Hi, I’m quite new to this (only have watched videos and read forums) so I might use incorrect terms and explain things unclearly, please ask if you need more information to assist me.

Alright, so I got a dell optiplex 7060 micro with an i7 8700, 16gb dual channel ram (sodimm), a 256gb m.2 sata ssd and 130w dell ac adapter. Some other currently not in use hardware that may be of help is a 1tb 2.5 inch hdd that was in an old laptop from 2017 (still works perfectly fine, did do writing quite a bit in the past but never even store past 200gb) and a 1tb 3.5 inch hdd in some sort of bay for storing film in the 2010s (haven’t used for a long time but a few months ago I connected to it, could read and copy files from there).

My use case would be nextcloud for me, a friend in another country and 1 or 2 family member to backup data, we all have a copy on our machine and cloud backup. Next would be jellyfin and vaultwarden for my personal use, probably to stream some music that I listen to less frequently and movies that I torrent to watch a few times a month. I would also do research on running home assistant (now using a google nest mini and broadlink universal ir remote with the google home app and broadlink’s app, looking to degoogle and rely less on cloud stuff) and a matrix server for me and 2 more friends. However, the emphasis is still on the 3 initial purposes.

I’m planning to buy 1 nas drive from 2-4tb, a ups for proper shutdown/notification in power outage situations and will buy an external drive in the future or use the old drives for backup (maybe once a week) if possible.

Now, to the questions:

  1. Is the 1 drive setup actually suitable for my use case?
  2. Should I use proxmox? Or do you suggest smth else?
  3. What should I do to connect the drive? Use the sata connector of the dell optiplex micro (designed for 2.5 drives) and wire it to the outside, will it even provide enough power for a 3.5 hdd? Or buying a m.2 e key to 2 sata ports is a better option, and how can I power the single drive without purchasing a desktop psu?
  4. What is the best choice for connecting remotely without consuming too much battery on the devices? I’ve read about tailscale, wireguard, cloudfare, and things like using my own domain.
  5. I’m looking for old nas drives too because my budget is tight, what conditions should I aim for if I want it to work for another 4-6 years?

Any other ideas/suggestions for my project would be of so much help! Thank you so much!

  • walden@sub.wetshaving.socialEnglish
    2·
    7 days ago

    Nice, glad you’re having fun with it.

    Exposing things to the internet is a lot of fun, just keep in mind that there are bots out there just itching to break into your stuff. Use strong passwords. Use different passwords for every. single. website.

    Tailscale is often recommended because it’s very secure. You don’t need to pay for your own domain name, either as far as I know.

    For things that I expose to the internet (the Lemmy instance that I’m writing this from, for example) I like having a domain name. Especially when sharing it with friends since it’s what people are used to.

    If you’re interested in going that route, each “thing” that you host gets its own sub domain. For example if the domain name you buy is called “kgrnd.com”, and you’re hosting a minecraft server – you might call it “minecraft.kgrnd.com”. Jellyfin might be jellyfin.kgrnd.com.

    Starting from outside, sitting in a park bench looking at your phone – the steps that internet traffic goes through to reach your server is like this:

    1. phone or device
    2. internet connection
    3. your domain registrar, which tells it where to send the traffic (to your house/server) using DNS records
    4. your router (hopefully something relatively decent and up to date for security)
    5. your reverse proxy, which your router is programed to send HTTPS traffic to (port forward 80 and 443 to your server)
    6. the minecraft server, be it in Docker or whatever.
    7. then back again all the way to your phone

    A reverse proxy just decides "ok, here’s some traffic from minecraft.kgrnd.com, and I’ve been told that minecraft.kgrnd.com over on 192.168.2.32, port 25565.

    Do not tell your router to forward traffic on port 25565. That is not secure. The only ports that you open (forward) on your router firewall are 80 and 443, and those both point to the IP address of your reverse proxy.

    Reverse proxy’s come in various flavors. A lot of people like Caddy. I like Nginx Proxy Manager (NPM). Both handle SSL certificates for you which is very very nice.

    The last problem to solve is the fact that your home IP address changes from time to time. This is pretty standard practice with non-business accounts. That’s where a dynamic DNS service comes into play. My router has a built in service to handle it, so when I set up my domain name DNS records to point to “my house”, I don’t tell it my IP address because that’s subject to change. Instead I give it what’s called a CNAME record which points to a web address that my router has provided me. If your router doesn’t have a feature like that, you’ll have to explore other options for handling dynamic IP addresses.

    Once you have something up and running, you have to do 2 things –

    1. At your domain registrar, add a CNAME record that points to your dynamic DNS address (however you’re handling that). Alternately, add an A record pointing straight at your IP address. This will break eventually when your IP address changes.
    2. At your reverse proxy, add an entry telling it "when you see traffic coming from service.kgrnd.com, send it to the IP address of my server and port XXXXX.

    Another thing that I like to do, which is a bit more advanced but in the end makes things simpler and more secure:

    • If using Docker, set up your reverse proxy to run on a Docker network called “nginx” for example.
    • Ever Docker container that you set up which you want to expose to the internet via Nginx Proxy Manager, manually assign it to the same network (otherwise Docker by default gives each thing its own network).

    This is nice because you don’t have to tell docker to forward any ports. Whatever the default port is for the service your running, nginx can access it no problem because they’re on the same Docker network. For example if your Minecraft docker container is called “minecraft-minecraft-1” and has stuff on port 25565, you don’t need to know the IP address of Minecraft. In the NPM entry, you just point minecraft.kgrnd.com to minecraft-minecraft-1 and port 25565. Done. No exposing external ports to the docker container. Pretty cool.