Wildcard certificates

If you have multiple services running on your server and need to generate certs, it might be easier to generate a single certificate for *.domain.com instead of individual certificates for servicea.domain.com and serviceb.domain.com. It’ll be easier to manage a single key too.

Google Domains

We assume already have a *.domain.com Type A entry in Google Domains. I’m using Dynamic DNS with ddclient

Certbot

We’ll use certbot and it’s google domain plugin. It’s better to install certbot via pip so we get the latest version

…

Docker Compose

Switched to using Docker compose for web services. It’s a lot easier to manage compared to using systemd config files. Using docker makes it very easy to recreate services as well and wipe everything to start from scratch.

Docker Compose for Jellyfin

Here’s an example compose.yml file for Jellyfin. After installing Docker, just use docker compose up to bring up the service.

jellyfin:
  image: jellyfin/jellyfin
  container_name: jellyfin
  network_mode: 'host'
  volumes:
    - ./services/jellyfin/config:/config
    - ./services/jellyfin/cache:/cache
    - ./services/jellyfin/media:/media
  devices:
    - /dev/dri/renderD128:/dev/dri/renderD128
    - /dev/dri/card0:/dev/dri/card0
  restart: always

This will store all Jellyfin related files in ./services/jellyfin/*. Using these bind points will ensure our config files are persistent.

…