thumdinger@lemmy.worldtoSelfhosted@lemmy.world•How to get local SSL and use your public domain for local internal subdomains?English
61·
3 days agoThis is what I do as well. I have a public DNS record for my internal reverse proxy IP (no need to expose my public IP and associate it with my domain). I let NPM reach out to the DNS provider to complete verification challenge using an account token, NPM can then get a valid cert from Let’s Encrypt and nothing is exposed. All inbound traffic on 80/443 remains blocked as normal.
For storage redundancy RAID 5 is not recommended, particularly as you get to high capacity drives (think >8TB). I think the rating to consider is URE (unrecoverable read error, usually 1 in 10^14 bits read).
Once a drive inevitably fails and you are forced to resilver the array to avoid data loss. During the resilver the healthy disks are running at 100%, reading every bit of data they have to complete the parity calculation and determine what data is missing. The chances of encountering a URE on another drive is a near certainty at high capacities as the total number of bits read exceeds the URE rating. As result the resilver would fail and the array would be lost.
RAID 6 as a minimum (2 drive redundancy), although a popular option now (and the layout I use) is mirrored vdevs.
Edit: Consider TrueNAS for NAS software. I have been using it for 10 years and it is absolutely rock solid. 25TB usable storage across 4x mirrored vdevs. I run it as a VM inside Proxmox with 4 logical cores on a 10 year old Xeon with 16GB RAM for the VM (I run ECC as was recommended at the time, but whether it’s still considered necessary I’m not certain).
I would also recommend getting an LSI HBA (host bus adapter) like the 9207-8i flashed to IT mode (it must not be in raid mode, let TrueNAS manage the disks directly). This simplifies passing through all the disks to a VM.