File: 1711587883979720.jpg (42 KB, 640x427)

42 KB JPG

>no video previews on nextcloud with encryption

File: seo-unraid.png (23 KB, 1200x630)

23 KB PNG

Thoughts on Unraid?

>>103093280
Sorry, but I'm not paying.

File: 1671125986484307.jpg (48 KB, 783x606)

48 KB JPG

>>103093127
>unraid
>it's raid

>>103093088
Is it better to use FreeBSD over linux for ZFS? or it doesn't really matter that much?
The only "linux" stuff i would really need is just jellyfin(since the freebsd version doesnt have proper quicksync working) and containers, but i can just delegate those to a separate pc.

>>103093088
>tfw custom regex in autobrr keeps failing
It's over

File: Untitled picture.png (418 KB, 425x621)

418 KB PNG

>>103073479
in order to consider all possibilities, after a brief search I can also find a refurbished m920 tiny i5-8500T | 8 GB | 256 GB SSD | 1 x DisplayPort | Win 10 Pro (no wifi) with 1 year warranty for 192 EUR
or
HP EliteDesk 800 G4 Tiny ( Mini PC ) Windows 11 Core i5 8500 16GB RAM 256GB SSD Nvme + 1TB HDD (no wifi) for 149 EUR used

Should I pick any of those over the aforementioned beelink n100 for ~200 EUR? The HP seems like a not bad deal comparing price and specs

>>103089741
>words words blah blah I'm a retard
rsync is great at what it does, but SyncThing (which can be driven entirely via CLI and config file) just does a whole lot more than rsync was designed for. I get that you weren't able to wrap your head around it and got filtered so you cry 'bloat' without knowing what it means, so I'm not going to spoonfeed you the list of things ST can do that rsync can't as doing some research on your own would probably help your critical thinking skills, champ.

File: file.png (1.8 MB, 1120x1680)

1.8 MB PNG

>>103093088

>>103093280
I use it for my primary media server and personally I really like it.

Are Realtek NICs really that bad compared to intel, or will a RTL8125BG be fine for a home NAS?

File: 1679329721733471.jpg (33 KB, 522x651)

33 KB JPG

>>103084581
>you can "air gap" with VRFs by simply denying routes.
Thanks, I'll still have to look into VRFs.
>the image you drew had them daisy chained, which isn't really an air gap in a technical sense anyway.
I know, that wasn't supposed to be the air gap though, that was trying to separate the two networks with just a single internet connection as good as possible.
I'll have a second internet connection by the end of the year which will make it a true airgap.
>VRFs are the best way to do what you're trying to do, you can also minimize the physical equipment it would take to do so.
Thanks for the hint.
>>103084636
>It would have still booted, you just wouldn't have had ecc.
Oh alright then. I think that's worse.
>This might not matter to you for a homelab though, especially since I'm pretty sure multibit errors are astronomically rare on stable ram at close to sea level.
I'm 110m above sea level, plenty fine.

Thanks Anon!

>>103093088
What's that pic Anon, that's not a home server.
Anyways
>For more SATA ports, use PCIe SAS HBAs in IT mode
I'm eyeing an LSI 9500-16i or 9600-24i. Those are Tri-Mode HBA, meaning they can interface SATA, SAS and NVMe storage devices at the same time. Can they run the following setup with ZFS or am I asking too much of the hardware?

12x    18TB Seagate Exos 2x18 (NAS, RAID1,  HBA) // Mirrored VDEVs. Planning to start with 4 or 6 drives, 12 total drives is my upgrade path
2x    375GB Intel Optane P4800X (SLOG, RAID1, HBA) // this reduce the effectiveness of the SLOG? If so, is it considerable?
2x    375GB Intel Optane P4800X (Special Device, RAID1, HBA) // Also thinking about using just two P4800X and partitioning them, would that suck ass?
2x    256GB Intenso Top Performance (System, RAID1, Onboard SATA)
2x    960GB Micron 5400 Max (VMs, RAID1, Onboard SATA)
1x    2TB Samsung 990 Pro (L2ARC, solo, Onboard NVMe)
1x    LG WH16NS40 (ODD, solo, Onboard SATA) // For ripping media

Sorry for double posting, didn't like the formatting.

Any good software for managing documents? I have a bunch of white papers and technical documentation sitting in a folder right now but it'd be cool if I could search for them better. Kind of like a foss sharepoint or something

>>103094780
Never had a problem with Realtek since the 8139 days.

>>103094627
You don't need to keep coping because you're an idiot.

>>103094731
>I think that's worse
I think it's doubtful most home servers actually need ecc anon, the chances of you having a mission critical bit flip are quite low, especially for the amount of ram a typical home server runs. It's mostly just for peace of mind and larping.
That said, looking at your hardware I think ecc fits your class of build. It's not that much more expensive anymore anyway for UDIMMs.
Also I'm not an expert in such high end hardware but just the 4 optane would saturate your hba, depending on how much writing and reading you're doing.
Also for hdds, I typically recommend against buying them in bulk from 1 manufacturer because there is a chance they could fail at similar times if they're the same manufacturing batch. If you're buying 4 or 6 at a time, I would make sure you can handle them failing at similar times or spread out your purchases over time and/or manufacturer/retail outlet.
Also what is your use case for this hardware? Have you considered going enterprise for your mobo and cpu?

>>103095263
>I think it's doubtful most home servers actually need ecc anon, the chances of you having a mission critical bit flip are quite low, especially for the amount of ram a typical home server runs.
I guess, but I want to run 128GB and I don't want Data corrupting over time. Yeah it's overkill but OpenZFS recommends ECC RAM
>It's mostly just for peace of mind and larping.
Exactly
>That said, looking at your hardware I think ecc fits your class of build. It's not that much more expensive anymore anyway for UDIMMs.
About 40 bux per stick, I'm willing to pay that.
>Also I'm not an expert in such high end hardware but just the 4 optane would saturate your hba, depending on how much writing and reading you're doing.
I'm planning to deploy just two to be honest, but I was frustrated with the "what if" in my mind (I'm unironically autistic and have severe OCD, I'm not joking, I'm dead serious).
I don't really care if the bandwidth of the Optanes is crippled, I'm more interested in the latency and MORE importantly the reliability and TBW.
>Also for hdds, I typically recommend against buying them in bulk from 1 manufacturer because there is a chance they could fail at similar times if they're the same manufacturing batch.
Manufacturers or Retailers? That's a really great hint nonetheless Anon, thank you!
>If you're buying 4 or 6 at a time, I would make sure you can handle them failing at similar times or spread out your purchases over time and/or manufacturer/retail outlet.
I plan to buy 6 if I want to actually use 4 and 9 if I want to use 6 just in case.
The drives I want to start with are refurbished:
https://www.ebay.de/itm/185843432850
>Also what is your use case for this hardware?
I have a bigger family. I want to supply everyone and some of my friends with a private cloud.
>Have you considered going enterprise for your mobo and cpu?
I have considered going with a EPYC 7003 system as well, but I'm planning out this system first to get the basics right. CONT.

>>103095333
CONT.
Swapping out the Mainboard and CPU is rather easy, but I want to know if the other parts work together in reality as they do the way I map them out in my head.

What happened to the install Gentoo wiki?

>>103095373
The Vaxx killed him, didn't pay the provider.
https://igwiki.lyci.de/wiki/Home_server

>>103095333
>40 bucks per stick
Oh, that's more than I thought.
Different retailers should also be fine, just return them if they are the same manufacturing batch. You can usually tell from the serial or date code on the drive label.
>refurbished
I would just get drives from serverpartdeals if you're in the US, the prices are usually reasonable and the warranties/returns are better.
>private cloud
This seems pretty overkill just for that. Do you have a suitable internet connection? I know from experience that even if you have fiber, if a family member has a different isp and you have poor peering with them it can still lead to issues.

Looking to get a new ethernet router. 2.5 gb due to current switch; don't need 10gbe. Last thread people were shitting on unifi and preferring cisco, but cisco choices on ebay is a lot of r&d. Is OPNsense with a n100 box the /hsg/ version? Just need basic (repeat: basic)firewall, VLAN, high reliability and low idle power use.

Any links to post for a network brainlet like me?

>>103095501
Just get the Gateway Max from Ubbiquiti.

