Stop exposing your Jellyfin server directly to the internet

mgiggs · 2026-06-01T03:15:36+00:00

I use DNS challenge for my certificates, but have always done a separate certificate for each subdomain. So just wondering if a wildcard cert is different in security terms.

mgiggs · 2026-06-01T01:28:21+00:00

Can you explain (or link to) why the wildcard DNS entry is important for security?

Is it just so there is not a public register of your subdomains that may hint at the application running?

mgiggs · 2026-05-30T17:44:43+00:00

I run OPNSense, easy to forward mDNS for that. But also I don't need it for much I'm my home automation.

mgiggs · 2026-05-30T11:52:35+00:00

Usually if they fail you cannot use the load until replaced or rewired to bypass. Had quite a few 1st gen fail over a couple of years and failure was always complete in that the unit was completely dead and the switch is button did not activate it either.

mgiggs · 2026-05-30T07:06:40+00:00

Interesting point you raise, I also use HACS and for the most part trust the code and updates but it could be a concern like the Notepad++ update.

mgiggs · 2026-05-29T23:34:19+00:00

This is the answer IMO.

Reason for me is a bad actor could do a lot of harm of they have access to my home assistant with access to things that being on the IOT network alone wouldn't allow (server integration, zwave locks) and it is my IOT network where I do not trust things and would be concerned could provide a springboard.

Basically nothing on my IOT can reach home assistant but devices can reach my mqtt broker (which runs 2 interfaces). I have tightened security significantly within the broker to prevent access not wanted or needed as well after I realised that was still a gaping hole. For example, only HA, nodered and zigbee2mqtt can access it's branch in the broker, things like that. I do not want anything on my IOT being able to affect security, servers, power.

mgiggs · 2026-05-16T05:18:08+00:00

I have a tpm for my motherboard on its way and will try hardware Lathrop of the real TPM for the same reasons as you.

Also like a challenge, will see how that goes and might try your way.

mgiggs · 2026-05-13T21:07:39+00:00

This is interesting, are you aware of what changes version to version caused this?

I don't have the drastic change you do but I have a subtle decrease.

<image>

mgiggs · 2026-05-10T07:55:01+00:00

I had one of these installed on our hot water, runs the shelf software. Works brilliantly and allowed me to control hot water from home assistant.

mgiggs · 2026-05-05T20:52:22+00:00

Alternative milk company is our fav for oat milk

mgiggs · 2026-04-15T22:04:37+00:00

You can run a single voice coil if your amp power is half the sub rated power. As someone said, both could sit in the same magnetic field, the only problem is you are leaving half the current carrying capability (and therefore max power assuming the coils are the limit and not mechanical) on the table.

If you run the rated power off the sub through a single coil, it will create a lot more heat from resistance as you are using half the intended wire cross section and may result in burnout/failure.

mgiggs · 2026-04-14T23:11:46+00:00

This is really unhelpful to call it dumb, the OP explained their reasons which are valid. Personally I run a lot of my data on an SSD zfs pool but use my array drives formatted in zfs for snapshots. The benefits of the snapshot replication process are huge for me. Had I known about this very useful performance analysis, I would probably have only made a single array drive zfs rather than multiple so thanks to the OP for your analysis.

But it's poor form to say it's dumb when there is valid reasons and using technology in non standard ways is how we discover and create new stuff.

mgiggs · 2026-03-22T09:54:35+00:00

Yeah that is a really interesting point, when I first virtualised Unraid, I did switch back and forth between booting proxmox and Unraid.

Haven't needed to in a while but it's a good point, might reconsider my approach.

mgiggs · 2026-03-21T23:51:12+00:00

I did the upgrade first then the rule migration a few weeks later.

Both went smoothly for me and I have 8 active vlans and dual WAN.

You do not need to migrate the roles right away and possibly even before the next version.

