|
FireTora posted:This Awesome-Selfhosted github has a huge list of free, mostly opensource, software that you can host for a huge range of services. Came here to post awesome-selfhosted, worth checking out.
|
#
¿
Nov 16, 2021 18:42
|
|
|
|
| # ¿ May 14, 2024 03:42 |
|
|
Its really trivial to either setup your own PKI these days and just install your root self-signed cert where its needed or use let's encrypt, no reason not to use HTTPS
|
|
#
¿
Nov 27, 2021 23:05
|
|
|
Make sure you set up some dynamic DNS service too otherwise you'll lose access once your home IP address inevitably changes.
|
|
#
¿
Jun 1, 2022 16:19
|
|
|
Please don't try and selfhost your mail, just keep the proton sub
|
|
#
¿
Jan 14, 2023 00:09
|
|
|
Well Played Mauer posted:I bought a lot of goodwill with the PiHole and Plex setups, actually. https://www.nvtphybridge.com/full-duplex/ Realistically you won't notice optimizing your switch layout unless your constantly sending large amounts of data around your house, which would be unusual for me at least. Like the other guy said just use it and if you notice issues then nerd out on it. For example 4k streaming bitrate is anywhere from 40-128 Mbps, so if you have issues its probably not the switch. Probably.
|
|
#
¿
Feb 4, 2023 16:55
|
|
|
Nextcloud is pretty worthless to be honest I wish it would stop being recommended in self hosting circles. I use it for contact syncing because its about the only thing it does reliably and I'm too lazy to set something else up for it at this point.
|
|
#
¿
Apr 13, 2023 19:45
|
|
|
fletcher posted:Is there anything else that's a viable Google Drive alternative for the selective sync that stores everything on the filesystem as normal files though? Nextcloud was the only thing I've come across that ticks those boxes. It's been working great for me. I dunno cause it doesn't work. Leave a file untouched or don't open the app for a week and all of a sudden nothing is on your device anymore and lol if you were expecting to use it outside of cell service. I gave up and use syncthing, it suits my needs much better and more importantly is reliable.
|
|
#
¿
Apr 13, 2023 20:09
|
|
|
CopperHound posted:The cookbook app is good. That is all. This is actually true.
|
|
#
¿
Apr 13, 2023 20:10
|
|
|
BlankSystemDaemon posted:I desperately want a dtrace-backed monitoring system like Sun FishWorks. The most amazing thing about this video to me has always been that this guy presumably works in there without ear protection, holy poo poo
|
|
#
¿
Jul 18, 2023 21:35
|
|
|
Warbird posted:Speaking of, the pattern “https to the reverse proxy and the http to the service” is largely fine, correct? Depends entirely where the service is. And probably what it is. On the same server, sure. Same private network, maybe. Different server/network but same "datacenter"? Probably not.
|
|
#
¿
Sep 23, 2023 18:36
|
|
|
Quixzlizx posted:So I don't need to change anything to increase my security then, because I want all connections not through the domain to fail. I just didn't know if there were any edge cases where a theoretical attacker could get around the lack of a certificate, which is why I was contemplating a catch-all rule to block everything else. Anything exposed to the internet is going to get hammered in a variety of unexpected ways, security isn't a single big wall and iron gate, caddy and any other internet facing service shouldn't be your one security measure. The phrase "defense in depth" exists for a reason. Caddy is vulnerable to exploitation, either via misconfiguration or CVE, as is whatever its talking to. Unless there is some auth mechanism its likely at some point some bot or bored attacker (or upset user who previously had access) is going to bypass Caddy. What happens then? Make sure your backend server / service is also hardened, ideally you would also have all of this on a separate DMZ and internal network, to limit the rest of your network. The goal is to limit the blast radius of a potential exposure, not make an impenetrable gate, because there is no such thing.
|
|
#
¿
Sep 23, 2023 19:47
|
|
|
Quixzlizx posted:I do have fail2ban set up so someone can't get into Foundry directly by brute-forcing credentials. I dont know about caddy specifically but you could do some sort of IP based whitelist using DNS lookups for foundary.com if thats what you're trying to say? To only allow communication between Caddy and foundary.com? You'd be better off using your firewall but with nginx, https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-tcp/ Even so the points I made above are still valid, maybe its worth the risk to you, but foundary.com can be compromised, see it communicates a lot with caddy, then have an open door into whatever is behind caddy. Unless you are unlucky or very popular its probably not going to happen having these basic security measures in place its just wise to be aware of the risks and have some additional protections in place for it. You do find blogs all the time of people getting owned like this.
|
|
#
¿
Sep 23, 2023 21:10
|
|
|
Personally I would just drop the connection without responding if its not asking for foundry.mysite.com, in nginx you can code:http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return
|
|
#
¿
Sep 23, 2023 22:03
|
|
|
Quixzlizx posted:Yes, this is what I wanted to accomplish, but I wasn't able to figure it out by searching Google results or the Caddy documentation. I'll keep reading and hopefully I'll eventually figure it out. Ahh, right. To be clear what other people are saying is you can subvert that with code:
|
|
#
¿
Sep 23, 2023 22:23
|
|
|
If your server isn't on a separate network (subnet) its not going to matter, traffic is gonna bypass it at layer 2 (unless it also acts as your switch), but otherwise thats how DMZs work yes.
|
|
#
¿
Sep 29, 2023 00:17
|
|
|
Nitrousoxide posted:If you're doing all this in docker containers you can setup docker networks between your containers and NPM so they have seperate subnets from your LAN. It also has the benefit of letting the docker network act as a dns server so you can point NPM to an internal domain rather than an IP. Pretty sure this doesnt do what you think it does, unless you're also doing some external firewall iptables magic you didn't list. Docker networks are basically just a NAT, the containers still have full RFC 1918 access. The host acts as a gateway.
