this post was submitted on 16 Aug 2025

79 points (100.0% liked)

Selfhosted

50876 readers

397 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Selfhosting Sunday - What's up to date, selfhosters? (lemmy.nocturnal.garden)

submitted 1 week ago by tofu@lemmy.nocturnal.garden to c/selfhosted@lemmy.world

25 comments fedilink hide all child comments

With the recent Proxmox 9 release, many of us have the upgrade ahead or already done. What about you, and how do you generally approach updating your services? Which other updates are you looking forward to or is it just an annoying chore?

Also the usual - let us know what you are currently working on, what problems you are encountering and what you are excited about.

As for updates, I update my machines semi-regularly with Ansible. The Proxmox 9 update was unspectacular (good thing!), I just had to change some things in my Promox-post-install automation (nag bar removal and package sources). I still plan to get a merge request based update process for my containers as mentioned here but I'm just not there yet. That guide was also posted on reddit recently and got some traction.

I also spent some time yesterday to organize my nginx logs, they basically all got their own folder in /var/log/nginx with their own access log file by adding access_log /var/log/nginx/$server_name/access.log vhost_combined; to each config. Error log file paths can't contain variables so I kept them in the default file so far.

Recently enabled wireguard (easy setting in my FritzBox router) and stopped exposing some of my services to the internet. That process isn't finished yet though as I'll need to switch to wildcard certificates in order to keep valid SSL for the now local-only services.

top 25 comments

sorted by: hot top controversial new old

[–] Eirikr70@jlai.lu 10 points 1 week ago

Upgraded to Debian Trixie two days ago. Runs flawlessly

[–] thzihdd@feddit.org 6 points 1 week ago (3 children)

I use Traefik as reverse proxy for local only services with let's encrypt certificates. Just needed to a) register the subdomains and b) expose port 80 for the challenges without anything being served on that port.

Wireguard into my network and local DNS via Pihole to ensure proper local IPs. Works like a charm.

[–] Appoxo@lemmy.dbzer0.com 1 points 1 week ago* (last edited 1 week ago)

You could do the DNS challenge instead.
That way you wouldnt even need to publish port 80.

[–] tofu@lemmy.nocturnal.garden 1 points 1 week ago

I need to check what exactly I need to expose. I had 80 and 443 exposed but limited the access to local IPs in nginx like this:

    allow 192.168.x.0/24;  # Allow FritzBox subnet
    allow 10.0.0.0/24;       # Allow OpnSense subnet
    deny all;                # Deny all other IPs

I still have some services I want to expose so generally I'll keep the ports open.

[–] Lem453@lemmy.ca 1 points 1 week ago

Keeping 80 open is useful so that traefik can redirect all traffic to 443 (https)

[–] Object@sh.itjust.works 5 points 1 week ago* (last edited 1 week ago)

sops-nix + rootless podman turns out to be much trickier than I imagined. Spent like 2 days over this shit just to get it in the central config when I could have just manually loaded the config files and change the permission... I eventually solved it by running rootlesskit in the activation script to copy the decrypted file into a temporary folder and changing the permission to the correct sub-user. Not worth the time though.

[–] ikidd@lemmy.world 5 points 1 week ago

Finally got a drive to replace a deader in my zpool. Raid10 ftw

[–] confusedpuppy@lemmy.dbzer0.com 4 points 1 week ago

I finally got Caddy's TLS working with a custom module to handle DNS challenges. Turns out all I had to do was wait 10-15 minutes and everything would sort itself out.

Now on to the next puzzle. I started with Caddy in a Docker container and it's working as intended. Now I want to replicate that in Rootful Podman Compose but I'm running into an issue. With the exact same setup (docker-compose.yml, Dockerfile and Caddyfile) I can get my TLS cert without issue but I can't seem to connect to my website from any external browser. Not through my domain name or even through my home's local network.

Once I figure out how I can access my website, I'll be one step closer to where I want to be. Next will be to get Rootless Podman working, then I can finally set up the file server and kiwix instance instead of the test page I am currently using.

After that, I can finally spend time doing what I want to do and focus my time looking into the Gemeni Protocol.

Down the road I'll look into hosting an IRC server and Snikket instant messenger but that's super low priority. I like tinkering with my Raspberry Pi and my constant backup/restores wouldn't be good for reliability for such services.

[–] carloshr@lile.cl 3 points 1 week ago (2 children)

I've just noticed that proxmox 9 is already available. I will check the procedure before upgrading my machine. Any suggestions regarding that?

@tofu @selfhosted

[–] tofu@lemmy.nocturnal.garden 3 points 1 week ago

Just that, they have a detailed description of the upgrade routine. Make backups :)

[–] TVA@thebrainbin.org 2 points 1 week ago

I just followed their instructions and on 2 of the nodes in my cluster, I migrated all VMs/LXCs off and then did the upgrade and they went through without a hitch. For the last one, I just YOLO'd it and powered off the VMs/LXCs and upgraded it and it also went through without a hitch.

