Ahoy mateys! I've been doing some research into getting a self-hosted streaming setup built, and I'd like to ask the knowledgeable folks here for advice as well.

My goal is to be running a server that can host a jellyfin stack for acquiring and streaming media for myself and my partner. (I'd like to also run a matrix chat server on it for us to have secure chats as well, but I think that'll be less of a hassle. I hope...)

I found a few guides that don't seem too out of date. I'm an experienced full stack software dev, so the idea of running some docker containers and doing a little command line server set up doesn't intimidate me.

These guides though, they just cover the software application set up mainly. I also need to know:

Where should I host at? I'm on a shitty 5G internet at home, so VPS seems like the way to go but with who? What are some good secure hosts that aren't super expensive? Considering Hetzner auctions maybe? Anyone used them?
Will I need a VPN on the server too? If I'm torrenting, do I need to be careful which hosts I choose so I don't get copyright pinged?
Is there a good guide for securing and hardening my server? I'd like my partner and i to have easy access from home or on our mobiles, but I also don't want to find out my box is suddenly mining crypto because I forgot to close one port. I don't know what gotchas to be looking out for.
Any other guides you'd recommend? Any must have software or sites to know about?

Thanks in advance!

top 9 comments

sorted by: hot top controversial new old

[–] Xanza@lemm.ee 5 points 11 hours ago (2 children)

So, docker is a viable solution, but since you're a fullstack and will likely add more shit than you can imagine in the future, you might as well setup a proper solution.

Check out Proxmox. It's a management platform that allows you to run containers and just about everything else you need for self-host. In addition to that, I recommend getting a very small VPS with a domain to reverse proxy your services if you want. I highly recommend caddy2 for this as it does rproxy and even ssl seamlessly.

I’m on a shitty 5G internet at home, so VPS seems like the way to go but with who?

Considering you have a poor internet connection, you'd want to keep as much locally as possible. You're not going to be able to stream HD movies with shitty internet if you host your media on a remote server, but if you rely on a local wifi network, it's fine. You won't have remote access to your movies (I mean you can, but like you said, shitty internet) it's not going to be awesome. Other services like your matrix server would be fine, but since you're self-hosting, might as well host them at home, too. Matrix isn't exactly resource heavy and doesn't require a shit ton of upload to make usable.

If I’m torrenting, do I need to be careful which hosts I choose so I don’t get copyright pinged?

If you're on 5G, and you torrent, you'll be found out almost immediately, even with a VPN. I highly recommend a seedbox. Download to the seedbox, then use rclone or something to grab the files to your local NAS cluster (in proxmox) then stream the video's locally.

Is there a good guide for securing and hardening my server?

I always recommend 2 things when dealing with *nix servers;

Run SSH from a non-standard port and drop connections on port 22.
Only open ports you're using.

IMO this is really the only hardening you need, especially if you're working with rproxy and the ports only have to be opened locally or tunneled.

[–] shaserlark@sh.itjust.works 1 points 3 minutes ago

I’ve read a lot about using a VPS with reverse proxy but I’m kind of a noob in that area. How exactly does that protect my machine? Couldn’t an attacker with access to the VPS still harm my local machine? Currently I’m just using a WireGuard tunnel to log into my server, from what I understand you’d tunnel the service from the VPS to the homeserver and then on the VPS URL you could watch right m?

And do I understand correctly that since we’re using the reverse proxy the possible attack surface just from finding the domain would be limited to the web interface of e.g. Jellyfin?

Sorry for the chaotic & potentially stupid questions, I’m just really a confused beginner in this area.

[–] deathbird@mander.xyz 3 points 3 hours ago (1 children)

I'd also suggest authentication by key file.

[–] noli@lemm.ee 1 points 40 minutes ago

This is the way to go. I also run sshguard on all publicly-accessible hosts just to reduce traffic from bots, otherwise I just ssh over tailscale.

[–] Evkob@lemmy.ca 13 points 15 hours ago

I recommend posting in !selfhosted@lemmy.world, really helpful community there (although I'd refrain from specifically mentioning piracy).

I've heard Hetzner is quick to crack down on piracy. Some VPS hosters advertise that they don't acknowledge DMCA requests, such as Njalla and 1984 (I've never used these, just found them by searching Lemmy). If you want to go with a traditional hoster I'll echo what the other person said and recommend Gluetun to bind your container to a VPN service.

For security, if it's just for you and your partner I'd just setup a Wireguard server on the VPS and tunnel into it that way. You'll have to setup the VPN on any device you want to access your server with, which is a hassle, but I'd much prefer the small hassle than the constant worrying of hosting publicly-accessible services. Otherwise, I'd setup something like Crowdsec or Fail2Ban.

[–] ClownsInSpace2@lemm.ee 14 points 15 hours ago (1 children)

For the VPN, check out gluetun. Route your torrenting client container through this to funnel all the traffic through a VPN of your choice. I use this for my server.

[–] _cryptagion@lemmy.dbzer0.com 3 points 12 hours ago

Commenting to additionally note that Dockers can be found for both torrent and usenet clients that already have their traffic routed through glueton without further work. I use the Binhex versions of SABnzbd and qBittorrent. You just gotta put in your VPN info.

[–] DesolateMood@lemm.ee 6 points 14 hours ago

I host at home so unfortunately can't give you any advice on a vps
If you're torrenting, yes I would recommend a VPN. If you're setting up docker containers, gluetun is what you want to use. It's a client you can use to connect to most major VPN providers
You don't need to open your server to the internet for you or your partner to remotely access it. You can use tailscale (or manually setup wireguard) to remotely access it without exposing anything. Alternatively, if you still want to open it, you can use fail2ban. I don't know enough about networking to tell you exactly how secure it makes you, but assuming you're a normal guy who isn't pissing off any major corporations/states/etc it's probably fine
I haven't clicked on any of the links you provided, but I assume they mention the *arr stack. Some other goodies that may not have been mentioned though are jellyseerr, which has a nice frontend to search and request movies and TV, and homarr, which is a dashboard you can setup to sync with your other hosted apps. I have a couple extra I could tell you if you want, but I think these are the most important for a basic "official feeling" setup

[–] cupcakezealot@lemmy.blahaj.zone 3 points 13 hours ago

Saving this thread since I'm looking into this too for my family :)