Howdy Selfhosters!

A family member who does not live in my state recently got a new PC, and asked for my help in setting it up. Since it can't be done in person, I'll have to do this over the phone. Problem is, I don't really want to walk them through all of the steps (download Firefox, ublock origin, uninstall W11 bloat, etc) over the phone. I was hoping there exists a software that I could host on my Linux machine (I am able to port forward/host externally if necessary), and instruct them over the phone to download the "other end" (client-side) of the software so that I can remote in and set their PC up myself.

I checked out the awesome-selfhosted list and found that most of the remote access softwares are mainly for SSH servers. I did check out Guacamole, but I'm not sure I understand how to utilize the software. Any help and suggestions are welcome. Thank you everyone!

Hi all,

I'm looking at exposing some self-hosted web-based services externally so that some relatives can access them and would appreciate some advice.

Vikunja is the starting point (mostly to facilitate my spouse and I using it when away from home) but in future I want to set up Immich or similar to replace Google Photos, and that in particular will need to be shared with friends and family (especially so that immediate family can have camera uploads on automatically).

I understand that ideally I'd use SSH, a VPN, or tailscale or similar (although I don't have experience with tailscale), but that's not going to be feasible. Most of the family will not be able to set up those connections themselves (which means I would need to) and several are far enough away that it is impractical for me to provide on-site support or do it myself. Even if I could get a VPN or similar deployed on all their devices, I suspect that they're going to struggle with needing to connect to it just to upload or view photos, then disconnect afterwards to resume using the Internet -- I really need this to "just work" for them.

So this brings me back to safely exposing these services to the outside world. My network architecture complicates this a little, so for context:

• Modem/router has basic firewall and points to a Raspberry Pi for DHCP. I already have No-IP set up with a domain name so that I can SSH into my LAN when away from home.
• RPi runs Pi-hole + dnscrypt, acting as DHCP and DNS server for the network.
• I want to use nginx as a reverse proxy running on this RPi, as I have experience with it and it can add SSL using certbot. The router would be configured to use port forwarding to direct external traffic for ports 80 and 443 to the RPi.
• Vikunja is hosted on a separate Raspberry Pi (with other things like Shiori)
• I have not yet determined where Immich or similar is going to go. I have existing home server that I use for backups and important family stuff, but I really don't want this to be vulnerable to the outside world. If I were to install Immich here, I'd need it to be well-isolated from the rest of the system. The other option is to get a NUC or similar, which is what I am leaning towards as the less stressful option.

So my main questions are:

1. Beyond fail2ban and my router's firewall, what else can I do to protect my network once I open ports 80 and 443?

2. How do I handle fail2ban configuration when the services are on different devices to the nginx proxy? I understand the best place to put fail2ban would be on the Pi running nginx (since it's the access point to the outside world), but that it also needs to read the logs from Vikunja, etc. to be effective.

3. Where would you put Immich in my network architecture?

Any other tips/recommendations for making this easy to use for my less tech-inclined friends and family would be much appreciated as well. Thanks.

Currently running all my docker compose containers on my gaming PC. 15 containers in total. Mostly *arr stack, plex, immich, home assistant, actual budget and jellyfin. Running on Mint.

Want to get these onto a dedicated pc. I have a mini with a I5 10-600, 32GB ram. I've played with it a little with jellyfin, on Debian and don't think I was able to get quick sync enabled with my testing, and one transcode pretty much maxed out the CPU usage. To use this PC, I'd need to buy a 4 bay USB HDD enclosure.

So, basically I'm just wondering before I spend money and time if the hardware is even capable enough for my usage. 3 concurrent streams is probably the most it'd ever see, ideally with no more than 2 transcodes. Immich, home assistant etc are all pretty new and just in testing for now, but would only have 2 users total. Mostly using Plex, jellyfin is also in testing so it'll be ready if plex enshitifies too much.

While building PolyTalk, one of the biggest decisions we faced was whether to rely on cloud APIs or keep everything self-hosted.

At first, cloud services seemed like the obvious choice. They make it easy to get started and remove a lot of operational overhead.

But the deeper we got into the project, the more we realized that self-hosting wasn't just a deployment preference, it was a requirement for many of the use cases we were exploring.

A few things we learned along the way:

• Running speech recognition, translation, and TTS locally is absolutely possible, but latency quickly becomes one of the biggest engineering challenges.
• Supporting multiple audio sources (microphones, meetings, browser tabs, system audio, etc.) is often more complicated than the translation itself.
• Choosing models is a constant trade-off between quality, speed, hardware requirements, and language coverage.
• Privacy, compliance, and data sovereignty concerns came up far more often than we expected when talking to potential users.

