Are you connecting from a public network or something? like a hotel wifi or other?

The easiest solution would be to setup the pi as your router and use a VPN like wireguard (wg-easy) or tailscale.

if it is a public network, you can double NAT. There’s dedicated boxes like the GL.inet travel routers that support wireguard/openVPN and beta for tailscale. they have some features that work well with captive portals.

If it’s a home network, you can probably use your PI as a entry/exit node or VPN client instead of using ssh.

wireguard is self hosted and you do have to “expose” one UDP port. From the outside it’s difficult to detect that this “opening” exists because wireguard just listens and ignores everything unless you send the encrypted credentials. Compared to hosting a webpage or jellyfin directly this is much more secure. As long as you keep wireguard relatively up to date you don’t really have to worry much about it.

I personally use wg-easy. It’s designed to be deployed into docker (using docker compose is by far the easiest).

Then you can either use your IP address, or ideally a dynamic DNS provider so you’d connect to myexample.com:51820. Duckdns is free, otherwise options are available like cloudflare. If you can get jellyfin working, this should be relatively straightforward.

I recently had to increase my proxmox storage as well from an old 256 to 1TB. What I did was make a copy of /etc via PVE Host Backup and saved that on my NAS/external storage. Almost everything is in /etc/pve. Then I created backups of all the VMs and stored those on the same external storage. I then installed proxmox as normal and compared configs between backup and new configs then restored VMs from backup. The reason I did it this way is because 1) I had installed proxmox a while ago and new config > old config for stability after adding some necessary PVE scripts (e.g. intel chip, and 2) I’ve had weird issues before cloning drives and a fresh install was easier than risking some weird edge case troubleshooting. It also let me keep the old SSD as a backup in case something went wrong.

Edit: Also recommend going with zfs mirrored on the new install during the setup: target disks options and zfs mirrored. ZFS offers some benefits vs the default lvm.

The reflection pool in DC.

https://www.npr.org/2026/04/28/nx-s1-5802343/reflecting-pool-resurfacing-blue-trump

Absolutely no problem with it being virtualized as long as you have a pci storage controller and pass that through to trueNAS. HBA cards can be found that do this without raid or anything so you can use zfs in trueNAS.