A software developer and Linux nerd, living in Germany. I’m usually a chill dude but my online persona doesn’t always reflect my true personality. Take what I say with a grain of salt, I usually try to be nice and give good advice, though.
I’m into Free Software, selfhosting, microcontrollers and electronics, freedom, privacy and the usual stuff. And a few select other random things, too.
Do you install the CA certificate or the client certificate? Because both aren’t the same. The app needs to authenticate with a client certificate file. The server has a server certificate that is checked against the CA certificate. So you’d install that (CA) in the android system certificate store and additionally give a client certificate file to the app.
I have a NFS and Samba share to my NAS. And Jellyfin exports things via DLNA / UPnP so there is always a local route to the storage. Also I’ve set the IP address of the server in the /etc/hosts file of my router. So even when internet is down, the DNS can resolve it.
Ah okay. I don’t have a Fritzbox here. I suppose that does the trick. My idea was to use that to test if incoming IPv6 works. So disregard any services on the Fritzbox itself and just see if you can access it directly. And if yes, configure an IPv6 port forward to the NAS.
Isn’t myfritz plain old IPv6 directly to the router without any proxying or tunneling? If yes, communication would mean IPv6 packets make their way through the ISP to the router.
If you google it, you’ll find lots of similar questions for O2. I think you have to contact their customer support and get that activated once.
And have a look at your IPv4 and IPv6 addresses. Sometimes you can do it via IPv6 already, just not over IPv4 because there is some translation in the way. (In case they want too much money to give you a real IPv4 address.)
Maybe you can try if you can open your FritzBox UI from the outside with your my.fritz address. I think that has IPv6 and a port forward in place (if activated).
And btw: It’s perfectly fine to do it. People need storage and online collaboration. Access to their data while away.
I usually look at these awesome … lists. They list quite some mail servers:
I think you first need a mailserver, then you’d use imapsync (for example) to move the mailbox initially, and then periodically fetch the mails from gmail.
For outgoing mail you can either configure your mailserver to relay mail via your gmail account. Or configure your mail program to send mail directly via gmail.
If you’re having frequent power outages, you might consider buying an UPS. Other than that, I’d just buy a new CMOS battery every few years. Mine seem to last way longer than 4 years. Maybe 8y or so.
I’m not sure if 3-4 times a day is a lot. I had computers (especially laptops) which were way more aggressive with spinning up and down the disks. Maybe you can look it up. A decent (enterprise(?)) hdd should have some datasheet available including info about how often you can powercycle or spin them up/down.
And I wouldn’t wake up disks deliberately. If you don’t mind the 5-10s waiting, you can just spin them down at the end of the day and leave them that way. The next day they’ll either spin up on first access, or they won’t. And save that one cycle. I’m not sure though if you can change the spindown timeout during the day without also waking it up. I mean you could run a script that spins them down at 22:00 and sets the timeout to 1h, and at 07:30 you run a script to keep them awake for a 6h period. But you’d need to test if changing that setting wakes them up. Or I’d rather not run a script like that. Sometimes executing hdparm spins up a disk, even if unnecessary.
I think you got enough recommendations for several tunneling solutions.
Apart from that (and free DynDNS) you could also use a regular paid DNS provider. Some of them also offer DynDNS or an API. I think I saw some regular providers in the list of my DynDNS client on my router, next to the super cheap or free ones.
It’s easy to use, reliable, and doubles as a webserver so I only need one software to host my websites and also do the reverse proxying to the other webservices.
Buy the cheapest graphics card with 16 or 24GB of VRAM. In the past people bought used NVidia 3090 cards. You can also buy a GPU from AMD, they’re cheaper but ROCm is a bit more difficult to work with. Or if you own a MacBook or any Apple device with a M2 or M3, use that. And hopefully you paid for enough RAM in it.
That is indeed a good question. Is this something RAID is bothered with at levels 0 and 1? I think in this case it’s the job of the filesystem to care for that. But you should probably let the periodic task run that does scrubbing like once per week. You could also experience other issues than just bitrot. For example bad sectors and one of the hdds slowly degrading.