Self-hosting definitely isn't the easier path. You have to think about infrastructure, updates, monitoring, and resource management.

That said, the trade-off is greater control over your stack, fewer external dependencies, and more flexibility in how the system is deployed and operated.

For us, those benefits were worth the extra complexity.

I'm curious how others in the self-hosting community think about this.

When do you decide a service is important enough to self-host instead of relying on a managed API or SaaS provider?

For anyone interested, PolyTalk is the project that led us down this rabbit hole:

GitHub: https://github.com/PolyTalkIO/polytalk

Website: https://polytalk.io/-

Hello,

I know it is strictly related to selfhosting but I don't have a reddit account so please bear with me. I've been using a Blackblaze B2 bucket as the storage for my restic backup for my whole homelab for a while and recently when reading from that bucket it is so so so so so so slow and unreliable (a lot of unexpected EOF and interruption). I've tested this on several machines (including a VPS on Hetzer) and I can access other sites just fine. Their status page says nothing and I wonder is it just me or do some of you also experience the same thing ?

Also any alternative recommendation is welcome but I can not selfhost my S3 at the moment :(

Thank you very much!

Edit: this is the log for my restic check --read-data (something similar on Hetzner VPS).

create exclusive lock for repository
load indexes
check all packs
check snapshots, trees and blobs
Load(<data/ef0e80ecc6>, 541, 6322304) returned error, retrying after 508.096097ms: unexpected EOF
Load(<data/ef0e80ecc6>, 541, 6322304) operation successful after 1 retries
Load(<data/c10459132f>, 535, 14002087) returned error, retrying after 1.352882596s: unexpected EOF
Load(<data/c10459132f>, 535, 14002087) operation successful after 1 retries
Load(<data/44089c2105>, 536, 10041504) returned error, retrying after 1.094099947s: unexpected EOF
Load(<data/44089c2105>, 536, 10041504) operation successful after 1 retries
Load(<data/c10459132f>, 481, 3262415) returned error, retrying after 1.418694544s: unexpected EOF
Load(<data/927e700367>, 467, 7776453) returned error, retrying after 634.119689ms: unexpected EOF
Load(<data/927e700367>, 473, 7798234) returned error, retrying after 849.03055ms: unexpected EOF
Load(<data/927e700367>, 467, 7776453) returned error, retrying after 1.243622488s: unexpected EOF
Load(<data/653ef7abb0>, 523, 8280899) returned error, retrying after 578.669152ms: unexpected EOF
Load(<data/fd9edf4117>, 533, 485866) returned error, retrying after 823.382046ms: unexpected EOF
Load(<data/c10459132f>, 528, 3248055) returned error, retrying after 1.402372952s: unexpected EOF
Load(<data/c10459132f>, 524, 3175555) returned error, retrying after 1.425799941s: unexpected EOF
Load(<data/9b179c749d>, 534, 13802701) returned error, retrying after 1.234603672s: unexpected EOF
Load(<data/7b827c96f6>, 531, 8412866) returned error, retrying after 1.49579899s: unexpected EOF
Load(<data/ef0e80ecc6>, 530, 5093059) returned error, retrying after 1.405885227s: unexpected EOF
Load(<data/927e700367>, 409, 7763564) returned error, retrying after 798.04783ms: unexpected EOF
Load(<data/c10459132f>, 481, 3262415) returned error, retrying after 1.362966862s: unexpected EOF
Load(<data/653ef7abb0>, 523, 8280899) returned error, retrying after 2.966804822s: unexpected EOF
Load(<data/927e700367>, 467, 7776453) operation successful after 2 retries
Load(<data/fd9edf4117>, 533, 485866) operation successful after 1 retries
Load(<data/927e700367>, 409, 7763564) operation successful after 1 retries
Load(<data/9b179c749d>, 534, 13802701) operation successful after 1 retries
Load(<data/c10459132f>, 528, 3248055) operation successful after 1 retries
...

Edit: After a day my restic check --read-data finished with no data corruption but it took a lot of retrying, even 7 retries to read the correct data :/ So I guess it is a sign for me to move to somewhere else.

I've bounced around running my server on many different OS options, I used proxmox with Ubuntu VMs and containers for a long time and did really like it but decided that for my tiny operation basically just trying to run Jellyfin and maybe a few other things like a Minecraft server, a simple one click deployment OS works good enough for me. Most of the time.

