1
378
submitted 3 years ago* (last edited 3 years ago) by devve@lemmy.world to c/selfhosted@lemmy.world

Hello everyone! Mods here 😊

Tell us, what services do you selfhost? Extra points for selfhosted hardware infrastructure.

Feel free to take it as a chance to present yourself to the community!

🦎

2
202

This is why you should not install any of the vibe coded apps that get advertised in here regularly. You're just creating a liability for yourself.

3
63

The summer and its rabid heat is here and i still have a lot of lawn that hasnt been replaced by gardens yet (work in progress) and grows super fast

Im trying to get better and decouple myself from cloud services, but my searches for what robotic lawn mowers are self hostable/dont require wan isnt giving me confidence

I might just deal with the heat and get a push mower and deal with it, but if anyone has experience with a good local-only robotic lawn mower, or which ones to avoid - id love to hear it

4
31

SbTEwwlrjN5y7jq.webp

How Authelia Performs Multi-Factor Authentication

Authelia sits between your reverse proxy and the apps behind it, intercepting requests and performing auth checks before forwarding traffic, giving you true MFA that can be integrated with something like Google Authenticator, or Yubikey/Titan key, etc...

Stop exposing unsecured apps. Learn how to deploy Authelia in Docker with a KeyDB backend and SWAG to enforce centralized Multi-Factor Authentication.

Setting up Authelia can be a bit intensive at first, but very worth the payoff / time and effort!

Disclaimers: I'm the author & run this exact setup, in production for myself. It's a "battle tested" setup, which has been in use for a few years now. Written & verified by a human! The header image is a composite of my Authelia MFA token page & AI generated infographic. NO ADS or affiliate marketing on page!

Happy to chat in the comments!

5
60

Comments are disabled, to start a discussion with the community about this post or the rules in general, please make a meta post. Please stick to one specific item to address as your post to keep discussions on topic.

Due to the large number of AI-involved projects, posts oriented towards AI use on a self-hosted system, and the widely varied sentiment around AI usage, an additional rule has been created to manage them.

If your post is about AI or is a project promotion post, please read here first. If you are not posting about AI or making a project promotion post, you don't need to read further.

If a post has tagged with an AI tag, low effort comments regarding their use will be removed.

Post Tagging

There are three types of tags for project promotional / AI posts.

  • [CBH] - Code By Human - A project promotional post with a project that did not use AI in any capacity. No disclosure necessary.
  • [AIP] - AI Project - A project promotional post with a project that used AI in development in any capacity. Disclosure is required for how it was used.
  • [AIT] - AI Topic - A discussion topic that includes AI. This may be for a discussion on hardware to self-host on, llama.cpp vs ollama, your experience using vulkan, etc.

[AIP] - AI Project Disclosure Requirements

Declaration structure is a modified version of ai-declaration.md. If you are promoting a project where AI was used in any capacity in the creation of the project, you will need to provide the details of its use. If you already have an ai-declaration.md or similar disclosure in your repository, you may link directly to it. If you do not, use the following structure:

Declare what aspect of the project used AI. You only need to provide the categories where AI was used:

  • Design - architecture, system design
  • Implementation - production code
  • Testing - writing tests, test plans, and QA.
  • Documentation - Docs, comments, README, change logs
  • Review - Code review and pull request feedback
  • Deployment - CI/CD configuration.

Then state the level of AI involvement for each category listed:

  • Hint - AI suggested solution, human does the task.
  • Assisted - AI acts on part of a task, but a human handled the bulk.
  • Pair - About a 50/50 split of human made and generated.
  • Generated - Human prompted, AI generated.

If you have used the [AIP] tag without a disclosure, a comment will request it. Please note that failing to provide the disclosure will mean the removal of your post.

For any questions, please send a message for clarification.

6
195

Enjoying the simplicity of a single tab setup!

7
34
sneakerweb (sneakerweb.org)

A parallel web updated through physical media.

8
35
submitted 1 day ago* (last edited 18 hours ago) by BonkTheAnnoyed@piefed.blahaj.zone to c/selfhosted@lemmy.world

Converted my daily driver to my vm/docker host. I assumed all my images would be included in timeshift's snapshots, but... nope!

Fortunately I figured it out before I needed it. was testing my backups as part of prep for wiping everything and going to headless debian, found libvirt was missing.

Edit: Added rsync tag to reflect the comments section, which really deserves its own thread.

