"Buy Me A Coffee"

  • 0 Posts
  • 15 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle
  • Yes it would. In my case though I know all of the users that should have remote access snd I’m more concerned about unauthorized access than ease of use.

    If I wanted to host a website for the general public to use though, I’d buy a VPS and host it there. Then use SSH with private key authentication for remote management. This way, again, if someone hacks that server they can’t get access to my home lan.


  • Their setup sounds similar to mine. But no, only a single service is exposed to the internet: wireguard.

    The idea is that you can have any number of servers running on your lan, etc… but in order to access them remotely you first need to VPN into your home network. This way the only thing you need to worry about security wise is wireguard. If there’s a security hole / vulnerability in one of the services you’re running on your network or in nginx, etc… attackers would still need to get past wireguard first before they could access your network.

    But here is exactly what I’ve done:

    1. Bought a domain so that I don’t have to remember my IP address.
    2. Setup DDNS so that the A record for my domain always points to my home ip.
    3. Run a wireguard server on my lan.
    4. Port forwarded the wireguard port to the wireguard server.
    5. Created client configs for all remote devices that should have access to my lan.

    Now I can just turn on my phone’s VPN whenever I need to access any one of the services that would normally only be accessible from home.

    P.s. there’s additional steps I did to ensure that the masquerade of the VPN was disabled, that all VPN clients use my pihole, and that I can still get decent internet speeds while on the VPN. But that’s slightly beyond the original ask here.



  • Not sure if I entirely understand what you’re asking but here’s my setup that sounds similar-ish that might help.

    I’ve got essentially 3 machines

    1. Download machine - contains Sonarr/Radar/Nzbget, etc… This machine isn’t very powerful but it has A LOT of RAM.
    2. A Nas - this is where everything gets downloaded to. Primarily this machine just has a lot of HDD space.
    3. Jellyfin box – Decent RAM and a beefy CPU for transcoding.

    The download machine has a network share to download directly to the NAS in a special /downloads/ folder. Once a download completes Sonarr, etc… move it to it’s correct media folder.

    Finally the Jellyfin machine is monitoring the media folders for changes.

    I assume you could set up something similar with Plex instead of jellyfin and then store the fully downloaded files on a separate machine with a network drive, so Plex can see it. Essentially the NAS for you would be two machines one (the seedbox) for the partial downloads and a local NAS for the fully downloaded files?

    Anyway, not sure if that’s what you’re looking for.


  • Unless you have an account there’s no easy way to get access to the content on the page. Once you have an account there’s technically nothing stopping you from just saving the HTML file to your computer.

    Something else you can try though, assuming you don’t have an account, is to just turn off JavaScript. If the site lets you partially load the content and then asks you to create an account to read more, they usually just block the content by having JavaScript add an opaque overlay. With JavaScript disabled, obviously it’s not there to add the overlay and you’re able to keep reading.


  • That looks like 8.8.8.8 actually responded. The ::1 is ipv6’s localhost which seems odd. As for the wong ipv4 I’m not sure.

    I normally see something like requested 8.8.8.8 but 1.2.3.4 responded if the router was forcing traffic to their DNS servers.

    You can also specify the DNS server to use when using nslookup like: nslookup www.google.com 1.1.1.1. And you can see if you get and different answers from there. But what you posted doesn’t seem out of the ordinary other than the ::1.

    Edit just for shits and giggles also try nslookup xx.xx.xx.xx where xx.xx… is the wrong up from the other side of the world and see what domain it returns.


  • Another thing that can be happening is that the router or firewall is redirecting all port 53 traffic to their internal DNS servers. (I do the same thing at home to prevent certain devices from ignoring my router’s DNS settings cough Android cough)

    One way you can check for this is to run “nslookup some.domain” from a terminal and see where the response comes from.



    1. Yes most trackers have something on their website to let you know what your ratio is, what you’re downloading and how long you’ve been seeding those files.
    2. With the trackers I’m familiar with yes – seeding for 9d 23h 59m and 59s is the same as seeding for 0s. You’ll still get tagged with a HnR (Hit and Run)
    3. You can shutdown as much as you like. But, again the trackers that I’m familiar with have a cap on the number of HnRs you can have on your account. So you might have action taken against you if you’re seeding 5 different torrents and decide to shutdown.
    4. Don’t know.
    5. The rest don’t appear to be questions so not sure how to respond.




  • So here’s my current setup (each one is a separate docker container):

    Download machine: (has lots of RAM and HDD space)

    • Nginx (for reverse proxy)
    • Sonarr (tv)
    • Radar (movies)
    • Prowlarr (organizing download sources)
    • Qbittorrent (make sure to bind to Wireguard interface)
    • Wireguard (for qbittorrent VPN)
    • Nzbget (Usenet)
    • Szabnzb (also Usenet; some providers work better with Szabnzb for whatever reason)
    • Portainer agent (for remote docker management)
    • Watchtower (for automatic updates)

    Tv machine: (can transcode)

    • Nginx
    • Jellyfin (to transcode and actually watch the content)
    • Portainer agent (for remote docker management)
    • Watchtower (automatic updates)

    I’m not aware of a single container that has all of this bundled together though.