Thank you, that’s really solid advice. It turns out my efforts may have been misguided anyway. I think I was under the impression that “internet exposure” and “Cloudflare tunnel” had similar setups

I thought my VPN didn’t, but they continue to disappoint me. According to the internet, my VPN is using CGNAT

See, this just shows how much I need to learn…I thought what I was trying to set up *was *the same thing as a “Cloudflare tunnel.” Honestly, don’t care how it gets implemented, I just assumed this was the easy way because that’s what all the youtubers were suggesting. My end goal here is “I’m on my phone 100 miles away from home, open Jellyfin/Nextcloud/whatever, use domain.actually.works” without needing to disable my Proton/Air/Mullvad connection.

But I’ve followed 4 or 5 “you won’t believe how easy Nginx is” tutorials, and they’re not working for me…

Ok, this is an extensive answer (thank you), but also a lot to unpack. Before I go making a bridge network, I wanna make sure I’m following you. I’m pretty inexperienced with self-hosting in general outside of Docker, but I’m especially a novice with anything networking so pardon my ignorance here.

Yes, Jellyfin is accessible locally. Performance is the best I’ve ever seen it too. I uninstalled Tailscale on my Ubuntu server (it was causing networking issues, frankly I didn’t understand how) and removed it from my tailnet dashboard, but Jellyfin is still remotely accessible via Tailscale (which is fine, I guess).

At this point, my users and I are trying to avoid Tailscale on mobile devices when possible. Two reasons: 1. prevents maintaining regular VPN usage (deal breaker for a couple people) 2. switching between home wifi and mobile drops connectivity, required turning networking off and on again (deal breaker for me, I got spoiled by Synology’s reverse proxy and can’t go back)

From what I can tell, there’s no CGNAT trickery at play (actually the internet says otherwise). My DNS is a local Pihole+Unbound, in case that matters. The Ubuntu IP is static. Were you requesting the yaml of Jellyfin or Nginx?

And I believe I was hoping to set up a “Cloudflare tunnel.” I think I was under the impression that this “tunnel” *is *a reverse proxy.

Yes, I recently got it working. So LAN connectivity is fine and strangely I can remote access it via Tailscale even though the machine isn’t on a tailnet

The whole reason I bought the domain is because I was told to stop using Tailscale for this purpose. I’m so confused…

Yeah, I’m about to start the process of trashing the system and starting anew with Ubuntu Server. Even if I had 24/7 community support, I think I’d still dread dealing with Proxmox. The whole reason I hopped on the Prox train was that videos make it seem like an alternative to deep-diving into cli…but everything I’ve been doing is cli, so screw it

So this looks good then?

Yes, just using the iGPU. Thought about an Nvidia card, but setting it up sounded like torture so just whatever is on the i5-13500 for now

In case you want to keep following, I did make that post in c/jellyfin

So I starting this post with many intertwining issues, but most of them have been resolved thanks to extensive help. At this point, most of my issues are Jellyfin-specific so I made a new post in c/jellyfin. But thank you, I’ll be trying your method if mine continues to fail me

Yeah, it seems like the transplanting of LXCs, VMs, and docker is fairly pain-free…where I really shot myself in the foot is starting on an underpowered NAS and network transfers are clearly not my friend.

I’m not familiar with the backup stuff, but I remember hearing about it being added recently. I’ll look into it, thanks for the recommendation.

You taught me a lot of stuff in just a couple days. The overwhelming/anxious part of dealing with Proxmox for me is still the pass-through of data from outside devices. VMs aren’t bad at all, but everything else seems like a roll of the dice to see if the machine will allow the connection or not

I tried taking a screenshot of the full page to show you, but yes it’s set to QSV and /dev/dri/renderD128. I’ve tried QSV and VAAPI with similar results, I’m sticking with QSV for now as it’s Jellyfin’s official recommendation. I’ve enabled decoding for H264, HEVC, VP9, and AVI. I’ve enabled hardware encoding for H264 and HEVC. If I disable transoding completely it works fine, but some of the streaming devices need 720p functionality (ideally to transcode down to 4:3 480i).

Great point actually, time for c/jellyfin I think. Would you mind helping me with the transferal of config and user data? Is “NFS mount NAS docker data to host” > “pass NFS to jelly LXC” > “copy data from NAS folder to LXC folder” the right idea?

So should I be disabling some hardware decoding options then?

QSV and ‘/dev/dri/renderD128’. I’ll switch to VAAPI and see… Edit: no luck, same error

Ok, consider it done! My concern is this section of the admin settings:

I followed Intel’s decode/encode specs for my CPU, but there’s no feedback on my selection. I’m still getting “Playback failed due to a fatal player error.”

LXC is fine with me, the “new Jellyfin” instance is mostly working anyway. It just has a few issues:

1. Config and user data from “old Jellyfin” isn’t there and doesn’t want to connect. I tried connecting my NAS’s docker data to Prox host like the previous mount, but it doesn’t like it.
2. Aforementioned HWA errors (I’m guessing I checked an incorrect box)
3. Most data from the NAS isn’t showing up. I added all libraries and did a full rescan and reboot, but most of the media still isn’t there. I’m hoping passing config data will fix that

And yes, I see card0 and renderD128 entries. ‘vainfo’ shows VA-API version: 1.20 and Driver version: Intel iHD driver…24.1.0

I used the community script’s lxc for jelly. With that said, the docker compose I’ve been using is great, and I wouldn’t mind just transferring that over 1:1 either…whichever has the best transcoding and streaming performance. Either way, I’m unfortunately going to need a bit more hand-holding

I solved the LXC boot error; there was a typo in the mount (my keyboard sometimes double presses letters, makes command lines rough).

So just to recap where I am: main NAS data share is looking good, jelly’s LXC seems fine (minus transcoding, “fatal player error”), my “docker” VM seems good as well. Truly, you’re saving the day here, and I can’t thank you enough.

What I can’t make sense of is that I made 2 NAS shares: “A” (main, which has been fixed) and “B” (currently used docker configs). “B” is correctly connected to the docker VM now, but “B” is refusing to connect to the Proxmox host which I think I need to move Jellyfin user data and config. Before I go down the process of trying to force the NFS or SMB connection, is there any easier way?