1
11

cross-posted from: https://lemmy.world/post/14180956

Hello all you lovely people!

I'm trying to figure out if I can port forward to different servers based on the destination domain.

I have a domain with a wildcard cert and I'd like to be able to route all traffic headed towards "1.domain.com" to a server I'm calling "1". I'd still like traffic headed to domain.com to go to where it's currently going, we can call this server "0", and to be able to have a 2.domain.com or 3 or 4 in the future.

I thought that having a port forward rule with: interface: WAN Protocol: any source: any destination: a url alias including 1.domain.com redirect target ip: local ip

Would work, but it doesn't seem to. Any tips?

2
19
submitted 17 hours ago by Kwa@derpzilla.net to c/selfhosted@lemmy.world

I’m trying to improve the power consumption of my NAS. The 2 (7200 rpm) HDDs I had were using 15W at idle and 5W when spun down. I’m reading a lot of conflicting information about what is lower power between HDD, SSD and NVMe SSD. Eventually I started looking at SATA SSD (please let me know if this is not the most power efficient)

I found this site that shows a benchmark of different SSDs and their average power consumption. I was about to go with WD Red but then I found a YouTube video saying I shouldn’t go with WD for a NAS.

Can you tell me what brand or model you’re using in your homelab that’s power efficient? Ideally I would like 4TB SSD.

Thanks!

3
43
submitted 21 hours ago* (last edited 10 hours ago) by Tinnitus@lemmy.world to c/selfhosted@lemmy.world

I have been exploring the world of home servers/self-hosting for a little over a year now, and feel like I have at a decent understanding of a lot of things that go into this. The one thing I am not remotely comfortable with yet is networking. It's like a foreign language to me.

What are some good resources or projects that I could work on to help me develop a better understanding of this? Or, what helped you advance your networking knowledge? I have an UnRaid machine and a Raspberry Pi 4 (8gb) at my disposal (for any project recommendations). Current router is ISP provided, so nothing fancy.

4
26

I want to reset my server soon and I'm toying with the idea of using a different operating system. I am currently using Ubuntu Server LTS. However, I have been toying with the idea of using Fedora Server (I use Fedora on my laptop and made good experiences with it) or even Fedora CoreOS. I also recently installed NixOS on my desktop computer and find the declarativeness pretty cool (but I'm still a complete beginner) and could imagine that it would fit well into a server setup.

I have quite a few services running on my server, such as Nextcloud, Conduit (Matrix), Jellyfin, etc. and all in containers. I would also rather not install programs without containers, because 1. compose is super easy to maintain and set up, 2. it remains very clear with containers (and compose) and 3. I believe that containers are more secure. But since I also want to make the services inside the containers available, I currently have Nginx installed as a reverse proxy (not in the container, but on the system) and always create certificates with certbot so that I can use HTTPS encryption.

In the paragraph above I actually described exactly the use-case of Fedora CoreOS, but I have no experience with the system and how it works. That's why I'm still a bit hesitant at considering the OS at the moment. I can imagine that NixOS with its declarative nature seems well suited, since, as I have heard, you can configure containers as well as Nginx and with Nginx also https certificates declaratively. But I could also use a base system like before (Fedora Server or Ubuntu Server) and simply install podman, nginx and certbot and manage everything that way.

Have you had any experience with Fedora Server, Fedora CoreOS, NixOS or a completely different operating system for servers and what are/were your impressions with this setup? Or do you just want to share your knowledge here? I would be delighted.

5
16

In my home network, I'm currently hosting a public facing service and a number of private services (on their own subdomain resolved on my local DNS), all behind a reverse proxy acting as a "bouncer" that serves the public service on a subdomain on a port forward.

I am in the process of moving the network behind a hardware firewall and separating the network out and would like to move the reverse proxy into its own VLAN (DMZ). My initial plan was to host reverse proxy + authentication service in a VM in the DMZ, with firewall allow rules only port 80 to the services on my LAN and everything else blocked.

On closer look, this now seems like a single point of failure that could expose private services if something goes wrong with the reverse proxy. Alternatively, I could have a reverse proxy in the DMZ only for the public service and another reverse proxy on the LAN for internal services.

What is everyone doing in this situation? What are best practices? Thanks a bunch, as always!

6
37

cross-posted from: https://infosec.pub/post/10908807

TLDR:

If I use SSH as a Tor hidden service and do not share the public hostname of that service, do I need any more hardening?

Full Post:

I am planning to setup a clearnet service on a server where my normal "in bound" management will be over SSH tunneled through Wireguard. I also want "out of bound" management in case the incoming ports I am using get blocked and I cannot access my Wireguard tunnel. This is selfhosted on a home network.