File: 1706906498413933.png (33 KB, 344x369)

33 KB PNG

>>103093280
>Paying for Linux
>mandatory USB boot drive

File: file.png (192 KB, 1837x973)

192 KB PNG

>>103095501
for me it's tp-link

>>103095573
both ubiquiti and eero systems caused me to have problems with incoming VOIP calls and teams notifications, I think it had something to do with their firewall setup or connection TTLs but I could never sort it out.
tp-link just werkz

File: file.png (51 KB, 1819x211)

51 KB PNG

>>103095600
forgot the PoE switch
you'll also need a controller to manage it all, I just run the Omada software on the minipc that hosts my torrents and other network service

File: HomeServer List.png (98 KB, 846x370)

98 KB PNG

>>103095500
>Oh, that's more than I thought.
Yeah, Prices here in Germany are fucked.
>Different retailers should also be fine, just return them if they are the same manufacturing batch. You can usually tell from the serial or date code on the drive label.
Thanks!
>I would just get drives from serverpartdeals if you're in the US
Unfortunately I'm not in freedom land.
>This seems pretty overkill just for that
It's also supposed to be my fathers Home Streaming server, etc. etc. If there's an IT need, this thing is supposed to fulfill it.
But I'm open to criticism, where would you put the red pen?
Pic related is the setup, but it's not set in stone.
>Do you have a suitable internet connection?
I'll have gigabit fiber at the end of the year. This device isn't supposed to come online until march, it's a longer plan.
>if a family member has a different isp and you have poor peering with them it can still lead to issues.
Thanks for the heads up.

>>103095398
Thy name shall be carved in gold.

I have a self-made Flask/tkinter cloud storage program and I can access it from anywhere. Is it something appropriate for this thread? It runs on my pi 400 btw.

>>103093088
Hey chuddies, what's the least expensive/powerful mini pc/x86router (since the later ones seem to have better heat dissipation?) that can handle running opnsense(i just want to run an ad blocker for my family and not much more. I also use pppoe if that matters) and also being a modded Minecraft for 5 people at most? thanks!

I have some Seagate HDDs I shucked years ago that are SMR.
ST5000DM000
For what its worth these are earlier model SMRs not newer ones.

Anyone have any experience slotting these into something like a Synology NAS or running them in TrueNAS as single-disk pools?
I'd like to put these to use as backups where I don't care about performance but not sure what to expect. Lots of people say SMR is unusable in a NAS and I've experienced them being slow as shit in a desktop or a USB dock but I feel if they'll "just work" in a NAS regardless of being slow they'd be worth putting back in service.

>>103096306
Fujitsu Futro S920

>>103095922
what's the advantage over something like syncthing?

>>103096385
I have more control over it. And idk if syncthing has an embedded image viewer and music player.

File: osaka.gif (457 KB, 165x165)

457 KB GIF

>bought my first used cisco networking gear
i know cisco small business is not a proper cisco, but still probably better than consumershit like tp-link

am i the only one that uses straight up NFS/SMB instead of nextcloud/syncthing/etc? i tried every option available and all of them didnt handle large amounts of IO very well at all, some having irreconcilable errors. file IO over the network is slower but at least it just werks (tm).

File: 7b521a7c0fba6522990823956(...).png (1.27 MB, 2359x1749)

1.27 MB PNG

>>103096743
you're not alone
>NFS KRB5i (40GbIB RDMA)
>no VMs
>bash: docker: command not found

>>103096826
>>bash: docker: command not found
ah, a fellow intellectual.

>>103096373
It won't rape me with its power consumption? Seems small enough and looks like it won't be janky to put a network card inside it unlike those mini pcs

>>103093280
Unironically werks great and I run a pure Debian box as a VM so I get the best of both worlds. Just use it like Proxmox with Docker built in.

File: Junkenrouter.jpg (3.15 MB, 4096x3072)

3.15 MB JPG

>>103096909
>It won't rape me with its power consumption
Motherfucker, that's a 5w TPD at idle, get out.
>Seems small enough and looks like it won't be janky to put a network card inside it unlike those mini pcs
I built two myself, they have two SSDs, 8GB of RAM each and either a dual or a quad port Intel PRO/1000PT NIC.
Pic related, it's mine, but they're not fully finished yet (need a fan duct). I can share the build if you want, but you'll need a 3d printer for the SSD cage and later on the fan duct if I ever get my ass off and finish this (currently working on >>103095643)

>>103097027
>pro/1000
why do you hate yourself

File: SSD cage as fucked as my (...).jpg (1.29 MB, 4096x1796)

1.29 MB JPG

>>103097027
Oh yeah forgot, my printer shat the bed so the SSD cage is fucked.

File: 2€.jpg (40 KB, 625x239)

40 KB JPG

>>103097038
Because God punished me with the gift of being a 135IQ midwit (child protegee turned 95IQ retard due to clinical depression).
And they were 2€.

File: SSD cage + Fan mount.jpg (184 KB, 1920x1048)

184 KB JPG

>>103097027
>>103097054
BEHOLD! The SSD cage.

>>103096306
For this scenario I think openwrt might be more suitable.

Good night /hsg/, I'll see you in 20 hours.

File: good-night-anon.gif (3.83 MB, 250x312)

3.83 MB GIF

>>103097358

>>103097658
>>103097358
comfy ass nigga

File: 1501456588883.gif (111 KB, 1027x731)

111 KB GIF

https://youtu.be/tARPWiuCQ6U
What I'm grooving to on Jellyfin after USPS failed to deliver my raspberry pi TV hat so I can fuck with my cable

>>103093088
If I wanted to get a used business desktop for a home server, which one should I get? I'd like one with space for drive bays but I guess that's a common ask for this sort of thing.

>>103099648
Dell OptiPlex is a good pick

File: _3.jpg (60 KB, 735x779)

60 KB JPG

Gnight homies. My Pi Hat arrives tomorrow

>>103097658
Thanks, I'm up again.
AND HOLY SHIT there's nothing on the news but Trump. Based lads.

>Mercusys MS105GS 5-port gigabit, $20 (AUD)
>Tenda SG108 8-port gigabit, $22
>TP-Link TL-SF1005D 5-port 100mbit, $25
these seem to be my main options for switches on Amazon (that deliver to me, middle of nowhere so nothing local and it'd cost more in fuel to drive to the nearest city that would have networking shit than these switches PLUS postage)
Given that I'm on FTTN getting 50-60 down 15 up, even the tplink 100m is probably fine, but I've just never heard of Mercusys or Tenda, so I'm just unsure.
Also, probably a stupid question, but what sort of tape would be best for running it along the carpet/skirting board?

I got a router and I'm using it as a wireless repeater, and it works pretty well

I know this is considered anathema to many people because you should use hard-wired networking, and yeah I should, but for the moment this works

Thinking about running Ethernet cables in walls so that I can have my network and server stack in the basement, and wall sockets for connections to APs. However, the basement is cold and probably quite humid too during winter. Does anyone here have experience of running stuff in their 10°C (50°F)? I've noticed screwdrivers and whatnot getting rusty down there. How would that treat my electronics?

>>103101539
Even the shittiest brands make decent (unmanaged) switches, they're hard to fuck up. Mercusys and Tenda aren't premium brands by any stretch but they've been making network hardware for a long time now.

>>103094563
keep on searching anon...

i just scored a i7-7700, 32gb, 512 nvme for 50 bucks after 4 months of looking around

Think I am tech savy

>install Debian 12 for use as home server seedbox
>install swizzin seedbox script (saltbox was too confusing)
>use cloudflare to tunnel apps and ssh, internal firewall, rate limiting, fail2ban, rkhunter &c.
>less than 1 day running and CHINA IP's are calling home on port 80 from my server using some PHP exploit
>router freezing from all the ddos and port scanners

Fuck all this bullshit! I just want to have jellyfin and qbittorrent running without being fucked in the ass 24/7

My only choices are to return to an online seedbox hoster or build an OPNsense router and build a bare metal seedbox from scratch.

I think I will get Cline in VScode to audit all my configs and copy them over in future.

How are non CS majors expected to deal with all of this bullshit?

>>103103808
Good old rtorrent doesn't have this problem.

