Selfhosted

40557 readers
392 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
1
 
 

Hello everyone! Mods here 😊

Tell us, what services do you selfhost? Extra points for selfhosted hardware infrastructure.

Feel free to take it as a chance to present yourself to the community!

🦎

2
3
21
submitted 10 hours ago* (last edited 9 hours ago) by [email protected] to c/[email protected]
 
 

I'm thinking about upgrading my W-Fi and I was curious what wireless access points (WAP) people are using. I'm currently using a Netgear R7800 running OpenWRT.

4
 
 

Ok, it's me again. I've been checking the sampled logs on my cloudflare website and I've noticed some very particular requests:

Some context: I'm hosting my own static website (a personal blog) at home and serving it to the internet through a Cloudflare tunnel.

Upon inspecting them it seems like they are bots and web-crawlers trying to access directories and files that don't exist on my server, (since I'm not using wordpress). While I don't really have any credentials or anything to lose on my website and these attacks are harmless so far, this is kinda scary.

Should I worry? Is this normal internet behaviour? Should I expect even worse kinds of attacks? What can I do to improve security on my website and try to block these kinds of requests/attacks?

I'm still a noob, so this is a good opportunity for learning.

Thanks

5
34
submitted 20 hours ago* (last edited 20 hours ago) by [email protected] to c/[email protected]
 
 

Hello! 😀
I want to share my thoughts on docker and maybe discuss about it!
Since some months I started my homelab and as any good "homelabing guy" I absolutely loved using docker. Simple to deploy and everything. Sadly these days my mind is changing... I recently switch to lxc containers to make easier backup and the xperience is pretty great, the only downside is that not every software is available natively outside of docker 🙃
But I switch to have more control too as docker can be difficult to set up some stuff that the devs don't really planned to.
So here's my thoughts and slowly I'm going to leave docker for more old-school way of hosting services. Don't get me wrong docker is awesome in some use cases, the main are that is really portable and simple to deploy no hundreds dependencies, etc. And by this I think I really found how docker could be useful, not for every single homelabing setup, and it's not my case.

Maybe I'm doing something wrong but I let you talk about it in the comments, thx.

6
 
 

Considering a lot of people here are self-hosting both private stuff, like a NAS and also some other is public like websites and whatnot, how do you approach segmentation in the context of virtual machines versus dedicated machines?

This is generally how I see the community action on this:

Scenario 1: Fully Isolated Machine for Public Stuff

Two servers one for the internal stuff (NAS) and another for the public stuff totally isolated from your LAN (websites, email etc). Preferably with a public IP that is not the same as your LAN and the traffic to that machines doesn't go through your main router. Eg. a switch between the ISP ONT and your router that also has a cable connected for the isolated machine. This way the machine is completely isolated from your network and not dependent on it.

Scenario 2: Single server with VM exposed

A single server hosting two VMs, one to host a NAS along with a few internal services running in containers, and another to host publicly exposed websites. Each website could have its own container inside the VM for added isolation, with a reverse proxy container managing traffic.

For networking, I typically see two main options:

  • Option A: Completely isolate the "public-facing" VM from the internal network by using a dedicated NIC in passthrough mode for the VM;
  • Option B: Use a switch to deliver two VLANs to the host—one for the internal network and one for public internet access. In this scenario, the host would have two VLAN-tagged interfaces (e.g., eth0.X) and bridge one of them with the "public" VM’s network interface. Here’s a diagram for reference: https://ibb.co/PTkQVBF

In the second option, a firewall would run inside the "public" VM to drop all inbound except for http traffic. The host would simply act as a bridge and would not participate in the network in any way.

Scenario 3: Exposed VM on a Windows/Linux Desktop Host

Windows/Linux desktop machine that runs KVM/VirtualBox/VMware to host a VM that is directly exposed to the internet with its own public IP assigned by the ISP. In this setup, a dedicated NIC would be passed through to the VM for isolation.

The host OS would be used as a personal desktop and contain sensitive information.

Scenario 4: Dual-Boot Between Desktop and Server

A dual-boot setup where the user switches between a OS for daily usage and another for hosting stuff when needed (with a public IP assigned by the ISP). The machine would have a single Ethernet interface and the user would manually switch network cables between: a) the router (NAT/internal network) when running the "personal" OS and b) a direct connection to the switch (and ISP) when running the "public/hosting" OS.

For increased security, each OS would be installed on a separate NVMe drive, and the "personal" one would use TPM with full disk encryption to protect sensitive data. If the "public/hosting" system were compromised.

The theory here is that, if properly done, the TPM doesn't release the keys to decrypt the "personal" disk OS when the user is booted into the "public/hosting" OS.

