I love self-hosting software. Next to this Lemmy server, I host 10 other Fediverse servers. And of course a lot of tools I use for myself or work.

This is a great collection of scripts to create containers hosting popular self hosted utilities in Proxmox.

Right now it looks like you can only run lemmy in docker-compose, is there work on an official container?

Looking for help with moderation, I have my hands full administering this server ;-)

Requirements:

• Need to have read and agree with the rules (https://mastodon.world/about
• Need a little bit of time to keep an eye here

Hey all,

So I've been playing with Nginx so that I can reference my self hosted services internally by hostname rather than by IP and port.

I set some custom entries in my pihole, setup the proxies on Nxing, and boom. All is working as expected. I can access Jellyfin via jellyfin.homelab, amp via amp.homelab, etc.

I wanted to have all of these internally facing, because I don't really have a need for them outside of my network, and really just wanted the convenience of referencing them.

Question 1) If I wanted to add SSL certs to my made up homelab domain, how hard would that be?

Question 2) When accessing something like Jellyfin via jellyfin.homelab, all traffic is then going through my nginx VM, correct? Or is Nginx just acting as a sort of lookup which passes on the correct IP and port information?

Upload of around 40mbps

Self hosted software awesome list

Self hosted sysadmins awesome list

I have a spare laptop running Linux Mint. I would like to try running my own instance and sharing it with a few users to help out and for the experience. Below are the specs. Do you think it will be powerful enough, and if so, how many users would it be able to handle? I could restrict uploading of media if that would make a considerable impact.

Dell Inspiron 15-5000 CPU: Intel Core i5-5200U, 2 cores, 4 threads RAM: 8GB Storage: SanDisk SSD Plus 1TB

Hey all. Not sure if this is the right place to post this, please point me in the right direction if not:

So I only came here because of the exodus from reddit, but I'm pumped to see this community and all this technology people have been making. It's like a return to the old-school, user-operated internet instead of the big awful silos that have been dominating the landscape since the early 2000s. I'm in.

So quick question, are there plans or projects in the works for distributed hosting (making it easier for the users to take up the load of storing and hosting content so the instance operators aren't stuck with the hosting costs)?

I ask because I'd like to work on a project to implement this, as I feel it'd be a massive further step forward. I'm not sure though if there's anything existing I should be trying to get up to speed on or if I should be thinking in terms of starting my own project if I want to be working on it.

Over the next week or so I'm sure a lot of people are going to try spinning up Lemmy instances - I've certainly been looking at it.

Does anyone have any recommendations for a VPS provider / resource allocation?

From what I have read, it sounds like you're going to want a host that focuses on storage / bandwidth (at least if you are allowing image upload), but maybe those of you already operating an instance have a different opinion?

Ryzen 5900X, 64 gig DDR4-3200, 2tb ssd,10tb hdd and an RTX2070. Hosting Stable Diffusion, various llama.cpp instances with python bindings, jellyfin, sonarr, multiple modded minecraft servers, and a network file share.

Hi everyone,

I've been wondering about legal implications of self-hosting Lemmy. Isn't it universally required in many countries to moderate the content that you host publicly? What happens when someone posts something illegal on your instance and you don't won't to bother with being a mod and just enjoy the technical aspects of it?

Would love to hear your thoughts on this!

Hi all - So I posted about distributed hosting yesterday. I wrote up some thoughts on how I think it could work, and I'm planning to start work on it -- if anyone has feedback on my proposal, or wants to get involved to help, 100% let me know as I'd love to hear.

(Edit: removed the link from the URL field, as it pasted it unformatted into the post which is not productive. Click the link in the paragraph above if you want to read in an un-eye-crossing format.)

Hi all, just figured I'd put out there what I've currently got running, and see if there are any ideas on what else I can deploy.