File: 1404078185791.png (104 KB, 394x378)

104 KB PNG

What /hsg/ component are you waiting on the mail to deliver, /hsg/?
I'm waiting on a TV Hat for a Raspberry Pi

>>103103697
whaat
like usd bucks?

I think I anyhow must continue searching, just had some unplanned expenses.
But from my impression on the market, ~150 EUR are the cheapest they go around here

>>103103808
In your secure tunnel firewall, why not block all traffic outside your users locations?

File: thumbnail_IMG_0406.jpg (404 KB, 1440x1920)

404 KB JPG

Can any anons with an autistic knowledge of racks suggest something with these features for me to dig on ebay or whatever for? I'll also take a workstation I can just gut and stick into a compatible rack.

>single socket
>2-4U but I'll take a 1u if I have to
>at least 8 3.5" spots
>better than 1Gb networking or at least multiple 1Gb ports
>2017 or newer chipset
>at least one, extra SATA port
Not mandatory, but wanted
>m.2 slot, can replace the extra SATA port
>1-2 PCI slots/oculink
Things that aren't a concern
>hotswap
>redundant PSU
>SAS vs SATA

File: 2024-11-06__987x565.png (127 KB, 987x565)

127 KB PNG

>>103104074
well, i've just received my cisco small business switch.
Looks cool, i'm gonna learn vlans on it

>>103104410
Nice bro. Are you going into a cisco heavy environment?

>>103104415
not really, mostly for my own curiosity, infrastructure that i manage at my work is all Fortinet.
I needed a new switch to expand and almost bought some random TP-Link, but realized i might as well buy some used business switch with more features for the same price.
Although cisco small business is not even a proper cisco anyway, it doesn't have IOS, cli is different too from what i've read.

>>103104465
Ah, I see. Well, cool pickup regardless; good way to learn a new technology. I'm running OPNsense and plan to set up some VLANs.

>it doesn't have IOS, cli is different too from what i've read.
From my extremely limited understanding, the CLI for cisco routers is all proprietary right? Like you can use standard shell commands.

>>103104485
>the CLI for cisco routers is all proprietary right?
i believe so, same as on FortiGate and Mikrotik i assume, they all have their own shells and userspace programs.
Now that you mention it i'd love to try a Linux/BSD based router OS like OPNsense. I only got a small taste of it by running OpenWrt on ADSL modem.

File: 1385259558299.gif (360 KB, 490x750)

360 KB GIF

>>103104522
I gotcha. You have more router experience than I do for sure.
>OPNsense
I really like it a lot desu. It's a lot of power that I'm learning to control haha. I really recommend it!

I love you Home Server General anons

>>103104247
>usd bucks
yes and it was on fb marketplace

>>103104796
ooh good idea, haven't checked there recently

>>103104810
also i always offer around 20-30 lower than asking price, you might want to do that aswell, high chance that they would agree

>>103104837
I remember why I don't check marketplace - it thinks I am in paris and can't change it to my city.
But thanks for the tip

>>103104876
why can't you change it? it should be at the top of the page

>>103104881
it just doesn't accept it, reverts back to paris

>>103104901
are you using ublock or umatrix? sometime it breaks the site

>>103104913
only network wide pihole, will troubleshoot it tomorrow

Are there any power efficient small components that I can build a tiny NAS with to compete with off the shelf shit from Synology/QNAP or is MiniITX the smallest we can DIY on a moderately economical budget?

I am a networking noob running OPNsense. I just lost my WAN gateway, but for some reason can still connect to the internet and stuff. How is that possible? Is OPNsense giving me a false positive or am I missing something?

>>103103918
>rtorrent

I like rtorrent. I will try as primary next time.

>>103104350
Good shout, but I would still have to let qbittorrent port exposed.

>>103102967
>I know this is considered anathema to many people because you should use hard-wired networking
only retards think this way, context matters. Yeah hardwire what you can, but for non-critical devices that don't need a super fast connection wireless is fine. It's not like you can hardwire your fucking phone or dumb IoT shit like lightbulbs.

Looking for advice on a brand new NAS setup. Currently have a 2 bay QNAP but have enterprise experience with NAS so not worried about taking things on. Specifically want something in a rather small form factor, if possible.

>>103106750
Just get an SFF PC with an 8th gen Intel CPU or newer and plug in as much USB storage as you need.

File: 1728468977572545.png (472 KB, 680x680)

472 KB PNG

needs something selfhosted where you can upload documents
others can see them, read them, but cant download them.
of course there are screenshots and what not, but really its only about preventing average user from being able to get it

though paperless would be it, but nope

>>103106750
some 3 weeks till I get my sagittarious case
matx, 8 bays
cost me 130€
https://youtu.be/fjqKEmNot_M

if I could not get that one I would go for jonsbo n2 for that even smaller form factor with 5 drives

I need wireless on one or two devices because they're too old for the security on the new household modem. I don't want them on that anyway. I am out of internal connections on the server so my options are
>Pass a wireless usb stick to opnsense VM
>Get an old AP and connect it to the physical lan side of said VM
Wait
>USB-C to ethernet
Maybe I'll get that for one device and have less cancer in the air?

>>103099648
Among SFF sizes, HP is the only one that has two bays for fats. 800 series SFF and Z2 SFF.
Otherwise you have to figure out a tower variant.

I'm new to this so bear with me. I've got a server running at a remote location that I'm trying to set stuff up on. I've got a port forwarded for ssh purposes, but that's it. I need to forward some other ports, to get a few other services running. I've got a plan on how to do that without actually going to the location where the server is. I tried setting up a vnc server, but I can't seem to connect to it. Tell me if I'm retarded:
>configure wireguard vpn to run on the port I opened for ssh
>get a vnc server running
>connect to said vnc server through the vpn to be able to change the router settings
The server is running Debian and it does have a desktop environment installed, so I should be able to access the router through the web interface. Is there an easier way to do what I'm trying to achieve?

>>103108889
just set up a reverse proxy ya dingus

>>103109001
I tried this and it still won't connect. Am I doing something wrong? My config file:

server {
    listen 80;
    server_name domain.ddns_server.com

    location / {
        proxy_pass http://router-ip;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Where 'router-ip' is the local ip of my router. I set up that file and put it where the tutorials online told me to, /etc/nginx/sites-available and /etc/nginx/sites-enabled. Is there something here I'm missing or am I just retarded?

>>103109488
my dude, just use nginx proxy manager
https://nginxproxymanager.com/

File: file.png (52 KB, 724x557)

52 KB PNG

>lose wagie
>DSM keeps complaining about HDD
bros, when will prices crash?
I hope it survives until i can buy a replacement.
>verify your email address or wait 15 mins
its ogre

>>103101539
I have a Mercusys 5 port unmanaged gigabit switch. It works just as you'd expect. Just plug your cables in and it works.
>what sort of tape would be best for running it along the carpet/skirting board?
Put your cables under the carpet. Easiest solution.

>>103104074
Waiting for two Sonoff SNZP-02P to monitor temp and humidity in my basement. Hopefully the Zigbee coverage is enough to reach both rooms.

>>103103808
>>103105253
Maybe I'm missing something, and never used cloudflare, but I expose the announce ports of a bunch of transmission instances (dual stack so both ipv4 and the far more popular in China ipv6) and never get anything unexpected
>>103108054
Nextcloud?

>>103109838
>when will prices crash?
never since consumers excusively use ssds nowadays, so hdds are for professional use only
they can charge as much as they want for them (id est mac pro wheels, et cetera)

>>103108054
>others can see them, read them
That's called a website

>>103108492
Dedicated AP is the least hassle if the problem is physically pulling cables. Otherwise USB ethernet should work much better. But all the options you listed would work to some degree. I don't know about opnsense and its support for wireless specifically though.

>>103109619
How does this compare to caddy?

>Get 8TB HDD
>Suddenly full
Nani? Jesus, maybe I should start a home-server...

>>103110618
I believe hdd prices are still dropping in the US $/TB wise.

HAMR/MAMR for the masses fucking when

How low do you guys think a 20TB External drive will go on black friday week? I see 18 TB already going for 279.

File: file.png (4 KB, 323x81)

4 KB PNG

>>103112432
I need to figure out better storage solutions. I have multiple backups of this but having backups sucks.

