You don’t need public DNS. You can use whatever domain you want if you use your own DNS server (though you should use one you own, or something under the .internal TLD).

Likewise, you can issue whatever certs you want if you trust the CA.

But LE does support wildcard certs. You can get them with certbot or other tools.

Personally I use traefik, which has LE support built in. It automatically gets an individual cert for each service. If you use caddy, I’m sure it has something similar.

If authorized by the school IT department and policy, yes. Ask them, not us.

For up to 16 endpoints or something like that, yes.

I don’t put it on the Internet.

I have automatic updates enabled and once in a while I scan with Nessus. Also I have backups. Stuff dying or me breaking it is a much greater risk than getting hacked.

You assume there is no vulnerability in the web server itself, or a vulnerability that allows bypassing authentication.

What’s in the radarr log? You have your downloader configured, enabled, and tested I assume?

Stop exposing services like these to the Internet. If you need remote access, use a VPN.

You don’t need to own a domain either. Use a free dynamic DNS provider.

And if you don’t need remote access, don’t bother with that at all. Just run a local DNS server with records for these services with anything under the .internal TLD. Or even just IP address.

HTTPS can come later. It’s really not important for traffic that’s not sensitive, like no passwords or whatever.

Have you tried tracing the issue? What is uptimekuma using for DNS? What do the logs on that server show?

Does the docker user have permission to that folder?

No, just a USB network adapter.

You also just plug it in. But again, no guarantee it’ll work. Even if you get a riser, most of them are just physical adapters. The fancier server ones do have some brain to them, but I don’t know if it would help.

You could also just sidestep the problem and use some USB adapters.

Then plug it in and go to town. Either it’ll work, or it won’t. Some cards get unhappy about missing pins, but it’s really just luck of the draw.

Cut the slot? Or desolder it and replace it with one with an open back.

Personally my threshold for “probably too old” is 40k hours, but if they show very few start/stops and they test out, they’ll probably be fine.

But failures can happen at any time, even right from the factory. Just get the replacement. You should always be prepared to replace drives, if you want high uptime and low data loss.

Wazuh if you want a product instead of building it from scratch.

I’d give Greenbone a try too, I think it’s most analogous to Nessus.

Does the docker user have permission to that folder?

The latter. Ansible isn’t for storing configs, it’s for applying them.

Some of us don’t build applications, we use them as built by other companies. If we’re really unlucky they refuse to support running on a VM.

I’ve never not used bind mounts. That data is persistent. Nonpersistent data is fine on docker volumes.

Proxmox is Debian under the hood. It’s just a qemu and lxc management interface.