

from an actual search company that values privacy.
California company obliged by FVEY? While I appreciate their efforts, American based companies kind of have a history of abandoning their privacy-respecting ways once subpoenaed.


from an actual search company that values privacy.
California company obliged by FVEY? While I appreciate their efforts, American based companies kind of have a history of abandoning their privacy-respecting ways once subpoenaed.


Entirely depends on the instance admin and whether or not they keep it maintained and up to date.


Web browsers look for either port :80 or port :443 by default, your reverse proxy sits on those ports, hence why you don’t need to input a port at the end of the domain.
Get yourself a load balancer like Traefik or SWAG, buy a domain, setup ACME certificates for SSL/TLS and start pointing your load balancer to your services.
Little late but I doubt Microsoft wants to relive the horrors of JTAG/RGH Xbox 360’s hence the locked down systems.


If you manage to get Docker Compose installed on that Mac (I don’t know Dockers limitations with Macs) create a docker-compose.yaml file with the contents of;
services:
jellyfin:
image: jellyfin/jellyfin
container_name: jellyfin
# Optional - specify the uid and gid you would like Jellyfin to use instead of root
user: uid:gid
ports:
- 8096:8096/tcp
- 7359:7359/udp
volumes:
- /path/to/config:/config
- /path/to/cache:/cache
- type: bind
source: /path/to/media
target: /media
- type: bind
source: /path/to/media2
target: /media2
read_only: true
# Optional - extra fonts to be used during transcoding with subtitle burn-in
- type: bind
source: /path/to/fonts
target: /usr/local/share/fonts/custom
read_only: true
restart: 'unless-stopped'
# Optional - alternative address used for autodiscovery
environment:
- JELLYFIN_PublishedServerUrl=http://example.com/
# Optional - may be necessary for docker healthcheck to pass if running in host network mode
extra_hosts:
- 'host.docker.internal:host-gateway'
Edit the volumes so that the drive you want to use is exposed to the container and then run;
sudo docker compose up -d
In a shell while in the folder with the docker-compose.yaml file you just created. If everything works then the server should be running on port :8086 open your browser and make an http:// request to the ip of the server followed by the port.
Example; http://127.0.0.1:8096/
Edit: removed unnecessary \
Edit 2: I really should have read the post more thoroughly, while my example above works fine for a Jellyfin server (which you apparently already run) it also can be adapted for other services. Read and interpret the documentation as best as you can, that goes for any service.


Every homepage made with Homepage.dev looks the same to me, no matter how much you configure their settings.yaml or services.yaml it all looks the same.
Surprised you didnt slap a background image on it and blurred it.


To say it’s debatable if it’s a suite of tools is just wrong.
How is it wrong to say it is debatable when Traefik and WireGuard have quite literally done majority of the development. Pangolin is just a man in the middle.
Pangolin uses gerbil with newt for those wireguard tunnels. That’s a massive improvement already. It also adds a bunch more features like vpn.
According to the Newt ReadMe -
Newt is a fully user space WireGuard tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Newt, you don’t need to manage complex WireGuard tunnels and NATing.
Seems to me that WireGuard is their primary dependency, without WireGuard what use is it?
you can crowdsec
According to Pangolin docs they rely on the Crowdsec middleware offered by Traefik.
By default, Crowdsec is installed with a basic configuration, which includes the Crowdsec Bouncer Traefik plugin


I can’t be much of a help with Caddy however, for Traefik you can use the OIDC Middleware to forward requests to your authentication service.
Plus I worry I set something up wrong and expose my network
The only port that would need opening is :443, leave port :80 closed so that people cannot connect to your services insecurely. Slap fail2ban or geoblock on it and call it a day. Also, DDNS allowlist for that deny-first approach.


Traefik is what it uses to proxy things. You’re comparing a full suite of tools with just one piece.
I mean, that’s debatable. Taking a look at their docker-compose.yml there are 3 containers they recommend running, with a 4 optional container.
To say this is a “full-suite” is a bit much when majority of the heavy lifting is done by Traefik, the middleware’s you assign to Traefik and WireGuard. Pangolin if I’m reading this correctly;
“Pangolin combines reverse proxy and VPN capabilities into one platform.”
Which is great! However as I mentioned previously, does not integrate well when these services are already setup to work standalone.
I suspect the same reaction from folks when they hear “download pangolin from the App Store, and use xyz credentials to connect.” And “download WireGuard from the App Store, and use xyz file to connect.”


and used a cloudflared tunnel to direct traffic to Caddy
There is also a way to use the cloudflared tunnel for free that gives you a domain as well (sort of anyways).
This is DDNS, a popular, free alternative would be ddclient. Essentially updating an A Record so that your dynamic IP is remains associated with your domain.
While cloudflare is also my registrar as well, I don’t use any of the “features” they offer, and opted to use Keycloak for my authentication needs.


Free vps in oracle cloud with Pangolin
If I’m not mistaken I tried setting up pangolin to work along side my already running Traefik setup and it was just an absolute nightmare.
I just don’t have the time nor energy to reinvent my already running configuration.


Device -> VPN Tunnel (ideally WireGuard) -> Home Router / Server.
The only port that needs to be opened is your WireGuard server which typically is :51820.
The issue with this is you have explain VPN’s and WireGuard to people which, in my experience turns people away as they see it as a hassle.
Alternatively buy a domain, setup DDNS so that your home IP is associated with your domain, setup a reverse proxy and open port :443 on your router however, I would suggest a blacklist-first approach and only whitelist the few known IP’s you can trust.
Meanwhile here I am trying to upgrade my 512gb NVME drive to 2Tb while also still trying to afford car payments, rent and food. Rookie numbers on my part.


I’m always going to say Windows is too heavy to be placed in a server environment but congrats nonetheless.


Might sound like a dumb question, but have you opened the port on your router?
My ASUS router handles my WireGuard setup, I can forward my home VPN server through one of Protons VPN servers essentially creating a multi-hop setup.


Software has gone many decades without the need of LLM assistance, I vote to tag “Ai” and “Non-Ai” assisted posts.
+1


I suggest having your setup as a deny-first approach. Meaning denying every IP and whitelist the known few, Traefik offers a middleware for this.
Alternatively you can blacklist by country of origin however VPN’s are a thing, I would only recommend this on low-risk applications such as Invidious instances, dashboards and such.
Can vibe-coded apps be flagged as low effort, they steal code from other developers and claim it to be their own.


So you fork open source projects, slap your logo onto them and claim they’re more private?
At least they’re admitting their fault.
Edit; Their matrix room if anyone is interested.
https://matrix.to/#/#selfhosted:selfhosted.chat