People also seem to combine both scenarios with Cloudflare tunnels or reverse proxies on cheap VPS.


What's your approach / paranoia level :D

Do you think using separate physical machines is really the only sensible way to go? How likely do you think VM escape attacks and VLAN hopping or other networking-based attacks are?

Let's discuss how secure these setups are, what pitfalls one should watch out for on each one, and what considerations need to be addressed.

7
 
 

So I'm looking to purchase a house soon, and before I paint I want to set up wiring in the house for a cloud-free smart home.

I currently rent an apartment. I have a home server running unraid with home assistant, and can run whatever server software I want to run. I'm looking at upgrading to a townhouse. Before I have someone come in and paint, I want to wire things for my ideal smart home.

My main focus will be networking and speakers.

I want to set up a server closet for my lab. I plan to get mikrotik switches. I currently plan on using tp-link omada APs for each floor.

I'm less confident in the speaker setup.

System Audio Inputs:

  • TV in living room
  • TV in bedroom
  • Computer in office
  • Computer in bedroom#2
  • Any mobile device

audio out:

  • Living room
  • office
  • bedroom (x2)
  • kitchen
  • primary bathroom

I'm imagining having a receiver for all the TV inputs/outputs and a central one for the bathroom, kitchen. I'm unsure about the office.

Cost is not a problem, I'm okay with 10-15k on the equipment for this.

What kind of amps/receivers would work best?

8
 
 

Hi there, been working on my selfhosted setup a bit lately and just noticed that if I browse to my own WAN-IP it will show to the public the interfance of my oc200 omada hardware controller. While it does have a login form with username password, id be much more confident if this wasnt public at all. I've looked online and in my settings but struggle to find anything related to this. Is it common that this is on be default?

Any pointers greatly appriciated.

Edit: Solved - I panicked without thinking I was on my own lan when checking this..

9
 
 

I've been running a Plex server for music off my gaming laptop for a few months and (I think) I'm ready to take it further - that is, I'd like to have the server running on its own hardware.

At this point, I'd just be running a music server, but I know I'll want to add more services.

The first would be something like Google Drive - I'm working with a couple of other people on business plans and I'd love to self-host our files and the software (like LibreOffice) to edit them.

I'm comfortable with the software side and I'm finding lots of options, especially in this community.

The hardware side... I'm feeling a little overwhelmed by all the options and I don't know enough to judge the search results.

Any recommendations for hardware or links to guides would be appreciated.

10
 
 

cross-posted from: https://lemm.ee/post/49620916

Now that 2024 is coming to the end and Christmas around the corner, have you considered any donations to be given? If yes where?

11
 
 

Hi guys!

I'm trying to re-compress a few TV shows that are mostly animation to some animation-friendly codec (HEVC 10bit, maybe even AV1), to reduce the storage it takes on the NAS (I'm looking at you, One Piece/Simpsons!). I've used handbrake with full folders to handle whole seasons of a TV show before, but that was a bit frustrating to run on my desktop PC, hence the install of Tdarr. However it's a bit...overwhelming with all the options, without quite hinting what each one does. I'm adding a...library. Ok, what's the library? Is it say, an -arr full TV Shows library? Or should I add one library per TV show (custom specific settings for each one?). How do I work...with the transcode options? I see it's all drag-drop, but I'm not sure of all these options.

I'd like to transcode to say, HEVC 10bit, reduce perhaps audio with Opus or AAC, and keep same tracks and subs. How would I go about this?

THanks!

12
 
 

So, I've been trying to accomplish this for a while. First I posted asking for help getting started, then I posted about trying to open ports on my router. Now, I proudly post about being able to show the world (for the first time ever) my abysmal lack of css and html skills.

I would like to thank everyone in this community, specially to those who took the time to answer my n00b questions. If you'd like to see it, it will be available at: https://nginxtest.kazuchijou.com/

(Beware however, for you might cringe into oblivion and back.)

Since this website is hosted on my desktop computer, there will be some down-time here and then, however I'll leave it on for the next 48 hours (rip electricity bill) only for you guys to see. <3


Now, there are a couple of things that need addressing:

I set it up as a cloudflare tunnel and linked it to my domain. However, I still don't know any docker at all (despite using it for the tunnel), and the process was too incredibly and stupidly easy. I don't think I learned as much as I expected and I didn't feel challenged at all.

The original idea was to do some port forwarding. (This was foolish and a bit of a waste of time). Despite getting a "public-ip-address" from my ISP, I still was unable to open ports successfully. I kept getting the same error again and again. If you'd like to read my original post about port forwarding you may follow this link: "[Solved] ((lie)) Noob stuck on port-forwarding wile trying to host own raw-html website. Pls help".

