Comments inside the docker-compose.yml
files?
Comments inside the docker-compose.yml
files?
Maybe give cloudflared a try. Works for me even with nextcloud’s ssl (don’t think there’s a way to start NC without the self-signed cert). Couldn’t get it to work with NPM (I admittedly don’t know much about nginx) so I brought in the big gun(s).
Backblaze b2, borgbase.com. There are also programs like dejadup that will let you backup to popular cloud drives. The alternatives are limitless.
No minimum requirements. And here you go:
#version: "3.8"
services:
invidious:
image: quay.io/invidious/invidious:latest
restart: unless-stopped
security_opt:
- no-new-privileges
container_name: invidious
stop_grace_period: 3s
ports:
- 127.0.0.1:3000:3000
environment:
INVIDIOUS_CONFIG: |
db:
dbname: invidious
user: invidious
password: superstrongpassword491
host: postgres
port: 5432
check_tables: true
popular_enabled: true
login_enabled: false
statistics_enabled: true
hsts: true
hmac_key: *PICK-A-LONG-RANDOM-STRING*
https_only: true
external_port: 443
use_quic: true
database_url: postgres://invidious:superstrongpassword491@postgres/invidious?auth_methods=md5,scram-sha-256
force_resolve: ipv4
domain: *your.domain.com*
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s
timeout: 5s
retries: 2
depends_on:
- postgres
postgres:
image: postgres:15-alpine
container_name: postgres
security_opt:
- no-new-privileges
restart: always
# purposefully excluded volumes section
# the database will reset on recreate
environment:
POSTGRES_DB: invidious
POSTGRES_USER: invidious
POSTGRES_PASSWORD: superstrongpassword491
healthcheck:
test: pg_isready -U invidious -d invidious
interval: 10s
timeout: 5s
retries: 5
I’ve hosted invidious relatively easy for a while now. Simple UI and just works. If anyone needs my compose and config setup, reply and I’ll post it.
Haha. Said the hoader with tonnes of content he’s never going to finish watching.
deleted by creator
They provide the best balance for efficiency. Not too powerful enough to be a workhorse and not to weak to run multiple simple applications/services. NUCs are great in that they come with hardware video acceleration tech that’s highly optimized for media transcoding.
You don’t get any network isolation with this approach vs a service running in its own dedicated virtual network. Just for this reason, I think Wireguard as a VPN access to other local services is insecure.
I always see guys swearing by Wireguard for VPN access as a security measure and seems to me like if someone unauthorized gets your public key, they have access to the kingdom.
May not be as ideal as it requires manual selection but Chromium has a visible share button for QR on the address bar. Or you can use Pushbullet/Join/KDE Connect to share links with your phone.
For accessing your VPN network outside of your LAN, there’s the shadowsocks option in the gluetun wiki.
You have threat model to answer this question as privacy means different things to people and there are different privacy levels to every threat model. But to answer your question in a concise manner, any closed source operating system developed by commercial vendors is more likely to ship with/ introduce telemetry, user tracking and other kinds of spyware than an open one.
I use restic (and dejadup just to be safe) backing up to multiple cloud storage points. Among these cloud storage points are borgbase.com, backblaze b2 and Microsoft cloud.
Jellyfin, AdGuard Home, Nextcloud, Syncthing, Invidious, SearxNG
I remember losing Google Authenticator data when I had to format my phone. This was years back and didn’t have too many accounts setup. With Aegis I have an offline encrypted backup of all my 2FA codes so this is no longer a possibility. Before Aegis I was tempted to use Authy before I had to wait 24hrs to gain my access back after I reset my phone.
2FA on Android has always sucked (lazily created; app data CANNOT constitute and/or subsitute device trust). I wish I had got on to Aegis earlier.
Even though minimal, the risk of security patches introducing new changes to your software is still there as we all have different ideas on how/what correct software updates should look like.
Mostly because stability is usually prioritized above all else on servers. There’s also a multitude of other legit reasons.
Nothing too fancy other than following the recommended security practices. And to be aware of and regularly monitor the potential security holes of the servers/services I have open.
Even though semi-related, and commonly frowned upon by admins, I have unattended upgrades on my servers and my most of my services are auto-updated. If an update breaks a service, I guess its an opportunity to earn some more stripes.
It’s a vpn client on steroids that creates a VPN network (based on your provider) which you can then use to run docker containers inside of, as well as create http & shadowsocks proxies for your VPN network etc.