

I’m currently testing out jellyfin. Have it through my reverse proxy and using the ldap authentication with authentik. Works fine and nice having two-factor authentication.


I’m currently testing out jellyfin. Have it through my reverse proxy and using the ldap authentication with authentik. Works fine and nice having two-factor authentication.


the only linuxserver containers I run are nextcloud and plex. both are running as rootful containers. I also tried their calibre-web container (no longer using it), which didn’t work as rootless, but worked fine as a rootful container.
most of my other non-linuxserver applications are working just fine rootless. so clearly a linuxserver thing.


many of the linuxserver containers don’t work rootless. i didn’t have luck when i tried it as a user service


I run nextcloud in a podman pod because I’m coocoo bananas that way. It uses authentik as an SSO provider using the nextcloud OIDC plugin. And I use the linuxserver.io container rather than the official nextcloud one because gosh darn it , it actually works
[Pod]
PodName=nextcloud
PublishPort=10443:443
PublishPort=9980:9980
Nextcloud-db.container
Description=db
Wants=network-online.target
After=network-online.target
[Service]
Restart=always
[Container]
Pod=nextcloud.pod
ContainerName=nextcloud-db
Image=docker.io/library/mariadb:11
AutoUpdate=registry
Volume=nextcloud-db.volume:/var/lib/mysql:Z
Environment=MARIADB_HOST=nextcloud
Environment=MARIADB_DATABASE=nextcloud
Environment=MARIADB_USER=nextcloud
Environment=MARIADB_PASSWORD=nextcloud
Environment=MARIADB_ROOT_PASSWORD=nextcloud
[Install]
WantedBy=default.target
Nextcloud-app.container
[Unit]
Description=Nextcloud
Wants=network-online.target
After=network-online.target
[Service]
Restart=always
[Container]
#Label=app=nextcloud
ContainerName=nextcloud-app
Pod=nextcloud.pod
Image=lscr.io/linuxserver/nextcloud:latest
AutoUpdate=registry
Volume=nextcloud-config.volume:/config:Z
#Volume=nextcloud-data.volume:/data:Z
Volume=/home/nextcloud/:/data:Z
Environment=TZ=America/New_York
Environment=PUID=1000
Environment=PGID=1000
#PublishPort=10443:443
[Install]
WantedBy=default.target
Nextcloud-office.container
[Unit]
Description=Nextcloud-office
Wants=network-online.target
After=network-online.target
[Service]
Restart=always
[Container]
#Label=app=nextcloud
ContainerName=nextcloud-office
Pod=nextcloud.pod
Image=docker.io/collabora/code:latest
AutoUpdate=registry
Environment=server_name=office.app.myserver.org
Environment=aliasgroup1="https://nextcloud.app.myserver.org/"
[Install]
WantedBy=default.target
i run it on opnsense. When my services were on individual subdomains each with their own certificate, they got hit a lot and crowdsec blocked lots of bots and scripts
I ultimately moved all my services to a wildcard sub-subdomain, and poof all the bots went away and now crowdsec doesn’t do much other than block port scanners which the firewall does anyway.
it’s not worth the hassle to uninstall though.