Thanks for the suggestion. I followed that and it didn’t solve the problem sadly.

I might have to switch, as much as I like the simplicity of Caddy, I keep running into issues like this unfortunately.

Do you know of a way to have a global caddy setting to only allow Cloudflare IPs, but “exempt” Jellyfin?

(I posted my caddy cloudflare section down below which only works as a global setting)

I have followed that guide which let me to a few GitHub issues.

Here is what I have put in my config:

servers {
        trusted_proxies cloudflare {
                        interval 12h
                        timeout 15s
                }
        trusted_proxies static private_ranges
        client_ip_headers Cf-Connecting-Ip X-Forwarded-For
        }
}

I have also added all Cloudflare IPs in Jellyfin’s known proxies:

103.21.244.0/22, 103.22.200.0/22, 103.31.4.0/22, 104.16.0.0/13, 104.24.0.0/14, 108.162.192.0/18, 131.0.72.0/22, 141.101.64.0/18, 162.158.0.0/15, 172.64.0.0/13, 173.245.48.0/20, 188.114.96.0/20, 190.93.240.0/20, 197.234.240.0/22, 198.41.128.0/17

Yet, I’m still not seeing the real IPs.

That led me in the right direction!

Fixed it with:

pvresize /dev/sda3

lvresize --extents +100%FREE --resizefs /dev/pve/data

Thank you!

Would you know how I would go about doing that?

I’ll give that a shot with gparted on the weekend if all else fails. Thanks!

They had a server breach and didn’t tell anyone until a few years after the fact.

Anyone know how to get a self-hosted synapse server updated to support all this?

Yah if all you want is for your server to get internet and have it accessible on your LAN, one port is all you need.

Unless you’re planning on virtualizing your router on the server (think OPNsense VM or something) then really only one ethernet port is required. Otherwise the sky is the limit. For example, mine has a 1 Gbps port, a 2.5gbps port, and two 10 Gbps ports.

Depends on what you want/need and whether you want to future proof I guess.

I would love a torrent leech account! I’m a power user with great upload ratios on public trackers and have yet to be able to get into a private one!

PiHole can’t specify specific ports for each cname, which is what you need a reverse proxy for.

Typically, you create all of your cnames in pihole and direct them to your reverse proxy server IP. From your reverse proxy of choice, you specify each url to the specific ip:port of your service.

This looks very promising. Going to give this a shot and I’ll let you know if it works! Thanks

I didn’t have much luck following trash guides unfortunately, as none of the examples quite fit what I was trying to do. Great resource though!

You will need to run a reverse proxy on one of your VMs ( I use Caddy, it’s very simple), and forward port 80/443 to your reverse proxy.

Within your reverse proxy, you can tell it what port corresponds to which address and it will send you to the right service.

This is obviously an oversimplified answer, but there are many Caddy guides and I can help you with any specific questions.

Try using the local IP of the machine instead of localhost.

No worries.

To make your life easier you will want to pass the same “volume” to each of your containers so that they are all able to interact with the files the same way. For instance, if your movies are in /home/username/media/movies then make a volume for radarr, you can name it anything but for this example I’ll use data, like so in docker:

/home/username/media:/data

Then inside radarr you can make your path inside.media management, root folders:

/data/movies

It works the same way for your downloads, just make sure your downloads go somewhere in the media folder, eg. /home/username/media/downloads. Then for your download client, use /home/username/media:/data in docker and inside the client download to /data/downloads.

Hope that makes sense

I can try and help, I have a lot of experience with the arr’s, however I have no experience with the 423+ NAS. What OS are you running?