Selfhosted

cross-posted from: https://lemmy.dbzer0.com/post/39598489

Hey everyone,

This post is self-promotional, but I was told by someone it's fine as long as it's open-source and not posted too frequently. I'm still new to Lemmy, to be honest.

We've just released version 2.5.0.0 of our RMM, now with Linux & macOS agent support!

Feel free to join our journey: https://github.com/0x101-Cyber-Security/NetLock-RMM

Thank you

A self-hosted URL shortener: Shlink - Keep control over all your shortened URLs, by serving them under your own domains, using this simple yet powerful tool. https://shlink.io/

I was very surprised to find this mature, full-featured URL shortener. It's written in PHP and includes Geoblocking so your shortener isn't abused.

A Docker quick-start guide: https://lnk.clifmo.com/ljk13

I recently moved to shared housing and they have a very poor Wifi 4 router located quite far from my room (no chance of wiring ethernet). As I'd like to host some (local) services for myself, I brought a Tp-Link Archer C6 (v3.2) with me to mess with. I had set up WDS successfully on the stock firmware to get a much better internet connection in my room,, but it was finnicky and sometimes drop out entirely for hours. As I knew my router has good support from OpenWrt, I decided to flash it tonight and "quicky re-do the WDS setup". It's been over 5 hours and I've had no luck getting it to connect following the wiki's guide. I also tried making a relayd-based access point, but it doesn't seem to route to ethernet and when I tried connecting with my phone it just stays on "Obtaining IP address..."

I feel very much out of my depth.. is there an easier way to achieve this? Basically, my ideal end result would be having a better/more consistent wifi connection (which I think works because the router has much stronger antennae than my laptop or phone) and ethernet, with OpenWrt available to toy with and learn more about networking.

I'm running a website that is getting a lot of bot traffic and found Cloudflare free rule tier to be a bit limiting. (5 custom rules with length limits)

Ive got subnets for major VPS providers to block and will run analysis against my traffic to build on these lists.

What do others do?

I'm contemplating my Cloudflared tunnel into Crowdsec to my app.

Edit: Adding in image of my analysis of the IPs scanning for vulnerabilities.

collapsed inline media

Hi fellow selfhosters!

What hostnames do you use for your systems and services?
And maybe why if it's an interesting story.

I'll start:
Steam Deck: krax
Smartphone: krix (once I get LineageOS installed again)
MiniPC: krux
Reserved for future use: krex & krox

Creative, I know. 😅 The names have no deeper meaning. The x comes from Linux. That's it.

I know some of you use god names of certain pantheons, such as Thor. But I find that boring as a lot of people are doing that.  
 
 

Now let your pants down and tell me all about

your embarrassing host names!

Please bear with me as I don't know where else to ask.

I want to start to self host but do not know where to start. I would like to start small. Just something that might not be beneficial but to get my feet wet. It does not even have to be practical.

I am not tech illiterate and have my fair share of technology around me hut self hosting has always been a daunting task.

I am scared to start.

I am already using a PiHole at home but that was kind of plug and play and just worked.

I would be incredibly grateful if someone could guide me to some resource or tell me what an easy first step would be.

An FAQ or self hosting for dummies.

Most resources I found assumed some previous knowledge.

I have my home server apps configured with NGINX proxy manager and DuckDNS to access remotely, but about three weeks ago DuckDNS URLs stopped working on my home network. I can access 192.168.XXX.XXX:1234 on the home network but myapp.duckdns.org times out.

It DOES work as expected using a VPN or on mobile data.

Any ideas as to what's going on?

~~EDIT: I kind-of sort-of got a workaround working using pi-hole "local DNS" feature to point the duckdns URL to NGINX.~~ Didn't work

EDIT 2: Disabling the router's firewall completely seems to have fixed it. Still trying to figure out the exact setting that did it. I will update this post if I can.

Hi! I want to selfhost a minecraft server for my kid and hjs friends. I havent played minecraft in quite a few years ...

Where do I start to self host one?

I am already seflhosting lost of stuff from 'Arrs to Jellyfin and Immich and more, so I am not asking on how to do it technically, but where to look for and what to host for a proper Minecraft server!

Edit: choosed to setup this https://github.com/itzg/docker-minecraft-bedrock-server and so far, super smooth and easy peasy!

I have a gl-inet router on which I have an nginx config to send traffic to Nginx Proxy Manager and DDNS with cloudflare.

I'm trying to get some kind of local dns set up so that if I'm on the local network, traffic stays within the network. The problem that I'm running in to is SSL certificates. NPM (on the server) is handling those and I thought that what I could do is go into the AdGuard Home (on the gl-inet router) config and add a dns rewrite to point to the router and traffic would flow as it normally does.

