Selfhosted

Centralization is bad for everyone everywhere.

That bring said... I just moved my homeserver to another city... and I plugged in the power, then I plugged in the ethernet, and that was the whole shebang.

Tunnels made it very easy. No port forwarding no dns configuration no firewall fiddling no nothing.

Why do they have to make it so so easy...

I understand that people enter the world of self hosting for various reasons. I am trying to dip my toes in this ocean to try and get away from privacy-offending centralised services such as Google, Cloudflare, AWS, etc.

As I spend more time here, I realise that it is practically impossible; especially for a newcomer, to setup any any usable self hosted web service without relying on these corporate behemoths.

I wanted to have my own little static website and alongside that run Immich, but I find that without Cloudflare, Google, and AWS, I run the risk of getting DDOSed or hacked. Also, since the physical server will be hosted at my home (to avoid AWS), there is a serious risk of infecting all devices at home as well (currently reading about VLANS to avoid this).

Am I correct in thinking that avoiding these corporations is impossible (and make peace with this situation), or are there ways to circumvent these giants and still have a good experience self hosting and using web services, even as a newcomer (all without draining my pockets too much)?

Edit: I was working on a lot of misconceptions and still have a lot of learn. Thank you all for your answers.

Hey all,

I have given up hope of hosting my own mail server but was hoping for one that would serve as an archive -

• downloads new emails via IMAP from my mail provider on a regular basis
• allows my mail clients to connect via IMAP to view and search emails

Any suggestions for a docker solution for this?

Thanks

Good day, friends. Since catching the self-hosting bug, I've set up a couple of Proxmox home servers with a bunch of services I enjoy.

Now I'd like to set up a server and local network on my sailboat so I can self-host servarr, pihole, and other services while traveling. The tricky part is that everything on the boat is 12V and I would rather not use an inverter, if possible. Also, it needs to be ultra-low power so I can leave it on at all times and not to deplete my batteries too much.

Criteria:

• ultra-low power
• Small form factor
• runs on 12V
• 10 TB of storage plus ability to make full local backup
• Capable of hosting servarr, audiobookshelf, freshrss, etc. via docker
• HDMI output
• Full local mirror/backup of the entire file system, including the media library.
• We will have two laptops and two Android phones to access the server, so the server doesn't need to run a desktop environment.

I'll have a mobile wifi router and a cellular signal booster (or maybe Starlink eventually) for internet access. Since internet bandwidth will be limited and expensive while traveling, I don't want to have to re-download a massive media llibrary if the storage media fail. Thus, I want the media library to be mirrored or fully backed up or synced locally.

What hardware and Linux distro would you use in this situation?

Hi,

not sure where else to post this. For a while now, I've unsuccessfully been trying to get WireGuard to work with Crunchyroll.

Setup is as follows:

• dedicated server hosts a wg-quick instance in [neighboring country]
• OPNSense acts as peer on a single IP
• I have a rule for routing the entire traffic of some source device via that IP

This works just fine. Handshake successful, traffic is routed via the server. traceroute shows the server as the hop immediately after my device's local gateway. The connection is stable, and fast.

...except for Crunchyroll. The site / app itself is fine, but I can not, for the life of me, get a video to play. It just keeps loading forever.

I don't think this is an issue with CR recognizing that I'm not where I say I am - looking online, it seems pretty easy to use CR with a VPN. I've also tried from multiple other devices, all with the same symptom.

If anyone has suggestions, I'd love to hear them 😅

EDIT: It was MTU. Had to manually set it to 1500 on both devices.

Nope, still the same issues. I was using the fallback interface there briefly.

I'm new to self hosting and just got CasaOS setup following up to part two of Tech DB's guide. The SMB works on my Linux computer, I can create documents, etc. However I'm having trouble accessing it on my Android phone. I'm using Material Files, Search for SMB shares, and find "CASAOS" but it's under a different IP address as the server. Then when I click on it, it prefills some of the lines such as "Hostname: CASAOS" and "Port: 445". I have added my login info as either my CasaOS login and SSH login but both don't work and I've changed the port to 80 as that's CasaOS default but every combination I try fails with "java8... UnknownHostConnection... and more" Any ideas?

Hi! I’m currently using navidrome, but eventually I will probably need support for multiple users (each user has access to different music or the same music) which isn’t supported in navidrome right now. I don’t really want to run two containers of the same thing if I can avoid it. Thanks

Hello,

I'm trying to setup an online computer store via YunoHost installed on my VPS. I'm okay with payments to be handled via a third party payment processor (who preferrably also has no JS, but I understand that is probably unlikely). I also have my domain up and running, so I'm ready to test whatever I can get.

