What’s your go too (secure) method for casting over the internet with a Jellyfin server.

I’m wondering what to use and I’m pretty beginner at this

Hello,

as you may can guess i am here because i need some help because i want to self host some stuff and i am pretty new to this stuff. I did a loto f research and i came up with a lot of stuff. I will present you my thoughts and maybe some people here can tell me if i am good or not.

First the Hardware.

I did a lot of research and came up with a HP Elitedesk 800 G5 Mini as my home server.

It can hold 2x NVME SSD and 1xSata SSD. It has an Intel 5 9500T and is upgradeable to 64gb of Ram.

I can get one from ebay used for maybe 150-170€. Then i need to upgrade the ram because it comes with 8gb only. I thought maybee upgrade it to 32gb for now. And buy 2 nvme ssds both 2tb dont know which brand is cheap and good there. The sata ssd could be my operating system i have 1 with 120 gb at home hope this is enough.

The NVME SSDs are 1 for storage of mainly photos videos and maybe a small audio collection. The other is to make a backup of all this. (Mirrored)

Second Operating System

I know there area lot of things out there and i know people can recommend a lot of stuff but …. I wanna keep it as simple as possible for my first homeserver ... also i dont ´have too Much time with an 2 year old child. So my thoughts were using Ubuntu server with docker and portainer. Just that.

Third My apps and Stuff.

So mainly i wanted to run the following Applications on that.

-            Immich

-            Homeassisstant

-            Joplin

-            Audiobookshelf

-            Calibre Ereader

-            CalDav App for a Calender Sync with MY Phone and MY wife

-            Pi hole

-            Vaultwarden

-            And Homarr as a Dashboard for all of this.

Fourth Using all this from my phone

Thats the only part where i didnt have time to do some research how i use all off that safly from my phone.

I guess i need some kind of VPN for a secure use?

I hope that part is easy.

Son ow i shared all off my initial researches and thoughts. I hope i wrote not to much mistakes.

And i hope you guys can help me out a little.

Greetings

Here's the link to the docker docs

Today I can share a major development status update of XPipe, a connection hub that allows you to access your entire server infrastructure from your local desktop. It can make your life easier when working with any kind of servers by eliminating all the commonly tedious tasks that come up when interacting with remote systems, either from the terminal or from a graphical interface. XPipe comes with integrations for SSH, docker and other containers, various hypervisors, and more without requiring setup on your remote systems. You can also keep using your favourite text/code editors, terminals, password managers, shells, command-line tools, and more with it.

Docker compose

This release introduces support for docker compose. Containers in compose projects are grouped together and can be managed all at the same time via compose project entries.

The container state information shown is also improved, always showing the container state in combination with the system information.

Batch mode

There is now a batch mode available that allows you to select multiple systems via checkboxes and perform actions for the entire batch. This can include starting/stopping, automatically adding available subconnections, or running scripts on all selected systems.

You can toggle the batch mode in the top left corner.

Password managers

The password manager integrations have been upgraded:

• There is now support for KeePassXC
• All password manager integrations have been reworked to work out of the box without configuration
• There is now support to use password manager SSH agents more easily
• You can now unlock the xpipe vault with your password manager

Terminals

The terminal integration comes with many new features:

• There is now built-in support for the terminal multiplexers tmux, zellij, and screen. This is especially useful for terminals without tabbing support.
• There is also now built-in support for custom prompts with starship, oh-my-posh, and oh-my-zsh.
• On Windows, you now have the ability to use a WSL distribution as the terminal environment, allowing you to use the new terminal multiplexer integration seamlessly on Windows systems as well.