I was thinking that I could have an SSH bastion host as a virtual machine, which will expose SSH as a a hidden service. I would SSH into this VM over Tor and then proxy SSH into the host OS from there. As I would only be using this rarely as a backup connection, I do not care about speed or convenience of connecting to it, only that it is always available and secure. Also, I would treat the public hostname like any other secret, as only I need access to it.

Other than setting up secure configs for SSH and Tor themselves, is it worth doing other hardening like running Wireguard over Tor? I know that extra layers of security can't hurt, but I want this backup connection to be as reliable as possible so I want to avoid unneeded complexity.

7
17

Hey there!

So, I've accumulated a ton of courses and tutorials over the years - everything from photography to cooking to music mixing and mastering, DIY, gardening, you name it.

I've been trying to keep everything organized with Jellyfin, but honestly, it's a bit of a hassle to navigate through all my content and find what I need.

I'd love to find something with a user-friendly interface where I can easily sort, organize, and tag all my courses and videos.

I've been searching high and low for a solution these past few days, but haven't had much luck. Any suggestions?

Thanks in advance for your help!

8
36

Is anybody self hosting Beeper bridges?

I'm still wary of privacy concerns, as they basically just have you log into every other service through their app (which as I understand is always going on in the closed source part of Beeper's product).

The linked GitHub README also states that the benefit of hosting their bridge setup is basically "hosting Matrix hard" which I don't necessarily believe.

9
12
submitted 1 day ago* (last edited 1 day ago) by raldone01@lemmy.world to c/selfhosted@lemmy.world

I have a static ip (lets say 142.251.208.110).

I own the domain: website.tld

My registrar is godaddy.

If I want to change my nameserver godaddy won't allow me to enter a static ip. It wants a hostname. I observed that many use ns1.website.tld and ns2.website.tld.

I don't understand how this can work because ns1.website.tld would be served by my dns server which is not yet known by others.

Do I need a second domain like domains.tld where I use the registrars dns server for serving ns1.domains.tld which I can then use as the nameserver for website.tld?

I would like to avoid the registrars nameserver and avoid getting a second domain just for dns.

Thank you for your input.

10
25

The goal is actually that I'm able to hook my ticket tracking system (I'm using Zammad) to various ToDo lists I can expose to other people. I'm happy to write middleware to make that work, but I don't want to write a whole ToDo app.

Needs to be able to track multiple lists that can be shared in a granular way (I want to share some lists with some people and other lists with other people).

11
69

So long partner...

Any recommended alternative?

12
52
submitted 2 days ago* (last edited 2 days ago) by Sunny to c/selfhosted@lemmy.world

Hiya, just got NPM installed and working, very happy to finally have SSL certs on all of my serivces and proper URLs to navigate to them, what a breeze! However, as I am still in the learning process: I am curious to know when to enable these three toggles and for what services. I assume the "Block Common Exploits", can always be turned on. But unsure about the two others. Some applications have not worked until I turned on the Websockets Support, but I dont really know what it does, nor do I know what applications need this in order to fully work. Are there any thumb rules for these things?

Appriciate any pointers! 🌻

13
175
submitted 3 days ago* (last edited 3 days ago) by lightrush@lemmy.ca to c/selfhosted@lemmy.world
14
244

Hi! For the ones of you that use Trello, I made a simple to use and host alternative in PHP. It's not a complete alternative like other projects, and I mainly made it to be able to host it on free PHP web servers while having control over data/attachments. It also support a basic importer for Trello JSON exports.

I'm hosting a test instance here, you can make an account to try it out (no email required):

https://trytarallo.altervista.org/

And the repository with other instructions is here:

https://github.com/michelematteini/tarallo

15
16

I've been using some cheap flash drives for things like installing OSs and the like, but now I've picked up a Dell Wyse 3040 system to play with which only has 8gb of storage. So I'm installing the OS onto a flash drive permanently (don't worry, just for messing with, nothing of value will be lost if/when the drive craps out).

However, the performance of my cheap flash drive is terrible and installing packages & transferring files is so slow. My question is: Would getting a better drive make a meaningful difference here? If so, anyone have some recommendations of drives they like that are fast?

16
16

I want to host a small game server for friends and myself in my home but doesn't want to open up the firewall. Any tunneling solutions supports UDP? Thnaks.

17
24
Microbin (github.com)
submitted 3 days ago* (last edited 2 days ago) by sabreW4K3@lazysoci.al to c/selfhosted@lemmy.world

Anyone got any experience of installing this? It keeps telling me it doesn't have permission to write the compose file and when I try the installer as a super user, it throws an error.

Edit: I give up on it. It's not loading and since getting it installed was such a pain in the neck anyway, I'll just take it as we're not fated. Thanks all for the help.

18
26

A lot of my friends use partiful for event planning. Is there any open source or self hosted alternative to it? I checked alternative to and couldn't find anything, even alternative to evite or the like seems lacking.

