“or a 6 year old that gets 5 minutes alone with your mouse” haha. I have a 10 year old with a tendency to be inquisitive with electronic devices. He is pure of heart, but we joke that some day the NSA is going to come knocking. He wouldn’t hack a bank to get money, he would just be “exploring” what is possible instead of reading directions. lol. Question though. When you do want to delete something. I am guessing you logon to your media server and do it from your user account?
- 0 Followers
- 0 Following
- 0 Posts
by the way… great discussion. I’m reading along and learning of things I didn’t think of before. So thanks.
oh, gotcha. Thanks, and good point. I was thinking of using bind mounts instead of volumes so I can access them easier. That should make backing them up to the NAS easier as well.
Thanks.
Interesting. I didn’t think about performance. I can see how a docker volume would be better optimized. And for a cache that makes sense. I was considering doing a bind mount for the config for easier visibility when debugging things. But keeping the volume for the cache now makes sense… thanks for that.
I technically work for a company that is in the security space. But I myself just can’t really get into it. It seems like there is always so many things that could be done to improve security, but there is never the resources to do most of them in companies. And that would really eat at me. We hire companies to do pen testing. They seem like home inspectors. They have to find a few things to help the customer (us) justify the expense, but once they do, they don’t need to look much deeper. And half the things they find will be low/mediums that will never get fixed. And in the end, the only reason companies seem to hire them is so they can advertise that they did, or to meet their customers security requirements. All in all, it just feels so sad. :(
anyway. If I am following you… you run a custom NAT for your home network? I know my router has one, but sounds like you don’t trust the routers? Is that right? And then you run a vpn server on the inside to handle any external access. That seems smart. Is that like common practice, or something you do because of your background?
It does help thanks. And part of this set of questions was just me exploring stuff thoughts and looking to learn… so I have a follow up question or two.
You mention docker volumes make a lot of sense with multiple nodes. How does that work out? We use pv’s and such with k8s at work, and the ones we use can only be mounted on one node at a time. From what others have said, allowing many write from multiple nodes has a lot of complications. Do docker volumes handle writing from multiple nodes?
And… “streaming video isn’t super latency sensitive”. I’m super new to streaming video. I would have expected it to be sensitive to latency. I mean you expect the video to keep playing and not stop. Whereas most of the things I work with (api’s and what not) can have an extra second or two to respond with little relevant difference. So clearly there is some depth here I don’t understand.
And you are using a reverse proxy because you want to expose jellyfin to the general internet? And you don’t want to have to trust jellyfin’s security (which is very reasonable) ?
A few jellyfin via container set up questions
A few jellyfin via container set up questions - Lemmy.World
People resoundingly suggested using containers. So I’ve been reading up. I know some things about containers and docker and what not. But there are a few decision points in the jellyfin container install instructions that I don’t know the “why”. Data: They mount the media from disk, which is good cause it’s on a NAS. But for the cache and config they use docker volumes. Why would I want a docker volume for the config? Wouldn’t I want to be able to see it from outside the container easier? What am I gaining by having docker manage the volume? Cache: I saw a very old post where someone mentioned telling docker to use ram for the cache. That “seems” in theory like a good idea for speed. I do have 16gb on the minipc that I am running this all on. But I don’t see any recent mentions of it. Any pros/cons? The user. I know from work experience that generally you don’t want things running as root in the container. But… do you want a dedicated user for each service (jellyfin, arr*)? Or one for all services, but not your personal user? Or just use your personal user? DLNA. I had to look that up. But I don’t know how it is relevant. The whole point seems to be that jellyfin would be the interface. And DLNA seems like it would allow certified devices to discover media files?
What is the role of traefik? I looks like networking software for something more like a k8s cluster with lots of pods going up and down all the time. We use linkerd at my job which seems like it has some overlap. But they both seem like overkill when running on a single node system unless I am missing something.
When you say “Backup your docker config folders”. Are you talking about the directory were you would store the dockerfile / docker compose file?
Container vs service