This DOES work, technically. traceroute shows only one hop for any of my subdomains, ie files.mydomain.com.

But I cannot actually get access in a browser because the ssl certificates are not set up.

It seems like options are: manually copy certificates from the server to the router (not ideal), or don't do it at all. I notice that if I go to the service by ip address, it'll change the address to the domain name. Eg going to 192.168.8.111:30027 -> files.mydomain.com.

This isn't a HUGE deal, but it's not preferable. How have you all solved this?

Edit: I solved the issue in probably the most hilarious way. I was trying to get the forwarding and everything set up and then borked my routers firewall so bad I couldn't get to the outside at all, so I did a hard reset.

I then moved my admin UI ports up by one each (81/444), re-set up Goodcloud, ddns, Wireguard server on the router, then set up port forwarding for 80/443 on the router to 80/443 on the trunas server. I switched NPM to listen on those ports (since I moved the web UI to different ports), then added Adguard Home DNS rewrites. It's now all working as expected.

Local traffic only has one hop and is accessible without SSL warnings, and same for WAN traffic. Thank you all for the help!

I spent a few days comparing various Hypervisors under the same workload and on the same hardware. This is a very specific workload and results might be different when testing oher workloads.

I wanted to share it here, because many of us run very modest Hardware and getting the most out of it is probably something others are interested in, too. I wanted to share it also because maybe someone finds a flaw in the configurations I ran, which might boost things up.

If you do not want to go to the post / read all of that, the very quick summary is, that XCP-ng was the quickest and KVM the slowest. There is also a summary at the bottom of the post with some graphs if that interests you. For everyone else who reads the whole post, I hope it gives some useful insights for your self-hosting endeavours.

XPipe - A connection hub for all your servers: Status update for the v15 release

Today I can share a major development status update of XPipe, a new connection hub that allows you to access your entire server infrastructure from your local desktop. It can make your life easier when working with any kind of servers by eliminating all the commonly tedious tasks that come up when interacting with remote systems, either from the terminal or from a graphical interface. XPipe comes with integrations for SSH, docker and other containers, various hypervisors, and more without requiring setup on your remote systems. You can also keep using your favourite text/code editors, terminals, password managers, shells, command-line tools, and more with it.

collapsed inline media

Tailscale SSH support

You can now connect to devices in your tailnet via Tailscale SSH and your locally installed tailscale command-line client. This integration supports multiple accounts as well to switch between different tailnets.

Custom icons

You can now add custom icons to use for your connections. This implementation replaces the old model of shipping the icons from https://github.com/selfhst/icons along XPipe. Instead, you can now dynamically add sources of icons. This can either be a local directory or a remote git repository that can be cloned and pulled by xpipe. XPipe will pick up any .svg files in there, rasterize them to cached .pngs, and display them in XPipe.

As default icon sources, it will still come with the https://github.com/selfhst/icons repository enabled, but now it can fetch these icons at runtime. If you are using the git vault sync, you can also add icons to a synced directory in your git vault to have access to them on all systems.

collapsed inline media

New docs

There is a new documentation site at https://docs.xpipe.io/. The goal is to expand this over time to provide proper documentation for many features.

Since it came up quite a bit last time I posted about XPipe here, I hope that any questions about what exactly XPipe is, how it makes your life easier, what it can do, and more, can now be answered in detail by the documentation.

Webtop enhancements

The webtop, a container-based KDE desktop environment, received a general overhaul. The list of terminals, editors, and rdp clients has been updated. The language support has been improved so that you can now easily run the desktop environment in any language you want. There were also many new additions and fixes for preinstalled tools of the desktop environment. There is also now more webtop documentation at https://docs.xpipe.io/guide/webtop

collapsed inline media

Package manager repositories

There is now an apt repository available at https://apt.xpipe.io/ and an rpm repository available at https://rpm.xpipe.io/. You can add them as sources to apt or your rpm-based package manager. This allows you to also install and upgrade xpipe via your native package manager instead of using the built-in self-updater.

Other

• Add support for Gnome Console and Ptyxis Terminal
• Add support for cursor, windsurf, and trae editor
• Add support for cosmic-term of the new cosmic desktop environment
• Add the ability to launch connections from the command-line with the xpipe launch command
• Add new action to run scripts in the file browser and show their output without having to open a terminal
• You can now import saved PuTTY sessions on a system when searching for available connections. This also works for KiTTY
• Improve application performance when having many connections and categories

A note on the open-source model

Since it has come up a few times, in addition to the note in the git repository, I would like to clarify that XPipe is not fully FOSS software. The core that you can find on GitHub is Apache 2.0 licensed, but the distribution you download ships with closed-source extensions. There's also a licensing system in place with limitations on what kind of systems you can connect to in the community edition as I am trying to make a living out of this. I understand that this is a deal-breaker for some, so I wanted to give a heads-up.