While I know doing this represents a security risk, I still wanted to at least have a small success with port forwarding. I just wanted to have the raw-internet-connection experience, you know? like, the basics and such. And Cloudflare is holding my hand way too hard, I want to feel like I can shoot myself in the foot (without actually doing so)

But to be honest, I'm quite happy with the outcome. There are many other avenues I'd like to explore in the future, like setting up a reverse proxy with nginx or even darknet hosting (as sugested by another commentor).

I hope to keep learning and some day help another poor soul like myself in a similar situation. I thank you again guys, you're the best.

[TL;DR] This is the best and most helpful community ever! thx <3

13
 
 

Hi everyone, it's been a while :)

Postiz is an open-source social media scheduling tool that offers scheduling on the following:

Instagram, YouTube, Dribbble, LinkedIn, Reddit, TikTok, Facebook, Pinterest, Threads, X, Slack, Discord, Mastodon and BlueSky.

https://github.com/gitroomhq/postiz-app

There's been tons of interest in Postiz. It's super exciting but also challenging—around 5-10 tickets per day (without a support team 😿), mainly coming from Portainer, Coolify, and Unraid—and I still haven't figured out how to solve it.

I need to balance shipping and customer support.

Tons of new features since the latest release:

  • Option to add stories to Instagram and tag people for collaboration.
  • Customer separation - you can group accounts per customer, and when you schedule, you can filter by customer.
  • Option to tag companies on LinkedIn (I wanted to tag people also, but it was not possible)
  • Fixes for different social media posts failing.
  • Introducing Plugs! This is a concept you can find in other tools that can boost your engagement for your current posts. Here are some examples:
    • Once your post reaches X amount of likes, repost it (to regain visibility to it)
    • Once your post reaches X amount of likes, add another message to it (all your existing commenters will get a notification)

What's next:

  • Public API - I have been too lazy to make it, I have to push more :)
  • One Inbox - so you can reply to all your messages from one place.
  • Google My Business provider
  • AI Agents - I am still trying to figure out what to do with it, but it looks interesting.

Special thanks to this community that supports me with every post ❤️

Any star to the repo is a blessing ⭐️

** Fediverse networks will come soon :)

14
 
 

I've been using Obsidian for my note taking for a little while and I love it. I love you can just do a quick [[[other note]]] and it will link to the other note. I love that the full thing is just in markdown files, so that I can have full control; even if Obsidian were to disappear.

The one thing that is a little frustrating for me is getting my notes synced between my desktop, laptop, and phone. I have tried using syncthing to just sync the markdown files directly and it worked pretty well. But, it seems a bit overkill on my phone. I think I'd rather move to a single server that I can connect them to and they can sync from there.

I have looked into a few plugins. I saw that there a git one. I am a developer. So, that seems like the natural way for me to do it. But, I also saw a post on reddit where they suggested webdav. Which might be closer to what I want. I don't need it to be where I can type on two devices and have the stuff sync super fast or something. I just want to type my notes, close the app, and when I open it on a different device; I want it to have my latest notes ready for me.

What are you personally using for Obsidian? I'd love to hear from other people here. I don't want to pay for Obsidian's subscription service. I want to host it myself.

15
 
 

I'm running a rather small homelab and am hunting for a good UPS to help keep everything running smoothly. My top priorities are:

  • Just enough battery life to keep things running until they can be shut down
  • Compatible with open source software for monitoring and automated shutdown

Would I have better luck getting a used one and a new battery, or a brand new unit altogether? Anyone have one they don't need anymore, on that note? 👀

Thanks for the advice!

16
 
 

*** For anyone stumbling on this post, and is as newbie as I am right now, forward auth doesn't work with FireflyIII.

I thought that forward auth was the same as a proxy, but in this case, it is the proxy that provides the x-authentik tags.

So for Firefly, set up Authentik as a proxy provider and not a forward auth.

I haven't figured out the rest yet, but at least, x-authentik-email is in my header now.

Good luck ***

Hello,

I am trying to setup Authentik to do a forward auth for Firefly3, using caddy. I am trying to learn External authentication so my knowledge is limited.

My setup is as follows.

By looking at the Firefly doc Firefly doc, I need to set AUTHENTICATION_GUARD=remote_user_guard AUTHENTICATION_GUARD_HEADER=HTTP_X_AUTHENTIK_EMAIL in my .env file. I used the base .env file provided by Firefly and modified only these two lines

Then, in my Authentik, I made a forward auth for a single application for firefly. This part seem to work because the redirection is made. The external host is my Firefly ip address.

Then from the example provided in the Authentik provider, I created my caddy file on the Firefly container to redirect port 80 to my custom port 9080.

