this post was submitted on 27 Nov 2023
16 points (86.4% liked)

Selfhosted

39866 readers
479 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm going to be running a Jellyfin server, and I don't want to maintain it a lot, I just want it to work. Would using Docker be the easier way to maintain Jellyfin, or would using Podman be better? (I don't want to deal with SELinux, firewalls, port forwarding, etc.)

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 11 months ago (2 children)

SELinux should not be an issue if you stick to common directories and use :Z flag after the mount path with docker, afaik podman uses the same mechanism. There’s even a tool for selinux container policies: https://github.com/containers/udica

Regarding firewall stuff, disable it on your machine and you are fine. Port forwarding in containers is necessary to connect to services, now way around.

Ah and read this: https://stopdisablingselinux.com/

It has a reason why it exists.

[–] [email protected] 1 points 11 months ago (1 children)

Regarding firewall stuff, disable it on your machine and you are fine.

How do you know OP doesn’t have a bunch of unsecured services sticking out into their LAN ready to be a target for the next cryptolocking scam?

Slightly sarcastic, but yeah, OP, do not just turn your firewall without understanding pros and cons of doing such. At the very least, see what your server exposes to the network (ss -tunlp will give you a good starting point), and see if there’s nothing unexpected in there that might be abused.

[–] [email protected] 1 points 11 months ago

I don’t but lots of people stick anyways to a single network with some kind of crappy router and from OPs post I assumed that OP doesn’t really care about security, see SELinux