SSH

Various improvements were made to the SSH implementation:

• The SSH gateway implementation has been reworked so that you can now use local SSH keys and other identities for connections with gateways
• The VSCode SSH remote integration has been reworked to allow more connections it to be opened in vscode. It now supports essentially all simple SSH connections, custom SSH connections, SSH config connections, and VM SSH connections. This support includes gateways
• There is now built-in support to refresh an SSO openpubkey with the opkssh tool when needed
• There is now the option to enable verbose ssh output to diagnose connection issues better
• For VMs, you can now choose to not use the hypervisor host as SSH gateway and instead directly connect to the VM IP

Other

• Connection names, e.g. VM names, will now automatically update on refresh when they were changed
• You can now launch custom scripts within XPipe with a command output dialog window without having to open a terminal
• Various installation types like the linux apt/rpm repository and homebrew installations now support automatic updates as well
• The k8s integration will now automatically add all namespaces for the current context when searching for connections
• The application window will now hide any unnecessary sidebars when being resized to a small width. This makes it much easier to use XPipe in a tiling window arrangement
• The webtop has been updated to have terminal multiplexers, proper konsole tab support, disabled kwallet, and more
• Various error messages and connection creation dialogs now contain a help link to the documentation sections

A note on the open-source model

Since it has come up a few times, in addition to the note in the git repository, I would like to clarify that XPipe is not fully FOSS software. The core that you can find on GitHub is Apache 2.0 licensed, but the distribution you download ships with closed-source extensions. There's also a licensing system in place with limitations on what kind of systems you can connect to in the community edition as I am trying to make a living out of this. I understand that this is a deal-breaker for some, so I wanted to give a heads-up.

Outlook

If this project sounds interesting to you, you can check it out on GitHub, visit the Website, or check out the Docs for more information.

Enjoy!

Hey all. I'm starting to plan out how to build a home camera system. For now I just want to use it to keep an eye on the dogs while I'm out of the house, so all of it indoors and with audio, but with plans to expand in the future. My one hard requirement is that the camera themselves are only communicating locally and the streams are accessible outside my network in a secure manner.

I already have a server running some docker containers, including a reverse proxy*, with a GPU (Arc B580) installed for other video streaming. I also got a Google Coral on its way for future camera detection funs. Would the B580 be able to cope with say 2-4 camera streams (of say 1080p quality) and streaming a 4k HDR movie? This support page says it might be possible, but could stretch the limits a bit.

My imagined setup is PoE IP cameras with RTSP streaming to my home server running Frigate (I'm open to suggestions) with some Home Assistant on the side.

For cameras I've seen Dahua and Hikvision recommended. Do they all have/is RTSP a common feature on IP cameras? As none of the cameras I've looked at on Dahua's website has explicitly said they support it.

I've been thinking about installing a separate network card on the server as well just for the cameras. But this might be a bit over-kill, and might be enough to block them on the router? But I image I will need a special switch for PoE either way.

Outside of buying cameras, switch, and cables and then configuring it all, are there any big ticket items I've missed? Or is my set up kinda meek and a separate server for the video streams is recommended?

• I know a reverse proxy isn't typically as safe as a VPN tunnel, but it's a balance with easy of use.

Hi!

I have a subsonic instance running but I rarely listen to Albums. Stuff I really like are DJ performances like by the channel The Moment.

So I thought: why not download and self-host them before Google makes Youtube sign-in only, (like Elon and Facebook did).

That stuff is probably quite hard to organize. But the type of music simply breaks the common services, like Jellyfin, or Subsonic.

I know of funkwhale. But I'd like to keep the contents private. I just wanna listen to music at work (so being open to the web is a plus). I thought funkwhale is a bit too... "social" for me. I'm a (re)uploader, not creator.

You got any ideas? Maybe a youtube-cloner with audio-only support? (I know how to download videos already)

Edit: Of course, I'd download the sets legally, e.g. from their patreon discord, or whatever. ;)

Also: I know that restricting it to my VPN would be ideal for security and legality reasons. But that's a bit inconvenient. And I want to check my options.

I've just re-discovered ollama and it's come on a long way and has reduced the very difficult task of locally hosting your own LLM (and getting it running on a GPU) to simply installing a deb! It also works for Windows and Mac, so can help everyone.

I'd like to see Lemmy become useful for specific technical sub branches instead of trying to find the best existing community which can be subjective making information difficult to find, so I created [email protected] for everyone to discuss, ask questions, and help each other out with ollama!

So, please, join, subscribe and feel free to post, ask questions, post tips / projects, and help out where you can!

Thanks!

I made this website to improve the experience of shopping for drives on https://serverpartdeals.com/ as I find their interface not very helpful.