Outlook

If this project sounds interesting to you, you can check it out on GitHub or visit the Website for more information.

Enjoy!

Tl;dr

Very new to home networking, but planning to get some hardware to run OPNsense bare metal to replace my ISP all-in-one.

Requirements: AES-NI support, Intel NICs, supports coreboot, can handle Wireguard both to connect out to my VPN provider and also to allow me to connect back to services at home

Nice to haves: 2.5+ Gbps NICs, resources to support an IPS like Snort or Suricata.

Questions:

• Are people still using cheap AliExpress hardware despite potential security risks?
• If so, do you reflash your firmware? Are you comfortable counting on a script like Flashli, or do you use something like SPI?
• Would you still reflash your firmware even from a more trusted vendor, like Protectli or Deciso?
• What is a reasonable amount to spend on reasonable router hardware?

Some Options I’ve Seen Recommended/Am Considering:

• Protectli Vault Pro VP2420-4 (but open to other Protectli suggestions)
• AliExpress N100/N305 machines (though of course with the aforementioned security concerns)
• Used Thinkcenter M720q (though not sure how the power efficiency compares)

Thanks so much to anyone who takes the time to post your thoughts, I’m extremely grateful!

Hi everyone,

Thanks so much again to those of you who left your thoughts on my thread a month or so ago. Progress on my NAS still continues at a glacial pace (mostly because I want ECC support and an iGPU that supports AV1 decoding on the same machine, but building around the W680 is a little pricey; in fact, might end up considering adding an A380 for AV1 support instead to open up some other options, but that’s a story for a different thread). But I am reaching out now because in the interim I’ve been trying to make progress on some more fundamental network infrastructure while I am figuring out plans for the bigger systems. Of course, even that turned into a bigger project than planned, which is why I am back to get some of your insights.

Just for folks who didn’t see my other thread, I am definitely a home networking noob generally, but am trying to build out my whole home network. In terms of the router hardware I am hoping to get, at minimum it would need AES-NI support and Intel NICs vs. Realtek, as well as support for coreboot for peace of mind (in an ideal world, even libreboot, but my understanding is basically no hardware released within a decade or more would allow that to run). At least 2.5 Gbps throughput would be nice, but not essential. Likely will be paired with a switch, so I’m also not overly concerned about port count (though maybe just for starting out 4 ports would be ideal and I can add in a PoE switch later).

In terms of planned use, I want to use Wireguard both to connect out to my VPN provider and also to allow me to connect back to services at home, as well as a few VLANs. Support for IPS like Snort or Suricata would be a plus, but it seems they can be resource intensive and I’m not currently thinking of them as a necessity.

A lot of resources I’ve seen suggested just grabbing a cheap machine off Amazon or AliExpress is the most cost-effective way to go, but it seems like there are some legitimate security concerns going that route. Are people still buying some of the cheaper AliExpress (e.g. Qotom, Topton, Cwwk) N100/N305 machines for their routers, even with concerns about backdoors (like Horse Shell in TP-Link firmware)? Are you reflashing firmware if you do so (and if you are, are you doing it through SPI vs. a script like Flashli)?

I’m the furthest thing from an expert, but just from a bit of poking around it seemed like if one wanted to reflash firmware in a 0 trust way, it looks like you’d need to either use SPI or JTAG vs. trying to do it through a script (and of course you’d need to take into account whether Boot Guard is enabled).

Would you reserve this treatment just for no-name router brands or would you reflash firmware the same way if you bought from a more trustworthy source like Protectli or even Deciso? Personally, my threat model (just trying to take back some privacy and control over my tech and not trying to stand single-handedly against the NSA) and current (low) skill level make me think I should just opt for a Protectli box that I know will work with coreboot (like the VP2420-4) and then move on with my life, but spending $300-$400 on a router seems like a lot (and perhaps I am robbing myself of the joy of having to figure out how SPI works).

Thanks so much for your thoughts! I remain extremely grateful to have the opportunity to tap into all of your collective wisdom (and hopefully at least save myself a few lessons learned the hard way). As long as its not obnoxious, I am also happy to share my progress and learning as I go in case it can save some time for other folks just starting out. Thanks again!