TIA!

I’ve made a few posts in the past about my experimentation with connecting various devices and servers over a VPN (hub and spoke configuration) as well as my struggles adapting my setup towards a mesh network.

I recently decided to give a mesh setup another go. My service of choice is Nebula. Very easy to grasp the system and get it up and running.

My newest hurdle is now enabling access to the nebula network at the same time as being connected to my VPN service. At least on iOS, you cannot utilize a mesh network and a VPN simultaneously.

TLDR: Is it a bad or a brilliant idea to connect my iOS device to a nebula mesh network to access for example my security camera server, as well as route all traffic/web requests through another nebula host that has a VPN such as mullvad on it so I can use my phone over a VPN connection while still having access to my mesh network servers?

Just stumbled across this (overly dramatic?) article and thought I'd just post it here...

It's more to act as a reminder that if you've got a NAS that is serving content to the interwebs, then make sure it's behind a proxy of some kind to prevent weaknesses (ie in the management Web UI) being exposed.

Obvz, this article is pointing to Zyxel, but it could be your DIY home-built NAS with Cockpit: CVE-2024-2947 - just an example, not bashing that project at all.

I've used Squid and HAProxy over the years (mostly on my pfSense box) - but I'd be interested to know if there's other options that I've not heard of

I know that the answer is yes, I should, but outlets near the setup are not grounded (even though they look like they are) and I don't want to have wires running though my living room.

The real question is what are potential problems ? Occasional system reboots? Permanent damage to PSU? Permanent damage to other components?

I want a centralized way to manage keys and secrets. And some service users with little privileges over a subset of the secrets. Ideally, a service user only should be able to read its own subset of secrets. So, let's say, if a container gets pwned it will only read its secrets and no more. It should be FOSS and self-hostable.

And a beautiful nice-to-have feature would be access log, to know who read what and when.

My only experience with something similar is Hashicorp Vault, but I don't want to be near any Hashicorp stuff ever again.

Do you know a FOSS alternative to Vault?

Figured I would hopefully save others from the annoyances I've had with their service. I experienced daily high packet loss to both my VPS and their website, including the control panel (greater than 50%, typically). The control panel was broken and couldn't tell me the status of my VPS. When I asked for a root cause and fix for the packet loss issue the "senior admin" response to both of these issues is "It's intermittent and under control". It's still happening daily, so not really under control. They never even addressed the control panel issue.

I decided it was best to just give up on it, and requested a refund a few days ago after experiencing the same issue every day for 3 days after my purchase. I'm still waiting for a response to that request, 4 days later.

Avoid Virpus like the plague.

Hello !

We have been discussing at work about hosting (internally) some work related stories that we find funny.

I've been looking for tools to do that should be quite simple, and display one story at a time nothing fancy.

Couldn't find anything quite like that, was wodnering if you guys knew one ? If not, i might develop it then and share it.

Thanks !

Dockge allows you to start/stop containers and edit your compose files from a handy ui.

Pros: if something goes wrong while you're away, it would give you a tool to restart a service or make some changes if necessary.

Cons: exposing that much control to the outside world (even behind a log in) can potentially be catastrophic for your stack if someone gets in.

Hi,

I'm looking into creating a blog website, and I have purchased the domain "dedsec.org". Ubisoft holds the rights to the name dedsec so I was wondering if I should sell it or not? I bought the domain for $20. I plan to just post about Libreboot and other hacking stuff on it. Maybe, if its legal, can I possibly use the domain for my computer store?

Edit: switched EA to Ubisoft

Hello fellow lemmings! As mentioned in the title, I'm barely just getting started with the self hosting thing and such.

I have a small personal project for which I'd like to self host my own "ugly-90's-HTML" blog (I just love the look and feel you know).

I've got a desktop machine that I could use as a server, and I also just purchased my own domain from cloudflare (for commitment), but I'm a bit stuck on the actual "putting-my-stuff-online" thing and I don't want to do anything stupid.

I know there's a lot of learning I still need to do, but that's the reason I'm starting this project. Any help would be welcomed.

I have 3 cents of basic networking knowledge (I made my own Ethernet cable conection to my gateway :D); I'm using a linux distro as my main desktop; I have created an ssh tunnel with cloudflare so far, and I'm following a little html+css tutorial. The thing is, I've found so many different ways of putting things online, I'm a bit dizzy. I would like something that will teach me the fundamentals without holding my hand too much (a la "next, next, next, confirm, finish"), you know? I mean, I'm learning by essentially making a 90's website... So, yeah.

