I’ve used a AIO + traefik docker setup once, but I might be a little bit rusty, it’s been some time. Docs state that labels do not work with the AIO, due to the fact that mastercontainer manages the containers. With the AIO it is better to not get in the way of the mastercontainer - if any issues occur you have a non-standard deployment and need to consider that while troubleshooting. Not the most elegant solution, but you could run vanilla AIO with traefik external routing via exposed apache port on the node IP using the file provider. If you don’t have one you’ll need to adjust the traefik config file to include:

providers:
  file:
    filename: #dynamic config file path goes here, example: /etc/traefik/fileConfig.yml
    watch: true

Create such file and restart traefik container.

You can use this file to provide all sorts of configs, traefik constantly checks it and makes adjustments. Here’s an example:

http:
  ## EXTERNAL ROUTING ##
  routers:
    nextcloud:
      rule: "Host(`nextcloud.example.com`)"
      entrypoints:
        - "https"
      service: nextcloud
      middlewares:
      tls:
        certresolver: "letsencrypt"
  ## SERVICES ##
  services:
    nextcloud:
      loadBalancer:
        servers:
          - url: "http://IP:PORT of the apache container"

You may route internally if traefik runs on the host network. Check the link to the github documentation above for more info. Consider adjusting for a trusted proxy by limiting access to the apache container as described there.

Pretty much vanilla, only --xformers --medvram arguments and CPU seed. In that case, someone with more A1111 experience should weigh in, mine is limited, I mainly use comfy nowadays and probably am not up-to-date with development.

Regarding different outputs for the same seed: have You changed seed source to CPU in A1111? The noise You get that way is consistent across different hardware vendors and different from the GPU-sourced one.

I have used A1111 just now to check and got very simmilar results to ComfyUI that way.

I use beets in my setup and I am pleased with the results, keeps my library nice and clean. It is very capable by default and you can extend it even further with plugins. It will do fine importing well sorted albums and if you have a mess there’s also tag by filename and acoustic fingerprinting. You can use multiple metadata providers and adjust their weights for preference. It’s well documented and multiplatform (it can also be deployed as a container on a NAS system and manage of your imports). The biggest drawback is that you have to read a few pages of the docs before running it or do some dry runs.

My bad, I should have worded that better, thank you for making it clear, that’s exactly what I had in mind.

General advice would be to look boring and hide your IP as much as you are able (get a domain). As long as you’re not looking juicy you won’t attract skilled attention. It’s like locking a bike, most bad actors will just pass by looking around for one without a lock or a real fancy one worth their resources.

You can utilize Cloudflare’s free offerings, starting with simple stuff. Their DNS Proxy is essentialy a single-click but will help substantially. You can build on top of that with simple WAF rules, such as droping connection attempts from IPs originating from countries notorious for “poking around”. You can also reverse that rule and whitlelist only your country.

Keep your firewall tight, don’t expose other ports, put your services behind a reverse proxy and redirect everything to HTTPS. Start simple, constantly improve, learn more advanced methods/concepts.

I usually recommend this one. There’s a section for NPM you’ll find useful.

I used to run Authelia with NPM. It supports TOTP as second factor.

I know of a project that may match your description: https://github.com/azukaar/Cosmos-Server

I remember seeing it some time ago in a self-hosted community, but don’t remember on which platform.