No NAT November editionPrevious >>107047472READ THE WIKI! & help by contributing:https://igwiki.lyci.de/wiki/Home_serverNAS Case Guide. Feel free to add to it:https://igwiki.lyci.de/wiki/Home_server/Case_guide/hsg/ is about learning and expanding your horizons. Know all about NAS? Learn virtualisation. Spun up some VMs? Learn about networking by standing up a OPNsense box and configuring some VLANs. There's always more to learn and chances to grow. Think you’re god-tier already? Setup OpenStack and report back.>What software should I run?Install Guix. Or whatever flavour of *nix is best for the job or most comfy for you. Jellyfin/Emby to replace Netflix, Nextcloud to replace Googlel, Ampache/Navidrome to replace Spotify, the list goes on. Look at the awesome self-hosted list and ask.>Why should I have a home server?/hsg/ is about learning and expanding your horizons. De-botnet your life. Learn something new. Serving applications to yourself, your family, and your frens feels good. Put your tech skills to good use for yourself and those close to you. Store their data with proper availability redundancy and backups and serve it back to them with a /comfy/ easy to use interface.>Links & resourcesCool stuff to host: https://gitlab.com/awesome-selfhosted/awesome-selfhostedRouterOS's: https://igwiki.lyci.de/wiki/Home_server#Customhttps://reddit.com/r/datahoarderhttps://www.labgopher.comhttps://www.reddit.com/r/homelab/wiki/indexhttps://wiki.debian.org/FreedomBox/FeaturesList of ARM-based SBCs: https://docs.google.com/spreadsheets/d/1PGaVu0sPBEy5GgLM8N-CvHB2FESdlfBOdQKqLziJLhQLow-power x86 systems: https://docs.google.com/spreadsheets/d/1LHvT2fRp7I6Hf18LcSzsNnjp10VI-odvwZpQZKv_NCICheap disks: https://shucks.top/ & https://diskprices.com/Remember:RAID protects you from DOWNTIMEBACKUPS protect you from DATA LOSS
Project is expanding, got a new 9U cabinet. I intend to put a table top on top of the cabinets so it looks a bit better than it does now. I also got more expansion for the plex server, I'm gonna be at 124TB, but I don't know if the cables from my HBA can extend long enough. Gotta see what happens.Got a identical twin 14700K/128GB pair of main servers with an asus PN53 for quorum (all proxmox 9), one PBS server and my backup power supplies. Gonna experiment building a Kubernetes cluster from 5 intel NUC's this weekend probably.
Is Pangolin the way?https://youtu.be/8VdwOL7nYkYAlso, how can I use domain names on my local network when ProtonVPN hijacks DNS completely? I was thinking maybe adding my router's default gateway to my domain's A record, as long as that won't conflict with whatever services I need exposed to the Internet, but maybe I can do something like that through Pangolin instead? Should I use CrowdSec btw?
do you guys seed your torrents forever or would rather save your disks?
>>107114201I used to have share ratio set at max 10. Now I've got it set to 20, but usually end up sharing for way more until I've watched the media or whatever and am finally ready to move it to its final destination.
>https://www.reddit.com/r/homelab/comments/1opbcov/building_a_rugged_localai_brain_box_need_one/which one of you is this
>>107113658>Gonna experiment building a Kubernetes cluster from 5 intel NUC's this weekend probably.actually have something like this planned. i have about the same number of NUCs too. what CPU gen are they?
>>107113287>No NAT November edition>IPv4 in picI envy your package count, my NixOS setup is at 4k+ with only two derivations saved
>>107113658How much were those cabinets? The main reason I hate rack servers is that they look ugly, but they don't make horizontal racks so I can make it into some kind of table or something.Also wouldn't putting a table on it block the air flow?
>>107113658>upright UPS in a rack mount when 2U UPSs existi dont mean to ick on your yum but... why?
Does CloudFlare actually offer E2E encryption or are they just lying out of their ass?How would they be able to proxy content if they aren't always a man-in-the-middle?The reason I ask is because I've seen domains using Cloudflare CDN/Proxy but not using Cloudflare SSL, however they must still decrypt everything right? So how does that work if the site doesn't use their cert?Hm I guess you upload your site's cert to Cloudflare so they have the private key and can decrypt the packets, is that right?
