What security practices would you recommend?
Hi, I'm very new to this and a few days ago I was watching a Youtube video about someone's server and he mentioned how a lot of people don't know how to secure their home servers. I currently only have a Pi-hole with Unbound on my Ubuntu server, but want to keep adding stuff. The thing is, I don't want to have sensitive information/files in an unprotected server because of my own negligence, so, as the title says: what are some basics about server security you would mention to someone new to the world of self hosting? Thanks!
https://redd.it/1apdsx2
@r_SelfHosted
Getting reported as dangerous site in google
Hi all,
Long time lurket, first poster. I have been home labbing for years, first as all round computer engineer and later getting more into development and private and public cloud. These days working as a solution architect/enterpris architect but I just can't stay away from tinkering with stuff and running my own setup (as a background). I like to learn new stuff and test new software to keep up with the fast development.
Current setup:
On bare metal hosted servet externally at a famous local hoster.
One local bigass Linux box with docker.
Traefik setup with *.host. myvanityname.ext per host and then some *.myvanityname.ext. Users are my family and couple of close friends and family. Usual stuff like emby, grocy and some other stuff i host for them. I use Let's encrypt DNS wildcard SSL for it and a friend gets *.sub.myvanityname.ext.
In recent months, several of those dns names have been picked up by google as dangerous site (big ass red worning if you try to access it, with emby really standing out (also most used to be honest). Has anyone has experience with that happening and possible reasons? I secured the setup further for as much as I could and was monitoring to check if maybe one of the community plugins was dodgy but nothing stands out and I am a bit at loss to be honest 😬 Any good ideas?
https://redd.it/1apdqnc
@r_SelfHosted
Netmaker quietly killing their free tier. Go figure
I got an email today stating they'll be killing the free tier. Not certain it means they're killing self hosting but I doubt there'll be resources put towards it in the future.
No blog post or update on the website about either.
https://redd.it/1ap3gp6
@r_SelfHosted
My dashboard, now with descriptions
https://redd.it/18xgcsu
@r_SelfHosted
Introducing Recipya: The Clean Recipe Manager
Hello everyone! I am pleased to finally show the world Recipya, the recipe manager software I have been working hard on since my first commit in May 2021. You might wonder why another recipes manager when we've got Tandoor, Mealie, Paprika, Grocy, Cooklist, Grossr, and a *whole lot more*? The answer is simple: none of them satisfied my needs. Either they weren't free and opensource, had too many features I did not need, their frontend was slow, or they were too hard to install. Although I do have to admit Tandoor recipes is the king after having discovered it a few months back.
And thus I started this ambitious project in Go. The goal was to create a simple, clean and powerful recipe manager my whole family can enjoy. As with every other such solution, you can add recipes to your ever-growing collection of recipes, create cookbooks, view and print recipes. One big feature that Recipya from the others is its measurement systems module. Essentially, the software can convert all new recipes to your preferred measurement system, either the insatiable imperial or the mighty metric. Gone are the times when you convert all your teaspoons and cups to grams. Another powerful feature is the website scraper. Most other solutions are written in Python and thus use the hhursev/recipe-scrapers package to import recipes from around the web. As there are none written in Go, I decided to create my own from scratch. It is extensively-tested and fully supports 264 websites at the time of this writing. Another cool feature of Recipya is the automatic calculation of the nutrition facts per 100g when adding a recipe. Check out the feature tour to learn everything the software can do.
Please give it a try! No worries if this software isn't for you :) The easiest way is to try the demo. Other ways include installing the v1.0.0 release locally or with Docker. You can follow the installation instructions.
And this marks the beginning of Recipya's journey. Contributions are encouraged and welcome. The roadmap is available here. Thank you!
https://redd.it/18wy55c
@r_SelfHosted
Vultr or DO or Linode
I want to use appwrite selfhosted as my app backed.
Based on your experience what is the best between these to host my server(Vultr ,Digitalocean, Linode)?
Im expecting a high load and requests from my app.
https://redd.it/18wud3b
@r_SelfHosted
eBook reader/server with note taking?
I've been using Kavita to read some ebooks recently, but the bookmark feature doesn't work like I thought it would. I'd like to highlight certain lines and store them with links back to said lines for use as quotes or reference later. Like dogearing a page with highlighted sentences in it.
https://redd.it/18wnm6c
@r_SelfHosted
VPN kill switch: how to do it on Linux
I wanted to implement a 100% reliable VPN kill switch for my IoT devices: prohibit any outgoing traffic when a VPN is not active. After doing quite a bit of research I found a solution that uses Linux policy-based routing. This works for OpenVPN and Wireguard, and should also work for any VPN that uses exactly one port for the communication. The local traffic is not affected by
the switch.
Hope this helps someone configure a VPN kill switch for apps/IoT devices/etc. There is also a section about Linux policy-based routing which is useful on its own.
If you plan to try this on the router, please make sure to test it first and then enable on boot :-)
https://staex.io/blog/vpn-kill-switch-how-to-do-it-on-linux
https://redd.it/18wnu2r
@r_SelfHosted
UPDATE: OneUptime - Self Hosted StatusPage.io + Incident.io + Loggly alternative.