9
37

I have an old Xbox One X (the 1tb model) that I would love to turn into a Linux box to do self hosting. While I do my best to find tutorials online for installing Linux, I was hoping I could pick y’all’s brains on your experiences for upgrading:

  1. Best hard drives to use (internal and/or USB3)?
  2. Can the RAM be upgraded?
  3. Can the Bluray be replaced with a hard drive?
  4. Anything else I’m missing and don’t know to ask about?

Thanks!

10
56

Hi everyone,

I'm happy to share that Portabase now supports Docker volume backup and restore!

Portabase is an open-source, self-hosted backup and restore platform, currently supporting 9 databases including PostgreSQL, MariaDB, MongoDB, Redis, and more.

We’re now expanding it to cover Docker volumes too, because many self-hosted apps do not store critical data only in databases.

Typical use cases include WordPress uploads, Nextcloud user files, media libraries, app configuration data, and more generally any self-hosted service where critical data lives in Docker volumes.

The goal is still the same: make backup and restore simple, reliable, and easy to operate. Portabase uses a central server with lightweight agents running close to your workloads.

If you find bugs, please open an issue on GitHub, we’re actively looking for feedback.

Thanks!

11
95
Immich vs Ente ? (lemmy.world)
submitted 2 days ago* (last edited 2 days ago) by warmaster@lemmy.world to c/selfhosted@lemmy.world

Chosing the right photo app for my family

So, Immich vs Ente, this is my last piece of the selfhosted puzzle. Please help me make an informed decision:

Immich

on the plus side, it seems to have more features and it has a gazillion integrations with other selfhosted software. Downside: breaking changes are fairly common AFAIK.

Ente

looks like the opposite, more mature, scoped and less integrated.

Am I reading this right? Am I missing something?

Edit: Thanks everyone, I'm going with immich!

12
228
submitted 2 days ago* (last edited 2 days ago) by Vegan_Joe@anarchist.nexus to c/selfhosted@lemmy.world

I have docker installed, but only have a vague idea of how it works.

Back in the day, I would just port forward, but even then, I would need a static IP somehow.

I have heard a reverse proxy is an option, but that is an entirely new topic to me.

Surely there is an easy way to access Jellyfin outside of my home network that I'm just missing.

*Edit: I am blown away by all the help and support! I currently have tailscale running, and I'm in the process of purchasing a domain.

Thanks everyone!

13
62

I have a VPS that I secure as much as possible since the IP is public, but does a wireguard-access-only homelab warrant the same efforts? Those with homelabs like this, what do you do?

14
130
submitted 2 days ago* (last edited 2 days ago) by danielgraf@discuss.tchncs.de to c/selfhosted@lemmy.world

"Reitti" (Finnish for "route" or "path") is a self-hosted, personal location tracking and analysis platform. It is designed from the ground up with a privacy-first philosophy: all your data remains under your absolute control, stored exclusively on your own infrastructure. You own the database, you own your history, and you own your memories.

I am proud to announce that reitti v5.0.0 is officially live. This release marks a major milestone, evolving the platform into a comprehensive, customizable personal location diary.

I have packed this release with highly-requested features designed to give you full control over your data:

  • Custom Map Styles: Break free from standard map defaults. Upload your own styles, use hosted vector JSONs, or configure your own raster templates.

  • The Workbench: You can now aggregate data from multiple devices under a single account. Use the Workbench to stitch your timelines together and manually edit or clean up individual coordinate points.

  • Contextual Diary: Enrich your trips and visits with custom tags, moods, and Markdown notes to turn your location history into a living diary.

Global Accessibility

A massive thank you to our community of translators. Thanks to their hard work, reitti is now more accessible than ever, with support added for Portuguese, Chinese (Traditional), and Korean.

A Commitment to Sustainability

Starting with v5.0.0, reitti is transitioning to the AGPL-3.0 license.

Open-source sustainability matters. As the project grows, I want to permanently protect the hard work of our contributors and keep reitti open for the community. The AGPL-3.0 ensures that any improvements made to reitti must be shared back with the community under the same open-source terms. To keep our contributor power strong, no Contributor License Agreement (CLA) is required; the intellectual property remains entirely with the individuals who authored the code, keeping the project truly community-owned.

Development Transparency

I use AI as a development tool to accelerate certain aspects of the coding process, but all code is carefully reviewed, tested, and intentionally designed. AI helps with boilerplate generation and problem-solving, but the underlying architecture, logic, and quality standards remain entirely human-driven.