Currently my haphazard "lab" consists of four old HP prodesk 400 clients that some office was tossing out. Originally I wanted to do more with virtual machines and playing around, but right now the main "functionality" is a Jellyfin instance for handling media. Since each box originally came with a 500gb hard drive (and at best there's only space for 2 full size drives inside), storage space is what's killing me right now.

So, as follows: Host1 (before I realised you could change the hostname to something cool): Setup running proxmox and truenas in a VM, should probably be more efficient to just put truenas bare metal, but originally I figured more VMS would be fun, and haven't been bothered to fix it

Artemis: the brains of the operation, running one Ubuntu server VM (again, really overestimated how many times I'd need proxmox), which in turn runs containers to handle Jellyfin, and a Minecraft paper server whenever I need it. All the storage is directly mounted in Ubuntu, which was a bit of a learning curve for fiddling with /etc/fstab

Citrus: Truenas core finally on bare metal. Makes up half of my media storage (2x500gb drives as separate volumes).

Ziegler: Spare storage box I spun up when I needed space to dump things. Running truenas scale (I saw Linux and started drooling, but still have no idea what I'm doing and if there's any real difference between core and scale for my use case). I keep it separate from the "Jellyfin boxes" right now, but will most likely end up roping it in if I run out of storage (currently too cheap to go out and buy 2tb drives just yet)

Any advice or ideas for other things I could deploy would be appreciated

Correct me if I'm wrong. I read ActivityPub standards and dug a little into lemmy sources to understand how federation works. And I'm a bit disappointed. Every server just has a cache and the ability to fetch something from another known server. So if you start your own instance, there is no profit for the whole network until you have a significant piece of auditory (e.g. private instances or servers with no users). Are there any "balancers" to utilize these empty instances? Should we promote (or create in the first place) a way how to passively help lemmy with such fast growth?

A simple question to this community, what are you self-hosting? It's probably fun to hear from each-other what services we are running.

Please mention at least the service (e.g. e-mail) and the software (e.g. postfix). Extra bonus points for also mentioning the OS and/or hardware (e.g. Linux Distribution, raspberry pi, etc) you are running on.

I'm playing around with my own instance of Lemmy but I keep getting a "websocket connection failed" error in my console. I'm having a really hard time understanding how to set up nginx for websockets - I'm more used to Apache and not familiar with WS at all. Is there documentation hiding somewhere that will help me set up my proxy forwarding properly?

EDIT: Solved! Check out my solution here: https://lemmy.world/comment/141648. Thanks everyone!

Hi All!

New to the Fediverse from the reddit exodus, I've gotten into Self-hosting around January this year and have been loving learning about Networks and how they are structured and communicate and I love the projects that come out of managing a home lab.

As I've built up my home lab, from a single node to 3, I've been trying to think of how to structure my network to segment it in such a way that my homelab is on its own segmented network, whether this be VLAN or separate LAN (though I've heard terrible things about double NAT), and have that whole segment of traffic be pushed through a VPN tunnel. Unless that is not necessary? Part of the reason I want to make this post is so that people who are around the same point in their home lab adventure who might have similar questions can come to this thread to discuss particulars about the manner at hand. I'll probably be structuring future questions in such a manner that allows people to discuss and nail down topics they may be struggling with wrapping their head around.

Back to my question, so let me give a better lay of the land. I am running Proxmox as my hypervisor on all these nodes, I have a generic ISP-provided router (ActionTek T3200 if interested in the model) that handles LAN routing and WiFi. Currently all my nodes are hard-lined to the router and I rely on proxmox default firewall atm, I haven't dug into how to properly configure any of that since I wanted a separate solution, not sure the security implications of just using proxmox's firewall so chime in if you know.

