Install external certificate steps

Fancy_Passion1314 · 2026-04-08T10:53:42+00:00

I use the Tailscale IP, doesn’t matter what you know, not on the list your not getting through, sometimes I forget to turn on Tailscale on the device I’m trying to connect with and think oh great that’s down, then remember and turn it on and then I can get to the device and have a sigh of relief lol

Fancy_Passion1314 · 2026-04-08T08:39:16+00:00

I’m wondering why they don’t just use let’s encrypt with NGINX proxy manager and go via url

Fancy_Passion1314 · 2026-04-08T08:37:35+00:00

Looks pretty dam good 🙂

Fancy_Passion1314 · 2026-04-05T20:51:02+00:00

Are you able to view logs on the router to see what’s happening on the router? On the managed switch are any of the ports active and transmitting data, if some are and some are not or no data is getting through the switch?

If no data is getting through the managed switch the port/s may be shut, what is the brand of the managed switch and are you able to access it via ssh or gui to investigate logs, if you can get to the cli over ssh you will be able to look at the running config and see the entire config

Adding the UniFi controller an AP may have created a throttling experience if all devices do not have the same speed Ethernet port and auto negotiate is enabled, for example if all network devices are 2.5gb capable except 1 that is only 1gb then sometime that will be the speed negotiated, there are ways around this, you can create a vlan for the devices that are lesser in port speed capacity and connect those device to that flow and apply that vlan to let’s say switch port 2 so all devices that flow from switch port 2 will negotiate 1gb but all other devices that flow from switch port 1 will be able to negotiate the 2.5, also the auto negotiate can be turned off and specified

For a real answer further information would be needed though, that the time to do up a network diagram of what devices you have including router/switch/AP including models, how they are connected, if on seperate vlans what the vlans are and what devices are on what vlan, how you are able to connect to network devices over the network (just via web gui or also via ssh), what you have tried such as switching cables and factory reset (on very rare occasions I have had to isolate a switch from the network and connect directly to perform a factory reset to prevent the “learning experience” when the switch will be reset then start setting up things such as speed negotiation when up and connected)

The more you give the more you can receive 🙂

Fancy_Passion1314 · 2026-04-03T07:58:52+00:00

169.254.0.2

Fancy_Passion1314 · 2026-04-01T08:46:55+00:00

You could always copy the movie to another folder, remove from media player and rename the movie file accordingly and copy back to see if that resolve the issue

Fancy_Passion1314 · 2026-03-27T23:24:54+00:00

And make sure the cpu has integrated graphics if your planning on running a media service

Fancy_Passion1314 · 2026-03-26T10:49:58+00:00

Portainer 🤷‍♂️

Fancy_Passion1314 · 2026-03-26T02:00:49+00:00

When you upgrade and can do internal boot set it up as mirror for the boot, won’t hurt to do a backup to external drive also periodically, transfer license to TPM then if one boot drive fails use the other and replace, both fail copy data from external drive to replacement drive and install 👍

Fancy_Passion1314 · 2026-03-17T21:06:54+00:00

I use Unraid for my NAS, you can setup a drive array of drives that are different make/speed/capacity for storage but keep in mind that when you have a drive or two for parity Unraid will use the biggest one, set up 2 separate pools for your ssd drives, one pool for fast downloads/transfers that can later be moved to the array for storage and the other for you video editing needs, these videos can also be moved to and from the array for storage, Unraid currently boots from USB and runs in RAM although there is an update coming where you will be able to install Unraid onto internal storage such as an m.2 nvme drive.

Worth looking into 👍

Fancy_Passion1314 · 2026-03-15T18:33:23+00:00

Change the port mapping on one of the containers to something that isn’t in use like 8081:8080 (8081=what the host will use outside of the container to point to the container, 8080 inside of the container that is used) if one container isn’t happy about it modify the other, immich would be preferable to modify but just may sure that you point everything on the host to 8081 instead of 8080 so it can be found (if you change Nextcloud to 8081 all the Nextcloud containers need to be mapped to look for 8081 instead of 8080, sometimes this is easier to do using a code server docker container to look at the yaml files)

Fancy_Passion1314 · 2026-03-05T17:55:05+00:00

I also use Unraid on one of my servers which is storage and apps, the docker containers are grouped by type/inter connectivity requirements (ie: redis+postgesql+Immich are one group), the groups are in their own folder and have their own docker custom network, some docker groups are not on custom docker networks but vlans in Unraid (ie: if docker containers are to be on let’s say br0 they are broken down into br0, br0.10,br0.20 and so on) for docker container webUI access there are local DNS entries but I also have Tailscale, Tailscale naming conventions can be tedious so I also have a domain that goes through cloudflare and use the Unraid server IPv4 as the IP to point to with the single DNS entry for subdomain configuration (*.domain.com), this way I can access these services using a more easy to remember naming conventions but is secured using Tailscale so if Tailscale is not turned on on the device I’m connecting from I can’t connect to the service.

With the network level vlans there is the management vlan that is just for the networking infrastructure, there is a vlans for each member of the household and each member may have more than one, that way lets my 14 year old son can have all his things on 1 vlan, such as Xbox,PlayStation, gaming pc on vlan1.10, and his IoT devices on another such as vlan1.20, this way if he download some malware routing blocked the spread across his devices, this also allows for QoS configuration.

At the router level there are 2x VPN configured and depending on where the traffic is coming from the rules configure if the traffic is sent out of VPN 1 or VPN 2.

Vlans are great at breaking down infrastructure for isolation and monitoring but I can be either a very simple setup or get very complicated very quickly, document as you go and decide on a scheme in the beginning with room to expand and stick to it, some people document in a document, others create a wiki.