>>103112432
Full of stuff you downloaded or something is spawning a bunch of files?

File: Math_Lady_meme.jpg (90 KB, 390x255)

90 KB JPG

Sorry if this is a stupid question, but I ran across something while researching for a ZFS NAS/Jellyfin box. Will I not be able to see the NAS in windows if it's ZFS? It won't read as just a big network drive?

>>103114567
Is it ZFS oover SMB? I think it's possible but you could start there

>>103114567
With NAS you don't use the filesystem directly, you're thinking of SAN. As the other Anon said, SMB.

>>103115015
So it will show up in Windows as a big, network drive that I can read and write to, assuming SMB is setup properly?

>>103115142
yes, and once you click through the Map Network Drive wizard

File: 1728223995727753.png (1.43 MB, 1257x2048)

1.43 MB PNG

I want a card that can run multiple some VDI client vms , encode multiple 1080p video streams to AV1 and do a little AI . Should I get picrel ?

>>103109001
>>103109619
I've been fiddling with this for a bit and still can't get a connection. Could it be that the router is blocking incoming traffic on port 80? I haven't done anything fancy with the router settings besides forwarding a port for ssh access.

>>103116285
you need to setup your router to forward incoming web traffic (ports 80 and 443) to your server

>>103116362
Therein lies the issue, I don't have access to the router at the moment. It's in a remote location where the server is, which I don't visit every day. Is there any other way I could access the router settings remotely without needing to forward those ports? I do have a port forwarded to the server, it's just not 80 or 443.

>>103116454
idk, forward x11 through ssh and access your router's web interface through that? you're really complicating things just to not go there

Do I need to hide my home servers IP address or is it okay for people to ping my server and see my IP?

>>103116527
I just figured out a solution. I set up a SOCKS proxy using an ssh connection, and routed all my browser traffic through it. Now I can access the router settings page through my web browser.

>>103116539
Your IP isn't private information, but why broadcast it if you don't have to? What's the context, are you trying to route a domain to it or what?

>>103109838
holy shit anon dont forget to backup

File: SBC.png (310 KB, 1836x840)

310 KB PNG

>>103095501
This bad boy with a 30$ 2.5GBs NIC , you have 4 ports , two 1gb/s, two 2.5gb/s

>>103116182
I'm not sure the support desu

>>103089270
Yeah, I don't really know what it is. I'm on the newest jellyfin and for whatever reason it takes fucking forever to turn on subtitles along with switching audio. It's so fucking annoying I've switched to baremetal jellyfin on debian and thinking about switching back to plex.

File: 1727965215710359.png (25 KB, 295x165)

25 KB PNG

Does anyone know why the fuck this keeps happening where half the image shows up in jellyfin

>>103105024
do you have a 0.0.0.0/0 route? what is the next hop? can you ping it?

>>103117728
What's your setup?

>>103118113
headless debian with nvidia 1030 gpu

>>103118113
>>103118126
running on 10g fiber connect

>>103118126
I've only had this issue when there aren't enough resources. CPU, RAM or busy disks.
back when using an RPI and too much shit alongside it.

>>103118172
ah I have it running on 16gb/i5 so it should be having an issue. It just doesn't for whatever fucking reason display the full image on that folder. I've 777 literally everything in a last effort that it might be a permissions issue.

>>103118178
It might have todo with NFS shares. I'm not sure how to fix this.

>>103118069
Figured out that the IP I was monitoring for uptime went down. Changed to 1.1.1.1, fixed it

I have a few problems that I am trying to solve with self-hosted alternatives:
>calendar to share family. Able to make inidivuals calendars, share events in a big overlapping one
>office suite or notetaking app with dictation/voice-to-text ability
>alternatively, maybe just use obsidian but sync it locally
>fitness/diet tracker. Count calories/macros daily, track workouts
>daily or weekly task reminders. Take medicine, take out trash, etc

I suspect a few of these could involve NextCloud. I have docker setup on a VM. I think I want the NextCloud AIO container to get started, right?

I'm running memtest86 on some cheapo jank ebay ecc rams that I think were stolen, but so far so good.
If it passes 4 runs without errors is that good enough?

>>103103808
why do you even need PHP and port 80 open on your seedbox?

File: 1730739135773197.jpg (348 KB, 800x1231)

348 KB JPG

>>103096741
Congrats. It's OK stuff. The later the better. They can be extremely annoying if you're expecting a 1:1 IOS experience. It's like 65% of the shit works but there's some things that it just does differently and it's ass and feels really clunky by comparison.
The CLI based on ancient Linksys stuff that Cisco bought up.
What exact model?
I have extensive experience with these pieces of shit.
They're functionally fine but every time I use one I'm reminded my company cheaped out and didn't buy a normal ass IOS switch.
We're moving to Fortinet largely now even for switches and I'm not convinced they're any better.

File: youwantpraygame.jpg (55 KB, 576x392)

55 KB JPG

any anon here running a low latency streaming server setup? currently running nginx-rtmp and getting 10-15sec delay on both DASH and HLS, would like to get under 5. apple has their LL-HLS shit but dont feel like making an apple developer account to get their php scripts or whatever they use

>>103121185
sorry about your cheapass job. i would personally quit. no room for skills development with that network infrastructure.

If your up time is less than 730 days, lower your tone when speaking to me.

>>103121350
I turn mine off every year or so to dust the hardware
;_;

>>103121357
Please check your tone.

>>103121366
You did not specify what my tone should be lowered to.

>>103121350
>kids idolize uptimes
>adults never have past 30 days uptime because they patch for security

>>103121389
Ah, the windows user.

>>103121398
You mean, the employed user.
Linux doesn't have so many patches but CVE release often too.
If you know what you're doing, you can easily patch with absolute no downtime because you have redundancy. Again, Adults know this.

>>103121410
Considering this is a thread for home servers, yes, I definitely am not counting employment. I can check the 5 year uptime on my work systems if you wanna dickwave.

>>103121423
Work system uptime of 5 years, lmao, you would have been fired if there was a proper IT director in there.
For a home system there isn't a excuse for some minutes downtime to get your shit up to date.
Damn zoomers and their bad practice.

>>103121441
>>103121410
reading this shit is hilarious when you know it's always a 15 year old

>>103121455
Projecting much? kek

>>103121455
>get called a kid
>no u
Awesome comeback

>>103121462
you are literally telling people how much of a mature adult you are buddy and now you're samefagging me

>>103121441
(They aren't windows systems. My windows systems have some downtime during their patching cycle like everything else).
But there's some high availability RHEL systems that are basically deep internal network stuff that never goes down.

>>103121495
This is the Server thread, not the Switch& Firewall thread.
Even then Cisco, Palo Alto and Fortinet had their bunch of CVE this year to patch

>>103121514
My home server stuff is a lot more flakey and unpatched kek, I just keep an eye on security backports and that's about it. Ironically enough my openssh server was too old for the recent RCE regression lmao

File: 6bb4ff8ab1850ef56f8145670(...).jpg (112 KB, 500x500)

112 KB JPG

>>103121185
SG300-10MPP, a small one for now for home VLANs, though PoE might be useful too once i get APs and cameras going after the renovation.
Compared to managed Zyxels i've worked with it seems much nicer.
>We're moving to Fortinet largely now even for switches and I'm not convinced they're any better.
heh, i'm the other way around, my workplace is mainly Fortinet, don't have the experience with Cisco to compare.
A couple of annoyances i have with Fortis:
>no Wireguard (i guess that's true for all enterprise routers?)
>GUI is nice, until you inevitably need something that's only accesible by CLI anyway.
>managing APs and Switches all in routers GUI is nice, until it breaks (one day all APs stopped working, had to SSH into each of them and clear sync data)
>Multiple L2TP VPNs must use the same user group for authentication, don't know if other vendors have such limitation as well
>Fortis proprietary SSLVPN seems to work well across all devices (compared to L2TP), but security wise it's a mess, every year or so there's a new critical CVE
>hardware offloaded traffic shaping doesn't show any metrics (at least on our model)
>link monitoring for redundancy (physical link + VPN tunnel) just doesn't work, have to use SDWAN

>>103121335
Well they're like obsessed with security which is great and all but it is getting to the point where it's getting hard to actually do my job as shit is so segmented and firewalled everything takes 2-3x as long because you're waiting on latency or file transfers from jump boxes or some shit.

