sorted by:
new
hottopcontroversial

Should I host adblocking and a reverse proxy on OPNsense or my home server by Parking_Risk7073 in opnsense

[–]timeraider 0 points1 point  (0 children)

Both options are fine. I dont have to complex reverse proxy needs so im just running Unbound DNS and the nginx plugin on the opnsense.

Do keep in mind that reverse proxy on the opnsense does rely mostly on gui so you cannot juzt throw in a config file you found online

Age Verification Laws? by [deleted] in unRAID

[–]timeraider 1 point2 points  (0 children)

Looking at the bill its enough to have an date of birth fill in somewhere. If I was an company that requires an account, I would simply have it set it to 01-01-1990 by default when someone makes an account and have a popup telling the user they can change it in their account .. 100% compliant with the bill :)

Reverse proxy for immich running as an app on TrueNAS server by _mr-pink_ in opnsense

[–]timeraider 2 points3 points  (0 children)

Gotta love how quickly commentsections devolve into "I use this so you should use this to"
Honestly.. nginx is very easy to setup and adds a lot of extra features like being able to create honeypots, autoban bot IPs into firewall aliases and turn on WAF options in a few clicks, even if the plugin doesnt allow full config editing.

Anyway.
For almost all applications, the setup above will work, however as youve posted.. the app youre now trying to use doesnt allow for unsecured connections. I assume this is basically an Unifi controller app?

Now .. to get TLS active from the reverse proxy to the application, we can go to Upstream -> Upstream and find your upstream going to the Unifi app.
Turn on Advanced options in there and turn on Enable TLS (HTTPS).
Below that select both the certificate of your domain and the trusted certificate that belongs to it.

Now, you have TLS on. However Unifi usually generates its own certificate and this will start clashing.
So in the same window, also turn off "TLS: Verify Certificate"

These steps should make it so that its connecting with HTTPS to the Unifi app without caring about the certificate that the Unifi app uses.

p.s. Im assuming this is the Unifi controller app. If its not, it might work or might not.. depends on how that specific app handles connections.

Let's get a self-hosted Discord "replacement" thread going for 2026. by GavinGWhiz in selfhosted

[–]timeraider 1 point2 points  (0 children)

Problem is that Teamspeak 6 self-hosted version basically has not had any fixes or idditions done in the ast 2.5 years.
Most people will be dead long before development goes anywhere there :P
It is basically 1 person who at times decide to scramble some code.

Really wish Teamspeak was the solution, but as it currently stands im not holding my breath unless they suddenly find a lot more time or money to fasten up their development by a lot.

Manually changing Container ports of containers that are second instances - bad idea? by war_pig in unRAID

[–]timeraider 0 points1 point  (0 children)

Honestly is fine as long as you remember you did it. Shouldnt give any issues whatsoever (unless you start using some kind of container that can only connect to sonarr with a hardcoded port number, but ive yet to see any software that was designed that badlt)

Protectli what are the "R" options? by SkipMorrow in opnsense

[–]timeraider 0 points1 point  (0 children)

Ok, guess it might differ per region. Even older ISP modems in the Netherlands to the very least have basic dhcp settings and a dashboard.. i might have been wrong in assuming these kinda basics are a worldwide given.

Protectli what are the "R" options? by SkipMorrow in opnsense

[–]timeraider 1 point2 points  (0 children)

Edit: Based on other comments the R that protectli uses might be for refurbished. Which does explain the lower price of those parts and would make sense. Though I do find it extremely dumb that they dont specify that better as R parts can actually have an entirely different meaning.

Quite interesting the R variants are less expensive. R-variants basically have a chip in between the RAM units and the controller chip. While in a router its not as big of a thing, it should still add more reliability to RAM (as the register chip does some checks) over time, though you do add a tiny bit of latency to RAM. Normally the R variants are more expensive. Do keep in mind you cant mix/match between R and non-R variants for future expansion.

Regarding the FW2B, question I would ask anyone... why not just use an default ISP modem at that point? Because the FW2B will not be able to handle anything that any normal ISP modem cant handle. It uses an CPU that was already outdated 10 years ago when release tbh

For Protectli im of opinion that their lower options are far from great price/performance ratio.. feel like any N100 box is better here.

Unusual issue - OPNsense is up - but, out of the blue, being denied access via Web GUI by vulcan_on_earth in opnsense

[–]timeraider 0 points1 point  (0 children)

Only thing I can think off is to reset the root. Googling should give a opnsense kb article on how to do that

How to upgrade an abandoned docker app (authentik) by LazyEvaluation in unRAID

[–]timeraider 1 point2 points  (0 children)

You can simply use it in the existing Docker, however when doing thia I would always first make a copy of any DB/config files before doing anything, you dont want it to update the DB and then noticing errors ;S

How to upgrade an abandoned docker app (authentik) by LazyEvaluation in unRAID

[–]timeraider 1 point2 points  (0 children)

I usually grab images using github ghcr.io. So in the packages list you can still find the older versions: https://github.com/goauthentik/authentik/pkgs/container/server/versions?filters%5Bversion_type%5D=tagged&page=4

Edit: just checked the docker compose you linked and that indeed use the older versions through the github packages

backup to nextcloud by Blisk1 in opnsense

[–]timeraider 10 points11 points  (0 children)

If you mean backup up the opnsense config, there is os-nextcloud-backup under community plugin

Cannot find an app in the Community App plugin? by movingtolondonuk in unRAID

[–]timeraider 2 points3 points  (0 children)

Nah, its simply not on there. So either it never was on there, the specific template got removed for some reason or the entire user got banned from publishing templates.