Thanks in advance <3

[TL;DR] Me want make 90's website, don't know how

Hey, I have to „draw“ or make notes of my selfhosting stuff. It runs so smooth that I sometimes really forget where a service is running or how to reach the web-Interface.

For sure I have a password- and link-manager, but I would like another independent note with the structure of my selfhosting.

Usually I use Joplin. Is there a plugin that shows me a kind of a map?

Or are there other apps - maybe wikis - that do it much easier/better than that?

How do you document your selfhosting?

I have experience in running servers, but I would like to know if it's possible to do it, I just need a GPT 3.5 like private LLM running.

Im looking for a self hosted open source docker image for time clock and payroll. Do you have any recommendations or experience?

Hi there good folk,

The new place i am moving into has the internet come into the house on the other side of where I am planning to have my office + my NAS(which needs ethernet). I much prefer having my stuff connected through ethernet, but not sure what do now, as I cant really run cables across the house. Am also renting the place so cant drill holes in walls etc.. As far as I know, there are two ways for me to get ethernet in my office:

1. COAX to POE: The place does not have ethernet ports in the walls either, but it does have some wallmounted coax sockets. Is it worth looking into coax to poe adapters for either end of the sockets? Not sure how much of a fan I am of this due to the amount of cables this ends up being.

2. The other way would be to have a WiFi-extender in my office, but i guess this will sacrafice some more speed than the other solution(?). This way I would have a small switch connected to the extender which will get me some more ports too.

I am planning on buying into the Unifi prodcuts, specifically the Unifi Express device as a router. While expensive, I love the polish and feature set and control it brings. What other Unifi devices should I get into, considering probably wont be able to use PoE?

Lemmy know your thoughts, opinions and the rest - am open for all sorts of solutions!

Not exactly self hosting but maintaining/backing it up is hard for me. So many “what if”s are coming to my mind. Like what if DB gets corrupted? What if the device breaks? If on cloud provider, what if they decide to remove the server?

I need a local server and a remote one that are synced to confidentially self-host things and setting this up is a hassle I don’t want to take.

So my question is how safe is your setup? Are you still enthusiastic with it?

So maybe I am missing something obvious, but here goes:

I've got a small server at home, and I have simply.com pointing various domains to it. Works fine, nginx routs the traffic where it needs to go.

But whenever I am at home and connected to wifi I have to use the internal address and port to reach my server, e.g. 192.168.0.192:8096 for my Jellyfin server. If I use the public URL at home, i hit the login page to my router.

This is annoying when I use apps, as I need to switch between the public URL and the internal address as I come and go from my home...

What are my options for doing something about this? I want to use the public URL at home too....

I have a small self hosted setup at home with a RaspberryPi and an external HDD, just enough for what I need.

Some time ago I found a pretty sweet app which from the name implies its mostly working when you use a RPI OS, to monitor the RPI from your android phone: https://github.com/eidottermihi/rpicheck

Its called RaspiCheck (picture in the post is the one from github), and unfortunately it is seriously outdated and development ceased. It is still working on my current phone but I am well aware that's not going to last.

So I am wondering what else is out there that could fill the gap it would leave.

I am using it for 2 things mostly:

1. monitor system stats, like simply seeing the system is running (I know, like ping), but at the same time also showing memory, average load, temperature and so on.
2. sending SSH commands, and this is where the app really shines. Using a terminal on the phone is not impossible, but boy is it annoying. In RaspiCheck you can define commands, with placeholders, which allows you to send those to the RPI just by tapping them. So for example I got my backup set up that I can mount the backup drive with one tap, a second tap runs the right backup script (I have several I can choose from by filling the placeholder I leave in that command) and then unmount with a third tap.

I got other commands I like to reuse a lot set up in it and its really useful to me, let's me manage the RPI from my phone in an easy way.

So back to the question at hand, is there anything else like this out there for Android? If possible one app, FOSS preferred. I am pretty sure there are browser-based solutions, if there is no dedicated app other than this, then I guess that's the next best thing. What are you using in your setup that you can recommend?

I currently have a server, a Dell T310 with an SSD in it and 12Gig of ram (weird config, I know I messed up but it works fine so I can’t be bothered to change that for now), with all my dockers running in it.

It runs mostly fine, with Debian 11, a VPN so that I can block public ssh and allow it only on the VPN network, an nginx proxy to have services like a forgejo and a music library (ampache).