One thing I did find interesting was the systemd-boot packages needed to be removed and were on 2/3 of the machines. I basically intentionally keep their config as close to identical as possible, so I have no clue why it was only needed on 2 of them.

[–] stoy@lemmy.zip 3 points 1 week ago (1 children)

I am currently in the final phase of building my first own built NAS.

(I have an oooooold Intel NAS, that I don't really use anymore....)

I need to populate the case with storage drives, I need to add an Intel GPU, a 10gbit NIC, and possibly add an HBA to add two SSDs for VM storage.

Currently I have a:

Jonsbo N4 case
Asrock B550m Pro4
AMD Ryzen 4600G
32GB RAM
Kingston boot SSD
Corsair SF750 PSU

I am running TrueNAS on it, that was just installed to make sure that it is working, but I am planning on running it going forward, as I am mostly looking to run the server as a filserver.

[–] palitu@aussie.zone 2 points 1 week ago

Me too! And with a Jonsbo N4. I'm going something like the perfect home media server, with proxmox, mergerfs and snapraid.

Then I'll run any containers locally for things like media serving.

Now I need to start collecting disks, I'm going to start with 8tb ones.

Have fun!

[–] HelloRoot@lemy.lol 3 points 1 week ago* (last edited 1 week ago) (2 children)

I'm too lazy to spin up docker containers and config for stuff that would make my life a bit better, but not enough to warrant the hassle... Like for example a finance management software that can hook into my bank. Or document management with automatic email imports etc.

[–] grue@lemmy.world 3 points 1 week ago (3 children)

Like for example a finance management software that can hook into my bank

What software would that be? I've been looking for a viable self-hosted alternative to Mint (and now Monarch Money) since forever.

[–] HelloRoot@lemy.lol 5 points 1 week ago* (last edited 1 week ago)

Firefly III is the one I had on my radar

@friend_of_satan@lemmy.world

[–] friend_of_satan@lemmy.world 2 points 1 week ago

I'm also interested. I migrated from mint to Credit Karma... what a complete shit show. I really miss ooold mint.

[–] TheWilliamist@lemmy.world 1 points 1 week ago

I’ve been partially kicking Actual around, there’s a cheap shim that’ll talk to financial institutions they recommend.

[–] MysteriousSophon21@lemmy.world 1 points 5 days ago (1 children)

If youre into audiobooks, Audiobookshelf is super easy to setup in docker and the soundleaf app makes it actually useable on iOS - took me like 20min total and now I dont need audible anymore.

[–] HelloRoot@lemy.lol 1 points 5 days ago* (last edited 5 days ago)

I just have audiobooks on my phone like a caveman.

[–] themachine@lemmy.world 2 points 1 week ago

DC my server is at is shutting down so I have to bring everything home. Conveniently I just got hooked up with symetric 1G fiber so that's not too much of a problem now thankfully.

Currently exploring docker swarm as a method of using one of my external VPSs to route all external traffic though it to my hardware at home on my tailnet.

Swarm isn't required for this but figured I'd play around with it.

[–] leezh@lemmy.blahaj.zone 2 points 1 week ago (1 children)

Recently set up Headscale with Headplane as the UI. It's all docker compose based so I stuck it in a /etc/compose sub-folder of my vps running Fedora.

Configuring OpenID login was a bit tricky because I got an error when trying to do the auth grant, but the message was vauge. Took me a while to realise the error details were in the redirect back url.

Anyways, once done it was nice to use and I migrated all my Tailscale instances over.

[–] tofu@lemmy.nocturnal.garden 2 points 1 week ago (1 children)

What was the reason for the migration? I used neither so far

[–] leezh@lemmy.blahaj.zone 2 points 1 week ago

Oh, Tailscale has been perfectly fine so far, been using it for over a year without issues. It's just that the server side is proprietary and coming from previously managing Wireguard connections manually I still like the idea of a fully open source stack. Only got around to it recently because I had the free time, tbh.

[–] grue@lemmy.world 1 points 1 week ago

I just upgraded my Proxmox to 9 last night, too!

...from 7, 'cause that's how long I'd been neglecting it. 😅

I've also been trying to get my old dual-Opteron server working again, after having abandoned it a couple of years ago due to what I thought was a bad motherboard (IIRC, it wasn't turning on at all). I was gonna buy a new motherboard since I happened to run across a cheap Ebay listing, but I decided to double-check the existing one first, and lo and behold, it booted!

Then I tried to update the ancient Proxmox on it from 6 to 7, and now it still turns on but doesn't successfully boot.

Also, I can't get it to boot from a flash drive for some reason, so I think I might have to take out the SSD, reinstall Proxmox on it from a different system, and then put it back in.