/posts/prometheus-setup-notes2024/06/16

Prometheus Setup Notes

2024/06/16
Getting chained for sharing forbidden tech is an ancient concept.
networkingreverse proxydnsprometheusmedia serverserverdebian2010 macbook prohardwarejellyfinjellyseerrdockernginx

Preamble

This is still being worked on.

I normally don't touch the device names, unless I've had the device for a long time, or have a suitable name for it. For example, My desktop is named Yggdrasil because I use it to connect to all my devices, and my old phone used to be named Hermes, because it served the job of a messenger. This is even cringier in writing.

I've been wanting to turn my old macbook pro into a server, but I didn't really have a purpose for it. I decided to self host a media server, and I named it Prometheus, because it'll be chained to the wall, and it's going to be sharing media, but it raises a problem when I want to actually try to setup the Monitoring service Prometheus later down the road, but we'll deal with that later.

It's comical, the similarities... Maybe I can name my next server Hercules to keep the theme going.

Hardware

I got a used 2010 MacBook Pro back in 2017 from someone I knew. It was in a rough condition:

  • Broken left hinge
  • Old battery
  • Slow hard drive
  • Cracked trackpad

I needed a MacBook for college and I wasn't going to pay full price for a new one, so I decided to fix it up and try to extend whatever life it's got left. I was working a summer job at the local ISP so I had access to their vendor pricing.

I managed to find a parts macbook sitting around at work, that had a compatible trackpad and a screen, and my work gave it to me for free (just like the hAP and the rotuerBoard they thought were dead). I paid about:

  • $40 CAD for a new battery
  • $100 CAD for a new 500GB SSD

which came with an adapter to replace the optical drive. I should've gotten a new charger, but I didn't get one. It's pretty clear at this point that this is a FrankenMacBook. Removal of the mechanical drive lowered the temperature greatly, and the boot speed was significantly better.

Software

It was running compatible macOS(OSX at the time) version and I didn't really have any trouble with it. I was also using a thinkpad T420s (Another meme I fell for at the time) for notes and my desktop at home so I only needed Xcode for school.

"Why not a Hackintosh?"

Someone did ask that during the orientation, If I recall correctly, the answer was something related to code signing and app publishing, I'm sure you could've for the school work, but I had a cheaper solution.

Prep for Media Server

I used Apple's recovery tool to reset the laptop to closest available version, however it felt sluggish after a bit, so I decided to make my annual pilgrimage to DistroWatch and as always, left feeling even more unsatisfied. I narrowed it down to Debian vs FreeBSD, and I decided to learn BSD next time.

OS Installation

Did a standard fresh install with these options:

  • Enable SSH - I was going to run it headless
  • Disable DHCP - Already assigned a static IP

Setup Notes

I had three main goals for this project:

  1. make the physical network more fault tolerant - added UPS to the setup
  2. have an automated media stack - Jellyfin instead of Plex
  3. securely access the media from anywhere - Reverse Proxy with a domain

I followed a guide for setting up the Media Stack, setting up the reverse proxy, and opening up the service to the internet was done by myself, which was why it probably took longer than it needed.

Planning

Since I'm also doing this for educational purposes, I made a home network diagram, and updated the media stack diagram from the guide according to my setup.

Diagram of My Home Network #diagram #invert

Jellyfin has a client for Tizen available on their github, but you have to build it on your own. The guide links to a repo by jeppevinkel with other pre-built versions which I've used. The annotation on the diagram highlights important changes and services that are running on the server.

The diagram below goes further into the services that are running on the server.

Diagram of services and their main function. #diagram #invert

I've mostly rearranged the layout and added my proxy service.

Docker

BSDs have Jails which are BSD's version of containers. Since I just finished a cloud class that covered Docker, I wanted to retain the knowledge, so it helped me to choose Debian over FreeBSD, plus I would need to use a version of Jellyfin for a FreeBSD NAS and build it on my own.

Media Stack

Pretty straight forward setup following the guide. Changed my timezone accordingly using a neat macro :%s/old/new/g 😎

I Learned:

  • some good maintenance commands from the guide
  • that volumes are mapped physical:virtual

Reverse Proxy

I initially decided to use Nginx on metal for the reverse proxy, but I decided to use a container instead for better management and it provided an web interface to manage the proxy. However upon further research, the web interface gets slow updates, resulting in slower security updates, so I will update this section after I've migrated.

I could use my public IP, but I can't be bothered to remember it, so I decided to get a domain.

The setup was pretty straightforward, port 81 was used for management, I issued a certificate using Let's Encrypt, and made the requests go to Jellyfin at the correct device IP and port.

Reset Nginx Proxy Manager Password

I forgot the password for the web interface, I had to access the container and used sqlite3 to disable the user, and recover the account using default account.

DNS Hosting

Github student developer pack comes with a free 1 year of .tech domains from get.tech so I decided to try it out.

Every hosting service is different, but with that in mind, I simply added an A record and SRV record, for the domain to point to my public IP, and it was up in a few minutes.

SSL Certificates

I either need to use acme.sh to get a wildcard certificate, or manage multiple certificates for each subdomain. I am planning on moving the domain to Cloudflare, so I will finish this part after my domain migration.