Ahoy mateys! I’ve been doing some research into getting a self-hosted streaming setup built, and I’d like to ask the knowledgeable folks here for advice as well.
My goal is to be running a server that can host a jellyfin stack for acquiring and streaming media for myself and my partner. (I’d like to also run a matrix chat server on it for us to have secure chats as well, but I think that’ll be less of a hassle. I hope…)
I found a few guides that don’t seem too out of date. I’m an experienced full stack software dev, so the idea of running some docker containers and doing a little command line server set up doesn’t intimidate me.
These guides though, they just cover the software application set up mainly. I also need to know:
- Where should I host at? I’m on a shitty 5G internet at home, so VPS seems like the way to go but with who? What are some good secure hosts that aren’t super expensive? Considering Hetzner auctions maybe? Anyone used them?
- Will I need a VPN on the server too? If I’m torrenting, do I need to be careful which hosts I choose so I don’t get copyright pinged?
- Is there a good guide for securing and hardening my server? I’d like my partner and i to have easy access from home or on our mobiles, but I also don’t want to find out my box is suddenly mining crypto because I forgot to close one port. I don’t know what gotchas to be looking out for.
- Any other guides you’d recommend? Any must have software or sites to know about?
Thanks in advance!
So, docker is a viable solution, but since you’re a fullstack and will likely add more shit than you can imagine in the future, you might as well setup a proper solution.
Check out Proxmox. It’s a management platform that allows you to run containers and just about everything else you need for self-host. In addition to that, I recommend getting a very small VPS with a domain to reverse proxy your services if you want. I highly recommend caddy2 for this as it does rproxy and even ssl seamlessly.
Considering you have a poor internet connection, you’d want to keep as much locally as possible. You’re not going to be able to stream HD movies with shitty internet if you host your media on a remote server, but if you rely on a local wifi network, it’s fine. You won’t have remote access to your movies (I mean you can, but like you said, shitty internet) it’s not going to be awesome. Other services like your matrix server would be fine, but since you’re self-hosting, might as well host them at home, too. Matrix isn’t exactly resource heavy and doesn’t require a shit ton of upload to make usable.
If you’re on 5G, and you torrent, you’ll be found out almost immediately, even with a VPN. I highly recommend a seedbox. Download to the seedbox, then use rclone or something to grab the files to your local NAS cluster (in proxmox) then stream the video’s locally.
I always recommend 2 things when dealing with *nix servers;
IMO this is really the only hardening you need, especially if you’re working with rproxy and the ports only have to be opened locally or tunneled.
I’ve read a lot about using a VPS with reverse proxy but I’m kind of a noob in that area. How exactly does that protect my machine? Couldn’t an attacker with access to the VPS still harm my local machine? Currently I’m just using a WireGuard tunnel to log into my server, from what I understand you’d tunnel the service from the VPS to the homeserver and then on the VPS URL you could watch right m?
And do I understand correctly that since we’re using the reverse proxy the possible attack surface just from finding the domain would be limited to the web interface of e.g. Jellyfin?
Sorry for the chaotic & potentially stupid questions, I’m just really a confused beginner in this area.
I’d also suggest authentication by key file.
This is the way to go. I also run sshguard on all publicly-accessible hosts just to reduce traffic from bots, otherwise I just ssh over tailscale.