They'll spend money at the drop of a hat just not on the absolute baseline shit.

The Fortinet switches are not terrible I just am relatively unfamiliar with their commands. I think if I had to pick it would be:

Actual IOS or NXOS > Fortinet > Cisco Small Business/Business switches > managed consumer shit > straight up unmanaged switches > Cisco Meraki

I have Ubiquiti Unifi at home and I would put them somewhere roughly equal to Fortinet when looked at holistically as far as reliability, ease of use and breadth of features, but I am also not using them in anywhere near the same environment.

File: 1711672521650268.png (197 KB, 510x795)

197 KB PNG

>>103121549
See I might be spoiled because the CLI on them feels so bad and the GUI is...Well I mean it's fine but I prefer the CLI and that's just not where I like to be. The GUI is slow especially on those older ones because they just didn't give them a lot of resources dedicated to it.

Back in the day we used 3560 and 3560 compacts at plants 3750 for offices. Those were glorious, fast, smooth, reliable switches but they got discontinued.

We used a bunch of SF300-24P and SG300/SG350 10 ports from there in the shit conditions as IOS was "too expensive"

Then moved to CBS250s for those roles

Then fortinet switches and fortigate firewalls.

Fortinets GUI is way better than small business Cisco imo but the CLI feels bad compared to IOS.

Idk if youve used the small business ones before but here's a couple pro tips to save you headaches:
>If you're actually consoling in, Ctrl+H is backspace. Set this in putty and save it. fucking obnoxious
>If you're rebooting while in console, completely close your terminal session and unplug your console cable from the switch after it reboots then reconnect like it was your first time. Auto baud is dogshit on these and you'll think you fucked it up because it'll default to like 11520 and spit out garbage.
>If it's on an ancient firmware you need to do incremental upgrades to get to latest it's a dick pain. If it's below 1.4.13 you need that first. Might also need bootloader.
>if it doesn't like a command it will just fucking ignore it sometimes. No error. You'll think you're crazy or retarded but then double check the command structure and do it a different way and it'll just work.
I haven't had to set up a new one of these in a while so I forget exactly but we have still some of those 3560 compacts in the field all the way up to fortigate. I could list probably...15-20 different switch models we have in production outside of the main datacenter.

>>103117277
Thanks. This looks interesting. It seems to support Openwrt on the website, but not OPNsense. If I am just using this for wired routing (no wifi) and very minimal VPN, firewall, NAT, needs (i.e,. normie home network) which router OS should I use?

File: 1711211469421121.jpg (51 KB, 927x1200)

51 KB JPG

Planning on building my own media server, which will also function as a place to run small applications and containers.
I like the small form factor of the Node 304 case, and have decided to build off of that.

I want the system to be focused around data-storage, but also powerful enough for anything a regular user might throw at it. My needs for applications are very small at the moment, but I feel like getting a proper setup from the get-go, is the best cause of action.

I've been suggested to go for an AMD build, with an ASRock B550M motherboard and a Ryzen 5 5600X.

Below are some of my questions, I'd appreciate any help I can get.

>SATA expansion
The board only comes with 4 SATA ports, and I plan to utilize all 6 disk slots in the future. I also need somewhere to install the OS.
Would it be better to get an M.2 raid-controller, and have the OS be installed on a flashdrive/SSD taped to the inside, or should I get a PCIe controller, and keep the M.2 port for an SSD for the OS (or potentially for cache?)

>B550M vs A520M
From what I can tell, the only difference between these boards, is that one has PCIe 4.0, while the other only has 3.0. I don't plan on adding any graphics cards, will the 4.0 upgrade be worth it for the extra $30?

>Power supply
How can I calculate the needed wattage for the build? I would like for the system to be as power-efficient as possible, and if I could save a couple of bucks on a smaller PSU, it would be great too.


https://pcpartpicker.com/list/DrkYcx


Feel free to critique/send me off in a completely different direction, or help me find places where I can cut cost.
I literally just took this build from another anon, who was doing something similar, so nothing is set in stone for me.
The only absolute must is a min. 4-bay server, with possibility for expansion in the future, that doesn't break the bank.

Thank you in advance.

Does MIkrotik's variable QoS (CAKE autorate-ingress) work fine or am I better off with OpenWRT + cake-autorate?

File: zyxelshit.png (42 KB, 1128x827)

42 KB PNG

>>103122160
yeah, at least the GUI is serviceable and laid out somewhat competently compared to absolute messes like picrel.
And thanks for the tips, it's my first time with Cisco small business (or Cisco period). I'll try the CLI later. I've updated the firmware to latest, but it's still pretty old and out of support (1.4.11). It believe it even has an unauthenticated RCE vulnerability in webui (not that i would allow untrusted devices to connect to management GUI anyway, but i guess you could disable it and use the CLI just to be safe).
>Fortinets GUI is way better than small business Cisco imo but the CLI feels bad compared to IOS.
Coming from Mikrotiks i really like it, especially stuff like looking up references for objects. CLI i've used only when necessary (some config options, "diagnose" commands are a big one)
>I could list probably...15-20 different switch models we have in production outside of the main datacenter.
damn, that's a lot of hardware to manage

>>103122599
I'd just go straigh for a 6 SATA port board, you will regret later if you are forced to sacrifice PCIe slot for SATA expansion card and thus unable to use it for a faster NIC or M.2 expansion card.

>>103122599
You can boot your hypervisor off a USB drive, but you'd still need a drive for your VM store. PCIe HBAs are good; they'll enable you to use SAS drives (you can get some real good deals on refurbished enterprise drives) and are generally more reliable than consumer motherboard SATA controllers; you can let the hypervisor manage it, but I like to just pass it through straight to my NAS VM (the VM store drive still remains connected to the motherboard controller in this case).

File: 1688139907669283.jpg (519 KB, 1613x1049)

519 KB JPG

>>103122645
Yeah I definitely prefer working on Fortinet stuff through the GUI. Which...fine. It's pretty smooth. Better than any of the comparable Cisco UIs I have used. But I'd still take IOS CLI over all 9/10 times.

Are you sure it's on the latest? 1.4.11 sounds old to me but maybe it is the latest. Also I think I'm mistaken when I said 1.4.13 I think it is 1.4.1.3. Whatever yeah the SX300 are pretty old now. 1.4.1.3 came out in 2015 lol.

Off the top of my head
C3560-8PC
SF300-24P
SF300-48P
SG300-10PP
SG350-10MP
CBS250-24
CBS250-12
CBS250-8
C2960-48P
Fortiswitch 24 gig non poe
Fortiswitch 8 gig poe
SF100D-08P

Oh yeah that's another retarded thing we did. Fortiswitch 24 port poe were out of stock so the standard is 24 port non PoE then an 8 port PoE daisy chained off of that instead of just buying a fucking 2960 or whatever. They got bad taste in their mouth from all those SB/CBS models. They would discontinue then bring out a new model every 3 years so it was like impossible to standardize. Would have been fine if we just bought some IOS ones.

Rant over. Sorry but this shit pisses me off I get heated every time I have to deal with someone else's decision to cut corners on basic infrastructure.

To circle back, that switch you got will end up being amazing for hsg uses. I just saw a familiar model being mentioned and I couldn't help but autism vomit.

>>103122709
Do you have any recommendations for a Mini-ITX board, with 6 native SATA ports, for an AM4 CPU I could look at?

Since you brought up an M.2 expansion cards for PCIe, would it make sense to have the boot drive, and potentially a cache drive on one of these, and then use the native M.2 slot for a SATA expansion?
This would actually be really ideal for my current situation, as I only need 4 HDDs atm, which I could run off of the board natively, and then a boot-drive in the M.2 slot for now. Then I could just buy the PCIe expansion, and M.2 expansion, later on when I needed it.

>>103122599
>I've been suggested to go for an AMD build, with an ASRock B550M motherboard and a Ryzen 5 5600X.
Do not go AMD for a media server. The transcoder/hardware support is not as good as Intel, and I say this as someone who uses both AMD and Intel in personal server and gaming projects.