:80 {
        # directive execution order is only as stated if enclosed with route.
        route {
                # always forward outpost path to actual outpost
                reverse_proxy /outpost.goauthentik.io/* http://10.0.1.7:9080/

                # forward authentication to outpost
                forward_auth http://10.0.1.7:9080/ {
                        uri /outpost.goauthentik.io/auth/caddy

                        # capitalization of the headers is important, otherwise they will be empty
                        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Me>

                        # optional, in this config trust all private ranges, should probably be set to the outposts IP
                        trusted_proxies private_ranges
                }

        }
}

EDIT : The IP address of Firefly is 10.0.1.8

When I try to go on my Firefly app, the Authentik redirection is made and it tries to connect to the Firefly webpage,but I either get unable to connect when I try the https, or Looks like there’s a problem with this site when I try to connect with http.

I see that the connection is refused in both case.

I made sure that my email on my account on firefly matches the email from the Authentik user.

I tried googling my problem to no avail and the Firefly documentation is pretty scarce.

Any help would be welcome.

17
 
 

I'm looking to replace my sff J5040 Wyze machine. Its still plenty fast enough, but storage has become an issue with its limited USB endpoint availability of ~50 device limit.

I know that just switching it up to a newer Intel system could give me double the endpoints because of the two XHCI chip setup, but I was thinking that if I'm going to replace it, I'd like to not limit myself.

As such, even though Ryzen is far faster than I need, it does now support USB4. Does anyone know if the switch to USB4 would give the system a larger address range and have more than 127 USB devices or is that limitation still in place and I might as well not waste my money?

18
 
 

I would like to archive some for their useful info like r/selfhosted. Frequently find answers there

19
 
 

Yes, I know that the are dozens of notes apps. I'm looking for recommendations based on a few features that I like:

  • nice design (including color coding)
  • easy checklists
  • sharing - this one is key. I use a shared shopping list and we both need to add and edit.
  • pinning and archiving (hidden notes)

I don't mind running it from my homelab server, but that is not a requirement. Does anyone use a notes app that you love? Let me know!

20
40
submitted 4 days ago* (last edited 4 days ago) by [email protected] to c/[email protected]
 
 

It's really nice. I liked the setup process.

21
21
submitted 4 days ago* (last edited 4 days ago) by [email protected] to c/[email protected]
 
 

Hello, have setup my proxmox server since some weeks recently I found that LXC containers could be useful as it really separate all my services in differents containers. Since then I figured out to move my docker's services from a vm into several LXC containers. I ran into some issues, the first one is that a lot of projects run smoother in docker and doesn't really have a "normal" way of being package... The second thing is related to the first one, since they are not really well implemented into the OS how can I make the updates?
So I wonder how people are deploying their stuffs on LXC proxmox's containers?
Thanks for your help!

EDIT : Tried to install docker upon debian LXC but the performances were absolutely terrible...

22
37
submitted 5 days ago* (last edited 5 days ago) by [email protected] to c/[email protected]
 
 

As the title says...

Is this a risky thing?

EDIT: I have a wireguard VPN set up for myself and it's always on so I can access *arrs and the like. I would like to expose immich on my domain to share photo albums and such.

23
 
 

A lot of selfhosted containers instructions contain volume mounts like:

docker run ...
  -v /etc/timezone:/etc/timezone:ro \
  -v /etc/localtime:/etc/localtime:ro \
  ...

but all the times I tried to skip those mounts everything seemed to work perfectly.

Are those mounts only necessary in specific cases?

PS:

Bonus question: other containers instructions say to define the TZ variable. Is that only needed when one wants a container to use a different timezone than the host?

24
72
submitted 6 days ago* (last edited 6 days ago) by [email protected] to c/[email protected]
 
 

Welcome to release v1.122.0 of Immich. After a long release break, Immich is back and brings many new features with loads of bug fixes to enhance the user experience further and make Immich more delightful to use. Some of the highlights below:

  • HDR video support in the mobile app
  • Multiple URLs for machine learning service
  • Automatic switching between server URLs in the mobile app
  • Ability to hide users when searching in an Immich instance
  • Access the most recent albums through the web navigation bar
  • Custom email templates
  • Automatically clean up files left behind by interrupted uploads
  • More responsive hosted maps for users in Oceania
  • Notable fix: swiping between videos failing on older Android devices
25
 
 

Hi, I recently bought an Epson Ecotank ET-4850. Pretty happy actually with the printer itself, scanning quality is also quite good. However - it has a fatal flaw that i was not aware of.

I had an Epson WF-3620 that was able to scan to a folder, where Paperless-NGX then could do it's magic. The ET-4850 doesn't support scanning to a folder. It does support WSD, but that's not really convenient...

Is there a way to do all this with a Raspberry Pi or another device that's connected to the MFD?

view more: next ›