I have a very cheap ($11/yr) us-based vps through racknerd I got via low end box. I’ve got 12 users but only 5 really active ones and I’ve never come close to hitting the 1tb transfer. I serve several services through that one vps (all just reverse proxy to my homelab).
I did just pick up another u.s. based vps through low end box the other day- $12/yr and unmetered Gbps. 1 CPU only, but a reverse proxy doesn’t need a lot of compute. :)
Depends on what you mean by “secure.” My personal setup is Jellyfin LXC on proxmox --> Wireguard to VPS -> Nginx reverse proxy on VPS.
This setup relies somewhat on Jellyfin’s auth, but I’m comfortable with that risk. The LXC is blocked from sending local traffic on my network by firewall rules. Yes, someone could exploit a vulnerability in Jellyfin (though looking through the CVEs I’m not overly worried about that), then escape the LXC and fuck with my server. But that’s a lot of work for no profit.
For more protection (in sense of reducing traffic that even interacts with your server), I’d recommend getting a wildcard cert for the domain so that the actual subdomain jellyfin is on is undisclosed to anyone not using your service.
Security isn’t about making everything impregnable, it’s about making attacks more trouble than they’re worth. Otherwise, we’d all live in fortified bunkers surrounded by landmines. 🙃
Navidrome. It’s lightweight and works with any subsonic app.
There are ways to make that irrelevant. I use a cheap vps and just have it funnel raw traffic for the ports I need to my home server via wireguard. All my SSL certs live on my machine and the VPS can’t see any of the traffic contents. I suppose they could redirect traffic elsewhere or start serving whatever on that domain, but I would know immediately and there are some limits to my paranoia.
It’s not just about moral reasons (although I would write them off for moral reasons alone, to be clear). Brave as a browser has a history of making privacy worse- see, for example, disabling advance anti-fingerprinting in 2024 and their piss-poor tor implementation in 2021. Your initial comment had said you hadn’t seen anything since 2018 and maybe you like the browser enough to not care about their history of careless implementations of privacy features or their limiting of user choice on fingerprinting protections, but I don’t see how these objections can be dismissed as not relating to privacy.
Here’s a brief synopsis of the various things Brave has gotten up to, with receipts rather than “Brave is spyware”: https://thelibre.news/no-really-dont-use-brave/.
Personally, I see a pattern of continually engaging in underhanded and rent-seeking behavior that does not align with its stated goal of ensuring user privacy. Because I see a pattern of trying things to see what they can get away with, I lack any trust in their future behavior and have no desire to use software that I feel I have to maintain constant vigilance over what changes they’re making from release to release.
I’m aware of this (that’s why I described a potential breach as Jellyfin -> LXC escape). What it does provide me is a static IP to point my domain at that I don’t have to worry about updating via whatever DDNS service and that isn’t tied to my home address. That and the wireguard tunnel gives me plausible deniability should my ISP ever decide to enforce its rules against hosting servers. 😀