Ohhhhh ! Sometimes I just need to sh*up !

Thanks for the clarification.

Huh? Yeah it is… It’s a self-signed intermediate CA, signed by a self-signed rootCA.

In my case a miniCA in my lan.

Jellyfin doesn’t accept self-signed certs.

Huh?? My jellyfin.home.lab self-signed certificate would like a word… Just put everything behind a reverse proxy (in a self-hosted community you will sooner or later be confronted to one anyway…) And you get all your services behind self-signed certs. Doesn’t matter if Jellyfin accept or not… It’s encrypted through your reverse proxy !

I don’t get that…

I have self-signed SSL certificate and intermediateCA installed on all my devices and works flawlessly with every application that accept those (on android the manifest.XML has to allow user based certificate which is in most cases).

One exception on Android was the use of MPV which doesn’t do that and never will? However, the web player video type from official application works without issues…

I have navidrome, jellyfin, Ironfox, LibreTube, KoReader, Findroid… All work flawlessly with self-signed certs !

The issue here (as said in the second answer of his linked jellyfin post) is that them needs a reverse proxy that takes care of the SSL handshake and not jellyfin directly. So OP was missing a lot of good information in them’s first post…

I though that the recommended swap partition was to double until 16 GB? So at 32GB of ram use 32GB of swap?

Production is my testing lab, but only in my homelab ! I guess I don’t care to perfectly secure my services (really dumb and easy passwords, no 2fa, not hiding plain sight passwords…) because I’m not directly exposing them to the web and accessing them externally via Wireguard ! That’s really bad practice though, but any time soon will probably clean up that mess, but right now I can’t, I have to cook some eggs…

There are 2 things though I actually do have some more complex workflow:

• Rather complex incremental automated backup script for my docker container volumes, databases, config files, compose files.

• Self-hosted mini-CA to access all my services via a nice .lab domain and get rid of that pesky warning on my devices.

I always do some tests if my backups are working on a VM on my personal desktop computer, because no backup means that all those years of tinkering for nothing… This will bring up some nasty depression…

Edit: If have a rather small homelab, everything on an old laptop, still quite happy with the result and works as expected.

If you change your mind someday, just send me a PM !

Just create a wildcard domain certificate !

I access all my services in my lan through https://servicename.home.lab/ I just had to add the rootCA certificat (actually the intermediate certificate) into my trust store on every device. That’s what they actually do, just in automated way !

Never had an issue to access my services with my self-signed certs, neither on Android, iOS, windows, linux ! Everything served from my server via my reverse proxy of choice (Treafik).

However I do remember that there was something of importance to make my Android device accept the certificate (something in certificate itself and the extension).

If you’re interested I can send you the snipped of a book to fully host your own CA :). It’s a great read and easy to follow !

Ohhh thanks for the clarification ! As you guessed I’m not into dev/programming so I wasn’t aware of this kind of detail !

Thank you :)

Edit: Now semver makes sense !

I mean, where else should they show that warning? It’s also posted in the forum. They also edited the documentation page.

Maybe you’re more into mailing list or the like? I’m genuine curious on what/ how/ where you expected getting this kind of information.

Really cool stuff !! Something I need to try out for sure !

Just to bad they didn’t add a multiuser setup example :( !

If you are doing any kind of multiuser mail node, you should have a separate SMTP system in front of this one that performs any necessary validation.

Maybe something worth a shot is a direct Wireguard server/client connection. While I don’t know how it works with double NAT (wireguard client with double nat) making your home server act as a direct tunnel would solve all your issues.

• Access your services from everywhere without middleman.

IIR, tailscale uses wireguard under the hood and you’re already hosting things on your home server, so maybe this could be worth a try :) !

+1 ! Need to work on my morning Lemmy scrolling… Grumpy as fuck and not being nice to people sucks :// !

Yeah ! Except in the dev/code realm… They seem very aggressive to each other, specially if you whisper something like: Rust is safer than C !

I don’t really get it, but I find It very pleasant to read when passionate people write a whole essay I don’t even understand 1/10 of what they are writing… However, there seems some heated negativity in that community !

Probably something to do with money? Just a guess 🤷‍♂️

Hahaha dark humor, nice !

Haha, some kind of dead DE pixel ? 😅

That’s similar as the saying:

Give them fish, and they will have something to eat for days. Teach them how to fish and they will have something to eat for a lifetime.

Something along the line 😅

I mean… My Mac M1 doesn’t allow right-click create a new file. 😮‍💨 ! Also, if I recall correctly, there is a similar thing that made me go crazy on Gnome DE.

Nowadays, people hate to get everything neatly separated in a nice and well ordered directory structure. They throw everything in the same directory and use the find/search function, for what it’s worth.

You’re right ! And because OP want to archive Reddit pages I propose an alternative to reduce that bloated site to a minimum :).

From my tests, it can go from 20MB to 700Bytes. IMO still big for a chat conversation but the readability from the alternative front-end is a + !