Use Microsoft authenticator on your account, it won’t stop people from trying to access your account but you’ll stop getting these and it’s generally safer than any kind of email based 2fa
I’m definitely not a network pro, but it sounds like you’re looking to do something similar to what I have.
I’ve got nginx proxy manager as my reverse proxy with pi-hole for local DNS. All traffic goes through the pi-hole and anything going to mydomain.com has DNS entries pointing to nginx. I’ve set nginx up so service.lan.mydomain.com is for anything local and just service.mydomain.com for anything external with wildcard SSL certs for both (*.domain doesn’t seem to cover *.lan.domain so add certs for both - probably because it’s a sub-subdomain).
The Cloudflare tunnel can then just get directed to service.mydomain.com instead of the IP of the service.
Not financial advice, but what I’d do is just put it in a medium-high risk ETF. Something that should turn a decent gain in the long term but has some real underlying fundamentals unlike crypto.
I use Nextcloud with Nginx Proxy Manager and just use NPM to handle the reverse proxy, nothing in Nextcloud other than adding the domain to the config so it’s trusted.
I use Plex instead of Jellyfin, but I stream it through NPM with no issues. I can’t speak to the tunnel though, I prefer a simple wireguard tunnel for anything external so I’ve never tried it.
Edit: unless that’s what you mean by tunnel, I was assuming you meant traefik or tailscale or one of the other solutions I see posted more often, but I think one or both of those use wireguard under the hood.
Take your free money and put into something with real, actual backing value. Ignore the gambler side - it’s just the devil on your shoulder. This is free money. Let it work for you over the next couple decades.
We use libreNMS. Its docs state that it will do this, but we only use the uptime monitoring feature, so I can’t arrest as to how well it will monitor everything else.
I haven’t deployed Cloudflare but I’ve deployed Tailscale, which has many similarities to the CF tunnel.
Is the tunnel solution appropriate for Jellyfin?
I assume you’re talking about speed/performance here. The overhead added by establishing the connection is mostly just once at the connection phase, and it’s not much. In the case of Tailscale there’s additional wireguard encryption overhead for active connections, but it remains fast enough for high-bandwidth video streams. (I download torrents over wireguard, and they download much faster than realtime.) Cloudflare’s solution is only adding encryption in the form of TLS to their edge. Everything these days uses TLS, you don’t have to sweat that performance-wise.
(You might want to sweat a little over the fact that cloudflare terminates TLS itself, meaning your data is transiting its network without encryption. Depending on your use case that might be okay.)
I suppose it’s OK for vaultwarden as there isnt much data being transfered?
Performance wise, vaultwarden won’t care at all. But please note the above caveat about cloudflare and be sure you really want your vaultwarden TLS terminated by Cloudflare.
Would it be better to run nginx proxy manager for everything or can I run both of the solutions?
There’s no conflict between the two technologies. A reverse proxy like nginx or caddy can run quite happily inside your network, fronting all of your homelab applications; this is how I do it, with caddy. Think of a reverse proxy as just a special website that branches out to every other website. With that model in mind, the tunnel is providing access to the reverse proxy, which is providing access to everything else on its own. This is what I’m doing with tailscale and caddy.
General recs
Consider tailscale? Especially if you’re using vaultwarden from outside your home network. There are ways to set it up like cloudflare, but the usual way is to install tailscale on the devices you are going to use to access your network. Either way it’s fully encrypted in transit through tailscale’s network.
In my personal experience, yes. There are so many jobs that exist around the Linux ecosystem, being comfortable with concepts like piping, file permissions, scripting, git, etc, will invariably give you a leg up.
kbin.life
Oldest