Have a look at Stirling PDF. It's a self hosted alternative to most if not all Adobe functions that she might care about. It can be setup with docker.
Honestly at this point that is docker and docker compose.
As to what to run it on that very much depends on preference. I use a proxmox server but it could just as easily be pure Debian. A basic webui like cockpit can make system management operations a bit more simplified.
To most of your comment I completely agree minus the freedom for choosing different disk sizes. You absolutely can do that with btrfs or just throwing a virtual layer on top of some disks with something like mergerfs.
Pretty much this it gets it's own folder and in jellyfin it's own library. You just give mom access to this and whatever else you want to. you unselect that library for everyone else. The setting is under users. It's straightforward and is a check mark based select. You probably have it set to all libraries right now. Uncheck that and you can pick and choose per user.
How about defense against dhcp option 121 changing the routing table and decloaking all VPN traffic even with your kill switch on? They got a plan for that yet? Just found this today.
Are you using tvheadend and their jellyfin plugin? Asking out of curiosity.
https://github.com/tvheadend/tvheadend
Anyway Plex and emby come to mind.
This is a journey that will likely fill you with knowledge. During that process what you consider "easy" will change.
So the answer right now for you is use what is interesting to you.
Yes plenty ways to do the same thing in different ways. Imo though right now jump in and install something. Then play with it.
Just remember modern CPUs can host many services from a single box. How they do that can vary.
Probably these directories...
/tmp /var/tmp /var/log
Two are easy to migrate to tmpfs if you are trying to reduce disk writes. Logs can be a little tricky because of the permissions. It is worth getting it right if you are concerned about all those little writes on an SSD. Especially if you have plenty of memory.
This is filesystem agnostic btw so the procedure can apply to other filesystems on Linux operating systems.
Firewall and deciding on an entry point for system administration is a big consideration.
Generating a strong unique password helps immensely. A password manager can help with this.
If this is hosting services reducing open ports with something like Nginx Proxy Manager or equivalent. Tailscale and equivalent(wire guard, wireguard-easy, headscale, net bird, and net maker) are also options.
Getting https right. It's not such a big deal if all the services are internal. However, it's not hard to create an internal certificate authority and create certs for services.
If you have server on a VPS. Firewall is again your primary defense. However, if you expose something like ssh fail2ban can help ban ips that make repeated attempts to login to your system. This isn't some drop in replacement for proper ssh configuration. You should be using key login and secure your ssh configuration away from password logins.
It also helps if you are using something like a proxy for services to setup a filter list. NPM for example allows you to outright deny connection attempts from specific IP ranges. Or just deny everything and allow specific public IPs.
Also, if you are using something like proxmox. Remember to configure your services for least privileges. Basically the idea being just giving a service what it needs to operate and no more. This can encompass service user/group names for file access ect.
All these steps add up to pretty good security if you constantly assess.
Even basic steps in here like turning on the firewall and only opening ports your services need help immensely.
Just a little heads up about multiple USB drives. They kinda suck sharing on the hub and raids tend to destroy them because of the way they "share" bandwidth on the hub.
To avoid this problem one solution is a USBc to SATA enclosure. The idea being the enclosure having a SATA controller and a few SATA ports you can plug in a few drives. You would be avoiding the multi USB port "sharing" issue. The enclosure would have all the usb hub bandwidth and the hub wouldn't be switching around between ports.
I learned this little bit of info messing with zfs and a few different types of flash media. In the end the most stable connection less prone to error was a single USB connection. However, it didn't matter if it was a single drive or a multi drive enclosure.
Today I wouldn't recommend doing this at all. However if you are going to. Have a look at how USB port sharing on a usb hub works and how that can wreck a raid system over time.
Edit Spelling
Yup and negligible. If I'm forced to contend with a windows environment bitlocker is utilized.
I also utilize a ram disk in a windows os. Imdisk in windows. I migrate temp files and logs into the ram disk. It saves on disk writes and increases privacy.
If pretty straightforward to encrypt if utilizing Linux right from install time.
As for my server I too utilize nextcloud. However, the nextcloud data is on a zfs dataset. This dataset is encrypted.
I did this by installing nextcloud from docker running within a proxmox container. That proxmox lxc container has the nextcloud dataset passed into it.
view more: next ›
pyrosis
joined 5 months ago
I remember the old videos of rockets exploding on launch pads when we were first building them. We have come a long way.
I suspect they will just learn something new from this and they will last even longer.