Hey, folks. The Jellyfin and Komga media servers running on my NAS are going great locally. I invested in a firewall and some managed switches, and from preliminary VLAN tests, I’m confident that I’ve got what I need to section off the self hosted services from my primary network. I was hoping to get a recommendation for the next couple of steps.
I’ve got a mini PC running Bazzite that had been a portable console/fighting game setup that I’m ready to retire from that role so that it can serve as a server and reverse proxy. I’m not sure what OS to put on it. If I have to manage it entirely by command line, it will take 10 times longer for me to do anything I want to do, and I’d really prefer a GUI. That said, I know it also takes resources to power a GUI that I won’t be touching most hours of the day. I was curious what distro you folks might recommend for this purpose. In some of my research, I also came across Apache Guacamole, but I’m not sure if that requires a proper desktop environment to already be present in order to get that kind of remote access with a GUI. Am I overthinking this? Is this going to be just fine with a normal desktop distro installed on it? If normal desktop distros work just fine, I need something that can sit there without updating until I tell it to; since introducing snaps, this is something Ubuntu has been a pain about, so I might want something else.
The next thing I was curious about was order of operations for the reverse proxy. There are SSL/TLS certificates that are needed for HTTPS, but I need a domain for that, and a lot of tutorials just skip on past this step in the domain configuration screens where you “enter your DNS servers” as though I know why I’d need other DNS servers, where to get them, how to select them, etc. And ideally, I’d want to test that the reverse proxy is working locally with HTTPS and all before it’s exposed to the internet in the first place, so I’m not sure what order to do those steps in: DNS servers, buying a domain, getting certs, configuring reverse proxy.
As with most things, I’m sure this is far less complicated than it looks to me right now, and once it’s in the rearview, it will make a lot more sense, but I’d appreciate any advice folks here can offer.
I think the tunnel method you’re suggesting is different than what I’m after, and a lot of the “complexity” in learning this stuff is coming from all the different methods we have available to achieve similar results. I ought to be able to just expose 443 once I’m fully up and running, and it will route to the various services through the reverse proxy and subdomains. My “zero trust” separation for security ought to be my VLANs. So if I’m not going exactly that route, where would my DNS servers come from, and why would I need something other than what’s there by default?
I know the CLI is effective. My daily driver has been Kubuntu since 2017, and I dabbled with Ubuntu for a decade before that. But I’m so much slower on the command line, because I have to think so much harder about each command, and the outputs are often unintuitive to read and parse out what I’m looking for.
Security in depth for me. I tend to be a little heavy on security: https://lemmy.world/post/43533409
I feel that, and it’s understandable. I seriously doubt that even Linus Torvalds knows every command and sequence off the top of his head. However, it would seem to me that at some point, the GUI will not have the options you need to deploy xyz app, and you’re going to have to use the cli. I keep a ‘note pad’ on my dashboard full of commands because my brain is shit and this helps me as much as it may seem rudimentary. LOL The list goes on for quite a ways past what is visible in the screen shot.
In that vein I always encourage users to take prolific notes. You’ll never remember everything you did 6 months from now. So, write down everything during the deployment, then distill the notes into what actually worked, and include them in your 3,2,1 back up scheme.
My 2p. Best of luck. Do share your journey.