Shimitar

The same way you back it up, using ssh remotely for example

Just run backrest backup on each server three times, one for each remote backup tepository. Easy enough.

Agreed, nextcloud is a beast with lots of whistles, if you don't need them you can have simpler solutions

This my approach here https://wiki.gardiol.org/doku.php?id=selfhost%3Afileserver

And I stated using AList which is a funny piece of software that has great potential. See here https://wiki.gardiol.org/doku.php?id=services%3Aalist

From somebody who prefer to run stuff not in containers... Don't bother and run SearXNG in container. I suggest rootless podman instead of docker.

See my notes/guide here https://wiki.gardiol.org/doku.php?id=services%3Asearxng

You can share jellyfin on the net. I do.

The issues shared wide and large are mostly moot points, where the attacker needs to already have access to the jellyfin itself to have any surface.

Its FUD and I am convinced spread by Plex people in an effort to cover up their fuckup and enshittyfication.

Deep level packet inspection, they detect patterns or whatever in encrypted traffic (and the lack of thereof) and ban the destination ip china-wide.

How they do I have no idea, but they do, on my direct first hand experience. Its not based on domain names, directly straight and total ip ban. All ports, all domains on that ip get banned forever just because you started using a VPN (OpenVPN in my case, it was a few years ago).

It will work for a bit, then they will detect VPN traffic and just block the destination ip for good. Any ip you will use will be shortly unreachable for you, so be prepared to that.

LOL you madre me laugh...

Anyway being security conscious is important, and better be safe than sorry...

100% agree.

One point: use an SSO like authelia or authentic. Way better than basic auth and you get the fancy login form too preserving all the benefits, and you can also use OIDC with those services that require more complex setup for proper auth

Yes. The fearmongering of the security freaks is not necessarily true. We selfhosters are not big targets and nobody cares about our files or our devices.

Of course, until you get hacked.

But beside SMTP and ssh and known services like WordPress or PrestaShop there is little actual brute force bots trying hard.

Thank you! This is exactly why I do my wiki, so that people can use and benefit from the work I did before.

Mmm as for the admin console, I will add that, it had slipped from my wiki it seems!

My personal experience with conduwuit is very positive.

Everything worked including sliding sync for Element X.

Bridges works fine. Threads too (limited to client support ofc), session verification works fine, element call never tried, you need to install a dedicated server anyway, but that's true also for synapse.