Proton Pass is a password manager? I’m failing to see why it has anything to do with a web service that you’re running. You should be asking in support for Proton Pass.

I’d still think it’s a power issue. I’ve got a bunch of 500gig laptop drives, and ended up getting a 10A 5v supply with a powered hub. Also if you have the chance, power the rpi by the 5v GPIO pins rather than USB, as often the PMIC on the Rpi is anemic and loves to STILL drop under recommended voltage. I run 5.2v 5A PSU on the 5v rail, and haven’t had issues.

If these are 2.5" HDDs, (laptop sized) then maybe not. If they’re the full sized 3.5" HDDs, they need their own external PSU.

I’ve replaced reconnaissance commands (a handful of them found here: https://www.cybrary.it/blog/linux-commands-used-attackers) – whoami, uname, id, uptime, last, etc

With shell scripts which run the command but also send me a notification via pushover. I’m running several internet-facing services, and the moment those get run because someone is doing some sleuthing inside the machine, I get notified.

It doesn’t stop people getting in, I’ve set up other things for that – but on the off chance that there is some zero-day that I don’t know about yet, or they’ve traversed the network laterally somehow, the moment they run one of those commands, I know to kill-switch the entire thing.

The thing is, security is an on-going process. Leave any computer attached to the internet long enough and it’ll be gotten into. I don’t trust being able to know every method that can be used, so I use this as a backup.

I’m kinda weirded out by all the people suggesting a VPN here.

Like – if you’re hosting Nextcloud, Jellyfin, etc and you want friends/family to use it, having them VPN into shit is a hurdle that none of them are going to overcome.

You need to make sure you’re not behind CGNAT first, if not, don’t use Nextcloud on port 80, put it on another port, and then open that port to the outside world.

Just be aware, you REALLY want these things to be isolated from your home environment if you’re going to host them, and you NEED to be on some sort of CVE notification list for the software you currently use. Not all CVEs are “YOU MUST UPGRADE NOW”, but some of them can be pretty severe.

I’ve set up fail2ban on my isolated network, and it does a pretty good job of banning any IPs that are probing for things. So much so that I’ve accidentally locked myself out of my own network a few times, lol

IF you ARE behind a CGNAT - what you’ll want to do is likely rent the cheapest VPS you can find, and then set up a VPN not on the VPS, but on your home network, and have the VPS be your public entry point to the network, as it will have a public facing IP and can mask your home IP address. – https://github.com/fractalnetworksco/selfhosted-gateway

Edit: THEN - once you’ve accomplished all that, you’ll probably want to buy a domain name, and reverse-proxy subdomains to forward to the services on specific ports.

Very nice. This gets rid of any questionably legal gray area of using sites like Nyaa, etc for Torrent links. Also provides a bit of robustness against censorship when those sites get taken down. Looks like I’m gonna have to set up proxmox on a machine this weekend, as Windows sucks dick for docker containers and that’s what I’ve got most of my *arr stuff hosted on currently.

It’ll be a good thing anyways, as most of those instances aren’t running through my VPN yet and I should just centralize them on proxmox and run all the torrents, etc through containerized instances for security.