Getting Started

To simplify your deployment, I’ve taken inspiration from the excellent release practices of the Immich project. You will now find the docker-compose.yml file attached directly to the GitHub release notes to help you get up and running quickly.

Important: This is a major release with deep structural adjustments. Please read the v5.0 Upgrade Guide before deploying, as a database migration is required.

Community & Support

I am dedicated to keeping this project community-first. Everyone is encouraged to spread the word about this release on any platform they have access to.

Thank you all for being part of this journey. Happy tracking!

— Daniel

Full Changelog: https://github.com/dedicatedcode/reitti/compare/v4.0.5...v5.0.0

15
30

I'm a software developer working in the telecam sector on security related products, so I know a fair bit about system security. Yet I wound secure my own system far less than most people here if I didn't enjoy cybersecurity as a hobby.

I wonder what you are securing against? Some examples:

  • jellyfin: unless you have home videos on there, what does it matter if someone exfiltrates some movies? Surely you have basic DOS protection and/or region locking to reduce wasted network traffic, right?
  • linux: I assume nobody is using their servers as daily drive PCs, so what does it matter if somehow your system is superficially compromised. You can always reimage. Sure they could mine some bitcoin with your system, but it doesn't have that much PSU headroom to cost you much on your bills, right?

It just seems like most attack vectors lead to mild annoyance at most for most systems.

Do you guys just enjoy cybersecurity? Do you actually keep sensitive data on your self hosted systems? Do you self-host on expensive hardware? What am I missing?

16
33

Hey, folks! I had begun configuring VLANs recently, and I've got two managed switches between my firewall and my mini PC. I set up a 10 VLAN on the third octet with a /24 mask, and the idea is that anything on 10 should be able to reach the internet but not VLAN 1, while VLAN 1 should be able to access the internet and VLAN 10 services. I'm not so crazy as to try to start with that configuration though. No ports or anything are exposed yet, so my first test was just going to be full access between networks. I maybe counted my initial configuration as a success too soon, because with the mini PC on the 10 network, I can reach the gateway at 192.168.10.1 but nothing else. I can even access the OPNsense config page at the 10 gateway address. If I ping 192.168.1.1, I get "Network is unreachable". If I ping www.google.com, I get "Temporary failure in name resolution", and I also can't pull up sites like YouTube. And again, this is all with a VLAN rule that I believed to be configured to allow all traffic, as it mimics what's set up for my default LAN interface. Pinging the mini PC from the 1 VLAN also fails; it just sort of times out with 100% packet loss, so perhaps the default rule is less permissive than I thought, but it does say it allows all.

I've been following beginner guides from the Home Network Guy (a name that makes this stuff sound more approachable than how he actually presents it), but even with a video that's not even 3 years old, pieces of OPNsense have been deprecated and replaced with new components such that I can't follow along verbatim. For instance, it was an ordeal to get DHCP working now that the one he used has been replaced with Dnsmasque DNS and DHCP, and I can't even tell you what I changed that eventually got it working, but my first couple of tries did not. In one of those videos I've been following, he indicates that the default rule on the LAN interface will allow full access between all networks, but that doesn't seem to be the case, as the same settings on the other VLAN aren't allowing them to talk to one another.

Obviously, I don't intend to leave full access between the networks when it's time to go live, but this simple smoke test shows that there's a gap in my understanding if I can't get what should be the easiest test to work. Does anyone know what I'm missing or what I should do to troubleshoot from here?

17
57
submitted 2 days ago* (last edited 2 days ago) by OpenAltFinder@lemmy.world to c/selfhosted@lemmy.world

I just noticed that tvtime.com is being shut down on July 15th.

Are there any good open source alternatives? So far I know about

TV Time alternatives

18
22
submitted 2 days ago by xana@lemmy.zip to c/selfhosted@lemmy.world

Hello fellow TCP users,

I am moving my homelab from Docker to Kubernetes (because I have nothing to do with my homelab anymore) and I am having an issue with services that need to be accessible both within the cluster and from the outside world on the same hostname.

For an example, supposedly you have two pods: A and B which are accessible via the Gateway with hostname a.example.com and b.example.com respectively. Pod A also need to contact Pod B so there are two ways to do this:

  • Via b.example.com. This works but in this case, the traffic will go from pod A -> the boarder internet -> the loadbalancer -> the gateway -> pod B which is not very optimal.
  • Via b.default.svc.cluster.local. This also works but in this case you lose:

In Docker case, I can just set the alias of my reverse-proxy container to b.example.com and it is done. I am wondering is there anything I can do to get the traffic goes from pod A -> the gateway -> pod B in Kubernetes. Also is this a common issue or not because I don't see a lot of articles about this issue on the internet :/

Thank you very much!