I got this thing in my home. How can I turn this into a home server?

https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fwww.mitronic.se%2Fwp-content%2Fuploads%2F2022%2F05%2Farris-vip-4302-2-768x276.jpg&f=1&nofb=1&ipt=aa77ac0336a11d6b409fb73ac7a78b21068bd561e10ca8cfa53ab9eaf5305b43&ipo=images

Looking for your personal lists of Github repositories, which might be deleted from Github at some point, for whatever reason. For example, the maintainer might delete his account from Github or archive all his repositories.

A famous example of an open source project, which had trouble to continue thriving, is youtube-dl.

Which projects' repositories do you think are worth backing up?

I have a bridge device set up with systemd, br0, that replaces my primary ethernet eth0. With the br0 bridge device, Incus is able to create containers/VMs that have unique MAC addresses that are then assigned IP addresses by my DHCP server. (sudo incus profile device add <profileName> eth0 nic nictype=bridged parent=br0) Additionally, the containers/VMs can directly contact the host, unlike with MACVLAN.

With Docker, I can't see a way to get the same feature-set with their options. I have MACVLAN working, but it is even shoddier than the Incus implementation as it can't do DHCP without a poorly-maintained plugin. And the host cannot contact the container due to the MACVLAN method (precludes running a container like a DNS server that the host server would want to rely on).

Is there a way I've missed with the bridge driver to specify a specific parent device? Can I make another bridge device off of br0 and bind to that one host-like? Searching really fell apart when I got to this point.

Also, if someone knows how to match Incus' networking capability with Podman, I would love to hear that. I'm eyeing trying to move to Podman Quadlets (with Debian 13) after I've got myself well-versed with Docker (and its vast support infrastructure to learn from).

Hoping someone has solved this and wants to share their powers. I can always put a Docker/podman inside of an Incus container, but I'd like to avoid onioning if possible.

I self-host a couple of services, but I haven’t exposed anything outside my home network. I want to self-host my calendar, but not sure if I can do it without exposing it. Any recommendations on the best way to go about this? For those who do self-host a calendar service, how do you keep it secure?

I've recently (finally) taken the leap into self-hosting my RSS reader, and I'm wondering what feeds everyone's subscribed to

I've currently got some basics like Github releases for software I use, the great selfh.st blog for self-hosted news, hackaday, some essentials like xkcd, and an attempt at following new music releases from artists I like, but I'm sure there are other great feeds out there that I should also be aware of

cross-posted from: https://programming.dev/post/26356680

So background, my kid has seizures often. He is currently on 5 different medications to try to control it(plus 1 for sleeping and 1 for his liver enzymes) plus severe non verbal autism so he can't tell us if he already had his meds. Currently when it's medication time, it's always "did you give him his meds yet?" and we have no way of tracking how many seizures he actually has besides "alot more recently" or "it's gone down recently". Yes he had multiple doctors and this is NOT a post looking for health advice.

I am creating an app for phones(c# Maui) which will send json objects to a api to store/retrieve data in a database(when he last had medication x, when he has a seizure etc). It will probably only be used with in my family, maybe 20 entries a day on a really bad day(7 medications twice daily + 6 seizures to give a round number) but should be less then 10 transactions(most medications given at same time).

What's the cheapest/easiest was I can host something like this? I do not have a static ip. Yes it's health information but I'm only storing first names and tracking time of events, not too worried about hippa like security.

I picked day one up as a journaling app many years ago, and have enjoyed it. But I've now mostly left the apple ecosystem and I'm ready for a new solution. An important feature to me is the calendar view that both shows you what days you have entries for and allows you to see previous year's entries on a day. The lack of this feature knocks out the most recommended alternatives on this community (joplin, obsidian, and logseq come to mind). Journey cloud and diarium are strong picks, but I'd prefer non proprietary and stronger self hosting support. Along with better platform availability. Memoria is also in consideration, but the documentation is pretty light and it's hard to tell if it will function in the way I expect. Likewise with memos, which I've seen suggested on here.

Needs:

• Usable on linux (I can live with a web app)
• Calendar view showing days with entries
• Encryption
• Cloud sync functionality (no local only apps like rednotebook)

Nice to haves:

• Proper app for linux, android, ios
• Ability to import a day one backup, preserving my 5 or so years of journal history
• FOSS
• Selfhostable
• Support for media (primarily photos)
• Prompts for password on every launch
• Equivalent to "on this day" feature allowing you to view previous entries on a day

Hi c/selfhosted,

PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. You can find the repo here. After around 9 months of work the app is finally where I wanted it to be and can be considered stable. Last week version v1.0.0 was finally released. Leading up to this I did a major UI revamp which now supports different layouts.

Let me know what you think of the new UI. If you like PdfDing consider starring the repo on github.