I've really been loving ZimaOS, management is so easy when you're only running a couple basic services like I am. But I decided I wanted to set up an arr stack to build up my media library easier and let others request things. I actually had this set up before on proxmox so it's not my first time.

The only problem is I can't for the life of me get qBittorrent to use my gluetun VPN with Mullvad, the fact that I can't directly edit the compose yml is killing me, because the options that I need to change should hypothetically be simple, but they just don't appear to even exist in the ZimaOS app settings gui. Has anyone gotten this to work?

- I'm new to #Authentik - I've just spun up a test instance and tried to connect my first application (#Postiz) but I'm kind of stuck.

I've installed both Postiz and Authentik using Docker Compose - as provided by the relevant apps.

As far as #Authentik goes it looks like its approving authentication requests (its showing successes in the GUI) but the application just returns to the login screen without progressing.

One thing that I found was that within the configuration of the Application and Provider one URL provided by Authentik is the /application/o/postiz/.well-known/openid-configuration which lists several URLs used by the application - one is /application/o/authorize/ but unlike all the others this returns a 404 error when I try to load it via the browser.

I am struggling to work out if - this URL should 404 should occur and also how to diagnose what the problem is.

I've popped messages in their relevant Discord forums but any ideas or input would be greatly appreciated - I'm figuring getting Authentik is going to be key to getting other applications going.

I wanted to improve the security of a TV connecting to a server on a different LAN, and one approach I thought of is to use a RPi on the network to look after the secure connection.

So the pi could connect to the remove server through SSH, and forward the port locally. I thought this port could then be opened, and the TV can then be pointed at the pi on the local network.

Port forwarding to the pi works but I can't connect to it from another device, even after setting firewall settings.

Basically the firewall rule is ufw allow from 192.168.1.0/24 port 1234

Does this idea work, or is there a better approach? Am I missing something in the setup?

Hi there, everyone.

For various reasons, our family makes use of Life360. I'm wanting to move to either a linux or completely degoogled phone(ATM, I'm on Graphene but utilize the Play store for Life360 and a few other apps) but can't afford not to have the ability for a group of 4 phones to share their locations with each other all the time, not just to send a pin at certain times. I ONLY need the real time sharing to other devices in the group, I don't need anything else that Life360 offers.

It can't be hard to use as one of the phones we need it on is owned by an 80yo with cognitive/memory issues. This is where Life360 shines, we're able to find him without him ever needing to do anything on his phone.

Is there an option for this out there for self hosting? I could even handle not self-hosted but multi-OS and non-Play connected. I do have a couple VPS I could run backend software on, if needed.

Thanks for your time!

Hello friends!

My first attempt at a selfhosting project is up and running.

My goal was to make a private email and calendar system for my family. As it is private, as in we only email each other, I don't have to worry about delivery blocks or spam. The system needs to support 12 users. Turned out it was easier than I though it would be!

Here is my stack:

• Thinkpad T480 with 64G ram and 1tb ssd
• Windows Server 2022 eval
• MailEnable Standard Edition which is free software from Australia https://www.mailenable.com/standard_edition.asp
• Thunderbird Mobile https://www.thunderbird.net/en-US/mobile/

Right now we are using the native android calendar app but I would love suggestions for a better calendar app.

Happy Hosting!

so im setting up a proper anime server and im kind of stuck on the metadata

been running jellyfin for a bit , had everything scan and it looked fine at first but then i noticed stuff was misclassified , wrong episode orders, some seasons (of the same show) getting merged when they shouldnt be. basically a mess

wiped everything and starting fresh. currently looking at shoko server + shokofin plugin as the proper solution instead of just trying to fix filenames manually

my situation is a bit different tho , i dont torrent. most of my stuff came from animepahe and similar sites so the files are encoded in mp4 ,

anyone gone through this with a similar source situation ? is shoko the move or is there something better for my anime :)

thanks!

Edit : Almost forgot ! if you have any tools, tips or anything really that would be helpful to a beginner like me (like tailscale) please mention them in the comments and i will check them out.

Hi, so been working on this for a week but not really happy with the solutions I find as they seem to be done by induviduals who rely heavily on ai. I got wireguard easy going and can remotly connect which is great but id love to be able to route any internet traffic to and from the wireguard clients to go though another server while filtering my local onsite services. Felt that if i can crack this i dont need to rely on tailscale. The end goal is to have no reliance on tailscale as i am preparing for the eventual enshitification.

