a lot of stuff:

• owncloud
• paperless
• immich
• jellyfin
• jellyseerr
• traefik

than i have stuff only accessible from local, like the *arr stack.

i’m not using cloudflare or anything, should I?

the only exposed ports i have are http / https and a random port for ssh.

i also don’t use any sso… maybe i should set one up.

this is the way.

also fail2ban to ensure that nobody bruteforce it’s way in.

don’t be an asshole.

works for corporations, individuals, and everything in between.

i got one from GoDaddy, but i regret the choice…

i think they added the ability to force upload a photo in one of the latest releases, see it that helps.

otherwise yes, you have to delete that record from the db…

they are, post and comments are mirrored on all federated instances.

ohh thanks

is this shitpost or an ad?

what is wikidata?

you have “bot account” checked on the settings.

add fail2ban, so they cannot brute force the web interface.

interesting, even if they got access to the plex service, how they could have escaped the plex docker container?

i run pretty much the same stack as OP, but also run immich and paperless. i very much care if someone else have a way to access those…

ugreen is Chinese, but one of the good ones.

right it still require root privileges…

well if you boot from a usb key and you have a btrfs file system, you could manually restore the snapshot. this would bypass the password

how this compare to jellyseerr?

i don’t think it’s in the api. is in the DB, but not exposed anywhere. one instance admin could do query and see them.

you don’t need to be surprised, in their ToS is written pretty big that anything you write to chatGPT will be used to train it.

nothing you write in that chat is private.

cruschi

are you using kube? or docker-compose?

of you are using docker compose, and in the compose file there is restart: always the container will be restarted if it disappears.

to remove it do docker compose down

well, it does have a high backend cost. They have to cover it somehow.