19
59
submitted 3 days ago by freddo@feddit.nu to c/selfhosted@lemmy.world

Just for fun, a few associations I'm part of want to set up our own IP-phone network, with our own phone numbers and such.

  • Is this possible?
  • How would one go about doing this?
  • Does it have to be it's own separate network or can it work via the internet without special setup beyond a public IP?
20
8
submitted 2 days ago by Sunny to c/selfhosted@lemmy.world

Hiya!

I've just setup FreshRSS and subscribed to a few feeds I like, and while FreshRSS is great for doing heavy lifting on the backend side of things, I'm not 100% pleased with the frontend side of things. Some articles are loading the full article, while others are loading half or a third, having me to either scroll a lot or click to open more. This left me wondering if there are any good clients that can connect to FreshRSS? I have Read You on Android, but I mostly consume my news on my PC/Laptop. Is it best to try to tweak FreshRSS or do you have any recommendations for frontends?

Lemmy know! 🌻

21
7

Hi a friend of mine is using self hosted nextcloud (All In One 28.0.3) with microsoft office. to syncronise calendars, I installed caldav. the connection works properly but all the calendars show up in the same colors and all the calendars are shown, not possible to hide some of them. any ideas?

22
24
submitted 3 days ago by WbrJr@lemmy.ml to c/selfhosted@lemmy.world

Hi! I know this is a kind of dangerous topic to ask :D And I am sorry this got so long.

I plan on building my own little home server. Currently I will mostly use it for nextcloud, maybe some other stuff, like git. I would like to be able to access nexcloud or git from outside my home (yes, i actually go outside sometimes.. dont know why though). I will run docker and portainer on a pi5 (i guess its enough for one person) and I have 4x4tb disks. I currently plan on creating a software raid 10 with the disks to get 8tb of storage.


I have two types of disks, a new set of ironwolf and a used set of wd 24/7 drives. How would you arrange them? Put both from one type in raid 1 or mix both types in raid 1? I just heared about LVM. Would you recommend to put that on top of the raid? I dont know If i plan to change the storage setup, but doubt it currently. Im not shure if ZFS would be a better solution for me, but it seems unneccesserry at the moment.


I dont quite know what i should search for to find a solution about accessing the services from outside. I would like to avoid a (wireguard) vpn so i can log in on a different device without setting it up, or that i can connect to the vpn at work or uni and still be able to use my nextcloud data. So dyn dns with portforwarding seems to be the only option. But I am a little afraid to open up my home network to the outside like this, without another protection like a login. I know nextcloud has that, but im not shure if that is enough or what can be seen and accessed from the outside if i use ddns and port forwarding.


For backups I plan on using dublicati and storing the backups encrypted to either pcloud (would need to by, additional cost..) or a server at a friends or my dads house. But with the second solution I am not shure how I would create a tunnel to their server, so its secure for both of us. He has a static ip, so no ddns needed. Maybe here would be a wireguard tunnel be best? My dad does not have a static ip but would create a wirequard vpn for me with MyFritz (avm ddns service). Any thoughts on that? I would create a disk image of the completed os (the sd card..) once the services are running, so i can revert if something breaks. I guess a manual image is enough after the setup, because the docker containers reset anyways on restart, right?

Thank you so much, I am greatefull for every advice!

23
26

Hi guys! I'm going at my first docker attempt...and I'm going in Proxmox. I created an LXC container, from which I installed docker, and portainer. Portainer seems happy to work, and shows its admin page on port 9443 correctly. I tried next running the image of immich, following the steps detailed in their own guide. This...doesn't seem to open the admin website on port 2283. But then again, it seems to run in its own docker internal network (172.16.0.x). How should I reach immich admin page from another computer in the same network? I'm new to Docker, so I'm not sure how are images supposed to communicate within the normal computer network...Thanks!

24
46

TL;DR: is there an app that can alert me when a new version of some other app is available?

I have about 12 - 15 services (freshrss, heimdall, photoprism, Wordpress, etc) running using docker compose spread across 4 hosts. Through my self-hosting journey I’ve been burned a few times using “latest” images so I now pin app image versions within compose.

The problem then becomes that every couple of weeks, I have to go out to different GitHub’s, docker hub, etc. to see if a new update for that service is available. It gets a bit tedious with 12-15 services every couple of weeks so I need a centralized and more efficient way of “keeping up”.

Is there some type of app that can track whether an app/service has a new version available? Ideally it can send me some type of notification, self-hostable, and ideally not Portainer?

25
85

I had an issue recently with getting FileBrowser to run and while researching that, I found this tool which creates a docker-compose.yml file from a docker run command. It worked well for me, so I am passing it along to you all. I hope someone else finds this helpful.

(Not my tool / site, to be clear)

view more: next ›

Selfhosted

36359 readers
335 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 10 months ago
MODERATORS