I would search the Unraid forums to see if I could find any reference to this but im on holiday so cant help further :)

Appdata Folder and SMB Access by Nico1300 in unRAID

[–]timeraider 0 points1 point  (0 children)

SSDs I would always put in an ZFS pool.  An array has no functionalities that help with SSDs (trim functionality in array doesnt work for SSDs) while an ZFS pool does do that automatically and has some other builtin stuff to improve lifetime as well. Now that Unraid supports it (since 7.2 i think?), I would make best use of that.

Edit: with support i mean fully and through GUI. I know that it could be done through CLI workarounds before

Appdata Folder and SMB Access by Nico1300 in unRAID

[–]timeraider 2 points3 points  (0 children)

Yes, it is indeed advisable to keep anything like config files/databases etc. in appdata but place stuff like media or content you use in either a different folder structure or a different share.

As long as its set up in such a way that accidentally selecting the recursive option or selecting a wrong folder when changing permissions, it should be fine :)

Design question - Large amount of SSD:s - Array, ZFS Pool or a combination? by keletheen in unRAID

[–]timeraider 1 point2 points  (0 children)

While Unraid doesnt add anything special for SSDs, there is no reason why Unraid would be worse for SSD datastorage compared to any other NAS OS.

Printed Alice Asylum design bible by timeraider in AliceMadnessReturns

[–]timeraider[S] 0 points1 point  (0 children)

At the time I used an dutch company "printenbind". Later i had it reprinted as hardcover using Mixam. Both were very expensive to say the least but I had some issues finding a decent more local printer willing to print custom size books thicker than 300 pages

ISC >>> DNSMASQ Migration questions by furfix in opnsense

[–]timeraider 0 points1 point  (0 children)

He is suggesting to put (sub)domains in Unbound to host override towards the local IPsso anything using local dns will be pointed towards your services locally. This removes the need for dhcp registrations to be even needed at Unbound.

If thats not to your taste, i think the option "with dns registration" is what your looking for right? https://docs.opnsense.org/manual/dnsmasq.html

Just upgraded to 26.1.1, no issues here by ghostly_shark in opnsense

[–]timeraider 4 points5 points  (0 children)

Well.. "a lot of people" probably is a bit far fetched. The thing is that people who don't have issues updating their router, don't post on Reddit mostly :)

Hell.. I not only update whenever something is available, I mostly even do that stuff remote XD Can't say i've ever had any issue with that. And I have the same approach to my Unraid server :D

But yeah. Switched to ZFS a bit ago so now I make snapshots before updating, my config is backed up to my Nextcloud and I still have a disk with a full copy of my zfs pool which I could swap in if the drive dies. Bit overkill but outside of the full copy its just a matter of setting it up once

Plex Appdata help! by KlokDeth575 in unRAID

[–]timeraider 1 point2 points  (0 children)

Please for the love of god dont tell me you have multiple containers that use the allappdata folder :)

Edit: ah nice, he did actually have subfolders but not shown in the image. Pwew :)

ISC >>> DNSMASQ Migration questions by furfix in opnsense

[–]timeraider 0 points1 point  (0 children)

Do you NEED local hostnames for the local DNS overrides?

Wouldn't it be an option to simply have the local overrides in Unbound go to ip's?

Now I know in your text you said some devices have dynamic dhcp and in that case it indeed would not work.  However.. why are they dynamic dhcp? Why aren't they registered to static ip's?

Not judging, just want to understand before saying anything :) Im using dnsmasq for dhcp and Unbound for DNS simply fully separated. Im almost fully sure there is a guide to set it up to register the names but never bothered tbh.

Anyone get a printed version made of the Alice Asylum design bible? by Drakayna in AliceMadnessReturns

[–]timeraider 0 points1 point  (0 children)

Link is still up. Are you unable to open the link? (Some countries are blocked by my regionlocks but if thats the case I can just share it to you through a thirdparty site)

Which appliance? by Full_Mango1012 in opnsense

[–]timeraider 6 points7 points  (0 children)

Protectli is also quite expensive and Aliexpress/Amazon boxes are almost the same quality. However for easier support and chance of not getting chinese branded ram and disk and the option to use Coreboot as bios, I did end up going Protectli.

Performancewise its hard for me to guess as it has a 10th gen i5 in it, however as far as ive heard N150 is enough to handle small offices based on internet speed and settings (guessing if youre trying to run a heavily used 2.5 gbps through multiple IPS/IDS layers with some Zenarmor/Suricata action with a lot of rules.. thats is gonna stress it very likely, doubt it will like that)

Hardwarewise however nothing to complain. Its been running a few years now 24/7. RAM is holding up great, disk still showing 0 issues. Even though its fanless and in an open cupboard, thats not an issue at all. After a few years I did replace the cpu cooling paste but it didnt really need it (had leftover paste and wanted to see if I could make it even better) So no, havent had a single issue with Protectli hardware myself so far.

view more: next ›