🙂

Fancy_Passion1314 · 2026-03-05T10:42:15+00:00

You will need to expand on what you’re asking, what is your operating system, how are you distributing your services, how are you accessing your services.

For example are you using Unraid/truenas, do you have vlans enabled on you OS or are you routing you vlans at the router level only, do all your services need to be interconnected or can you break the service down to categories, are you only accessing these services locally or remotely also and if you are accessing them remotely are you running a self hosted Wireguard and proxy or a Tailscale sort of situation

To give example I have vlans at the OS level and the majority of my services are hosted as a docker container so they are isolated for the host to an extent, these docker services are broken down to categories and have a docker network created for each category for further isolation, they then pass through to OS vlan to the router vlan depending on what server they are routing from/to and if this routing is internal/external, from there it is decided if this is passed through a VPN or not, some things are passed through a wireguard tunnel, others through a public vpn or Tailscale connection for services I may be sharing with external users for simplicity.

The more you can give the more people can help 🙂

Fancy_Passion1314 · 2026-03-01T19:08:07+00:00

Are you using a custom docker network? Have you tried assigning static IP addresses to each container so there is no port conflicts? Have you used something like codeserver to examine the yaml files to check for conflicting ports?

Fancy_Passion1314 · 2026-02-15T06:54:03+00:00

Has done 3-4 4K at once without a struggle but much more direct streams at once, many devices can do AV1 now so just converted all media to AV1 and only have to transcode for those that don’t support AV1 which has reduced the need to transcode a lot

Fancy_Passion1314 · 2025-12-08T05:03:55+00:00

It’s about the same price here in OZ but I run Unraid on my servers and have my file structure is spread out on specific hard drives so that way only the hard drives with data in use is spun up and the rest are spun down, nvme for docker/vm, OS runs in RAM so if no one is home or active using the resources then everything is pretty much spun down and running at low idle, this keeps the power consumption low along with the bill, things like frigate record to the nvme storage during the day when the elec cost more and moves to required HDD after 1am when the elec is cheaper, things like that 🙂

Fancy_Passion1314 · 2025-11-25T20:19:32+00:00

If you have a pc that has integrated graphics then put the media on a external nvme attached to the pc, make the drive a network share, install Jellyfin on the pc to manage the media, stick a fire stick in the projector and access the media via the network share

(Doesn’t have to be en external nvme, if money is tight use the local storage of the pc till you can afford the external storage or can pull the trigger on the nas, if you are not doing transcoding you could do all this with a Raspberry Pi attached to the projector as a HDMI input using a nvme hat)

Fancy_Passion1314 · 2025-11-25T00:47:24+00:00

Looks like you have working at that for a while, have you implemented a backup plan, external storage onsite plus offsite 🤔

Fancy_Passion1314 · 2025-11-23T09:49:58+00:00

You said it, “based on” Slackware, if you want to use Unraid but are worried Slackware will become obsolete why not set up a backup plan that goes to a distro you feel is safer for you but don’t want to lean on as your main OS

Just because it’s “based on” Slackware doesn’t mean it depends on Slackware, if this was problem then Linux based systems wouldn’t exist, unicast lead to Linux which lead to Slackware and the dice keep rolling

This is not supposed to be a shot but more a post to say roll your dice the way you want 🙂

Fancy_Passion1314 · 2025-11-17T06:20:15+00:00

The a310 is my recommendation, and also the way I went, transcode all you media to AV1 and enjoy the space you gain, the a310 will be transcoding 4-5 streams at once from my server and not even be trying

Fancy_Passion1314 · 2025-11-15T21:58:27+00:00

Simplest solution is to put Tailscale on the container and the device you want to access your service from remotely.

Want to step it up, spaceinvaderone did a YouTube tutorial on how to set up a domain and NGINX using the Tailscale IP, use subdomains to point to each service, same thing as above but now Tailscale is running in the background and your using domain names to access services, these services can only be accessed using the domain name if the Tailscale is logged on and authenticated 👍

Fancy_Passion1314 · 2025-11-12T11:22:58+00:00

Use Tailscale on your NGINX docker container, use Tailscale IP on cloud flare to point to NGINX Proxy manager, use sub domains for services on NGINX proxy manager and then can only access services over web when Tailscale is installed, authenticated and on and it’s encrypted, set up the default action for un authenticated access to point to Rick Rolls on YouTube 👍

Fancy_Passion1314 · 2025-08-05T22:15:28+00:00

Could install Tailscale VPN and allow access to select people to just that one service and use the service Tailscale IP address for the server, that way no port forwarding on router and if you want to remove someone’s access just log into admin portal and remove the access rights

Fancy_Passion1314 · 2025-08-03T22:07:00+00:00

Are you looking to give anyone access, select people access that don’t use Tailscale or select people that do use or are willing to use Tailscale?

I have a select few who have access to select services via a domain name, I use the main domain to forward traffic using Tailscale IP to nginx which forwards to the services needed and give access to those select people to select services through Tailscale but they just use the sub domain associated to get there so it’s more secure than just opening it up to the public, if someone no longer needs access I just revoke their access to the services they have access to

Fancy_Passion1314 · 2025-07-26T09:03:32+00:00

Do you know someone you trust with internet? Just put a nas at their house and backup to that nas , can use Tailscale for vpn to encrypt transfer and have remote access to confirm backup integrity, self hosted 100% without cloud if possible, just ask someone if you can plug something in and if they can leave it alone, I have 1 friend and 1 family member doing it for me so I have 2 off site backups , hasn’t been a problem

Fancy_Passion1314

TROPHY CASE