To add to this, you might check out some of the free Hugo themes here: https://themes.gohugo.io/tags/portfolio/
since I don’t want to pay for SSL certificates to setup https.
You don’t need to pay for SSL certs anymore, most of the time. You can get them for free from a bunch of different places now. I use Let’s Encrypt. The web server/reverse proxy I use, Caddy is able to automatically get a cert for you, install it, and keep it renewed. The only time you need to pay for a cert is if you are handling financial transactions.
Are there security issues I should address preemptively?
WordPress itself has a generally good reputation for security, though depending on how the current drama goes, that may change. WordPress security problems have almost always stemmed from plugins or poor password hygiene. Remove any plugins you are not actively using, keep the ones you are using updated, and use a good password that you don’t use anywhere else. A password wallet like Bit Warden can generate and store such passwords for you.
Better on the security front would be to evaluate whether you actually need something like WordPress at all. A static site would likely be far more secure. There’s less moving parts that might be vulnerable.
While you could program a static site yourself, it’s more common nowadays to use a static site generator like Hugo to build the site. You set it up once for how you want the site to look and then you write your posts in markdown or whatever your particular generator uses.
I don’t have anything to manage my dynamic IP
Most domain name providers have some sort of setup for dealing with dynamic IP addresses, a program called ddclient
is pretty common and is available in most repos.
I would suggest medical texts, survival and military field manuals. I don’t think they will be needed but it might be best to be prepared. As for culture, stash what you like.
On second thought, the medical texts would be useful either way. https://www.alreporter.com/2024/10/31/analysis-rural-hospitals-closure-crisis-alabamas-healthcare-safety-net-at-risk/ Hospitals closing have been happening for a while.
If I reading your docker ps result correctly, you seem to be forwarding docker port 2283 to host port 3001.
Try http://ip_address:3001 , if that fails try https.
Might have been a temporary issue. It’s working for me.
Thank you. I was trying to figure this out as well.
Currently I use Jellyfin and found it simple enough to setup. My personal setup is https on the public internet using Caddy as a reverse proxy to handle the https part, but you can set it up for local network access only using http.
Jellyfin itself is not the greatest music player ever, (UI is more setup for movies and tv) but there are music-centric apps that use it as a backend that are really good, for most platforms. On my phone and tablet, I really like Finamp, and on the desktop I use Sonixd.
I’m also considering just getting a portable, 128GB FLAC player with a minijack connection and moving on with my life without getting involved in networking at all.
I used this setup for the better part of 20 years. Nothing wrong with it, my music collection simply expanded to the point where it simply wasn’t feasible to store all of it on my iPod anymore and from day to day I never really know what I’m going to be in the mood to listen to. Setting up a streaming service made more sense for me.
The simplest way to do this, is to put the server on a private vpn (I use Tailscale, there are others) and expose ports only to the vpn. Then you share access to the vpn with your friends.
With Tailscale, this is as simple as sending them a share link for the host. They will need to have an account at Tailscale, and have the client running, but they will then be able to access the host with a static ip address.
As a general rule of thumb, nothing should be exposed to the public internet unless you want that service to be public access and then you need to keep it up to date. If a vulnerability doesn’t currently exist for the service, one will sooner rather than later. SSH, especially password only ssh, can be broken into fairly easily. If you must expose ssh to the public internet for whatever reason, you need to be using IP white lists, password protected keys, change the default port, and turn off service advertisements and ping responses. I’m probably missing something. When someone scans your server randomly, they should see nothing. And if they fail login they should be ip blocked.
- Host family media through Jellyfin, etc. This would include tv, music, and possibly books as well. Many of these will be managed through the Arr apps.
- Degoogle my phone - I’m beginning by replacing Photos with Immich, but hope to also use Home Assistant, backup other phone data such as messages media, shopping lists, etc. I hope to replace Google storage/backup with Proton Drive.
Seems like a solid plan. I used Nextcloud as a Google Drive/Photos/Calander/Lists replacement, but depending on what you are running as your server it may be a bit too heavy.
I’ve heard that once you get into it, Linux distros like Ubuntu are not very user friendly for self-hosting as a beginner.
