- Honestly I don’t know
There have been so many people filing AI generated security vulnerabilities
That wouldn’t even be using TLS
Bad idea
Fine is a relative term
You probably are fine but the company who is getting attacked by your compromised machine isn’t
Crowdsec won’t protect against a security vulnerability
They could route it though a different device
Is Taefik really that good? It seems crazy complex
It protects against vulnerabilities in layer 3 of the OSI model. It is the thing that gets hit from the outside while the back end is hidden away. This makes some attacks much harder.
Its a major problem
It is only a matter of time before it gets compromised. Chances are you will have no idea it happened and you home internet will join the bot net of some nation state. The Jellyfin devs take security seriously but there will always be flaws.
What could possibly go wrong
The VPS would still involve exposing it
That’s a bad idea for so many reasons
The internet is full of bots pounding at your machines to get in. It is only a matter of time until the breach Jellyfin. At the very least you want a reverse proxy with proper security.
I don’t see why you would put something like Jellyfin in the internet. Use a VPN solution.
Netbird/Tailscale
You also could use Wireguard as it is a p2p protocol by default.
If you have IPv6 access you could put in on a IPv6 address
Is there a reason you aren’t using standard enterprise stuff?
I think you will quickly find that a lot of those pieces of software aren’t scalable
https://github.com/lldap/lldap
You also could go freeipa or Samba AD
You configure the backup systems to connect to the device to be backed up. The idea is if something bad happens on the main machine it won’t impact the backups
Configure each backup machine to read from the data you are backing up
Docker compose is still a solid way to deploy software. Podman is cool but still fairly new.
Kubernetes is just a beast to work with. Unless you absolutely want I wouldn’t bother. K3s isn’t bad but it is painful to do anything.
Be careful of some of those services as they may be using botnets.
Tor snowflakes allow for volunteers to proxy traffic to Tor. They are hard to block since there is effectively unlimited IPs.
That’s not a bad theory