19
65

For my Masters thesis project, I'm required to keep a blog documenting my progress, and being the open source/self hosting guy that I am, I decided to host my own WriteFreely instance on my VPS.

The problem is, WriteFreely doesn't support direct image uploads, only embeds. I'd of course like to self host my images for the blog too, so I'm in need of a really lightweight image hosting solution. Things like Immich or Nextcloud are far too much for what I need, I basically just need a password-protected upload interface and the ability to grab the direct links to the images to embed them. I don't need analytics or account management or anything like that.

I know I could transfer images to my server directly via scp or rsync or ftp and host them behind nginx directly, but that's a faff and I'd rather just deploy a container once and be done with it.

Does anyone have any recommendations?

20
41

Hi, I have a hypothetical question that is probably going to sound very dumb once someone shows me a very simple workaround :

In this situation : there is a properly setup server in house A with a running jellyfin/immich server, and there's a second server in house B for homeassistant.

Is there a way I can use server B to remotely connect to server A to access JF and Immich and stream it via HDMI a TV in house B ?

Thank you in advance

21
17

I'm big on retro tech (which, sadly, is becoming code for credit bills in a trenchcoat; why did I give all that good shit away :( ) and occasionally think "damn, I should try to get an old C64 or Amiga, specc it up and use it as a daily driver".

Then I got to wondering "do folks still use retro PCs to self host cool stuff?"

So, do folks here still use retro computers for self-hosting- either actually hosting services on the old hardware, or self-hosting lightweight tools specifically for use from vintage machines?

22
32
submitted 3 days ago* (last edited 3 days ago) by doctorflynt@feddit.org to c/selfhosted@lemmy.world

I‘ve got 2 Machines with Proxmox on both installed. One hosts my data and media and runs Services like Jellyfin, NAS,… The other one is a Mini-PC that hosts my Services like Adguard, Home Assistant,…

Whats the best way to Backup the data and configs of those 2 machines? Installing Proxmox Backup Server on each and store the Backups on a seperate HDD? Or would it be better if a move all the services to a single machine and use the second only for backups?

thank you!

23
13
submitted 3 days ago* (last edited 3 days ago) by osanna@lemmy.vg to c/selfhosted@lemmy.world

Hello :)

I am trying to set up an encrypted gdrive connection in rclone.

For some reason, it won't upload to gdrive when I use the crypt remote, but it works fine when i use just the gdrive remote.

When I use the crypt remote, it simply created a folder called the gdrive remote name, then uploads everything encrypted to there with a directory called whatever remote name i use for the remote crypt. I'm probably not explaining very well.

/media/drive/drive/docs$ ll

total 19112

drwxrwxr-x 30 osanna osanna    4096 Jul  5 05:37  ./

drwxrwxr-x  3 osanna osanna  4096 Jul  5 05:33  ../

-rw-rw-r--  1 osanna osanna 123794 Jul  4 22:19  106.nClDs-5357-30-32_45.78.43-DpCGpC.EIE

-rw-rw-r--  1 osanna osanna   596291 Jul  5 01:17  11.HE.DKCruHI

-rw-rw-r--  1 osanna osanna  176385 Jul  5 01:17 '120.ozRRVNQCR BNOX.JCAW'

-rw-rw-r--  1 osanna osanna    11444 Jul  5 01:44 '14.nGMBMExw 2.HwL'

-rw-rw-r--  1 osanna osanna   182000 Jul  5 01:17  157.bmEEIADpE.wpnJ

-rw-rw-r--  1 osanna osanna   94588 Jul  4 14:37  163.827663.HFy

-rw-rw-r--  1 osanna osanna     8612 Jul  5 01:13  178.rmAA.FtAF

my rclone.config:

[drive]

type = drive

token = {"access_token":"[redacted]","token_type":"Bearer","refresh_token":"[redacted[,"expiry":"2026-07-05T06:26:08.783447+08:00","expires_in":3599}

team_drive = 

[drivecrypt]

type = crypt

remote = drive

password = [redacted]

filename_encryption = obfuscate

directory_name_encryption = false

The command I'm using is this:

/media/drive$ rclone copy files drivecrypt:docs/

Anyone got any idea? I'm losing my mind here.

TIA :)

24
92
25
385
view more: next ›

Selfhosted

60482 readers
793 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS