Hi,

About a year ago I started working on my home-server because I wanted to host my own media server separate from my PC. I found an old broken Fujitsu u772 online and started working on it. The reason behind using this laptop as a home-server was that it consumes very minimal power and it was very cheap.

I’m currently running:

  • Intel® Core™ i5-3317U 8 Gb ram on the u772
    • Debian 11.8 Bullseye
    • Tailscale v1.50.1
    • CasaOS v0.4.4.2
    • Docker
      • Plex Media Server from linuxserver
      • Few other containers

I have been using Plex from my local network, and it was working fine and the power consumption was low, usually around 3Wh. One of my friends asked if he could use my plex and I said sure why not. So I researched how could i make it available for him without opening a port through my router.

I found tailscale’s funnel option which is perfect for this use case, so I set it up to forward the plex port to the magicDNS created for my home-server by Tailscale. And it is working fine with a bit of quality degradation but I think that’s expected and acceptable.

However, the power consumption has more than tripled without a connection to the Plex server from the “outside”, staying around 10Wh which is not that much either, but still, I think it’s strange since the top command’s output says that the tailscale process is sleeping, so I guess it is waiting for a connection from the Funnel server.

I read the documentation of the funnel option, and it only says that, and I quote:

When you turn Tailscale Funnel on, we set up public DNS records for your device’s combined name and tailnet name (e.g. amelie-workstation.pango-lin.ts.net) to point to Funnel relay servers that we operate. When someone accesses that URL with a TLS-encrypted TCP connection, our Funnel servers accept the incoming request and send a TCP proxy over Tailscale to your node.

In my understanding, until the Funnel server makes a connection to the Tailscale running on my home-server, it should not do much more work than usual.

So my question is: Does anybody know if this is a normal behaviour from Tailscale or did I mess something up

Also if I switch to an open port through my router and send the containerized plex port through it, would that be any risk for my home network?

Thank you for the help in advance, and sorry if this question is silly, but I wouldn’t say I’m an expert on the topic, and couldn’t find anything about this.

  • Tangbuster@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    From a plex perspective, there could be the chance you are transcoding. On your local network, you are probably Direct Playing on your client devices. This is seen by the dashboard on your computer’s Plex app. But normally when a remote user accesses Plex, it is likely to start a transcode. This could be due to a number of reasons but most of the time it will be because the bandwidth isn’t enough to allow Direct Play. Transcoding can give your CPU a workout, especially if you are software transcoding. You will need a Plex Pass for hardware transcoding which uses less CPU overall.

  • Poat540@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Why do u need to open a port in your network? I’m pretty sure my local pi plex just works by integrating it with plex web app. I think this handles bridging the network gap

  • vasveritas@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Also if I switch to an open port through my router and send the containerized plex port through it, would that be any risk for my home network?

    Not when done properly. Billions of servers open ports. There are 16 million Plex users.

    Think about this, have you ever considered the possibility your router by Linksys, NETGEAR and D-Link is easy to hack and has been hacked?

    There is a risk involved with any software and network. Plex is a popular app with lots of resources and development behind it though. A VPN like Tailscale can add another layer of security, but its not a requirement to run a secure server.