I understand that people enter the world of self hosting for various reasons. I am trying to dip my toes in this ocean to try and get away from privacy-offending centralised services such as Google, Cloudflare, AWS, etc.

As I spend more time here, I realise that it is practically impossible; especially for a newcomer, to setup any any usable self hosted web service without relying on these corporate behemoths.

I wanted to have my own little static website and alongside that run Immich, but I find that without Cloudflare, Google, and AWS, I run the risk of getting DDOSed or hacked. Also, since the physical server will be hosted at my home (to avoid AWS), there is a serious risk of infecting all devices at home as well (currently reading about VLANS to avoid this).

Am I correct in thinking that avoiding these corporations is impossible (and make peace with this situation), or are there ways to circumvent these giants and still have a good experience self hosting and using web services, even as a newcomer (all without draining my pockets too much)?

Edit: I was working on a lot of misconceptions and still have a lot of learn. Thank you all for your answers.

Hey all,

I have given up hope of hosting my own mail server but was hoping for one that would serve as an archive -

• downloads new emails via IMAP from my mail provider on a regular basis
• allows my mail clients to connect via IMAP to view and search emails

Any suggestions for a docker solution for this?

Thanks

Centralization is bad for everyone everywhere.

That bring said... I just moved my homeserver to another city... and I plugged in the power, then I plugged in the ethernet, and that was the whole shebang.

Tunnels made it very easy. No port forwarding no dns configuration no firewall fiddling no nothing.

Why do they have to make it so so easy...

Hello,

I'm trying to setup an online computer store via YunoHost installed on my VPS. I'm okay with payments to be handled via a third party payment processor (who preferrably also has no JS, but I understand that is probably unlikely). I also have my domain up and running, so I'm ready to test whatever I can get.

TIA!

I’ve made a few posts in the past about my experimentation with connecting various devices and servers over a VPN (hub and spoke configuration) as well as my struggles adapting my setup towards a mesh network.

I recently decided to give a mesh setup another go. My service of choice is Nebula. Very easy to grasp the system and get it up and running.

My newest hurdle is now enabling access to the nebula network at the same time as being connected to my VPN service. At least on iOS, you cannot utilize a mesh network and a VPN simultaneously.

TLDR: Is it a bad or a brilliant idea to connect my iOS device to a nebula mesh network to access for example my security camera server, as well as route all traffic/web requests through another nebula host that has a VPN such as mullvad on it so I can use my phone over a VPN connection while still having access to my mesh network servers?

Figured I would hopefully save others from the annoyances I've had with their service. I experienced daily high packet loss to both my VPS and their website, including the control panel (greater than 50%, typically). The control panel was broken and couldn't tell me the status of my VPS. When I asked for a root cause and fix for the packet loss issue the "senior admin" response to both of these issues is "It's intermittent and under control". It's still happening daily, so not really under control. They never even addressed the control panel issue.

I decided it was best to just give up on it, and requested a refund a few days ago after experiencing the same issue every day for 3 days after my purchase. I'm still waiting for a response to that request, 4 days later.

Avoid Virpus like the plague.

I want a centralized way to manage keys and secrets. And some service users with little privileges over a subset of the secrets. Ideally, a service user only should be able to read its own subset of secrets. So, let's say, if a container gets pwned it will only read its secrets and no more. It should be FOSS and self-hostable.

And a beautiful nice-to-have feature would be access log, to know who read what and when.

My only experience with something similar is Hashicorp Vault, but I don't want to be near any Hashicorp stuff ever again.

Do you know a FOSS alternative to Vault?

Just stumbled across this (overly dramatic?) article and thought I'd just post it here...

It's more to act as a reminder that if you've got a NAS that is serving content to the interwebs, then make sure it's behind a proxy of some kind to prevent weaknesses (ie in the management Web UI) being exposed.

Obvz, this article is pointing to Zyxel, but it could be your DIY home-built NAS with Cockpit: CVE-2024-2947 - just an example, not bashing that project at all.

I've used Squid and HAProxy over the years (mostly on my pfSense box) - but I'd be interested to know if there's other options that I've not heard of

Hi! I’m currently using navidrome, but eventually I will probably need support for multiple users (each user has access to different music or the same music) which isn’t supported in navidrome right now. I don’t really want to run two containers of the same thing if I can avoid it. Thanks

I know that the answer is yes, I should, but outlets near the setup are not grounded (even though they look like they are) and I don't want to have wires running though my living room.

