I would also add that you need to explain out-of-home steps, too.

I’m not an idiot but I didn’t go to school for compsci or similar and I don’t do it as a job. So frequently the instructions will go

• Get your IP address by entering this command
• Type your IP address in this line
• Now forward any chosen port to your proxy of choice and don’t forget to check your firewall settings!

My sibling in Eris, most people dont know any of those words.

I’m just being a silly billy it’s not directed at you.

It’s more like “ah if only there was a simple solution that could’ve been used.”

All images are hosted somewhere, I would consider an intern fresh out of college know how to correctly add an image to an email, or at least only be told once if somehow they had never seen this before.

yeah it uses this really neat semantic rendering programming language for serving structured documents across servers

It’s a bit tricky, but anyone with at least a Masters in CompSci should be able to parse some of it enough to get the gist. Bear in mind that the “source” is abbreviated to src, and “image” similarly. The rest is coding that gives the computer instructions, you’ll also need to replace FILENAME in the code with the actual filename. It goes like this

<img src="FILENAME" /> 

Let me know if I can explain it more clearly.

.top is cheap right now and much easier to make into a phrase

I mean it’s true here.

“oh you laughed at that joke despite the fact that the bridge followed the falling action instead of preceding the punch word? Amateurs shouldn’t be allowed to watch comedy.”

interrobang

…

writes banginterrogative symbol

it’s not just one thing though. For a non technical user, it’s nerve-wracking to worry that if you screw up the install, or download the wrong package, or configure the YAML wrong, or open the wrong port, or there’s a port conflict, or you forgot to update the software… now you’re potentially unprotected (even if that’s not the case - many will still worry).

Not to mention even if you - as I did - had to skill up to understand it, three months passes and you’re terrified to touch it because you’ve forgotten all the stuff you learned to set it up.

Same as how the majority of people don’t even change their own oil on their cars - even though it’s fairly easy.

that’s why I ctrl+shift+f5 for the extra powerful refresh

I use a pattern relative to the site name, with a different email address for every site also relative to the site name. The pattern means the password is always different but I always know that it is.

as an expat, it can be mixed though. If you rely on it for commuting and travel at rush hour, it’s just a different kind of hell.

hey Op - I went through the same journey as you recently.

I found the exact same guide you linked - but here’s what I found on my journey from knowing literally nothing to having it work.

firstly that guide is a bit outdated and very terse, in fact most of the guides have at least one thing that’s outdated and several things not explained

Here were my learning steps:

• getting confident with the Linux command line enough that “chmod” and “chown”, user:group, rm, nano, and other basic commands weren’t foreign to me

• getting confident enough with docker and docker compose that I understand what a container, image, compose file are and how to both manipulate them and exec commands inside them

• understanding the basics of what a VPN is and does so the terms proxy, reverse proxy, port forwarding, DNS aren’t alien to me

• understanding the basics of Linux file management including dotfiles, fstab, mounting, blkid, and as mentioned chmod and chown

none of this is particularly hard to grasp once you’ve grasped it but most guides you see and people you meet along the way will assume all of the above is second nature to you. at first I would pull my hair out seeing suggestions like “have you shelled into the container to curl your public IP?” like what the fuck does that even mean

I started with VPN as thats the important protective part. I paid for Mullvad because its fairly cheap and stuck with it all the way. First I used their GUI app and then later I switched to Tailscale and ran it as an exit node.

I also found guides like YAMS (Yet Another Media Server), dockSTARTer, Trash Guides and the Servarr wiki and would jump between them, Uninstalling, reinstalling, going down paths that didn’t work and formatting my raspberry pi and starting from scratch several times. It took me about 6 weeks to skill up to the point where I’m confident knowing about all the parts of my setup.

I’m happy to answer all the questions I can (bear in mind I knew nothing about this a few months ago, but my newbie perspective could help because I know what it’s like to not really know what half these terms mean)

PS:to specifically answer “what do these tools do”

• Ombi (optional) – allows other people (or yourself if you like) to select requests for things to download (tv shows and movies)
• qBittorrent - the torrent download client, takes a torrent from Prowlarr (see next point) and downloads it to your storage
• Unpackerr (optional) - if it happens to download as a rar or zip file, unzips it for you
• Prowlarr (replaces Jackett) – takes requests from Ombi (optional part) or Radarr/Sonarr/Lidarr (usually de rigeur) and uses trackers to find torrents. Trackers are services that take “I am looking for this movie” and turn it into “here is the torrent”. Prowlarr is where you manage the Trackers
• Radarr (movies), Sonarr (tv), Lidarr (music), Whisparr (porn), Mylar (comic books), and Readarr (books) are part Ombi (find me this movie) but when qBittorrent has finished downloading and Unpackerr has unzipped it, puts tv shows together into series/seasons, handles the meta data, organizes everything for you and talks to the other apps so your library isn’t just a /downloads/ folder full of random crap, also sometimes you’ll download episodes 1 and 2 from one source, 3 and 4 from another, Sonarr gives you a UI to group them all together.
• Jellyfin then let’s you watch these on your TV

The biggest high level challenge in any tech org is security and there’s no way you can convince me that ML can successfully counter these challenges

“oh but it will but it will!”

when

“in the future”

how long in the future

“When it can do it”

how will we know it can do it

“When it can do it”

cool.

it’s been a running internet joke for about 3 years now.

thank you that’s very kind - I have done so

how did you get started moving from public to private and what does your average workflow look like?

I just started with a handful of Public trackers and they do okay, but I’d like to do a bit better.

On the other hand I don’t want to have to invest a huge amount of effort buddying up to complete strangers just to get the latest episode of University Challenge.

wouldn’t the second pi have to be linked to the first?