>>107115488https://www.linkedin.com/pulse/cloudflares-technical-architecture-internet-largest-kord-campbell-g7ukc?tl=enoh lol it's worse than i thought>Cloudflare maintains extraordinary cryptographic authority through their certificate infrastructure. They automatically issue SSL certificates for all customer domains through partnerships with Let's Encrypt, Google Trust Services, SSL.com, and Sectigo. More significantly, Cloudflare operates individual Certificate Authorities for each customer account, enabling them to generate valid certificates for any subdomain without customer notification or consent.>This certificate issuance capability extends beyond standard domain validation. Through their Universal SSL program, Cloudflare can create certificates that browsers trust implicitly, as they're signed by recognized Certificate Authorities. When organizations use Cloudflare Gateway with root certificate installation, Cloudflare gains the ability to issue valid certificates for any domain from the perspective of those devices - not just domains using their service. This transforms their infrastructure into a comprehensive certificate authority that can authenticate any HTTPS connection.>The trust model implications are profound. Traditional SSL/TLS assumes end-to-end encryption between users and servers, with Certificate Authorities merely validating domain ownership. Cloudflare's model breaks this assumption by becoming both the certificate issuer and the connection terminator.
>>107115488oy vey!
>>107115607You're on CloudFlare right now, they can read everything your IP posts.
>>107114687I was tired of waiting for the next thread, so I more or less copied the previous one with some minor tweaks, removing bloat like pfSense and Plex, etc. No NAT November was funny so I just kept it.
>>107114534>I'm building a small rugged AI device>I just need one builder
>>107115619i don't mind, i'm being shit ton of nat,around 10 or more hops(proven by traceroute 8.8.8.8), 3rd worlders benefit, they need to go through some shitty beaurocracy just to find me a literal nobody?i do wish i had anon registered local sourced vps i can tunnel my traffic into though
>>107115704*behind shit ton
>>107115704i'd like to say i don't mind either, but truth is i have no choice and that's annoying. if i could i would browse private.4chan.org with a little slower load times but there is have no such option.what i find to be the biggest problem is that most people don't know about this, https does actually no longer mean communication is encrypted between the web site and the visitor. there's a man in the middle and he can see every single password you type and compare your style of writing on other CloudFlare sites to figure out who you are. maybe you're not behind 7 proxies on your phone for example.
>get a dell r630>unplug status light because fuck you i know drives are unplugged and one of the power supplies isn't there>won't bootgay
Hey fellas, I'm looking for a cheap-ish nuc or something similar for storing a bit of data and jellyfin. At most I'd maybe like to add a 2-4tb hdd for data and that's about it.Also, real retard question but since I'd also like to use home-assistant, can I run it on the same system as the server using a vm or something similar?Any particular models a good idea? Also if any krautfags got a recommendation where to buy used ones I'd love to hear it, ebay seems kinda shit.
>>107115945used thinkcentre for 50 bucks.
>>107115533Now realize that every cert authority bundled with your browser can generate any cert they want and your browser will trust it. Now go skim the list of cert authorities and look at all the questionable ones you have installed.
>>107115533>>107116095https://arstechnica.com/security/2025/09/mis-issued-certificates-for-1-1-1-1-dns-service-pose-a-threat-to-the-internet/
>>107116095sure but that's not the same as seeing all data and activity between you and a web site.
>>107116129Actually it is. Anyone can gen a valid cert from one of these authorities and use it to snoop the traffic.https://www.ssls.com/blog/root-certificate-authority-untrusted-by-browsers-after-concerns-about-ties-to-us-intelligence/
>>107116306if i connect to their server sure. these things are a little more involved than just giving everything on a silver platter to cloudflare, not even anything malicious just willingly and working as intended.
>>107115681I'll make the logo!
>>107113872mDNS
>>107115945>>107115994I do this but with a 8TB external HDD
Is it safe to run HDDs like that until I wait for the HBA card to arrive?
>>107115805you already know whomst to blame.>>107117006you already asked about this and got your answer thermal wise and wire load wise,
Use-case for putting Unbound in forwarding mode in order to trust some third party to resolve your requests when ISPs can just do rDNS lookup or check SNI to get everything anyway?
>>107116843I mean, at least the .local suffix would would avoid confusion, but I won't be able to use my domain name this way like a cool home lab redditor.
>Finally got the shit I need to retire my Haswell NAS>TrueNAS Core is killIs there any good BSD based alternatives to Core?
