People resoundingly suggested using containers. So I’ve been reading up. I know some things about containers and docker and what not. But there are a few decision points in the jellyfin container install instructions that I don’t know the “why”.
Data: They mount the media from disk, which is good cause it’s on a NAS. But for the cache and config they use docker volumes. Why would I want a docker volume for the config? Wouldn’t I want to be able to see it from outside the container easier? What am I gaining by having docker manage the volume?
Cache: I saw a very old post where someone mentioned telling docker to use ram for the cache. That “seems” in theory like a good idea for speed. I do have 16gb on the minipc that I am running this all on. But I don’t see any recent mentions of it. Any pros/cons?
The user. I know from work experience that generally you don’t want things running as root in the container. But… do you want a dedicated user for each service (jellyfin, arr*)? Or one for all services, but not your personal user? Or just use your personal user?
DLNA. I had to look that up. But I don’t know how it is relevant. The whole point seems to be that jellyfin would be the interface. And DLNA seems like it would allow certified devices to discover media files?
Thanks.
Interesting. I didn’t think about performance. I can see how a docker volume would be better optimized. And for a cache that makes sense. I was considering doing a bind mount for the config for easier visibility when debugging things. But keeping the volume for the cache now makes sense… thanks for that.
I technically work for a company that is in the security space. But I myself just can’t really get into it. It seems like there is always so many things that could be done to improve security, but there is never the resources to do most of them in companies. And that would really eat at me. We hire companies to do pen testing. They seem like home inspectors. They have to find a few things to help the customer (us) justify the expense, but once they do, they don’t need to look much deeper. And half the things they find will be low/mediums that will never get fixed. And in the end, the only reason companies seem to hire them is so they can advertise that they did, or to meet their customers security requirements. All in all, it just feels so sad. :(
anyway. If I am following you… you run a custom NAT for your home network? I know my router has one, but sounds like you don’t trust the routers? Is that right? And then you run a vpn server on the inside to handle any external access. That seems smart. Is that like common practice, or something you do because of your background?
I don’t run a custom NAT, I just don’t port-forward much.
I have my ISP’s router as a gateway/fiber endpoint, hooked up to a TP-link 1gig switch and an Archer C7 with OpenWRT as a semi-dumb AP/switch and handle DHCP to give clients my recursive DNS.