ProtecyaTec

Ukraine didn't invade Russia. Some countries have hostile borders, this isn't uncommon. Invasions to take over the government isn't the solution, but Russia has made the bed that they're gonna lay in. Allowing Russia to take Ukraine sets a dangerous precedence.

I'm not arguing that it hasn't been a proxy war. Of course, NATO doesn't want a global superpower to take over another country. It sets a precedence. Just like they(we) wouldn't want China to freely take over Taiwan.

Sabatoged peace talks? All the peace talks included Russia taking over at least some of Ukraine's land. At which point, they slowly move their borders, encapsulating Ukraine piece by piece, year by year. Submitting to "Peace Talks" in which Russia is able to take some kind of Ukrainian land is submission to Russia.

Ukraine didn't invade Russia. Russia should have simply never invaded Ukraine. Ukraine can fight this with whatever they can get from around the world.

Fucking what?

It doesn't matter what the US supplies Ukraine. It's Ukraines fight. It's up to Ukraine to decide to forfeit the fight or to keep fighting.

By your logic we (humanity) should just let any country invade any other country and take over it's people just because "it's easier to give in than fight." Giving in would be for the benefit of the people, right? That's what you're saying? Fuck right off.

Russia should not have invaded Ukraine in the first place.

I keep seeing this like Donald Trump is going to eliminate genocide if elected. What a braindead comment.

I don't know if this will help anyone but damn is the documentation on how to do this kind of thing scarce so here I am. I was quite a struggle both learning all this and implementing it but it's been fun overall.

FreeDNS doesn't seem to have a way to add any kind of SSL Certs as far as I can tell. Not that I needed to, but when I tried explaining my situation to the hosting provider they suggested that the cert needed to be on the DDNS server.

I also couldn't get the Asustor Reverse Proxy to work either. Many of the tutorials and user suggestions i ran across suggested that this is the way to get SSL but when I tried to implement it I kept landing at my portal login and nothing was getting proxy'd. The netstat command was showing that whatever the reverse proxy port needed was not open - I also ran across this in a 2020+ thread on Asustor.

Right now I'll also need to manually update the certs and go through this process again in 3 months time. There might be a way to automate this process but it's a lot of steps that I'm not sure can be automated in this seeming (to me) flawed setup. In any case, it's been challenging but fun and I think in the next 6 months I'll upgrade out of Asustor and into a bigger server with a core Linux setup. I know nothing about Linux :)

I do appreciate everyone's suggestions and help. Here's what I ended up doing.

FreeDNS via freedns.afraid.org as a DDNS Subdomain

Domain + Subdomain via hosting provider

Hosted Subdomain CNAME to the DDNS Subdomain

Setup DDNS using Asustor > Settings > Manual Connect and setting up a FreeDNS account and input the info it needed. Last DDNS update keeps coming back as Failure but FreeDNS keeps updating my IP so it seems to work, but for whatever reason Asustor doesn't think it's working.

Used openssl + certbot CLI tools to generate a certificate that covers all 3 cases: Hosted Subdomain, Hosted Domain, DDNS Subdomain. Looks like this:

certbot certonly --key-type rsa --rsa-key-size 2048 --manual --preferred-challenges dns -d hosteddomain.example -d subdomain.hosteddomain.example -d ddns.domain.example

This will set up verification codes that you can create TXT records for on the Hosted Domain and the DDNS Domain. I had to contact FreeDNS to get access to add text records with underscores but they were cool and quick to reply. They look like this:

_acme-challenge.hosteddomain.example
8suZTccF9ZpB0fnBr9mgEEXTcX7cqSkDXiBzucTcOfw

Once the certificates are in place I uploaded them to my Hosted Domain and verified that my Hosted Domain was showing the SSL certificate / lock at HTTPS.

Next I logged into my Asustor and under Settings > Certificate Manager I added my SSL Certificates and assigned it as the primary certificate for the NAS.