So all my nodes are hooked up to my router, but I have a Layer 2 switch I got for free (supports basic VLANs as well as some other basic features) and I want to configure my 3rd node to run OPNsense for my routing and VLAN tagging. The 3rd node will sit on the edge of the Router and the Switch, meaning Router connects to Ethernet port 1 on node 3 and Ethernet port 2 on node 3 connects to the switch and would be providing the LAN and internet access from my understanding. Node 3 will also be running a VPN tunnel to provide remote access as well as providing protection for my *Arr downloads. So the routing for my homelab should go from this:

Node 1, Node 2, Node 3 ------- ISP Router ------ Internet

to this:

Node 1, Node 2--Switch/Node3---ISP Router --Internet

Now my understanding is that structuring it in such a way means that if, for example, Node 1 which hosts my *Arr network were to pull a compromised download then its damage would only go as far as where the VLAN ends, ie would only affect my homelab network because its segmented in such a way that my devices connected to wifi would be unaffected.

I've just started to tinker around with configuring OPNsense when I got a sense for how to structure my network. I'm trying to virtualize it, which is a bit unconventional but not unheard of. I was able to spin up a VM running the installer and it gets through the install just fine but I am unable to reach the address provided. It's 192.168.1.1 which is off my IP range. This might be where I need a bit of help understanding, but shouldn't it give me an IP address that's in my Routers IP Range? Maybe not, maybe its a sort of DMZ type thing? I'm not all too familiar so give a shout if you know something. I am thinking that the WAN and LAN ports are just getting switched during install and I need to interrupt the install and manually delegate those ports and then I'll be able to connect? I haven't had some solid time to dig deep on this so I figured rambling on a forum with tech savvy individuals might at the very least provide me with some insight and more understanding.

So I suppose my question is what do you think of my thought process? Am I missing anything major in my understanding? How should you think about configuring your firewall and VPN? How do you setup VLANs to allow communication where necessary between VLANs and Wifi network? Apologies that this got so long, I was trying to keep it brief but also give enough info on my environment. Let me know if there's any questions. I'd also be interested in resources if my topics just point to needing a better understanding of networking generally. Thanks for your time

For those self-hosting a lemmy instance, what hardware are you using? I am currently using a small Hetzner VPS. It has 2 vCPU, 2GB RAM and 40GB SSD storage. My instance is currently just in testing with me as the only user, but I plan to use it for close friends or family that may want to try this out, but might not want to sign up for a different instance. My CPU and RAM usage is great so far. My only concern is how large the storage will balloon to over time. I’ve been up for ~20 hours and it’s grown to 1.5G total volume since.

I recently spun up my own lemmy instance and was wondering if I had to manually add other lemmy instances to the 'Allowed Instances' admin field, or if they are added automatically when someone searches for a lemmy instance?

I've seen a couple of instances around asking if it's possible to self host Lemmy fronted by Traefik, figured I can share my test setup with the community. This configuration is still in testing phase but seems to work in a federated configuration.

The Design

To run in an elastic and highly available way (where possible with my current hardware) I've opted to use Docker Swarm as it's one of the easiest ways to get started with multi-node deployment. There are a few limitations with Swarm and I'm planning on moving to a K3s cluster in the future.

For added protection I've chosen to front my services with Cloudflare for the time being, there's a definite tradeoff of privacy vs security here and since I'm not able to afford traffic scrubbing center and deal with any ISP issues for now it'll be used.

The Setup

A few prerequisites are needed for this type of deployment although I think it should be fairly easy to adapt it to a single node setup.

• Docker Swarm - 2x Manger nodes 2x Worker nodes
• NFS - TrueNAS, used to store LE certs and pictrs blobs
• Cloudflare'd domain - optional but makes life much easier
• PostgreSQL Database - A dedicated postgresql VM for persistent database

The Config

I'll skip some of the basic setup configurations since there are plenty of guides out there and focus on the docker compose files for the cloudflare, traefik, and lemmy stacks.

