- @somedaysoon@lemmy.world
- deleted by creator
- 0 Posts
- 15 Comments
I know this doesn’t fit your criterea OP, but if anyone else is looking for some kind of notification service, I use: SMTP to Telegram
I get instantly notified on my phone for healthchecks.io failures, cronjob reports for different scripts like borg backups or ddns update failures, certain Home Assistant scripts, and Sonarr completions so I know when a new TV episode is done downloading, and a bunch of other things set to notify on failure like SMART failures or snapraid-runner failures or distro updates… so many things. It’s nice having peace of mind that if I haven’t been notified that something is wrong, then I know everything is working, and I do not need to check on it. So it’s one of my favorite services that I’m running.
I don’t think I need to say it, but this is obviously not something you would put facing WAN as there is no TLS nor authentication.
Most of the amcrest cameras have rtsp and don’t require cloud access, in fact I block mine from WAN altogether.
I have one wired POE outdoor camera and one wireless inside camera from them. Both are great cameras that I can fully control locally. Just make sure it has rtsp, because I’m not sure if every model they make has it.
Yeah, I haven’t had any problems with it, what apps have been an issue for you?
The app that I use the most during that transitional period would be Ultrasonic which would be streaming music from the Airsonic service as I get in my vehicle and drive away or arrive back home. But even that flawlessly transitions without skipping a beat since it is set to cache songs.
You are talking about security when that is not the purpose of it. So yes, you are off on a tangent and missing the point of it.
It should be clear to people who don’t understand security that running a protocol on a different port doesn’t mean shit for safety.
It is clear, it’s clear to everyone, so why did you randomly interject irrelevant information? Because you incorrectly assumed someone thought it had to do with security… but no one here thought it had anything to do with security. Everyone understood it but for you, and you were corrected not only by me but the other person.
Because it doesn’t get as much attention” wouldn’t mean anything to any enterprise firewall the moment it’s not an http header.
As I’ve said, I’ve used it a few times to escape firewalls… it works. Will it always work? No, I never made the claim this will bypass all firewalls… the strictest of firewalls will block it, but there are other ways around those firewalls. E.g. proxytunnel, stunnel4
I think you may be still missing the point because it was never implied that the port change is for security; the security is in disabling password authentication and only accepting key based authentication. The reason I put it on 443 is because it is a port that is usually allowed by firewalls and doesn’t get as much attention. So if I am on a network that is blocking access for standard VPN or SSH ports then it might just be enough for me to bypass it. And it’s traffic on a port that is going to see a lot of other encrypted traffic going across it, so it looks more natural then just popping some other random ports that could potentially raise an alarm.
Unless you need to share/provide services for a public, then you shouldn’t be setting up reverse proxies or cloudflare tunnels in my opinion. All you need is WireGuard for you and the handful of users that might be using it.
I have two ports open for:
-
WireGuard
-
SSH Tunnel
Both of these services will only accept key based authentication.
WireGuard is the main way that my wife and me access the services away from home. When our phones disconnect from our home’s SSID, Tasker automatically connects to the WireGuard tunnel so we never lose access to services.
The SSH tunnel is just a fallback in case I get behind a firewall that might be doing DPI and blocking VPN traffic. The SSH tunnel operates on 443 to hopefully appear to be SSL traffic and allowed through. I’ve used it a very limited amount of times to get out from strict corporate firewalls.
I mean, that is just another way of checking your dashboards.
It’s not another way of checking dashboards… dashboards don’t even come into play for me with this notification system. If I get a notification that my backup script didn’t run, I’m dropping straight to an SSH session and checking logs and fixing it. There is no dashboard in this equation.
Unless you are dealing with a high availability setup, it matters a lot less whether you do a push/pull model for notifications so long as you are regularly checking then.
My home is not high availability, it’s just me and my wife, that doesn’t change the fact that this is a better solution over having to constantly check in on services. Also, high availability isn’t the reason for this, it’s having the peace of mind things are working, and doing literally nothing to know it. Right now, I know all my services are working, and how do I know? Because I haven’t received a notification that told me there is a problem so I know, everything is working. Do you know if all your services are working right now? No, not unless you actively check in on them right now. That’s the difference between my way and your way of doing it. I always know the status of my services, you don’t know unless you check in on them.
But listen, I’m not trying to persuade you, if you like to take time to check in and babysit your services to make sure everything is running correctly instead of setup a simple notification system, that’s your preference, but in my opinion it’s not the best way to do it. This is about working smarter instead of harder.
I agree that an “average joe” shouldn’t be selfhosting unless they firstly understand that they are responsible for their data and are making proper backups.
unless you are regularly checking your dashboards, they will happen in rapid succession
One thing I disagree with though, you shouldn’t be having to regularly check dashboards. And I understand this goes beyond the “average joe” realm of things, but you should have notifications setup to notify you if something is not working. Personally, I use SMTP to Telegram because almost every service has an email option for notifications, but I want to be notified instantly.
So when my healthchecks script runs and fails I’m instantly notified if one of my containers is down. If my snapraid scrub/sync fails to run or has errors or my borg backup script fails to run or has errors, I’m instantly notified of it. If my ddns script fails to update, again, I’m instantly notified of it. I’m even notified if the server has higher CPU load averages or RAM usage than expected of it, and of drive space running out, and of SMART failures. I’m even notified whenever a login to my OpenMediaVault dashboard occurs. My Omada Controller also has different network notifications, and so does HomeAssistant for different integrations.
Basically, I will be notified if any problems arise that need my attention… you shouldn’t be depending on scheduling your time to look at dashboards to ensure services are running properly. And if you setup a good notification system, you can just set and forget your services, mostly anyway.
BTW I see the Thinkcenter you mention for €250 online, My RPi4 cost me as kit €108 (8GB version). That was before all prizes went trough the roof though, as I see the separate board now for €125.
A ThinkCentre M92P can be had for < €100 on eBay, like even down to €50-70 sometimes. I’m not saying you shouldn’t use a RPi if you already have them, but RPi has not been worth it going back to the RPi3. If anyone needs to get hardware to setup their server, the tiny/mini/micro lines are better.
https://www.servethehome.com/introducing-project-tinyminimicro-home-lab-revolution/
I was put off of RPis since the RPi3 too, the way they misled people with their marketing about it having a gigabit port which was on a shared bus so it was not really true put me off of them. And Pine64 boards have been better with the RockPro over the RPi3, and the RockPro64 way better than the RPi4.
I wouldn’t recommend a RPi for a server for anyone looking into this. Something like a ThinkCentre M92P will cost less and run circles around a RPi4, at not much more power. It will also support x86 and has Quick Sync tech which makes is great if you use something like jellyfin and need to do transcoding.
Even if you really need a low power SBC then a RPi4 was never the best option. The RockPro64 was released an entire year prior to the RPi4, and has a faster CPU. It supports booting from eMMC, and could boot from USB for like 2 years before the RPi figured it out. It also has a standard PCIe slot for adding SATA cards or extra ethernet ports instead of using the weird hat thing.
Personally though, I don’t think the tiny/mini/micro PCs can be beat, I run two of them at home for all my services.
I have a Paperwhite 2015 version that I got back in 2016 for only $30 when they had a big sale on them to unload for their new version. Looks like on eBay that 2015 version goes for $30-50 today.
I transfer books to it via a USB using Calibre. It doesn’t need nor do I connect it to WiFi. Newer models might also be able to work via USB only, I don’t know, but I know my 2015 works that way.