I have an i5 12500 with UH770 -- it's a dream to use desu

>>103122599
>ITX consumer chipset custom build "server"
What's even the point, honestly? Future expansion completely aside, you're hitting several limits before you even got the damn thing. Get some used Supermicro node with a decent storage controller and enough ports, and at least 2 GbE ports + IPMI.

>>103117277
OpenWrt is all you need , if you need wifi you just use a Wifi router as an AP instead of a Wifi, it'll actually improve the longevity of the device, less work on the tiny cpu.

>>103123455
>if you need wifi you just use a Wifi router as an AP instead of a Wifi
man... get the fuck out of here

If you're using a third party service like tailscale instead of self hosting your own VPN infrastructure I look down on you

>>103123143
>Do you have any recommendations for a Mini-ITX board, with 6 native SATA ports, for an AM4 CPU I could look at?

https://www.newegg.com/asrock-rack-x570d4i-2t-amd-ryzen-3rd-generation-series-processors/p/N82E16813140045

Cheap it is not (I assume you *have* a limited budget* but it does come with true server features like IPMI (remote management), ECC (nice to have) and 10G onboard NIC (might also support 2.5/5G).

How to use I/O is up to you. However if I had to choose I'd rather get an quality HBA for PCIe and use M.2 just for boot drive as I'm a bit vary about those M.2-6xSATA -cards.

If I'm not using any additional PCI devices, and not maxing out the RAM, is there any disadvantage to only running 1 CPU in a dual socket system?

>>103123191
Transcoding is not one of my main concerns for this. I very rarely use transcoding when streaming.
When I say "media server" I probably mean more a storage server to be honest.
The thing the server will be used for the most, is basic storage of all my data. With complimentary scripts and docker containers.

The reason why I liked the suggestion of AMD, is that it seems you get a lot of bang for your buck.
It seems I can get a lot more cores, which would be nice for some of the scripts I plan to use.
Feel free to redpill me on Intel though. As you can probably tell I'm very much a noob, and I'm still open to going the Intel route.

>>103123423
The main point is to have a small case, where you can cram in a bunch of HDDs, and run it all on (cheap) hardware, that can also function as a very decent homeserver.

Is my philosophy completely flawed?
I assume you're talking about actual server racks, when you mention SuperMicro. I don't have a rack closet, and while I'm sure I'll eventually have to go this route, it seems quite overkill for my needs of just 4-6 bays.

This will basically function as an alternative to a Synology or QNAP NAS. With a lot better hardware for the various scripts and containers.

>>103122175
I think openwrt. I haven't used opnsense but for this purpose it seems like using a swiss army knife when you only need a precision screwdriver.
>>103122631
I'm sure Mikrotik's is quite good, but I've never used it. I've been pretty happy with the openwrt implementation even under some difficult scenarios.

>>103123765
>https://www.newegg.com/asrock-rack-x570d4i-2t-amd-ryzen-3rd-generation-series-processors/p/N82E16813140045
Thank you anon. And you're right about your assumptions.
I'll take this into further considerations, and maybe see what prices looks like next week.

>>103122599
I use the same case, 5900x, and b550 asrock phantom itx. I have a gpu in the pcie slot and a m.2 to pcie riser in the bottom m.2 slot. In the top m.2 is my boot drive. In the pcie riser I have a lsi hba card. This has worked essentially 24/7 for me for 3 years. I had a lot of the parts already and was able to get the rest secondhand, but I have a lot more money and some more knowledge now so I don't think I would go this route again. But I do think it can work if you already have some of the parts.

>>103124053
>I assume you're talking about actual server racks, when you mention SuperMicro.
I guess I should have been more clear. Supermicro do small (ITX and similar) server nodes. If you're hell-bent on that particular case, you can try and source a Supermicro or AsrockRack ITX board, one that would typically have 8 or more SATA ports, at least 2 NICs and remote management, none of which you're ever gonna get in a consumer ITX chipset (and you'll have practically no room for expansion either).

>Is my philosophy completely flawed?
I'd say it's extremely short sighted. There's nothing wrong with a small form factor, or reusing consumer hardware that you already own, but going out of the way to buy and custom build a consumer PC for a purpose it wasn't designed for, is silly.

>>103093280
>Unraid
Pay for a perpetual license, but after one year you have to pay for "OS Upgrades".
Into the trash it goes.

>>103121327
I'm not running anything like this but it sounds interesting. What are you streaming exactly and why in a separate server, for performance? How is your streaming server connected to the device your streaming from, or are they the same machine?

>>103093088
I am going on a month long trip during the holidays. I feel guilty for spending money and time on it, rather than my home server activities

>>103123547
Sorry Anon I was high as fuck, I meant instead of layer 3 AP , use it only as an AP and just make the router do it's thing.

>>103121389
>he doesn't have livepatching on his distro

>>103124053
Transcoding?

Yeah just like they should be.

>>103124534
carlos...

How long does getting domain validation take? I made the CNAME record and now I guess I'm waiting for my SSL to be applied?

>>103093088
cute, who is this woman

>>103124100
Thank you for chipping in. The extra M.2 slot, on the b550 you have, would come in handy, but it's almost double the price, so I'm not sure it would be worth it for me.

May I ask what you dislike about this setup, and what you would've done differently?

>>103124181
>Supermicro do small (ITX and similar) server nodes.
Could you perhaps send me the name or image of one of these? I'm having trouble finding anything related to these on the webshops here in Europe.

I'm not hell-bent on the case in any way, but I really like the form factor, and how it would allow me up to 6 drives (which is the sweet spot for future proofing), and still have room for a couple of SSDs, should they be needed.
It's also cheap enough to fit in my limited budget, and easily available to me. I guess that's the main reason why I stumbled on it to begin with.

>Supermicro or AsrockRack ITX board, one that would typically have 8 or more SATA ports, at least 2 NICs and remote management
I'm having trouble finding boards like these, in the usual places I look. Do you have any specific recommendations?

>There's nothing wrong with a small form factor, or reusing consumer hardware that you already own, but going out of the way to buy and custom build a consumer PC for a purpose it wasn't designed for, is silly.
You're probably right with this statement.
I still have a lot to learn, and maybe I've just been blinded with how much you can actually get for your money, when you build a consumer PC to be used as a server, compared to something like buying a Synology NAS (which will cost more than double, for half the specs).
But I also want to get it right from the get-go, and not be stuck with hardware that's unusable in the future, when I'll inevitably have to upgrade.

>>103122040
heh, you should try working for the government.

those small business switches and fortinet devices do not have the same capability to be secured as a normal catalyst by a long shot. you can use that as the predicate to get them to fund you. fortiswitches dont even have a STIG.

>>103124534
Transcoding will be illegal now

>>103124816
>Do you have any specific recommendations?
Try looking wherever they sell used enterprised gear, Ebay or your country's equivalent.

https://www.supermicro.com/en/products/system/Mini-ITX/1019/SYS-1019S-MP.cfm
https://www.asrockrack.com/general/products.asp#Server
I have no idea where you'd get shit like this, all I know is it exists and you should aim for something close to that if at all possible.

Is Server Part Deals legit?

>>103124084
OK. Thank you. I will look into openwrt first.

>>103118858
I realize I'm probably relevant to like 3 people here, but I'm bumping this again in case anyone has any suggestions

File: 1730349124373592.jpg (52 KB, 732x469)

52 KB JPG

I moved my NAS to a new server chassis, and my last drive is getting UDMA CRC errors. Cheap SAS breakout cables are the bane of my life.

>>103124816
>May I ask what you dislike about this setup, and what you would've done differently?
Basically what >>103124181 said, I would have gone for an enterprise first setup. I've slowly modified my original build with "upgrades" in order to avoid fully redoing it, but it's still not as integrated as a server platform would be, and I can afford one now. I have a pikvm which I do believe is better than most manufacturer's IPMI, and my motherboard does support ecc mostly completely, but it's still not as perfectly integrated as an enterprise platform would be.
I think it's fine to do a consumer build to an extent, I just don't know whether I'd use AM4 for it. On your 5600x, the io die can't be turned off so it will use about 15-20w higher than the APU line.
>>103125052
Yes.
>>103125705
I don't even use nextcloud so I'm not sure how much help I can be, but that's the only thing I know of that matches your suggestions. Otherwise you could try searching through github for something that implements close to what you want or writing your own.