Starting with the simplest, you can follow any guide to create a new tunnel to use for this setup, the compose file should look something like this:

cloudflare/docker-compose.yml

version: "3.8"
services:
  cloudflare:
    image: cloudflare/cloudflared:2023.5.1-amd64  # always hardcode your versions to avoid unexpected changes
    deploy:
      mode: global  # in swarm we will deploy one instance per manager node (more nodes more redudnacy/LB)
      placement:
        constraints:
          - node.role == manager
    networks:
      - bridge  # a default created network allowing connectivity to the rest of the network (and internet to connect upstream)
      - traefik_dmz  # an overlay internal private network for LB'd services
    command:
      - tunnel
      - --no-autoupdate
      - run
      - --token=***  # replace with the token issued by cloudflare
networks:
  bridge:
    external: true
  traefik_dmz:
    external: true

important: Once you've created your tunnal add a public host pointing your-lemmy.domain to https://traefik and under TLS enable the No TLS Verify option. Since both cloudflare and traefik services are on a common network cloudflare can access the internal service VIP by calling traefik (matching the service name) traefik/docker-compose.yml

version: '3.8'
services:
  traefik:
    image: traefik:v2.10
    environment:
     - "CF_DNS_API_TOKEN=***"  # your cloudflare API token with zone read and DNS edit permissions
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8082
        published: 8082
        protocol: tcp
        mode: host
    deploy:
      mode: global
      placement:
        constraints:
          - node.role == manager
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik_dmz
        - traefik.http.routers.traefik-dashboard.rule=HostRegexp(`{subhost:your-hostname-pattern[\d]+}.homelab`)  # To access the dashboard you can use your hosts' FQDN pattern and access https://your-hostname-pattern1.homelab 
        - traefik.http.routers.traefik-dashboard.entrypoints=https
        - traefik.http.routers.traefik-dashboard.tls=true
        - traefik.http.routers.traefik-dashboard.service=api@internal
        - traefik.http.services.traefik.loadbalancer.server.port=8080
    command:
      - "--log=true"  # System logs good for debugging
      - "--log.level=WARN"
      - "--accesslog=false"  # Access logs good for debugging but so noisy
      - "--accesslog.format=json"
      - "--accesslog.fields.defaultmode=keep"
      - "--accesslog.fields.headers.defaultmode=keep"
      - "--accesslog.fields.headers.names.Authorization=drop"
      - "--api=true"  # enable for dashboard access
      - "--api.dashboard=true"
      - "--ping=true"  # enable for external LB health checks
      - "--ping.entrypoint=ping"
      - "--serverstransport.insecureskipverify=true"
      - "--global.checknewversion=false"
      - "--global.sendanonymoususage=false"
      - "--entrypoints.http=true"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.http.http.redirections.entrypoint.to=https"
      - "--entrypoints.http.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.https=true"
      - "--entrypoints.https.address=:443"
      - "--entrypoints.https.forwardedheaders.insecure=true"
      - "--entrypoints.https.forwardedheaders.trustedips=10.0.0.0/8"  # limit the x-forwarded-for header trust to your external LB 
      - "--entrypoints.ping=true"
      - "--entrypoints.ping.address=:8082"
      - "--providers.docker=true"  # This will allow us to auto detect configured services and forward traffic
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.swarmmode=true"
      - "--certificatesresolvers.cloudflare.acme.dnschallenge=true"  # LetsEncrypt using cloudflare DNS challenge
      - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.cloudflare.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.cloudflare.acme.email=your@email.address"
      - "--certificatesresolvers.cloudflare.acme.storage=/config/secrets/acme.json"  # you'll need to create this file ahead of time with chmod 600 perms
      - "--certificatesresolvers.cloudflare.acme.dnschallenge.delayBeforeCheck=42"
      - "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1,1.0.0.1"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro  # Needed in R/O mode to allow the docker provider to work
      - traefik_config:/config  # Local store for our LE certs
    networks:
      - bridge
      - traefik_dmz
volumes:
  traefik_config:
    driver_opts:
      type: nfs
      o: addr=your-nfs-ip-or-name,nolock,soft,rw
      device: :/path/to/your/nfs/export
networks:
  bridge:
    external: true
  traefik_dmz:
    external: true