I'm a Windows guy since forever and I recently got into selfhosting. So far its a blast! Are posts about that welcome here?

I have nearly every service imaginable running and have now started a new project.

I am creating a searchable stock photo archive for my lan. It has been a very interesting project but think i may have crossed the line into overkill lol.

I had hundreds of stock photo cds from the 90s I have turned them all into ISO's.

I then spent ages dealing with some strange cdrom layouts but got all the images off.

I then converted them all to JPG.

I have now setup a batch script that dedupes then takes the images in 2k batches, runs them through a ai vision model to add keywords and descriptions; as they have none.

They are then copied to a folder where I have photoprism running as the front end and I only have 4k done so far but they look amazing and the search and descriptions are really accurate and useful.

400k more images to go but at least it should all be automated now.

Hello,

As the title suggests, how do you manage your DBs for docker services.

Do you spin a new DB for every new docker cluster or do you have a centralized DB that is accessible to the docker clusters.

What are the pros and cons of both method?

For the moment, I spin a new DB for every services as I feel it is easier to backup the service in case of a problem.

Hello guys, so I have been self hosting a bunch of stuff for some years now. But I want to increase the protection of the services I host.

I was thinking of using a VPS just for ddos protecting my services like game servers, web servers, email etc.

Any suggestion on how to set this up well? I was thinking of routing all traffic from the VPS back home with wireguard. My connection is gigabit so I don't think the performance impact will be too big, any suggestion on which proxy, VPS and other things to use?

Hello,

First let me answer your first question : No, It's not AI generated.

I started working on a new project geared towards small self-hosted environment which automate the use of snapshot to reduce downtime when doing offline backups.

Instead of waiting for the entire external backup to finish to restart the service LaManager create a instantaneous snapshot using Copy on Write (COW) restart the service and upload the external backups reducing downtime significantly.

More details in the readme.md.

Warning the project is still very early so there might be rough edge and bugs, be careful. However I hope to be able to make something nice and usefull out of it.

PS: It is my first post on lemmy after looking around without account here for a while, the lack of history is not me being a bot, I'm just new here.

I wanted to say thank you to everyone that responded on the previous post. Whether intentional or not, some of the comments gave me some ideas for elaboration and improvement of my pipeline.

I discovered that the TINK 4k has the ability to do 480i pass through via custom modelines, which I enabled and updated my capture script to take advantage of. The biggest downside to using the TINK is that it converts color to RGB, which results in slightly-less-than-faithful raw captures.

This leads into the new VapourSynth pipeline I put together. When strung all together, we're now performing:

• Lossless RGB NTSC capture, converting to YUV 4:4:4 for processing until the final 4:2:0 output
• QTGMC source-matched deinterlacing to 59.94p
• Motion-compensated denoise and CCD chroma cleanup
• Dehaloing, contrasharpening, and debanding
• Lanczos upscale to 4:3 1080p

I'm currently punting on any neural upscaling, because I really don't want to introduce any semblance of hallucination.

You also may have noticed I added waveform and vectorscopes to the monitor stream, to get a quick and dirty readout of the brightness and color levels of a given tape.

I understand that this project is now probably blurring the lines of appropriateness for this particular community, so it will likely be my last post on the matter here. I just wanted to give an update, and say thanks!

I read every single day. At home it's on my Kobo running KOReader (yes, I'm that open-source guy), and I love it. The problem: I don't always have the e-reader on me. On the train, at work, waiting somewhere — I just have my phone.

I tried Kobo's own Android app to bridge the gap and... I really didn't like it. Promos everywhere, adding your own books is a pain, the reader itself feels clunky, and the Wi-Fi handling is annoying.

So I built my own thing: Varbook, a small self-hosted EPUB library.

You drop EPUBs into it in one click. From there:

• They're readable on your phone through a simple but well-made PWA. Books are cached locally, so you can read offline; when you're back online your reading position syncs to the server.
• The server exposes everything over OPDS, so any compatible app works (KOReader, Moon+ Reader, etc.).
• I also wrote a KOReader plugin that pushes/pulls your reading position to the server in a single gesture.

My actual daily workflow:

• Evening, at home: I wake up my Kobo in KOReader, tap the top-right corner → Wi-Fi turns on, my current book jumps to the right position, Wi-Fi turns back off to save battery.
• I read.
• Done reading: tap the top-right corner again → Wi-Fi on, my reading time + position sync to the server.
• Next day, at work: I open the PWA on my phone. It drops me exactly where I left off, and syncs my position on every page turn.
• Evening: back to the Kobo, which picks up my position from the phone.