File: download (1).jpg (5 KB, 214x235)

5 KB JPG

Question:
What does /hsg/ do for DNS?

Do you guys run standalone script on your router to use a DNS provider? Are you using your server to host the DNS resolver?

I was recommended to use nextdns.io (pay $20/year) because I can use it on all my devices for a seamless ad free experience. Also told to use firewall rules with DoH blocklists, etc. HAven't done any of that myself.

Adguard seems solid on my server (current setup), but I guess it makes sense to have the router do this directly? Of let the firewall block shit via Doh-blacklist files...

Any good practices or links I can read to follow what you network chads are doing to keep your shit ad-free and secure?

>>103126020
AdGuard (VM in a hypervisor) for internal DNS going to Digitale Gesellschaft using DNS over TLS, with tons of custom blocklists. Then, block all udp/53 outbound. Only allow tcp/853 to DG servers from the Adguard server itself. Then, also allow udp/53 from AdGuard to 9.9.9.9 to resolve the DNS over TLS server. This way no one on my network can attempt to use DNS outbound except through AdGuard.

>>103126626
>This way no one on my network can attempt to use DNS outbound except through AdGuard.
Does that mean all queries get redirected, or do they just fail if you try to use anything other than AdGuard? I'm guessing the latter, especially if it's over TLS.

>>103102968
My server rack is in my basement, which gets humid enough to somehow make sealed (?) guitar strings rust, but I've not seen any issues on any of my computer parts. Cold temperatures only benefit the servers.

>>103096314
If you don't care about performance like you say, then sure, SMRs are fine. They're not going to magically not work at all if they're put into a NAS vs a desktop.

>>103096743
I use a combination of them for different usecases. SMB for user directories shared with Windows, syncthing for multi-host syncing/backups, Longhorn for k8s, and NFS for everything else.

>>103121350
>>103121389
Greybeards measure uptime not of the host, but of the HA cluster.

>>103095102
>no u
no u

>>103104933
Sure. Lots. The more stuff you want to add though the less small/efficient it's going to be. Figure out how much NAS you need and work backwards.

>>103117579
Switching audio I also use to have long delays with, but after changing my transcoding cache dir to an SSD, I haven't had the issue since.

>>103123944
Only disadvantages are like you say, less resources: cores, RAM, PCIe, other I/O, etc.

>>103102968
put a dehumidifier down there. are you new to basements?

>>103126020
Inside the lan, dnsmasq handles dhcp and dns
For outside access, dyndns

go to yunohost.org and scroll down lol

>>103126703
No redirection. Any DNS queries attempting to leave the local network for the internet (north/south) will hit the outbound firewall and get dropped. This way, everyone is forced to use AdGuard as the intermediary DNS. So, everyone has their DNS traffic encrypted as it leaves my network. East/west (locally) the DNS queries between AdGuard and network devices are unencrypted.

>>103126626
Thanks fren. Didn't know about Digitale Gesellschaft as a secure DNS provider.

This part seems odd but clearly you know a lot more about this then me. This is from your NAT settings on your router / firewall correct?
>Then, also allow udp/53 from AdGuard to 9.9.9.9 to resolve the DNS over TLS server

>>103122886
a 3850 is like $50. why buy any of that?

>>103126959
No NAT. You can set the upstream for resolving the DNS over TLS server itself within AdGuard. So, unencrypted DNS queries only get sent to that one specific server to resolve your DNS over TLS server/DoH server. It's granular like that. It smokes other DNS blackhole solutions.

>>103126927
So any devices with custom DNS settings won't be able to resolve anything... But hang on - since east/west queries are unencrypted, would it not be possible to get the gateway to redirect them all to a particular DoT provider?

File: IMG_7222.jpg (2.96 MB, 1320x2352)

2.96 MB JPG

Post your network cats

File: 1705666715410921.jpg (49 KB, 1080x534)

49 KB JPG

>>103126970
A 3850 was definitely not that much new. They will only buy new hardware, despite lighting striking out at least one plant a year usually and having some switches built in 2008-2009 still running in production.

It's so tiring.

File: Capture.png (43 KB, 508x1015)

43 KB PNG

>>103126984
Thanks. I'm such a noob compared to you. Is it possible to share what I am doing wrong? Whenever I mess with the DNS settings it breaks this NAT rule in the router. Pic related.

My Adguard port is 30004. My Adguard Ipadress is 192.168.1.48

Is there a simple way I can make my router force ALL DNS lookups to the above? I thought what I put in the NAT rule below would do it, but everything breaks.

File: Capture2.png (70 KB, 1186x1092)

70 KB PNG

>>103127198
My DNS settings in Adguard are here.

>>103127198
My understanding is that all the globohomo devices in my house have hard-coded DNS lookups and want to force the router to steer it all to the Adguard filter.

Thinking to jump into Nextcloud stuff this weekend. I've been meaning to install it and try it out. Is it worth it? It seems like it can do a lot, but that's predicated on the plugins really being worth it. If they're not up to par then I'll end up just not using them.

>>103127001
Sure, but then there's no blocklist to blackhole unwanted traffic. When you use AdGuard as the intermediary you have a blocklist enforced against
DNS queries.

>>103126984
You don't need to do NAT for the redirection. You just change your DHCP scopes to use AdGuard as the DNS server. Then, all your internal servers which get an IP from the DHCP scope will use AdGuard as their DNS server, which then filters and passes to the upstream. For anyone who tries to manually override their learned DNS you would use outbound firewalling to block any requests from leaving the network.

File: dnsovertls.png (27 KB, 626x777)

27 KB PNG

>>103127375
>>103127198
>>103127211
Like so. No NAT needed. Just block all udp/53 outbound from your devices. I would also say you should kill all NAT on your perimeter firewall for internal subnets which shouldn't be internet routable so they don't call home (IoT device subnet/VLAN).

>>103127198
Oh I see what you're doing now, you're running your DNS listening service on 30004. I thought you were talking about your web GUI service. What are you attempting to do by doing this? I'm sure there's a better way of doing it.

>>103126754
Strange, I have my transcoding cache on a nvme. Its still an issue.

>>103110618
This meme that "pros" are price insensitive isn't entirely true.
I would agree that with certain things businesses' buy is heavily overpriced (like a 70K HDD shredder that jams every other day), but when it comes to production hardware there is some incentive to buy things at a lower price.

Just because 33TB HDDs are out doesn't mean it's the ones being ordered in bulk. 22TB/24TB HDDs are much better value and is what's going to be bought in mass atm.

File: refurb_thinkstation.png (1.16 MB, 2067x1025)

1.16 MB PNG

is refurb hardware a bad idea? good value? use case would be: media (plex) server, irc bouncer, backup (RAID) for my main rig. it's overkill for my needs right now, but I might want to do more in the future

Is a quad core CPU enough for 10Gbps total throughput routing for a LAN?
rebbit told me I need at least 8 cores for 10GbE traffic, especially if I needed IDS/IPS and VPN.

>>103127655
I'll be honest. I'm really new and underqualified for this.

I have a Truenas server with Adguard installed as a k3s app. For reasons I cannot explain, it has to be listening on port 30004 (Adguard).

In my router, I have the DNS lookup as 192.168.1.48. To specify that all DNS inquiries go to port 30004, I have to use the NAT I shared to make it work. It does work for any traffic that isn't hardcoded for its own DNS lookup (i.e., devices going to the router 192.168.1.1)

I tried this guide, but it doesn't seem to like Adguard as I lose all DNS functionality.

https://myhelpfulguides.com/redirect-hard-coded-dns-to-pi-hole-using-edgerouter-x/

Hope this makes sense. I'm not trying to do anything super complicated; just maintain a DNS for my family that doesn't have my kids accidentally find porn online and block most ads. I'm really happy with Adguard, but I think I need to study up on my router and NAT rules....

File: Capture.png (44 KB, 506x1026)

44 KB PNG

>>103127655
>>103128047
Also, I am totally ok with doing anything to make this work easier. I know Ubiquiti gets shit on, but I am sure I can get my router to do this via NAT / firewall commands.

This is my current NAT setup that works BUT is not catching all the DoH / hardcoded DNS lookups to my knowledge.....

