It can make a big difference just in the processing power needed if there’s anything more intense than a straight firewall. IPS tend to be a resource pig. What are the load numbers saying vs the number of CPU cores available?
I ran into similar (or even worse) choking trying to get it virtualized even with a proper passthrough that I eventually shelved but might take another run at someday. Knocking a couple hundred watts off the stack is always welcome.
I have one around that same class that is running Security Onion, because why not record and analyze all the things.
Depends a lot on budget, space, and electricity costs. Going to ‘overkill’ level once can save a lot of these issues down the line.
Mine started similarly, some small box with a couple drives that got up sized and then moved to another to add more…
Eventually I bought a used 2U box with 14 bays and set it up with a ZFS pool all made up of mirrored disk pairs and auto snapshots so it can have a drive fail without issue and go back 2 weeks if something gets oops deleted.
Downside, now the whole lab uses about 700 watts continually so the power bill is kinda nuts.
I think I can see where they’re going with it, but it is a bit hard to write out
Say I set up my favorite service in house, and said service has a client app. If I create my own DNS at home and point the client to the entry, and the service is running an encrypted connection with a self signed cert it can give the client app fits for being untrusted.
Compare that to putting NPM in front of the app, using it to get a LetsEncrypt cert using the DNS record option (no need to have LE reach the service publicly) and now you have a trusted cert signed by a public CA for the client app to connect to.
I actually do the same for a couple internal things that I want the local traffic secured because I don’t want creds to be sniffable on the wire, but they’re not public facing. I already have a domain for other public things so it doesn’t cost anything extra to do it this way.
I was probably using Emby already by then, had bought a lifetime license since it didn’t require bouncing things off and outside server like Plex did (or was it that Plex was a renewing subscription, I forget) , so it just stayed out of inertia.
I can’t say I’ve given Jellyfin a proper try (as in using it and the clients exclusively for a long period) but we have been using Emby for quite a while before I knew it existed.
If I’m not mistaken Jellyfin is actually a fork of Emby so they’re pretty similar, but one is a bit older.
Depends on a few things. If you actually put the site ‘through’ cloudflare then they act as a SSL offloading proxy and could read the content.
If they’re just providing a DNS record than no, that just points people in your direction.