The real question is what are potential problems ? Occasional system reboots? Permanent damage to PSU? Permanent damage to other components?

Hello !

We have been discussing at work about hosting (internally) some work related stories that we find funny.

I've been looking for tools to do that should be quite simple, and display one story at a time nothing fancy.

Couldn't find anything quite like that, was wodnering if you guys knew one ? If not, i might develop it then and share it.

Thanks !

Dockge allows you to start/stop containers and edit your compose files from a handy ui.

Pros: if something goes wrong while you're away, it would give you a tool to restart a service or make some changes if necessary.

Cons: exposing that much control to the outside world (even behind a log in) can potentially be catastrophic for your stack if someone gets in.

cross-posted from: https://lazysoci.al/post/14973880

So I thought I would give apprise a whirl, but I can't get it working. I installed the LinuxServer Docker container and when I tried to verify my API status, it said ATTACH_PERMISSION_ISSUE. So I thought okay, lemme try the developer's image, I switched to that and added the additional environment variables, and now it says CONFIG_PERMISSION_ISSUE too. Okay, so that gives me something to look into, I check and the config directory is empty. At this point, I just feel myself getting more and more confused. What am I not getting?

I have a small self hosted setup at home with a RaspberryPi and an external HDD, just enough for what I need.

Some time ago I found a pretty sweet app which from the name implies its mostly working when you use a RPI OS, to monitor the RPI from your android phone: https://github.com/eidottermihi/rpicheck

Its called RaspiCheck (picture in the post is the one from github), and unfortunately it is seriously outdated and development ceased. It is still working on my current phone but I am well aware that's not going to last.

So I am wondering what else is out there that could fill the gap it would leave.

I am using it for 2 things mostly:

1. monitor system stats, like simply seeing the system is running (I know, like ping), but at the same time also showing memory, average load, temperature and so on.
2. sending SSH commands, and this is where the app really shines. Using a terminal on the phone is not impossible, but boy is it annoying. In RaspiCheck you can define commands, with placeholders, which allows you to send those to the RPI just by tapping them. So for example I got my backup set up that I can mount the backup drive with one tap, a second tap runs the right backup script (I have several I can choose from by filling the placeholder I leave in that command) and then unmount with a third tap.

I got other commands I like to reuse a lot set up in it and its really useful to me, let's me manage the RPI from my phone in an easy way.

So back to the question at hand, is there anything else like this out there for Android? If possible one app, FOSS preferred. I am pretty sure there are browser-based solutions, if there is no dedicated app other than this, then I guess that's the next best thing. What are you using in your setup that you can recommend?

Hi,

I'm looking into creating a blog website, and I have purchased the domain "dedsec.org". Ubisoft holds the rights to the name dedsec so I was wondering if I should sell it or not? I bought the domain for $20. I plan to just post about Libreboot and other hacking stuff on it. Maybe, if its legal, can I possibly use the domain for my computer store?

Edit: switched EA to Ubisoft

So maybe I am missing something obvious, but here goes:

I've got a small server at home, and I have simply.com pointing various domains to it. Works fine, nginx routs the traffic where it needs to go.

But whenever I am at home and connected to wifi I have to use the internal address and port to reach my server, e.g. 192.168.0.192:8096 for my Jellyfin server. If I use the public URL at home, i hit the login page to my router.

This is annoying when I use apps, as I need to switch between the public URL and the internal address as I come and go from my home...

What are my options for doing something about this? I want to use the public URL at home too....

Hello nerds! I'm hosting a lot of things on my home lab using docker compose. I have a private repo in GitHub for the config files. This is working fine for me, but every time I want to make a change I have to push the changes, then ssh to the lab, pull the changes, and run docker compose up. This is of course working fine, but I want to automate it. Does anyone have a similar setup and know of a good tool? I know I could use watchtower to update existing images, but this is more for if I change a setting or add a new service.

I've considered roughly four approaches.

1. A new container that mounts the whole running directory and the docker socket. It will register a webhook in GitHub to receive notifications when I push to the repo, run git pull and docker up. My worries here are the usual dind gotchas.

2. Same as 1, but don't mount anything, instead ssh from container to host and run the steps there. This solves any dind issues, but I don't love giving the container an ssh key to the host.

3. Have a service running on the host outside of docker. This is probably the correct approach, but very annoying since my host is a Synology nas and it doesn't have systemd or anything like that afaik.

4. Have a GitHub action ssh to the machine and do the steps. Honestly the easiest way but I would prefer to not open ssh to the internet.