In the end I don’t think a RAID1 can do much about bitrot and other RAID woes. There are no checksums or anything to correct for that. You’d probably need some other technology for that. But it’s probably the same for a ZFS mirror. And everything better than that needs more than 2 hdds.
Yes, as the other people pointed out, that’s what I mean. The standard Linux software RAID (also called MD RAID)
It’s proven, battle-tested, pretty robust and you don’t rely on any specific vendor formats or any hardware for that matter. The main point would be to keep it simple. You could use BTRFS or ZFS or all kinds of things. But it only introduces additional complexity and points of failure. And has no benefits over a plain mirror (what the RAID1 does) if we’re talking about just 2 devices. At least it served me well in the past. Contrary to cheap hardware RAID controllers and also BTRFS which also let me down once. But a lot of development went in to that since then and the situation might have changed. But mdraid is reliable anyways.
Debian and the standard linux mdraid?
Roleplay (text adventures), a (stupid but occasionally funny) dungeon master, translation and help with creativity. These are the use cases I found. If you don’t need that, you might get rid of it.
Glad you could figure it out. Keep an eye on the certificate updates. As far as I know letsencypt certs are valid for 90 days or so. In case you have a periodic job that renews them, that one might now fail to update the files when it runs the next time in 2 months or so. But that depends on the permissions and user of that renew job. However that’s set up. But for the next few months, everything should be fine now.
Something like an old laptop will make a power-saving homeserver. But that won’t work if you want to attach lots of storage.
I don’t think an Optiplex is the most energy-efficient choice. They seem somewhat okay, but you’d need to put some effort in and read some tests and reviews to find a really efficient mainboard and PSU. That’s not easy
You can spin down your harddisks. I have some udev rule that executes hdparm -S60 /dev/sdb after boot. That’ll spin down the hdd after 5 minutes of inactivity. It’s alright for low usage scenarios. And it doesn’t spin up that often because the hdd contains my photos, backups and a few movies. And my operating system and files that are accessed often, are on a SSD. Starting and stopping disks like once a day should work for many years. But don’t cycle it every few minutes.
And obviously, you can also shut off your server over night or just wake it on demand, if that fits your use-case.
(Same things would apply as I lined out earlier. You’d also need to pay attention to the parent directory of that directory (and maybe parents of those). And check if coturn is actually running as that user and/or group.
You might just (for testing) grant all permissions on the files. Put them into a directory that you’re 100% sure coturn can access. Like one of Coturn’s own directories. And then chmod 666 both files and give them the same user and group as coturn’s own config file has. If that doesn’t work, it’s not the permissions.)
And read the actual error message again. Make sure it says “permission denied”. Make sure the filename in the error message is the exact filename and location of your certificate file. To rule out other errors or a typo.
And now that I’m reading your initial post again, it says it can’t find them. So maybe it’s really not the permissions, but the coturn config doesn’t point to the correct location of the certificate files. Usually permissions is a good first guess. But if the error message says sth else, it could very well be what the error message says. Does it go on and tell you where it looked for the certificates?
First of all you’d need to make sure that coturn is in the “certgroup” group. Or it won’t help.
Secondly, those are just the two files. “certgroup” might still be unable to open them if the directory permissions don’t allow opening the directory in the first place. And we can’t tell from just the two lines. Make sure all the parent directories also allow traversing to that location. “rX” are required to read and open a directory.
However text files shouldn’t have execute permissions. And you’ve set “rwx” for the group. That doesn’t break anything, but “rw-” would be the 100% correct choice there. And other accounts shouldn’t have read permissions on the private key. That should be “rw-rw----”
(I’m not sure why you have to do all of that stuff manually… Lot’s of frameworks or operating systems come with letsencrypt/certbot and some sane default settings. If your way of doing things doesn’t work out, you might want to read a tutorial for your operating system or consider a more standard approach.)
Does anyone happen to know if there is a N100 model that supports HDMI-CEC so I can make my old TV set smart with a recent Kodi and maybe some retro-games? But I’d rather not let it consume 9W or whatever such a machine needs all day long. So it’d need to start and shut down on its own. Preferably without manual additional steps involved, hence the CEC…