If you can afford it, buying a cheap 10TB external drive might be the best solution. I'm hesitant to recommend taking down the ZFS array, it does help with data reliability.
r0ckr
Can you backup directly to backblaze? Bypassing the 1TB drive?
Well executed idea!
Ha, same here. HAProxy plugin running on my opnSense. I should probably try caddy because HAProxy is complete overkill for my requirements.
Very good, that makes things much easier. Has been a while since I used pihole but when I did I used pihole to serve the internal IPs.
That is a cool idea 😄 . Are you getting enough airflow?
This is the perfect opportunity to set up a pihole. Its primary purpose is to block ads network wide but since it is essentially a DNS with a block list you can also set custom dns-entries.
Looking good! I didn't know that Noctua still made top-down-coolers of that size.
No problem, happy to help. Since I am not sure about your knowledge-level I will start from the basics, namely your ISP router.
It is in fact several devices in one:
-
A modem: The Modulator / Demodulator converts the signal from whatever standard they use on the cable net (likely some version of DOCSIS) into something the rest of your network can understand.
-
A router: This routes network packets between different networks. In your case that would be your internal network (probably 192.168.X.X) and the internet. Everytime different networks need to talk to each other a router will be needed between them. It also does NAT which is explained well here.
-
A firewall: While a router can guide a packet to where it needs to go, it can not decide whether it is welcome there. A firewall can check packets according to various configured criteria and decide to pass or block it. Very helpful to keep the FSB out of your porn collection.
-
A switch: Functions as a sort of central interconnect between wired devices. Much like an old telephone exchange where ladies would literally connect plugs with wires to create a direct connection between callers. The one in your ISP provided device is likely an "L2 dumb switch" <- more on this later.
-
A wifi access point: Very simplified basically a switch that works with radio waves instead of physical wires. Again, very simplified.
This is all very nice and comfortable for your basic home user. But it also greatly limits your options if you want to do something different than whatever the manufacturer of your ISP-device deems fitting. The most common option to cirumvent this is to separate the functions out into their own devices, using software and hardware that you have much more control over. Businesses do the same, depending on their size and requirements. It is therefore also good practice for a future career in system administration and networking.
In your case I would recommend the following:
- Check if your ISP-device allows you to set it in passthrough mode. This switches functions 2-5 off and turns it into a pure Modem and nothing else. DOCSIS comes in from the cable net, good old standard TCP/IP (among other things) comes out of the other. This is where you plug in device number 2/3.
2/3. Here is where opnSense comes in. It is a combined router AND firewall. This specific combination of functions is what most small and medium businesses use. Very large organisations may further separate out routing and firewalling into dedicated devices. But that is Facebook / Google / Microsoft level stuff. You connect the modem into the WAN-port of opnSense and device number 4 into the LAN-port. opnSense sits in the middle.
-
Get yourself a separate switch with as many ports as you need. Make sure that it supports the following functions: LACP (also known as IEEE 802.3ad), 802.1x and L2 VLAN (also known as IEEE 802.1q). POE might be useful as well, to supply some devices with power directly over the network. These weird words will become relevant later if you choose to go deeper into this rabbit hole. You won't need them in the beginning but this way you are ready to really get into the deeper stuff.
-
Add in an access point to cover all your wifi needs. Make sure that it is an access point, not a wifi router. Some routers can be set to access point mode but thats just a waste of capabilities. The access point basically converts wired signals into radio. I recommend ubiquiti for this.
But for your next step you should start researching the five different functions I outlined in my first list. If I'm not sure about somethings (happens quite often ;-)) I literally type "whatever for dummies" into google and start reading. Don't be embarassed to start at the bottom, we all came from there in the beginning. There are also some good youtube channels that might help. Once you are somewhat confident that you at least generally know what those magic five do you can start with the second list.
Feel free to ask further questions but it's night time in my time zone so answers will take a while. Good luck and above all: Have fun. This is a fascinating topic and you can spend years exploring it.
There seems to be a bit of a misunderstanding of what a reverse proxy does.
The proxy should accept requests on port 80 and 443 and on the basis of the requested website route you to the correct adress:
- Request for jellyfin.mydomain.com comes in
- Reverse proxy checks where it should reroute it -> host.of.jellyfin:8443
So your client thinks its talking to your jellyfin-instance over port 443 but in actuality your proxy reroutes the traffic to wherever your jellyfin needs it to arrive..
/Edit: Ah just saw that it redirects 443 requests to your router. Can you configure a DNS override on its config somewhere?
Try running this command on your target system:
cat $HOME/.ssh/authorized_keys
Does the private key part of your key pair show up in the list?
I live in switzerland, our main consumer electronics store is digitec and they tend to get the latest and greatest stuff first.