Not sure who is saying this. Granted, if your not used to *nix, our ways of doing things can be a bit obtuse from time to time but the Ubuntu based distros are some of the most heavily documented distros available with only Arch being better documented (Don’t use Arch unless you’ve got stock in Bayer. /joking, kinda).
Your current OS choice is maybe not what I would choose, but it is fine. Xubuntu just Ubuntu Server with the XFCE desktop installed. A bit heavy for a server install as a result. One thing I will say is that most server software is setup via the command line and setup via configuration files (These are just regular text files readable by any text editor. I like micro, but anything will work). The desktop environment is just extra weight you don’t really need in this application. Doesn’t hurt anything, just heavy and not really needed.
So is it better on the whole for a beginner to have a popular distro with lots if documentation and step by step guides, or to have a purpose-built OS like TrueNAS that might be more straightforward, but with less support?
Stick with what you have. Ubuntu is a very well supported server distro, and the XFCE desktop doesn’t change that. Things like TrueNAS, UnRAID, and whatever is the flavor of the week tend to cover things up to simplify things. This is fine when they work correctly, the problem comes when things inevitably break. You won’t know where to go looking to fix things. Also TrueNAS is a network storage OS, not really suited for what you are trying to do currently, which seems to be hosting services.
It seems to be working well, but I’ve had a few hiccups trying to update it,
What hiccups were you running into? And were you using the GUI tool or apt on the command line?
I don’t know about Silverblue, but I know you can use NixOS on pretty much any VPS using the tool nixos-infect.
Not sure how it would reduce your attack surface though. That’s not really the problem that they are trying to solve.
I’ve heard mixed things about them, never used them though. Personally I used Digital Ocean for my VPS needs till I had a spare computer available, at which point I moved everything in house.
With used hardware, it very much depends on what the hardware is and what you’re using it for. if you can find something from the last 10 years it’s probably worth it, but I wouldn’t get anything older than that. Power usage is the main concern, as systems have been plenty powerful enough for most applications for sometime. Hardware reliability would be another factor.
When I was looking a couple of months ago, it looked like $200 USD was the sweet spot for used hardware, but at that price point, you could get one of those NUC knockoffs brand new, such as the Beelink N100. It just depends on what you need.
In the US, it’s a violation of copyright. You could be sued, but wouldn’t likely be arrested.
I would say that the odds of being sued are minimal, close to nonexistent, if it is just a few close friends and family. Jellyfin uses password protection which helps, but you can improve your odds of staying off the media companies’ radar by keeping the server on a private VPN like Tailscale and remembering the rules of Fight Club.
I use AIO as well though I’ve heard the snap version is pretty painless, most of the time.
This is news? To anyone?
Personal preference.
Unless something has changed, Caddy isn’t a dns server. It’s a web server and reverse proxy. If you might expose something to the public internet, you will want it behind the reverse proxy.
If you want to access local network services (private vpn counts) via a domain name all you need is a DNS server and for you clients setup to query that dns server. I use PiHole for this. From what I understand Adguard may be similar to PiHole but I’ve never looked a it.
One thing to be wary of, there are no reserved private network domains. Depending on how you set things up your local network dns queries may go out onto the public internet. It’s best to go ahead and register a domain name that you want to use so that you can control it routing if that happens. They can be had cheap as $11 USD each.
I’m running it. It’s good. Tracks fuel mileage, PMs and repairs and can remind you of things either by time or mileage.
Unless I’m mistaken, and I probably am, the patents on blueray should have expired by now. Software side might be covered under copyright right though. Not sure if software can be copyrighted though tbh.
Long ago I played with TrueNAS, but it lost test data when I was playing with it. I wound up using Open Media Vault for a couple of years, but recently switched over to NixOS when my NAS box decided to let loose the magic smoke.
If you’d like an example of a NAS nix config, this config is a running on a VM that I’ve passed the original NAS’s drives to: https://git.astaluk.com/paul/NixOS/src/branch/main/hosts/nas/configuration.nix It’s almost certainly not the best way to do it, but it does work. A search on Github for
configuration.nix
will probably bring up other, probably better, examples.