OneUptime (https://github.com/oneuptime/oneuptime) is the open-source alternative to StausPage.io + UptimeRobot + PagerDuty. It's 100% free and you can self-host it on your VM / server.
NEW UPDATES: Here are some of the updates since I last posted on this subreddit.
\- Log Management is launched! You can now use OpenTelemetry to store logs in OneUptime. We're also adding fluentd support soon so you can ingest logs from anywhere.
\- We're now working on Traces and Metrics more APM features coming soon.
\- After hearing feedback from this community, we're in the process of merging all of 20 different oneuptime containers into one so it's easier for people to self host and takes a lot less resources. This is already midway and should be complete by end of Feb.
\- Docker Compose file is in the repo and Its now on ArtifactHub: https://artifacthub.io/packages/helm/oneuptime/oneuptime and you can try it out on your K8s clusters.Looking forward to hearing what you all think!
\- We hear you! Please let us know what features you're looking for and we will build it for you.
https://redd.it/18wmx16
@r_SelfHosted
Visualize Data from any source?
Hello,
my first post here. I am pretty new to selfhosting stuff, despite beeing in IT (systemadministration) for almost 10 years now.
Currently I have a small proxmox server (Intel N6000 based mini PC) and have a new goal:
I want to host a platform/dashboard where i can visualize and play around with data from various sources like APIs, Databases or simple csv/txt files.
My project: I am wearing a garmin fitnesstracker for around 5 years now and i want to show the changes of metrics over the last years in a Dashboard (i.e. steps / week, kilometers run / weeks etc)
I am thankful for any kind of input i get from you guys.
Have a great 2024 and thanks a lot!
https://redd.it/18wkwuo
@r_SelfHosted
Files on demand Android to SMB shares (or webdav)
I currently sync select folders to and from my home nas over Tailscale via the (awesome) FolderSync android app. Great solution to push new DCIM content to my NAS automatically and also 2-way sync my Documents folder for easy access from mobile.
FolderSync is great for setting up folder pairs in simple relationships like this.
However I'm curious if any SMB sync apps also include a browser functionality with the ability to cache recently access or pinned files (like Files On Demand in OneDrive / SharePoint / Google Drive).
I believe SeaFile and Nextcloud both offer functionality like this but would love to keep the server side drop dead simple as it is with pure SMB shares accessed over Tailscale. I'm not opposed to switching to a webdav client if that makes this easier.
Any thoughts or other simple alternatives here?
https://redd.it/18wj1dc
@r_SelfHosted
WireGate v0.1.6-beta-spore
https://github.com/NOXCIS/Wiregate/releases/tag/beta-hydra
https://redd.it/18wh152
@r_SelfHosted
SMTP to Gotify
Hi,
I am using Gotify to receive notifications from services like Watchtower, Radarr, Sonarr... have something to say. But I also have some services that don't have this feature but can send notifications to an SMTP server. I can set an SMTP server but that seems like a big solution just for receiving a few notifications a week. Is there a tool that would allow me to translate SMTP requests to Gotify or a similar tool so I can get notified by services like Authentik ?
Thanks in advance for any recommendation
https://redd.it/18wdseq
@r_SelfHosted
Do you ever run out of (photos) cloud backup storage?
I recently got an alert that I was maxing out the storage space in the cloud backup I use (C2). My question is photos/video specific because most of the space is caused from an influx of photos from traveling around the US over the past year . While I could increase to the next tier, this obviously costs more money. Do you just increase your storage and backup space when you start running out of space? Do you clean and prune your old photos to remove duplicates/unwanted ones? Do you run them all through a compression algorithm? What do you do?
https://redd.it/18w6eeq
@r_SelfHosted
Jellyfin+NPM+Authentik
This post could easily have been best made in r/jellyfin or r/npm or r/authentik but r/selfhosted is a good cross section of the three I think.
Like many I've got a JF server with it's entourage of arrs and such. It's all sitting behind NPM with authentik working security. Specifically jellyfin doesn't stream right thru NPM+Authentik normally so I've got an ldap outpost in authentik that does login duty for JF and the default Authentik outpost for other services.
This all works well but I've continued to have a few questions I wonder if anyone has answers to:
a) Is there some way to have authtik pass the username/password on to whatever service (ombi, navidrome, etc....) such that someone doesn't have to first log into authentik then into the service? I know I can do something that looks like this for any app that uses LDAP but Jellyfin is the only app I want to setup that has an ldap option.
b) I wonder if someone could point me at how to use NPM streams to provide connections to non html apps (like the jellyfin media player app) that still includes a secured connection? Said another way, I've played with streams and I can set up so that I can log in with the JF app on my phone just fine but then the connection is unencrypted. Seems like this is what streams are for but I've been unable to find much good info.
​
https://redd.it/18w4xer
@r_SelfHosted
My Overkill In-Depth Settup
https://redd.it/1apfcas
@r_SelfHosted
Question what is the best configuration of a DDNS?