However it can’t run a Minecraft server with more than a single person on it without stuttering ; so I was considering changing it maybe next year, after more than 3 years of services, for something beefier but also consuming less W/h (current consumption is 80W), and since I already have a Mac for work I was wondering how suitable a Mac Mini M1/M2 would be for a homelab?

Does anyone have such a configuration and how does it work for you? Any hurdle that you should be aware of?

Hello nerds! I'm hosting a lot of things on my home lab using docker compose. I have a private repo in GitHub for the config files. This is working fine for me, but every time I want to make a change I have to push the changes, then ssh to the lab, pull the changes, and run docker compose up. This is of course working fine, but I want to automate it. Does anyone have a similar setup and know of a good tool? I know I could use watchtower to update existing images, but this is more for if I change a setting or add a new service.

I've considered roughly four approaches.

1. A new container that mounts the whole running directory and the docker socket. It will register a webhook in GitHub to receive notifications when I push to the repo, run git pull and docker up. My worries here are the usual dind gotchas.

2. Same as 1, but don't mount anything, instead ssh from container to host and run the steps there. This solves any dind issues, but I don't love giving the container an ssh key to the host.

3. Have a service running on the host outside of docker. This is probably the correct approach, but very annoying since my host is a Synology nas and it doesn't have systemd or anything like that afaik.

4. Have a GitHub action ssh to the machine and do the steps. Honestly the easiest way but I would prefer to not open ssh to the internet.

Any feedback or tips are much appreciated. I don't feel like any of my options are very good and I feel like I am probably missing something obvious.

cross-posted from: https://lazysoci.al/post/14973880

> So I thought I would give apprise a whirl, but I can't get it working. I installed the LinuxServer Docker container and when I tried to verify my API status, it said ATTACH_PERMISSION_ISSUE. So I thought okay, lemme try the developer's image, I switched to that and added the additional environment variables, and now it says CONFIG_PERMISSION_ISSUE too. Okay, so that gives me something to look into, I check and the config directory is empty. At this point, I just feel myself getting more and more confused. What am I not getting?

I plan to host Conduit for my friends and family. Even if I invite absolutely everyone there would be no more than 50 users, max. But would it actually sustain and work, as it is not yet on 1.0 is a question. I do not want to host Synapse as I had bad time with it's (lack of) garbage collecting. We do not plan to join very big rooms.

Most importantly, if you host it yourself, host is the usage (mostly disk) with how many users?

I currently have a hodgepodge of solutions for my hosting needs. I play ttrpgs online, so have two FoundryVTT servers hosted on a pi. Then I have a second pi that is hosting Home Assistant. I then also have a synology device that is my NAS and hosts my Plex server.

I'm looking to build a home server with some leftover parts from a recent system upgrade that will be my one unified server doing all the above things in the same machine. A NAS, hosting a couple Foundry instances, home assistant, and plex/jellyfin.

My initial research has me considering Unraid. I understand that it's a paid option and am okay with paying for convenience/good product. I'm open to other suggestions from this community.

The real advice I'm hoping to get here is a kind of order of operations. Assume I have decided on the OS I want to use for my needs, and my system is built. What would you say is the best way going about migrating all these services over to the new server and making sure that they are all reachable by web?

Just wondered if any one is using block lists for their docker containers.

IPSum publishes a great list of IPs worth blocking.

The thing is, I know docker networking interacts with iptables in a complex way such that the iptables INPUT chain is ignored.

The docker docs say you can put custom rules in DOCKER-USER chain, but my iptables knowledge isn't great and I think I'm more likely to mess something up than to have any success.

The thing is, I'm sure that this is something loads of other people have encountered, and I'm sure there must be an easier way.

I'm in the process of planning upgrades for my server, and I'm trying to figure out the "best" drive configuration for Docker. My general understanding would be that the containers should be running from an SSD, and any storage (images, videos, documents) should use a volume on an HDD.

Is it as simple as changing the data-root to point to the SSD, and keep my external volumes on the HDD as defined in my existing compose files? I've already moved data-root once b/c the OverlayFS was chewing up the limited space on the OS drive, so that process isn't daunting.

If there's a better way to configure Docker, I'm open to it, as long as it doesn't require rebuilding everything from scratch.

For reference, the server is running Debian Bookworm on an older i5 3400 with 32GB RAM.