Any feedback or tips are much appreciated. I don't feel like any of my options are very good and I feel like I am probably missing something obvious.

I have experience in running servers, but I would like to know if it's possible to do it, I just need a GPT 3.5 like private LLM running.

Hey, I have to „draw“ or make notes of my selfhosting stuff. It runs so smooth that I sometimes really forget where a service is running or how to reach the web-Interface.

For sure I have a password- and link-manager, but I would like another independent note with the structure of my selfhosting.

Usually I use Joplin. Is there a plugin that shows me a kind of a map?

Or are there other apps - maybe wikis - that do it much easier/better than that?

How do you document your selfhosting?

Just wondered if any one is using block lists for their docker containers.

IPSum publishes a great list of IPs worth blocking.

The thing is, I know docker networking interacts with iptables in a complex way such that the iptables INPUT chain is ignored.

The docker docs say you can put custom rules in DOCKER-USER chain, but my iptables knowledge isn't great and I think I'm more likely to mess something up than to have any success.

The thing is, I'm sure that this is something loads of other people have encountered, and I'm sure there must be an easier way.

Hello fellow lemmings! As mentioned in the title, I'm barely just getting started with the self hosting thing and such.

I have a small personal project for which I'd like to self host my own "ugly-90's-HTML" blog (I just love the look and feel you know).

I've got a desktop machine that I could use as a server, and I also just purchased my own domain from cloudflare (for commitment), but I'm a bit stuck on the actual "putting-my-stuff-online" thing and I don't want to do anything stupid.

I know there's a lot of learning I still need to do, but that's the reason I'm starting this project. Any help would be welcomed.

I have 3 cents of basic networking knowledge (I made my own Ethernet cable conection to my gateway :D); I'm using a linux distro as my main desktop; I have created an ssh tunnel with cloudflare so far, and I'm following a little html+css tutorial. The thing is, I've found so many different ways of putting things online, I'm a bit dizzy. I would like something that will teach me the fundamentals without holding my hand too much (a la "next, next, next, confirm, finish"), you know? I mean, I'm learning by essentially making a 90's website... So, yeah.

Thanks in advance <3

[TL;DR] Me want make 90's website, don't know how

Hi there good folk,

The new place i am moving into has the internet come into the house on the other side of where I am planning to have my office + my NAS(which needs ethernet). I much prefer having my stuff connected through ethernet, but not sure what do now, as I cant really run cables across the house. Am also renting the place so cant drill holes in walls etc.. As far as I know, there are two ways for me to get ethernet in my office:

1. COAX to POE: The place does not have ethernet ports in the walls either, but it does have some wallmounted coax sockets. Is it worth looking into coax to poe adapters for either end of the sockets? Not sure how much of a fan I am of this due to the amount of cables this ends up being.

2. The other way would be to have a WiFi-extender in my office, but i guess this will sacrafice some more speed than the other solution(?). This way I would have a small switch connected to the extender which will get me some more ports too.

I am planning on buying into the Unifi prodcuts, specifically the Unifi Express device as a router. While expensive, I love the polish and feature set and control it brings. What other Unifi devices should I get into, considering probably wont be able to use PoE?

Lemmy know your thoughts, opinions and the rest - am open for all sorts of solutions!

I currently have a server, a Dell T310 with an SSD in it and 12Gig of ram (weird config, I know I messed up but it works fine so I can’t be bothered to change that for now), with all my dockers running in it.

It runs mostly fine, with Debian 11, a VPN so that I can block public ssh and allow it only on the VPN network, an nginx proxy to have services like a forgejo and a music library (ampache).

However it can’t run a Minecraft server with more than a single person on it without stuttering ; so I was considering changing it maybe next year, after more than 3 years of services, for something beefier but also consuming less W/h (current consumption is 80W), and since I already have a Mac for work I was wondering how suitable a Mac Mini M1/M2 would be for a homelab?

Does anyone have such a configuration and how does it work for you? Any hurdle that you should be aware of?

Not exactly self hosting but maintaining/backing it up is hard for me. So many “what if”s are coming to my mind. Like what if DB gets corrupted? What if the device breaks? If on cloud provider, what if they decide to remove the server?

I need a local server and a remote one that are synced to confidentially self-host things and setting this up is a hassle I don’t want to take.

So my question is how safe is your setup? Are you still enthusiastic with it?

Im looking for a self hosted open source docker image for time clock and payroll. Do you have any recommendations or experience?