All of this with fully open-source software, no commercial service in the loop, my books staying on my own server.

The trickiest part was cross-device position sync — every reader engine (epub.js in the browser, KOReader's CREngine, Moon+) tracks position differently. Varbook uses a "pivot" format based on EPUB spine items (chapter index + percentage) so your position survives the jump from one device to another without throwing you 30 pages off.

It's open source (MIT), built with Laravel + React, and ships as a single Docker container (SQLite by default, no external DB needed). The entire UI is translated in English, French, and Spanish.

Honest disclaimer: a good chunk of this is vibe-coded. That said, I've been a developer for 20 years, so it's opinionated vibe-coding — I know what I'm looking at. It's been used daily and intensively by about 5 people for the last 3 months, and I keep improving it regularly. It's not bug-free, but I'd call it reasonably stable. I'm being upfront so you know what you're getting into.

There's a free public instance if you just want to try it without installing anything: https://varbook.hophop.be/

• Full write-up on my blog: https://trucs.hophop.be/en/blog/varbook-bibliotheque-epub-self-hosted
• Code: https://github.com/ndieschburg/varbook
• KOReader plugin: https://github.com/ndieschburg/varbook.koplugin

Happy to answer questions or hear what's missing — it scratches my own itch, but I'd love to know if it's useful to anyone else.

For those who’ve never heard of us:

Libre Closet is a free, open-source, self-hosted wardrobe organizer - with client side garment image background removal. Catalog your clothes, upload photos, build outfits, and access everything from your phone as an offline-ready PWA - all on your own server.

We at Lazztech LLC have crafted and engineered this project with care and intention to be as easy to self-host as possible. It defaults to local SQLite storage and local file storage. It has optional auth/multi user support.

docker run -p 3000:3000 -v wardrobe-data:/data ghcr.io/lazztech/libre-closet:latest

Please feel free to ask any questions you may have, whether about the development choices we’ve made, or about the product itself. We’re excited to continue to build a community around this project. 

——

For those already familiar, I’d like to share some progress updates. 

First, I’d like to introduce Leolazz, who’s joined the project as our 3rd core maintainer, alongside ShoshannaTM, and myself!  

Second, I’d like to share gratitude for the warm and supportive reception Libre Closet has continued to receive. It sincerely makes my day when we get a new feature request or comment about how users are enjoying it. Since the first post, we’ve gotten 234 Github stars, over 10.8k docker image pulls, multiple community PRs contributed, and many helpful issues filed.

Latest News - Significant Performance Improvements:

We've refactored the server resulting in nearly a 2x throughput increase, almost half the latency, and the lighthouse speed score has gone from 68/100 to 99/100.

Latest Releases:

• v0.3.2 - June 09, 2026: Added background removal toggle for garment image uploads.
• v0.3.1 - May 26, 2026: Refactored server resulting in nearly a 2x throughput increase and almost half the latency.
• v0.3.0 - May 21, 2026: Garment image background touch up tool
• v0.2.5 - May 1, 2026: Added option to disable register functionality
• v0.2.4 - April 28, 2026: Fix garment photo upload cropping

For full details refer to the CHANGELOG.

We can’t wait for everyone to try it out, and we hope you enjoy v0.3.2 of Libre Closet! 

Public: https://librecloset.lazz.tech/

GitHub: https://github.com/lazztech/Libre-Closet

@

Hi everyone

I posted before here. I'll try once more but don't want to get over bearing.

I'm trying to self host all my contacts and my calendar.

I've managed to install radicale but there very little ui and I'm not actually sure how to import my contacts and calendar, or how to start using it with a client.

This is all I see

I've set up the calendar and contacts server but I can't find any security settings to password protect it

Any guidance would be awesome, thank you

So far, my self-hosting has been limited to Pi-Hole, and a static website. I now want to try out something new, an Immich server.

I have a static IP from my ISP, so I don’t need to rent out a VPS. However, given that this IS a home internet, I want to be extra sure that it is going to be secure.

In my existing website, I use Fail2Ban + BadBotBlocker + Anubis + Nginx rate limits to protect it from scrapers, bots and malicious users, and it works well. With photos (especially family photos) at stake, I just want to know more on how to protect my server.

Add: thanks for the helpful replies. I will be sharing the photos with family, many of whom live abroad.