I was trying to test to see how it worked inside and outside of docker.

I fucked something up and installed pihole and adguard at the same time both in a container and bare metal and received a massive load of error messages that after 2 hours of trying to unstick just formatted the SD card and started over. So then, installing and configuring ssh, fstab the external drive, set a static IP address on the pi took up all of my time so far.

Yes, I agree. Do you have any recommendations on courses / sites to look at?

yes - grew up in the 80s so witticisms like “4 bits is a nybble” are stuck in the brain.

Although it doesn’t seem relevant it’s actually pretty illuminating in what IP addresses are and do so thank you for that

that’s a helpful explanation of subnets thank you

In the paradigm of

111.222.3.4:5/22

if “3” is subnet and “5” is port - what are the names of “4”, “222”, “111”, and “22”?

And is there ever a 000.111.222.3.4:5/22 or another add on?

that’s a cool project, thank you for the suggestion

As more of an artist than a techie for the most part — if you have your medium or at least part of it — the more interesting thing about art is what you have to say about it.

As an example, if you want to draw a distinction and comparison between the age of discovery and the age of technology, you could use the hard drives as a canvas on which to paint a portrait of something like Robert Scott / Lawrence Oates, or Jacques Cousteau, or Armstrong and Aldrin etc.

On that last one - if you could tie the size of the drive in comparison to the size of the code used in the moon landing that might also be interesting.

Anyway, all that to say - art is a mix of medium and message

Traefik

I will look into this, thank you.

Check the error logs and see what’s wrong with it instead. How is it crashing? Did you check stdout and stderr (use docker attach or check the compose logs)?

“Crash” is the wrong word. The app is running, it says “Connected” for about 15-20 seconds, then it says “Internet blocked” for about 20 seconds, then it says “Reconnecting” for 30-90 seconds, repeat indefinitely.

Using the CLI for logging, it says something along the lines of “Timeout… Hyper time out”

You should look a bit into how the internet, DNS and IP addresses work on the public internet and private networks.

Do you have any recommendations on how to learn this?

Also, thank you for explaining that “configuring a domain name” is adding an A record. I’ve added TXT records and similar for Google analytics and I’ve added mail records to set up my own domain’s email before - but this is helpful, thanks.

yes, wlan vs eth, right? And then in some providers, tun for the vpn?

Thank you, this was really helpful.

I don’t know if I’ve configured the A records correctly - but someone else I was asking says that all this is against CloudFlare’s TOS so maybe I need to abandon CloudFlare completely.

The NGINX example will help when I start digging into that, thank you.

Yes, perhaps I over-simplified my gluetun example, I know it’s doing something in the container, but when I run the mullvad app it shows in green when it’s connected, and red when it’s not, and when the kill switch is engaged it shows “blocking internet” - how do I understand this same level of protection is active with a docker container? I think I read somewhere that I download something, then I docker pause gluetun and the download rate in qBittorrent should drop to near-zero to show it’s paused? Does that sound correct?

thank you so much for this considered reply. I’m just stepping out now, but will check in later to go through this in depth

ok. I would still like to learn this stuff, so hopefully someone can come in and answer some of the questions - but it seems like, then, the challenge is just gluetun for now.

Even if they are in separate rooms, they just have to be on the same network?

set of to see

  sudo set of "see" 

Command not found

I have an NVIDIA shield, but cf my other issues (now mostly fixed hopefully by EOD today) that connections in and out of the pi were either being blocked by VPN or totally exposed without VPN

it’s a raspberry pi running raspbian bookworm

what’s the difference between wireguard and mullvad. Is mullvad just another shell for wireguard?

Thank you - that is helpful.

So the Gluetun part is really only for if I want to get into my jellyfin when away from home?

Forgive my ignorance, but doesn’t the mullvad need to run through gluetun, or at least in its own docker container to be secure?

Or to put it another way, whats the benefit/cost of installing it via dpkg as opposed to running it in a container, as opposed to running it in in gluetun (in a container)?

i thought everything was supposed to run in a container if it’s touching the web

unfortunately I am now still stuck on step 1, (installing mullvad) see my issues here:

https://sh.itjust.works/comment/7983968

I appreciate the advice but I am disinclined to go “hm this setup doesn’t work, I should buy a totally different set up” - as then I’m sure I’ll just have a different set of problems and other money I spent is essentially wasted.

but I can’t just have one device connected to the VPN. I have to be able to tell it what to download (from a device) and then watch it (from a device)

edit: also, from your link there

“Did you adapt the rules to your setup (IP, port etc)? What if you add a counter to the rules? Can you see them trigger on incoming packets with nft list ruleset?”

No, I have not adapted and counted the rules to trigger on incoming packets with an nft list ruleset because I have no idea what that means

From the link inside that link

"the following rules should be applied.

table inet excludeTraffic { chain allowIncoming { type filter hook input priority -100; policy accept; tcp dport 2010 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; } chain allowOutgoing { type route hook output priority -100; policy accept; tcp sport 2010 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; } }"

no idea what any of this means, nor what to do with it, what to change, or where to put it.

I can’t be a complete idiot for thinking this seems overwhelmingly technical. Like surely you can’t believe you can show that to the average person on the street and they’d be like “ohhh just table inet exclude traffic! of course!”

and “exclude traffic” sounds like the opposite of what I want - which is to include my ssh traffic.

It is a little frustrating that you advised me to ask AI to tell me what to do, I posted the answer verbatim and you said it’s not necessary. Is that because you know the real answer but don’t want to tell me, because the AI is wrong, or something else?

the issue isn’t plex v jellyfin ease of use, its mullvad or privoxxy on gluetun through docker via compose …ease of use.