I’ve been running Emby for around 8 years now and have been extremely happy with it. Development isn’t exactly lightning quick, but the developers do listen to their community and eventually work in their popular requests.

That was very different from Plex, where I had started.

And yes, there’s a pretty significant revamp to the login system across all apps comming with server version 4.8.

This covers part of it: https://emby.media/community/index.php?/topic/121668-48047-multiple-logins-supported/

I also recently setup vaultwarden and was wondering this.

Unfortunately I was unable to find a way to only expose the send function. The '/send/ path is preceded by a # making it part of the parameters instead of the uri path. Nginx in my case, sees all the requests for both the vault and the send feature coming from ‘/’ ‘/app/’ ‘/images/’ and ‘/fonts/’.

With none of the other wires, your thermostat is just a switch connecting ‘heating’ with its return wire ‘RV for heating’. A smart thermostat will require it’s own power supply, be that a battery or separate added wiring.

Na, that’s what sponsor block is for.

https://letmegooglethat.com/?q=Ethernet+to+coax+adapter

That’s not end to end encryption, it’s two seprate ssl connections both terminated at cloudflare. One from client to cloudflare, one from cloudflare to your server. Cloudflare is still a MITM inspecting your traffic in that scenario.

They do however let you disable their proxy(WAF) service, acting as pure DNS so clients connect directly to your IP instead of theirs. But they can at any point toggle that back on and intercept your traffic, nothing really stopping them except morals and T&Cs, but that’s not exactly bullet proof. T&Cs can be rewritten and corporations with Morals? Right…

Cloudflares Web Application Firewall or ‘WAF’ is a reverse proxy that sits in front of your server issuing it’s own certs valid for your domain (cloudflare is a CA, and has control over your DNS to get others to issue certs for them). They then provide caching alongside DDOS protection, geoblocking, various customizable firewall settings, as well as just masking your servers ip with their own. This is their primary service aside from just basic DNS/registrar services.

For the second issue:

Run > ‘netplwiz’ > ‘users’ tab > uncheck ‘Users must enter a username and password to use this computer’ > click ‘ok’ > finally, enter the user+pass to be auto logged-in.

Windows will now login to the specified user on startup.

Have you purchased and are using a public domain? Or is it just self-hosted DNS within your LAN?

If it’s a publicly registered domain, they’ll get the same thing you will: the IP you’ve set in your DNS records. If that’s a local ip (192.168.x.x, 10.x.x.x) it’ll be useless. If it’s your public IP, well it points at your router and someone can use it to try and connect to you. Unless you’ve forwarded ports, that connection will likely fail.

If you’ve only setup local DNS, someone outside you network will either get nothing back from querying your domain or, if the domain you’ve chosen also happens to have a public counterpart that you don’t own: they’ll get an IP unrelated to you.

which I’ve noticed can be disabled on some networks

I’ve found a few networks where my normal VPN connection won’t work. Typically they just block all outgoing ports except common ones like 80,443,22,53,etc. I’ve got a few of those setup so I can try alternates. 22 usually works.

Never perform personal tasks on work equipment. If it’s not something you’d expose to the open net, you definitely shouldn’t be accessing it from equipment you don’t own.

Get a personal laptop for remote tasks, or use your phone.

Last I’d checked (a couple years ago), they don’t permit media streaming via a free account, just serving static files. (I mean… Fair.)

I had several issues with emby/plex not loading streams through cloudflare connections, or really struggling to do so. Disabling cloudflare proxying for that subdomain solved that.

Now I just have cloudflare proxying my static file server and Ombi. Emby is a direct connection and everything else is behind OpenVPN.

Anything I don’t share with other users (ie the stuff I host for just me) isn’t accessible from WAN. Instead I host OpenVPN so my mobile devices are kept within my LAN and securely accessing my services. (also keeps them behind pihole for adblocking and local DNS records)

I just just use my public domain internally with a separate sub domain assigned to each device and each service. Pihole serves the local IPs for all of those instead of querying the public servers. Anything that’s meant to be internal only, doesn’t have a public DNS record and isn’t directly accessible from WAN.

I then host openVPN to keep my mobile devices within my network and behind pihole, able to access my internal services. The public records/domain is just for services I share with others and so that I can reach my VPN.

I’ve always considered ‘domain.tld’ to refer to the network (my lan in this case) and ‘subdomain.domain.tld’ to refer to the specific service/device within that network. Whether or not you can actually resolve that name and reach its service/device, plus how you’re actually routed there depends on where you’re connecting from (LAN/WAN/VPN).

I just use pihole as a local dns. Ad blocking is nice, but you can disable that part if you’d like and just use it to server local DNS records.

What you’re looking for is called a forward proxy. Most http webserver software can be configured to do this.

Here’s a guide for setting up Nginx as a forward proxy:

https://www.baeldung.com/nginx-forward-proxy

An internal drive only protects you against drive failure. If the device is physically/electrically damaged or lost, so is your backup.

An external drive can be stored separately, and retrieved using a separate device if necessary.

An unpowered drive will also last longer usually.