• 0 Posts
  • 10 Comments
Joined 11 months ago
cake
Cake day: February 14th, 2024

help-circle

  • This sounds like it would work. As you said it seems a little over engineered, but I’m not sure how else you would go about only isolating Firefox without a local split tunnel VPN that has a fail-safe switch controlling your network adapter. Would Firefox rely solely on the proxy configuration, or will it make any attempts at using another route if the proxy fails (or it’s just programmed to for specific features/extensions/etc)?

    If you want a fully isolated browser, you can install Firefox (or Mullvad browser) as a container behind Gluetun. You would then just enter the IP and HTTPS port of your Firefox container in your local instance of Firefox and connect via (web) VNC over Tailscale. All traffic to the container uses HTTPS, goes over Tailscale, and through your Gluetun. Then Firefox has no possibility of using anything but Gluetun, and your browsing (clipboard, audio, hardware info, etc) isn’t connected to your laptop at all by default.

    This may not be ideal if you’re trying to watch a lot of high resolution or high framerate videos though, depending on how high your VNC quality is set and your network capabilities.

    https://github.com/linuxserver/docker-firefox


  • The tracking number is on the label. There’s a tracking number as soon as the label is created, before it’s ever printed or slapped on a box. Whether or not a customer is given the tracking number when the label is created is a different story.

    I’ve had plenty of tracking numbers that just take me to a page that says “label created - USPS/UPS/FedEx awaiting item” until the carrier receives it. Some won’t give me tracking until it’s been picked up by the carrier, because there’s no point tracking an item that hasn’t shipped, but the number still exists.





  • nsfwpls@lemdro.idtoSelfhosted@lemmy.worldSelfhosted chat service
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    3 months ago

    Are you using a *.duckdns.com domain or is that only for Dynamic DNS pointed to something like jelly.domain.com? I’m not sure if you’ll be able to get a cert in the former scenario.

    Your router won’t let you access it because you’re trying to connect from your internal network to your external network, so you’re just connecting in a loop and not getting routed properly. This could work if you had a firewall that would let you set up a loopback NAT, but my guess is your router won’t let you setup NAT rules like that.

    You won’t be able to get a certificate using a local domain from a public certificate authority (like Let’s Encrypt). You would want to define the FQDN you want to use, like jelly.domain.com, and generate the certificate for this domain. You can do this manually with certbot and import the certificate to jellyfin, or put jellyfin behind a reverse proxy like Caddy or Nginx and let it handle automatic renewal for you.

    The local DNS entries would then redirect internal requests for jelly.domain.com to your local server, which presents the same certificate for jelly.domain.com regardless of whether you’re accessing it via the private or public IP.

    A bonus of using something like Caddy is being able to open a single port on your router for every service. I have multiple services all accessed via the same port, and Caddy just reads the requested subdomain (jelly.domain.com, nextcloud.domain.com, etc) to route the traffic to the corresponding local server. This lets it handle every cert for all services with no manual steps needed for any of them after the initial setup, and reduces your attack surface by only having one port open.



  • You could install OctoPi and use that camera feed. It’s a little overkill compared to motioneyeOS since it’s originally meant for monitoring and controlling 3D printers, but I’ve had better luck getting OctoPi to set up a camera feed than motioneyeOS, which was abandoned by the developer years ago.

    You could install it on the NUC, plug in a camera, and it should just work. Then use whatever remote access method you want, i.e. tailscale, port forwarding, VPN, etc.