If there are any additional features or changes you want to make feel free to open a pull request https://github.com/Ykrej/ServerPartDealsTable

EDIT: critiques on my code also welcomed, this is my first time writing Svelte.

Evening y’all

I’ll try to keep it brief, I need to move my reverse proxy (traefik) to another machine and I’m opting to utilize Docker Swarm for the first time this way I’m not exposing a bunch of ports on my main server over my network, so ideally I’d like to have almost everything listening on local host while traefik does it’s thing in the background

Now I gotta ask, is Docker Swarm the best way to go about this? I know very little about Kubernetes and from what I’ve read/watched it seems like Swarm was designed for this very purpose however, I could be entirely wrong here.

What are some key changes that differ typical Compose files from Swarm?

Snippet of my current compose file:

services:
  homepage:
    image: ghcr.io/gethomepage/homepage
    hostname: homepage
    container_name: homepage
    networks:
      main:
        ipv4_address: 172.18.0.2
    environment:
      PUID: 0 # optional, your user id
      PGID: 0 # optional, your group id
      HOMEPAGE_ALLOWED_HOSTS: MY.DOMAIN,*
    ports:
      - '127.0.0.1:80:3000'
    volumes:
      - ./config/homepage:/app/config # Make sure your local config directory exists
      - /var/run/docker.sock:/var/run/docker.sock #:ro # optional, for docker integrations
      - /home/user/Pictures:/app/public/icons
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.homepage.rule=Host(`MY.DOMAIN`)"
      - "traefik.http.routers.homepage.entrypoints=https"
      - "traefik.http.routers.homepage.tls=true"
      - "traefik.http.services.homepage.loadbalancer.server.port=3000"
      - "traefik.http.routers.homepage.middlewares=fail2ban@file"
  traefik:
    image: traefik:v3.2
    container_name: traefik
    hostname: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      main:
        ipv4_address: 172.18.0.26
    ports:
      # Listen on port 80, default for HTTP, necessary to redirect to HTTPS
      - target: 80
        published: 55262
        mode: host
      # Listen on port 443, default for HTTPS
      - target: 443
        published: 57442
        mode: host
    environment:
      CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token # note using _FILE for docker secrets
      # CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN} # if using .env
      TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
    secrets:
      - cf_api_token
    env_file: .env # use .env
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./config/traefik/traefik.yml:/traefik.yml:ro
      - ./config/traefik/acme.json:/acme.json
      # - ./opt:/opt
      #- ./config/traefik/config.yml:/config.yml:ro
      - ./config/traefik/custom-yml:/custom
      # - ./config/traefik/homebridge.yml:/homebridge.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.MY.DOMAIN`)"
      #- "traefik.http.middlewares.traefik-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.0/24, 208.118.140.130, 172.18.0.0/16"
      #- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.MY.DOMAIN`)"
      #- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=MY.DOMAIN"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.MY.DOMAIN"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "traefik.http.routers.traefik.middlewares=fail2ban@file"

networks:
  main:
    external: true
    ipam:
     config:
       - subnet: 172.18.0.0/16
         gateway: 172.18.0.1

I censored out my actual domain with MY.DOMAIN so if that confuses people i apologize.

What (lightweight) solution are you using for network monitoring? Routers, switches, AP's fw's.

I'm looking for some kind of File Drop / File Upload service.

I'd like to be able to create a folder, and create a share / upload link for that folder that I can give to a customer to use to upload their documents.

I've been using nextcloud but I don't use nextcloud for any other purpose and it's a behemoth so I'd like to transition to something else.

Some of these requirements are essential (!):

• no login for customers uploading (!)
• optional password protection for uploads
• can't see / download files already present in the shared folder

Hey,

I'm using Joplin (a Markdown note taking app) and think about migrating to Logseq because of multiple reasons.

The main problems I have not yet solved:

1. OSS-Syncing Logseq notes between Desktop OS and Android. Logseq does not have an OSS selfhostable sync-server like Joplin has...
2. Making sure to transform my stuff, so that Logseq can work with it. Yes, it's both Markdown, but especially images and how Joplin handles them seem to be a problem for this migration.