Finally, I needed to enable SSL on my Jellyfin, which required a PFX file.

openssl pkcs12 --export -out "Z:\Path\To\PFXOutput\jellyfin.pfx" -inkey "Z:\Path\To\Cert\jellyfin.key" -in "Z:\Path\To\Cert\jellyfin.crt"

Under Jellyfin > Dashboard > Networking I enable HTTPS, Require HTTPS, give it the path to the PFX file and the PFX password, and Allow remote connections to the server. I disabled port forwarding from Jellyfin and had to jump into my router to remove the UPnP records it had previously added. All port numbers are default to Jellyfin and no URLs in the Server Address Settings.

Important to take note of the Jellyfin ports here for both HTTP and HTTPS requests. Important note to restart Jellyfin after this takes effect. Asustor has an App Central where under Installed Apps you can just turn it off and back on again.

Finally, I added Port Forwarding to my router so that the 443 looks for the Jellyfin HTTPS port and 80 looks for the Jellyfin HTTP port at my NAS IP.

Now I can access HTTPS subdomain.domain.example and land at my Dockered Jellyfin app.

No, I don't necessarily want other people to access my Jellyfin, but my folx live out in the boons, (visiting on holidays etc.) and that was the only way I could find to reliably access my media. I guess I also come from a web background so it felt right to me. The Asustor I have really limits what I can and can't do with it. I got it as a like, starter point since it felt out of the box. I'm also on Windows lol.

Do you have any resources for how I could grant access outside my network with a VPN, wireguard, or tailscale? I'm open to other options, I'm really just kind of fumbling my way through this idea of what I want.

I do have port 80 open as well as 443, both going to my Jellyfin HTTP/HTTPS ports respectively. HTTP seems to work for both when I access "pretty" domain and the FreeDNS URLs directly. It's really only when I try to force HTTPS that I'm having issues.

I'll play around with Let's Encrypt today to see if I can get the FreeDNS cert applied. I've tried to use AI to assist me in learning how to do all this, it suggests I need both my "pretty" domain and the FreDNS domain tied to the same Cert, which Im unable to do at my current domain registrar, so I might also need to move that but I'll take it one step at a time.

I'm still pretty green so I'm not sure what terminated means in this context.

My domain registrar for my "pretty" domain (not FreeDNS) allowed me to issue a Let's Encrypt on it. It gave me the encrypted Cert code, Private Key code, and Immediate Cert code. I was able to bring them down into .crt and .key files respectively and assign them to my NAS. Jellyfin though required a PKCS #12 file so I installed openssl CLI via Choco and fed it my .crt and .key files to generate the necessary pfx file. So, right now all the cert information is tied to my "pretty" domain via my domain register. I would assume that my register and Let's Encrypt has my private key info, but also my key files uploaded to the NAS and rolled into the PFK file.

Not sure if that helps or answers your question but that's the info I got.

I don't know. I played DRG mostly solo and with randoms but have really enjoyed time with Survivor so far. I was kind of falling off trying to grind through Scout but once I got a new difficulty, map, and class it was poppin'.

It's early access so I guess there's still hope for co-op

Oh no.

I decided to go with an Asustor prebuilt NAS for my first self-host. It's got a Jellyfin app, but not an Audiobookshelf app.

Jellyfin runs on Docker, so I have the Docker app installed and running.

Audiobookshelf runs on Docker. Could I just like, spin up a container and run it? How would I access it through my Asustor? I access Jellyfin either direct or through my portal dashboard.

So many questions! Like, I lowkey love having all my media accessible in 1 place: Series, Movies, Music, Audiobooks all in one place through Jellyfin. If I split my Audiobooks into Audiobookshelf somehow, how do I keep the ease of access? Maybe spin up another Docker container and create a landing page linking both Jellyfin and Audiobookshelf? Could (should I? Can I?) do it all through the same Docker container that Jellyfin is currently run on? Are there tutorials about this?

Thank you again for the suggestion