|
|
#
¿
Sep 29, 2023 01:45
|
|
|
Depends entirely what you're comfortable with and what the services are. I wouldn't with just what we've talked about so far but I probably wouldn't have much of a problem if I was running SELinux + Podman + configured the host to block local network access from the container network. Also making sure the containers are hardened sonewhat. I don't think docker can do that with any flags, podman might but you can just do it with your hosts firewall https://stackoverflow.com/questions/72037768/how-to-prevent-docker-containers-from-accessing-my-local-network Also I wouldn't trust some ISP or consumer router, they rarely patch out vulnerabilities and even when they do many have laughably short support cycles, but I'm also paranoid. See e.g. https://www.tomsguide.com/news/router-attack-netusb-flaw you can use something like opnsense or openwrt or pfsense and with some basic maintenance have a secure gateway basically for the life of the hardware. Mr. Crow fucked around with this message at 03:09 on Sep 29, 2023 |
|
#
¿
Sep 29, 2023 03:04
|
|
|
dweepus posted:Makes sense. Currently for what I want externally accessible (eventually) it's just jellyfin and navidrome. Internally I will want access to pihole, *arrs, Heimdall, etc. All of these are in containers on the same box. If I put auth in front of Nginx, how would that affect app clients connecting to those services, notably smart tv apps? Just use a VPN
|
|
#
¿
Sep 30, 2023 22:01
|
|
|
tried memories. nextcloud is still utter dog doodoo. photos has no way to select multiple folders and/or exclude folders, how is this feature complete in 2023? also memories app doesn't work with self signed certs. lol its actually incredible how bad nextcloud and its ecosystem is. anyway i finally tried Immich and its basically bulletproof. some minor quirks still but they seem to be actively developing it and it more or less works ootb
|
|
#
¿
Oct 12, 2023 19:02
|
|
|
You could just run a linux VM for linux needs? Photoprisms lack of mobile app / integration was its main downside for me. Single user is also dumb but may not matter to some.
|
|
#
¿
Oct 14, 2023 07:42
|
|
|
Hughlander posted:Maybe it's a poor expectation of mine, but I don't think I've ever had a docker pull nextcloud && docker restart nextcloud actually work. To me table stakes for a container is that it handles the janitor work in the background. You have to specify a major version as nextcloud only supports major version upgrades. So nextcloud:26-apache and you can just pull and restart to get the latest point release. Pull 27-apache when you're ready to pull the next major version and so on. Its definitely the worst OSS community out there though as far as quality and usability and reliability, not sure why. PHP is rear end maybe? Never used it, no desire to either, maybe thats true for lots of other devs who might otherwise be willing to contribute and fix stuff.
|
|
#
¿
Oct 16, 2023 18:08
|
|
|
Ive been using pfsense for like 8 years and its been great, I don't see this changing  I don't know why anybody is surprised or gives a poo poo about this, why would I pay a $130 a year for a loving SLA on my home router?
|
|
#
¿
Oct 27, 2023 03:28
|
|
|
My wife has been raving about Immich, its very nice at this point and if you haven't tried it, or recently, give it a look. Nextcloud is terrible tbh and you should only use it as a last resort
|
|
#
¿
Oct 31, 2023 22:27
|
|
|
cruft posted:Immich seems cool, I'm just still not prepared to swallow 8 new services so I can run one thing. Yea... they provide a compose file that isnt insane like most oss projects so i just threw it under a service account and run it under systemd with podman-compose, works well. I normally ignore install instructions and roll my own container specs, amd if you tried to do that with immich yea it would be a chore. Their compose is well made, unusually, so it was way easier to setup than most by just using the provided defaults. Mr. Crow fucked around with this message at 00:23 on Nov 1, 2023 |
|
#
¿
Nov 1, 2023 00:19
|
|
|
Motronic posted:Does it have a working (fully functional) web app yet? Or an android client? Those were the deal killers for me the last time I looked at it. Yes to both.
|
|
#
¿
Nov 3, 2023 18:41
|
|
|
Neslepaks posted:The wife and I share a common library so the user separation stuff is more in my way than helpful as well. We just share an account and it works as you'd expect across multiple devices. I haven't noticed performance but I'm also running it on my "beefy" media server so it may very well be a hog. I'll check a bit later.
|
|
#
¿
Nov 3, 2023 21:36
|
|
|
Anybody got recommendations on a self hosted digital picture frame? preferably like a rasbery pi i can just put a browser on and point to something in fullscreen mode? I have seen a few digital signage options that work with Pi but they seem kinda clunky and/or low res. May just end up getting one with an SD Card or USB but if I dont have to update a flash drive periodically that would be great
|
|
#
¿
Dec 15, 2023 00:02
|
|
|
Hughlander posted:I mean I do think that naturally there's going to be huge over lap towards: i keep wanting to try usenet and see what the hubub is about then they want you to pay for access and im just like EHHHHHHHH Ill stick to private sites
|
|
#
¿
Jan 12, 2024 20:51
|
|
|
|
| # ¿ May 14, 2024 03:42 |
|
|
Anyone happen to be running an Arc GPU with Jellyfin? Does the hardware encoding work well? edit on linux to be clear. I just realized my nvidia card won't transcode anymore for some reason and im not sure when it broke, but im kind of tired of dealing with nvidia so Mr. Crow fucked around with this message at 05:02 on Jan 21, 2024 |
|
#
¿
Jan 21, 2024 04:41
|
|