lemmy/docker-compose.yml

version: "3.8"
services:
  lemmy-server:
    image: dessalines/lemmy:0.17.3
    configs:
      - source: lemmy.hjson  # A pre created static config file supported by docker swarm
        target: /config/config.hjson  # See https://join-lemmy.org/docs/en/administration/configuration.html
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == worker
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik_dmz
          # the following roughly translates to the Nginx config from the offical
          # doc at https://github.com/LemmyNet/lemmy-ansible/blob/main/templates/nginx.conf#L63
        - traefik.http.routers.leddit-api.rule=Host(`your-lemmy.domain`) && (PathPrefix(`/api`, `/pictrs`, `/feeds`, `/nodeinfo`, `/.well-known`) ||  Method(`POST`) ||  Headers(`accept`, `application/activity+json`) ||  Headers(`accept`, `application/ld+json; profile="https://www.w3.org/ns/activitystreams"`))
        - traefik.http.routers.leddit-api.entrypoints=https
        - traefik.http.routers.leddit-api.tls=true
        - traefik.http.routers.leddit-api.tls.certresolver=cloudflare
        - traefik.http.routers.leddit-api.tls.domains[0].main=your-lemmy.domain
        - traefik.http.services.leddit-api.loadbalancer.server.port=8536
    networks:
      - traefik_dmz
      - bridge
      - app
  lemmy-ui:
    image: dessalines/lemmy-ui:0.17.3
    environment:
      # this needs to match the hostname defined in the lemmy service
      - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy-server:8536
      # set the outside hostname here
      - LEMMY_UI_LEMMY_EXTERNAL_HOST=your-lemmy.domain
      - LEMMY_HTTPS=true
      - NODE_ENV=production
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == worker
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik_dmz
        - traefik.http.routers.leddit-web.rule=Host(`your-lemmy.domain`)
        - traefik.http.routers.leddit-web.entrypoints=https
        - traefik.http.routers.leddit-web.tls=true
        - traefik.http.routers.leddit-web.tls.certresolver=cloudflare
        - traefik.http.routers.leddit-web.tls.domains[0].main=your-lemmy.domain
        - traefik.http.services.leddit-web.loadbalancer.server.port=1234
    networks:
      - traefik_dmz
      - app
  pictrs:
    image: asonix/pictrs
    environment:
      - PICTRS__API_KEY=***
    user: 991:991
    volumes:
      - pictrs_data:/mnt
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == worker
    networks:
      - app
configs:
  lemmy.hjson:
    external: true
networks:
  app:  # a stack specific network for limited communication scope (only services on this network can connect to pictrs)
    internal: true
  traefik_dmz:
    external: true
  bridge:
    external: true
volumes:
  pictrs_data:
    driver_opts:
      type: nfs
      o: addr=your-nfs-ip-or-name,nolock,soft,rw
      device: :/path/to/your/nfs/export

Since we have multiple manager nodes you can deploy HAProxy and load balance across the manager nodes to their traefik instances using /ping for health checks and a split DNS on your local network to reduce Cloudflare traffic. Using another LE certificate on HAProxy and exposing it externally will allow you to bypass Cloudflare all together if/when is needed.

I hope this little(?) guide will be helpful.

Curious if anyone is working on the codebase for Lemmy. I'm sure we all see a few places where it could use some love.

The main repos are:

• https://github.com/LemmyNet/lemmy
• https://github.com/LemmyNet/lemmy-ui

Personally, I've been working on a few small things for docs.

PS: Here's a pretty easy ticket to jump on if you want to get started :) https://github.com/LemmyNet/lemmy-ui/issues/1214

There is also a dev chat in their Matrix space: https://matrix.to/#/#lemmy-space:matrix.org

All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.

I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.

I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don't know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.

Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?