What are your experiences? Have you ever switched between 2 Markdown note taking apps?

• Which ones?
• How well went it?

Is it maybe even possible to use app 1 and a Desktop OS and a totally different app on Android simultaneously on the same data? The common standard is Markdown...

Hi c/selfhosted,

I just released wanderer v0.17.0, which brings full federation support to the project.

E.g.: https://lemmy.world/u/[email protected]

For anyone new to it: wanderer is a self-hosted platform for managing hiking, biking, or running trails. You can upload or draw GPS tracks, organize them into lists, add photos, metadata, waypoints, and summit logs. It’s open source and designed for people who want full control over their outdoor data, with a clean UI and no third-party dependencies.

What’s new in v0.17.0

This release adds support for ActivityPub, meaning instances of wanderer can now talk to each other—and to the wider fediverse. Here’s what that enables:

• Follow users across instances When you follow someone, any new trails or lists they upload will show up in your feed automatically.
• Like and comment on trails, even across servers.
• Mentions You can mention other users in trail descriptions, comments, or summit logs, and they’ll be notified—regardless of which instance they’re on.
• Summit logs from others Other users can now log their own visits to your public trails with GPS data and photos.
• Cross-instance trail sharing Public trails can be shared with users on other instances.

If you’re not interested in federation, that’s fine too. wanderer still works completely standalone—federation only kicks in when you start interacting with other instances.

Links:
Demo: https://demo.wanderer.to/
GitHub: https://github.com/Flomp/wanderer
Discord: https://discord.gg/USSEBY98CP
Support wanderer: https://buymeacoffee.com/wanderertrails, https://liberapay.com/wanderer

Seedit is a selfhosted peer-to-peer Reddit Alternative using IPFS

doesn’t rely on any servers or instances .

We mainly use 3 technologies, which each have several protocols and specifications:

IPFS (for content-addressed, immutable content, similar to bittorrent) https://docs.ipfs.tech/ https://specs.ipfs.tech/

IPNS (for mutable content, public key addressed)

https://docs.ipfs.tech/concepts/ipns/

Libp2p Gossipsub (for publishing content and votes p2p)

https://docs.libp2p.io/concepts/pubsub/overview/

They also have a youtube channel where they cover how most of their tech works:

https://www.youtube.com/c/IPFSbot

the problem with federated social media is that each federated instance is just a regular centralized sites. They can censor each other, they can get taken down at any moment, and they are hard to run and manage. Whereas on p2p tech like bittorrent or bitcoin or plebbit, the p2p nodes don't require domains, they just work straight out of the box. On plebbit, you open the app, and you're instantly receiving p2p connections right away, just like a bittorrent client, no domain or server required. Users connect to your node directly, p2p, and nobody can stop you. P2P also scales infinitely, which is the reverse of centralized websites like federated instances: the more users there are, the faster it gets. And it's impossible to censor at scale.

Seedit is not Nostr

nostr isnt p2p, the relays can censor you, the relays can run out of money and shut down, the relays can get DDOSed, they earn no money to serve your content.

the people running the relays are probably legally obligated to censor you by their jurisdiction. for example in the UK you go to jail for mean tweets. the person running the relay with mean content would probably go to jail if they set foot in the UK.

CP

• the protocol is text only, to embed media, you need to host it on the regular ( Centralized ) internet, and then you link to it like https://example.com/image.jpg, and the host will stop hosting that image and report your IP.

• the community creator can assign mods, mods can remove posts from that community. if a community is badly moderated, the user will never see it, it wont be recommended to him. the user can visit bad communities directly just like you can visit a bad website directly, but it's not recommended to you so it's safe to use.

it’s the same as bittorrent , this p2p tech can’r prevent people from sharing stuff, but on seedit you can’t share media, it’s text-only so the liability falls to the centralized provider of the embedded media from the link the user shares as text. Also being p2p, seedit is not private, so it can’t really be used for illegal activity

About ActivityPub

the problem with federated social media is that each federated instance is just a regular centralized sites. They can censor each other, they can get taken down at any moment, and they are hard to run and manage. Whereas on p2p tech like bittorrent, p2p nodes don't require domains, they just work straight out of the box. On seedit, you open the app, and you're instantly receiving p2p connections right away, just like a bittorrent client, no domain or server required. Users connect to your node directly, p2p, and nobody can stop you. P2P also scales infinitely, which is the reverse of centralized websites like federated instances: the more users there are, the faster it gets. And it's impossible to censor at scale.