Saw this post on another site:

> If you previously did not our mini announcement HomeBox was archived by the original author. We are working to continue the project ourselves. This release is mostly just switching things over to our namespace and getting a docker image published for people to switch over to, but also contains some minor bug fixes. > > What is HomeBox > > Homebox is the inventory and organization system built for the Home User! With a focus on simplicity and ease of use, Homebox is the perfect solution for your home inventory, organization, and management needs. While developing this project, with the the following principles in mind: > > * Simple - Homebox is designed to be simple and easy to use. No complicated setup or configuration required. Use either a single docker container, or deploy yourself by compiling the binary for your platform of choice. > * Blazingly Fast - Homebox is written in Go, which makes it extremely fast and requires minimal resources to deploy. In general idle memory usage is less than 50MB for the whole container. > * Portable - Homebox is designed to be portable and run on anywhere. We use SQLite and an embedded Web UI to make it easy to deploy, use, and backup. > > v0.11.0 Changes > > * Fixes improper int parsing (64 bit int being converted into a 32 bit int) > * Fixes CSV being exported as a TSV > * Switches the Go namespace to the github.com/sysadminsmedia/homebox one > * All new docker publishing Github Actions > * Docs switched to vitepress and published to new domain https://homebox.sysadminsmedia.com > > Contributing > > We are accepting any type of contribution, including bug reports, feature requests, PRs, etc. if your interested. We firmly believe that open source software lives and dies by its community, and we're hoping that you'll join us on this journey as we figure things out and make HomeBox great. > > For Those Switching > > If your planning to switch from the original image to this one, please make sure you backup your existing data. And then you can simply switch the docker image to ours, and all of your data should be right where you left it when you start the docker container.

https://www.funkwhale.audio/

It seems to be down - does anyone know what is or could be the issue?

Hi! i am selfhosting my services and using a DNSMasq setup to provide ad-blocking to my home network.

I was thinkering with Unbound to add a fully independent DNS resolver and not depend on Google/Adblock/Whatever upstream DNS server but i am unable to make Unbound work.

Top Level Domains (like com, org...) are resolved fine, but anything at second level doesn't. I am using "dig" (of course i am on linux) and Unbound logging to find out what's going on, but i am at a loss.

Could be my ISP blocking my requests? If i switch back to google DNS (for example) all works fine, but using my Unbound will only resolve TLDs and some random names. For example, it will resolve google.com but not kde.org...

Disclaimer: I'm no expert on this.

I realized recently there are two common types of Self Hosters here.

1. I work in IT and host some services for my employer so we don't have to rely on the big tech companies, for economic or other reasons.

2. I self host some services at home or on a VPS, as a hobby or for other reasons, but nobody pays me to do that.

The answers people provide seem to vary greatly based on whether the commenter is in the #1 or #2 camp. I myself have gotten answers along the lines of, "why aren't you acting more like a paid IT person?" and it's a little off-putting.

How to resolve this? Could we refer to one group or the other differently?

Maybe I'm making a bigger deal out of this than is warranted and I'm the only one confused?

If nothing else, I will call out my hobby status from now on when posting/commenting here.

Edited to add: TIL. I'll use these terms carefully in the future. Thanks!

Dear lemmings,

I am fairly new to the server-game and want to set up my first NAS. I will not only be doing a lot of reading but also quite a lot of writing as well so I guess RAID10 (even though hardware/money intensive) would be a good choice? Or should I rather go for RAID 0 with 3 2 1 backup strategy? Currently I am hosting some websites others use as well so uptime is an issue.

Now I am not sure what brand/model to buy, when reading up on it they all sound decent. I have an old PC that I can use to run the drives so I only really need to buy the drives for now. Currently I am looking at drives with a capacity of around 14TB if that is of any importance.

Many thanks in advance :D

I love PiHole. I've used it in the past and it was powerful! I also use an OpenVPN/Wireguard based VPN.

So is there a service that combines the two features? Lets me import adblock lists and also VPN configurations?

Preferably something that runs in a docker container that I can throw upon portainer and running within minutes!

Thanks!

Hello, Im setting up a k3s cluster with cilium as cni and ingress.

I wanna setup teleport-proxy on my cluster but when trying to access it i get: upstream connect error or disconnect/reset before headers. reset reason: connection termination

I have other services running on the same cluster and these do work. My cluster only exists of 1 node.

This is my values file for helm: https://pastebin.com/sfYEKuHM

And the certificates from cert-manager and related secrets and stuff are all healthy and ready.

Im unable to find any logs in the teleport & cilium pods. Does someone know how i can solve this? Thanks for your time!!!

If I remember correctly, FitTrackee Dev do post on this community.

Well, I want to thank him/her as this is a very nice piece of software that I just started using but looks so promising and well done! A breeze to install, even on bare metal, and so well designed (even a CLI? Come on!).

Looking forward to try Garmin integration tomorrow.

Thank buddy!/Appreciated.