One network” here really only means “something can successfully route between all the devices”.
wlan and eth are network adapters in your raspberry Pi probably. Not subnets. Subnet is a range of IP addresses the router can use to give out IP addresses to devices. Basically, let’s assume that the router/the local network has only one subnet 192.168.1.0/24. This number means, the router can give out IP addresses from 192.168.1.0 to 192.168.1.254. If the router had two subnets, let’s say A: 192.168.1.0/24 B: 192.168.2.0/24 device on subnet A, would be able to talk to the device on subnet B.
Either way, in my opinion you’re overcomplicating things a lot for yourself. If you only wish to watch from home, on your couch, you don’t need reverse proxies, cloudflare and all that jazz. Docker and raspberry pi is enough. I can walk you through it if you want :)
that’s a helpful explanation of subnets thank you
In the paradigm of
111.222.3.4:5/22
if “3” is subnet and “5” is port - what are the names of “4”, “222”, “111”, and “22”?
And is there ever a 000.111.222.3.4:5/22 or another add on?
Oh boy we’re going deep I guess haha.
So an IP address is divided into four section separated by dots. 123.123.123.123. Each of those section can go from 0 to 255, so 0.0.0.0 to 255.255.255.255. Why this number? There is 256 numbers from 0 to 255, and 256 is the biggest number you can make out of 8 bits. (If you’re interested in binary, please look it up, this is already long haha) If every number between the . can be made out of 8 bits that means the whole IP address is 32 bits. It’s 32 bits cos that’s what was convenient when it was decided basically. Makes sense?
Now, the subnets. Each network can be divided into sub networks or subnets. Subnets fall into 5 classes: ABCDE. D and E aren’t used as much so I don’t know much about them.
Class A: Subnet mask is 255.0.0.0 Class B: Subnet mask is 255.255.0.0 Class C: Subnet mask is 255.255.255.0
A subnet mask determines how many bits are reserved for the network, and how many bits are used for hosts (devices). Basically, each IP address is divided into a network part and a host part. Network part is used for identifying networks and how many you can make, while host part is used for identifying hosts/devices like your phone or PC or whatever and how many can be connected.
In class A, with 255.0.0.0, the first number is reserved for the network, and the other 3 for the devices for example.
In class A you have a small amount of possible subnets but a big number of devices, and the opposite in class C.
The 24 after the slash is just a different way of saying 255.255.255.0, called CIDR notation. 255.0.0.0 is /8 and 255.255.255.0 is /16.
So depending on the subnet class, what the numbers mean differs. Well except the port and CIDR subnet mask.
All in all, all you need to know is that your router most likely has one subnet lol
yes - grew up in the 80s so witticisms like “4 bits is a nybble” are stuck in the brain.
Although it doesn’t seem relevant it’s actually pretty illuminating in what IP addresses are and do so thank you for that
You’re welcome! Did you manage to set up arr apps? :)
I fucked something up and installed pihole and adguard at the same time both in a container and bare metal and received a massive load of error messages that after 2 hours of trying to unstick just formatted the SD card and started over. So then, installing and configuring ssh, fstab the external drive, set a static IP address on the pi took up all of my time so far.
ok. I would still like to learn this stuff, so hopefully someone can come in and answer some of the questions - but it seems like, then, the challenge is just gluetun for now.
So just an FYI Mullvad isn’t a good option for torrenting anymore as they removed port forwarding from their service. You need port forwarding in order to seed files to others in most cases. I switched to AirVPN after Mullvad removed this option and have been satisfied.