>>103128047
>>103128065
I'm a network engineer by profession so I have some particular feelings about using NAT for redirecting traffic internally. For instance, there are potential issues with looping traffic, or blackholing traffic unintentionally. There's a lot of hierarchical configuration required to create exemptions to the NAT redirection to not affect traffic which shouldn't be redirected.

The point of that guide you linked seems to be to basically intercept outbound DNS queries (going to any:udp/53 on the general internet) and redirect them to your internal AdGuard server for pre-processing. No port address translation is required on your AdGuard server to do this. This NATing is supposed to be at the network level, as your traffic passes through the network device (router/firewall). Because your AdGuard server isn't directly in the data path, doing NAT on it isn't relevant because it wont catch errant DNS traffic.

Your AdGuard should just simply listen on udp/53 as it normally would. You don't need to do any tricks with PAT on the device. So, toss the NAT rule on the AdGuard server. All you have to do is assign the AdGuard DNS server to everyone from your DHCP server which hands out your local IP leases.

What I'm doing on my network is blocking DNS queries outbound instead of redirecting it to AdGuard. Both of these methods gets the job done. My method would be simpler and less dangerous for a non-network engineer to configure.

In regards to blocking your kids from seeing bad shit online, you should consider an MDM solution for their phones for when they're off your home network. Also, you'll want to look into implementing some kind of layer 7 firewall inspection to stop them from using a VPN to get around any of your DNS filtration at home. Why layer 7 inspection? Because layer 4 firewalling isn't smart enough to catch tunnels built on tcp/443 as an example.

>>103128286
You're that smelly pissant retard who thought the bottleneck of a 10G connection running at 180MB/s was related to jumbo frame not being enabled.

Nobody listen to this dumbass.

>>103127874
Not worth it. This thing is old, slow and a power hog. For what you are describing, you're better off with a newer, faster, low power chip. Say a 65W Ryzen at most.

File: 1516746442351.jpg (88 KB, 645x729)

88 KB JPG

>>103128302
>Say a 65W Ryzen at most.
>ryzen
>in a home server

File: 1710260909786360.jpg (101 KB, 1024x659)

101 KB JPG

>>103128299
Huh? Are you ok, shizoid? That's no way to ask for help with what ever your problem is.

File: PXL_20241109_033009315.jpg (369 KB, 1846x1300)

369 KB JPG

The Setup.

>>103128413
Cool cabinet. Does it muffle the sound any?

>>103128299
Seriously man. What did this guy do? Guy is trying to help and you go full rage mode.

File: firewall questions.png (45 KB, 863x797)

45 KB PNG

>>103128286
This makes sense. I just can't change the port for the Adguard k3s to 53 in the Truenas application. Assigning 53 forbids it. Maybe thats a glitch on the app for Truenas server, but I can live with the 30004.

>My method would be simpler and less dangerous for a non-network engineer to configure.

Ok. So how do I block the DNS queries outbound with the exception of the adguard server of course? Firewall rule like below (i.e., block all outgoing requests on port 53 except the adguard server on 192.168.1.48?)

Sorry for noob questions. I still struggle with the concept my router sees all traffic on the LAN as from the outside....

>>103128517
eth1 is my LAN connection. eth0 is the WAN (modem) connection.

>>103128306
>implying a 65w Ryzen isn't more than powerful enough for 99% of home server tasks while not eating 300w at idle

r8 my just werks setup:
>old thinkpad x220 docked inside my closet
>windows 10 education (not activated)
>2tb toshiba external hard drives, one for data, one for backup
>bitlocker for encryption
>transmission gui for torrenting

>>103127375
I think you misunderstand me. I wasn't saying "what if you don't use AdGuard as the intermediary and just use outbound DoT", I was saying "what if instead of dropping DNS queries that attempt to bypass AdGuard you could force-redirect them to AdGuard"

>>103128587
No retard the point is there is zero reason to ever by AMD trash over Intel for a home server. AMD's hardware transcoding is nowhere near the level of Intel's, and Intel has always had better idle power consumption.

longshot, but here we go - anyone in central/DACH EU willing to sell me a decent used mini/micro pc?

>>103128041
My Pi5 easily routes 1Gb/s worth with NAT using a few % on a single core. No way you need that a big CPU even for 10Gb.

>>103124300
generally it's just obs rtmp from my desktop to nginx-server which packages it HLS/DASH and gets played over http(s) from the same server. can stream from my phone too since it's on a vpn to my home, or I could just open up the nginx rtmp port to the internet.

>>103128825
Ok, I understand now that you said k3s. What you're trying to set is your nodeport, not your DNS internal listener server port. Leave your node port as 30004. Make sure nothing else on your TrueNAS box is using udp/53 for listening (like dnsmasq). On TrueNAS do something like: "sudo lsof -i UDP:53". If you're clean there, you'll set up port forwarding on your TrueNAS for all traffic inbound to udp/53 (source) and redirect it to udp/30004 (destination, your k3s AdGuard instance nodeport).

File: 1701159780339871.jpg (8 KB, 232x172)

8 KB JPG

Is there really no solution for certificates on a private network outside of making your own CA? The effort to trust these certs on each device is such a grating experience.

>>103130215
That's not proper routing, so it's not really fair to say. Doing 10g from a desktop with a default gateway is trivial nowadays (as long as you know what you're doing) and you get line rate easily. But, doing 10g of actual routing requires purpose built route processors. Additionally, IDS/IPS (layer 7 inspection) requires WAY more than just 4 cores for even 1gb of traffic, let alone 10gb. Caveat is that it depends on the rulesets that are loaded. Layer 4 firewalling (not IDS/IPS) can easily be performed by a Pi5, and simple forwarding (not actual "routing") can be handled by a Pi5 as well.

Some guy was on here was showing how his 2700x could just comfortably handle 1g symmetric with 50k L7 IPS rules in layer 2 bridging mode. The Pi5 has 50% less physical cores, each with 50% less performance core-for-core. You do the math.

>>103128698
>windows does auto update
>corrupts all your bitlocker drives
>lose all your torrents
>only see the damage a week later because you forgot to view the transmission gui errors

>>103093088
Should I move from docker to podman? I am looking for a cross platform solution and it seems podman is easier to setup an all environments compared to docker

>>103131113
I have the same issue and I think lots of people just do self-signed stuff from like LetsEncrypt

>>103130402
Thanks this is helpful. My router does have dnsmasq enabled, so this is probably screwing me up too. I will do as you wrote.

File: you're_baka.png (125 KB, 547x476)

125 KB PNG

Looking for server rack/enclosure recommendations. I recently got two 2U servers for free and want to put them in something nice, but I have zero familiarity with racks or rack-mounted equipment. Having some extra space for future equipment and shelves would be nice.
What are the go-to brands?

also what the fuck I had to wait 15 minutes and disabled 4chan X to send this post, why is 4chan retarded now?

>>103131840
Doesn't really matter, imho, especially if you're already using docker. Starting from scratch though podman probably makes a bit more sense since a few distros now make it harder to install docker than it needs to be, and it's nice having rootless be the default.

>>103131150
>>103128041 anon here
So from what you're saying, unless I can afford one of those threadrippers I should forget about IDS/IPS on a 10Gbps throughput.

Where should I go from an old Lenovo SFF and USB enclosure setup?
Turns out I've been having a lot of fun learning how to manage a homeserver these past two years, and my family all use my server. I'd like to get into something better with clear and simple upgrade paths.

I got a fujitsu server that I'm trying to install winserv2019 on, however, it's not detecting any disks when I try to install in from USB, and asks me to find some drivers. What should I do to make it work?

>>103134945
find some drivers.

>>103134987
It was a fully functional server, I can boot it normally, no idea why it's not working, are you sure that's the issue?

>>103133193
bump

Don't you guys get paranoid that your server is going to be hacked? How do you know there isn't a virus in it right now?

>>103094665
OP's is better

>>103137398
because it runs my own kernel written in my own language on my own hardware. It would be difficult for me to crack - it would be virtually impossible for anyone else to hack.

Here, enjoy my ipv4;
11.138.26.15

>>103137655
>my own kernel
publish the source and you'll be pwned instantly

>>103137398
I haven't had a virus since Obama was in office. Are you a bit daft and get toolbars installed still?

>>103137715
why would I publish the source? If it's easy to break, it's easy to break - go for it, you've got my addr.