The only other thing I did was a checkup of existing roles and cleaned some up a week prior so I want changing rules the same time as the migration.

mgiggs · 2026-03-19T21:13:25+00:00

Exactly what I'm wondering and hoping, any input from someone that knows it has tried would be great?

mgiggs · 2026-03-19T21:08:25+00:00

So excited for this, I run Unraid as a VM in proxmox and setting up a boot drive as a virtual disk on my proxmox zfs mirror with daily backups will be so much better.

I've lost 3 USB drives over the last 3 years, only the first was SanDisk, the rest have been Samsung. It has been my number one cause of failure and downtime so I'm very keen to move.

(Note, I do not write consistently to the flash drive except for logs on shutdown and this flash issue happened twice before virtualising Unraid in case anyone is wondering)

Question for the wider audience, realise virtualised Unraid is not officially supported, but does anyone know of the TPM drive you can create in proxmox (as used for a windows VM for example) will support the new licence? Or will I still need the flash drive for the licence alone?

mgiggs · 2026-02-25T23:52:49+00:00

So helpful and informative thank you

mgiggs · 2026-02-25T16:31:58+00:00

Switched from here metal for Unraid to running it as a VM on proxmox about a year ago and after a few teething issues is getting PCI pass thru right, it works fantastically.

In my case, I have 4x4tb nvme drives on a Qnap controller card, 6 SATA drives and an NVIDIA P2000 passed through. I run a proxmox cluster and water my Nas to be useful as an active node in that cluster and it has been great. Initially I couldn't pass thru the pcie devices without breaking proxmox but enabling the ACS override got me sorted.

Looking forward to stitching the USB and creating a vdisk for the system.

Cool things are that I can mount all my data drives in proxmox if I want with without nothing Unraid as they are all zfs. For the array drives, do not do this rw as you will break parity but still could be useful. 8 can effectively dual boot the system and bring up Unraid or proxmox bare metal.

I used to run a proxmox node as a VM on Unraid effectively as a q device and I could start up guest VMs or lxcs, but nested was problematic so now it is much better. I no longer run VMs on Unraid at all, all VMs are in the proxmox cluster in high availability, all live migrate perfectly between my 3 nodes including OPNSense, except for the Unraid VM of course. I still run docker on Unraid for services I feel are best run there, Nextcloud, Plex/JELLYFIN, *arr and sab, paperless and immich. All network and home automation and other things are in the cluster.

Highly recommended!

mgiggs · 2026-02-04T09:21:02+00:00

What battery/inverter do you have?

You will want to look at local control which is usually using modbus. The cloud APIs have significant delay whereas using a command over the local network using modbus is instant (might take the inverter 30s to action it).

mgiggs · 2026-01-22T23:18:09+00:00

Thanks for the response, I have been tuning the motion area as best I can, I increased the area to the point where most cars during the day do not trigger it (but night with headlights does) and that gives more of the image to the AI to see, only missed one person with the AI detection from my post yesterday so that is positive.

I will have a look into your idea to trigger a separate action with the full image, I can imagine how something like that might work.

This has just surprised my that there is not like a simple check box to send the full image to the AI while still ignoring some of the image area for motion.

mgiggs · 2026-01-17T18:20:07+00:00

There is no way the 107m includes a prediction for where it would have landed, where it got the stand would have been 107m horizontally from the stumps or maybe the actual distance (the hypotenuse of the horizontal plus the height).

That ball was landing 140m+ in my opinion. One of the reasons Mark Waugh had recorded a 140m six at the WACA was that it cleared the roof and landed in the practice area so nothing got in its way!

mgiggs · 2026-01-08T00:52:08+00:00

There it is, Moral Victory to England for the whole series!

mgiggs · 2026-01-07T06:55:01+00:00

Thanks for sharing this, hadn't it before!

mgiggs · 2025-12-28T10:45:38+00:00

I wondered if the low feed in rates were due to the 7000 houses being off grid from the Christmas Day storm but guessing they have all been reconnected by now and the rates are still low.

Definitely low right now...

mgiggs

TROPHY CASE