Also the code is fully open source

https://github.com/plebbit/seedit

I'm looking for experiences and opinions on kubernetes storage.

I want to create a highly available homelab that spans 3 locations where the pods have a preferred locations but can move if necessary.

I've looked at linstore or seaweedfs/garage with juicefs but I'm not sure how well the performance of those options is across the internet and how well they last in long term operation. Is anyone else hosting k3s across the internet in their homelab?

Edit: fixed wording

https://getoffpocket.com/self_hosted

The link is the view for people who like to self-host. I'm also hoping to guide people who would never self-host to using open source tech. I'm a big proponent of that myself. I switched to Wallabag quite some time ago.

I am in the EU. I want to help make the TOR network more robust by contributing a relay node. I have one of three hardware options: a raspberry pi zero W, raspberry pi 4B, or ThinkPad T470s.

In your practical experience, which of these computers would be the best for the network? As I understand, beyond a point, the CPU power doesn't matter unless massive traffic loads go through the node.

P.S: Not sure if this is relevant, but I currently have a pihole hosted in a separate RPI zero. I plan to host this at home. I do not have a separate connection line. My router doesn't support vlan.

Add: Thank you for the kind replies. Based on the feedback, it think I'm currently not setup to help the network. I will instead continue with my annual contribution.

I will look into hosting a node on a VPS and just pay a monthly subscription fee or something.

So, recently I spun up cAdvisor to provide some metrics for the Grafana dashboard. I created both the docker-compose.yml and prometheus.yml thusly:

prometheus.yml:

scrape_configs:
- job_name: cadvisor
  scrape_interval: 5s
  static_configs:
  - targets:
    - cadvisor:8080

docker-compose.yml

services:
  prometheus:
    image: prom/prometheus:latest
    container_name: prometheus
    ports:
    - 9090:9090
    command:
    - --config.file=/etc/prometheus/prometheus.yml
    volumes:
    - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
    depends_on:
    - cadvisor
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    container_name: cadvisor
    ports:
    - 8080:8080
    volumes:
    - /:/rootfs:ro
    - /var/run:/var/run:rw
    - /sys:/sys:ro
    - /var/lib/docker/:/var/lib/docker:ro
    depends_on:
    - redis
  redis:
    image: redis:latest
    container_name: redis
    ports:

- 6379:6379

Placed them both in /tmp/cadvisor/ and ran docker compose up. All well and good, got some metrics to feed Grafana and all would seem jippity jippity.

Next day I notice Prometheus is off line. Hmm, check everything out. Logs complaining of a missing prometheus.yml. On a hunch I recreated the above prometheus.yml and placed it back in /tmp/cadvisor/, restart Prometheus, and it fires right up no runs, no drips, no errors. Before I uploaded the new prometheus.yml, I notice that there is a directory now named prometheus.yml in /tmp/cadvisor/, which is empty. Deleted it.

Next day, same scenario. Missing prometheus.yml, directory called prometheus.yml in /tmp/cadvisor/. I thought well, if it's getting deleted, change the permissions, and continued my daily affairs.

Today, same exact scenario. So, wtf, over? Run some commands:

stat /tmp/cadvisor/prometheus.yml
sudo lsof /tmp/cadvisor/prometheus.yml
grep "delete" /var/log/syslog

I can see that the file IS being deleted, but I cannot seem to trace down what is deleting it. It's like there is a cron job that fires off every day at a certain time and deletes prometheus.yml, and in it's place, creates a directory called prometheus.yml effectively taking Prometheus offline. I have no such cron job tho.

Any ideas? Suggestions? Ancient wizardry? Any mystical incantations or tomes to consult?

I started a webui container and then I started to get this error in OpenWebUI interface.

SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data

• latest Ollama on windows
• latest Open WebUI in docker desktop

according to a post online, I should set ENABLE_WEBSOCKET_SUPPORT=True in my docker compose, but I'm not using reverse proxy. Is ENABLE_WEBSOCKET_SUPPORT=True necessary?

What could a possible solution be for this?

My docker compose

services:
  open-webui:
    image: ghcr.io/open-webui/open-webui:cuda 
    container_name: open-webui
    restart: unless-stopped
    ports:
      - "3000:8080"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - ./data:/app/backend/data
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: all
              capabilities: [gpu]
volumes:
  open-webui:

log

2025-06-21 10:43:57 open-webui  | 2025-06-21 00:43:57.601 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 172.21.0.1:37276 - "GET /_app/version.json HTTP/1.1" 304 - {}
2025-06-21 10:44:58 open-webui  | 2025-06-21 00:44:58.114 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 172.21.0.1:49064 - "GET /_app/version.json HTTP/1.1" 304 - {}
2025-06-21 10:45:58 open-webui  | 2025-06-21 00:45:58.779 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 172.21.0.1:55958 - "GET /_app/version.json HTTP/1.1" 304 - {}
2025-06-21 10:46:59 open-webui  | 2025-06-21 00:46:59.179 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 172.21.0.1:47424 - "GET /_app/version.json HTTP/1.1" 304 - {}

UPDATE:

• when I open http://localhost:3000/ in another browser it works perfectly fine. I think the issue is about the browser I used (firefox with a lot extension installed and setting tweaked)

UPDATE 2: The problem is with this plugin https://addons.mozilla.org/en-US/firefox/addon/chameleon-ext/ Everything works fine with it disabled.

The reason my chameleon breaks openwebui is because I changed a setting in it that it blocks all websocket connection

Thank you everyone for your help

I inherited a decommissioned Dell PowerEdge T610 from my work recently. I have it setup with Truenas and plan to have it be our new Jellyfin, file storage, and whatever else I can figure out. But I'm new to Raid setups and was hoping for advice before proceeding. After doing a little research I figured a Raid 5 configuration would be a fun experiment and could help with stability in the long run.

My question is, should I manage drives via the hardware controller? Or Truenas?

The server has a hardware raid controller and the drives have to be configured in the bios in order to be visible by an OS. Easy enough. I setup 4 drives in a Raid 5 configuration, boot to Truenas. I try to make a pool with the vdrive but then Truenas wants to configure it. If I chose anything other than Raid 0 it would cut into the storage even more. So I went back in, changed the 4 drives to Raid 0 in the bios, then setup the pool in Truenas using the 4 individual vdrives. But then I started to wonder if the two would be compatible in the long run?

Then in wondered, is Raid 5 even worth it? I have a single drive I currently use as a direct backup of our important photos, videos, etc. That one is not going in the array but will be copied over for easy access and kept as a backup. So with a direct backup of the important stuff do I really need to sacrifice space for mirroring and parity?

I'm curious what you all think.

Hi all!

I'll try to be quick but I apologise first as I am pretty new to security stuff and my questions might be obvious to the more experts.

I have a VPS (hetzner) set up with docker, caddy for the reverse proxy, and authentik as the only login method for a couple of services (hedgedoc and forgejo). Since most of these has to be available and accessible on the internet, I also setup crowdsec and built caddy with the relevant bouncer. This allows crowdsec to inspect the caddy logs for all the services I am serving through it and act accordingly. Edit: all the services are in docker containers.

So far, so good. However, I also saw that crowdsec can directly monitor container logs with the docker integration or through container labels. Also, I saw a couple of collections on crowdsec hub specifically for Authentik and Gitea.

I feel I am missing something so my question are:

1. Would it be useful to monitor container logs given my setup or would it be redundant?
2. Should I add the app-specific collections, or would docker logs monitoring be enough?

Edit: bonus question, does someone know if the Gitea collection would be useful for Forgejo after it being a hard-fork now?

I would like to make myself a media server and NAS which stores my photoes and files. I have an Optiplex 3070 with a 1 TB Hdd which i plan to use for my media server and want to buy a raspberry pi to use as a NAS for photos and files. What do you think ? will raspberry pi5 be enough, i want something small.