Hi self-hosters
I am a networking noob, but I want to expose my self-hosted application to be remotely accessible. I am aware there are multiple options, but I am considering DDNS and wondering how to best configure it? Meaning which device to place the DDNS on? The router with ports’ forwarding configurations? the application server? and what is the pros and cons for each?
Any guidance or pointer would help.
Thanks
https://redd.it/1ap8k6j
@r_SelfHosted
Self-hosted Python news sender script to Kindle
Hi everyone !
As the title suggests, I have developed a Python script that will read a list of RSS news that is given by user as input, package them as a MOBI/EPUB file, and then send it to kindle via it's mail address. It does so using Amazon's whispersync with the desired custom frequency (for example at the same time everyday). The script was initially developed by model-map and posted in this subreddit, however he removed the repo and the code was limited to MOBI and hard to use.
Given that Amazon discontinued sending MOBI files via mail, I have altered the script and bundled it as a docker image such that other users may use it via simple docker CLI. For emailing, it uses SMTP. I have added support both SSL (gmail for example) and TLS (gmx for example).
Repo link with more details: https://github.com/gabrielconstantin02/news-sender-kindle
If you are interested in using it/contributing, check out the readme file or feel free to contact me. Hope it helps :)
https://redd.it/1aoz6pv
@r_SelfHosted
Introducing Teemii 😸 - A Reader, A Downloader, and A Manga Management Tool!
​
https://preview.redd.it/mt010yb7j3ac1.jpg?width=2991&format=pjpg&auto=webp&s=1b249efb09f6483725103cda3bdc8f7083e53a67
Hello Reddit! First of all, my best wishes to you all!
I don't know about you, but I've always found it hard to adapt to the different applications/sites for managing and reading manga. That’s why I crafted Teemii, envisioning a more functional, simple, yet comprehensive solution. I wanted Teemii to be more than just a tool, I wanted it to be a truly personal, visually appealing and comprehensive platform for manga fans.
What Makes Teemii Unique?
Of course, there is still a lot of work to be done, and Teemii is far from perfect. But it seamlessly integrates library management, reading, download and metadata into a single experience. It's designed to be both easy to use and aesthetically pleasing.
Key Features of Teemii
All-in-One Platform: Manage your library, read, and download manga all from one place.
Elegant User Interface: Enjoy a visually appealing platform that makes manga management a delight.
Powerful Suggestions: Discover new titles with Teemii's focus on suggesting fresh content, tailored to your preferences
Download Teemii
Teemii is open-source and can be build from Github
The Docker images are available here: [docker hub](https://hub.docker.com/repositories/dokkaner)
You can find some help here: https://docs.teemii.io/
​
Join the Teemii Community
Have thoughts or feedback? Don't hesitate to ask here or at: https://github.com/dokkaner/teemii/discussions
​
A Final Word
This launch is an important step for me. It's a side project that I've been working on for a long time, initially out of curiosity, but in which I've invested a lot. What's more, I'm preparing a lot of features in the next releases. In the meantime, I would love some feedback, so let me know if you have any concerns so I can fix and/or improve this project.
PS: Teemii is actually the name of my cat. Like many of us, I sometimes worry that he might leave sooner than expected. Giving his name to this project is my way of immortalising him in some way. 🐱
https://redd.it/18x1l9p
@r_SelfHosted
Sharing some PI alternatives for those who dont want to spend a lot (VIM1S, Le Potato)
https://www.youtube.com/watch?v=aKmKo_Ua7rQ
https://redd.it/18wuhjq
@r_SelfHosted
So is Immich stable enough to use now? I've been seeing a lot of threads about breaking update changes
I currently use PhotoPrism for my last 15 years of photos/videos which I'm fairly satisfied with. I honestly just rarely look at photos older than what's also stored on my iCloud Photos (last 3 years) so my main priority is just being my main backup source.
So I used an app called PhotoSync to automatically sync photos to my Unraid server in the background, but I've been having issues with it for the last few months. I can do a work around of syncing to my desktop manually, then moving the files to my server, but it's not ideal.
Anyway, I'm thinking of switching to Immich because it has an app for backing up photos and people seem to prefer it over PhotoPrism. Plus I'm not crazy about PhotoPrism's model of paid features on a self hosted app.
However, I keep seeing threads about breaking changes in the new update so I've been avoiding trying it.
- My main question: does it seem like those changes are over and it's worth switching to now? Or should I wait?
- As an aside: I prefer to store my files as \YYYY\YYYY-MM-DD_HH-MM-SS.ext
, can Immich support my existing files and continue to store in that format? I'm seeing it seems like it was added in v1.79.0 but it's still a bit unclear to me.
- Also: I'm hoping I could also move my hundred or so PhotoPrism albums to Immich, I found this tool anyone try it with any success?
https://redd.it/18wrz3k
@r_SelfHosted
Monitoring Indoor Air Quality with Prometheus, Grafana and a CO2 Sensor
https://itnext.io/monitoring-indoor-air-quality-with-prometheus-grafana-and-a-co2-sensor-6c7fb73f6048
https://redd.it/18wp6kq
@r_SelfHosted
Is this the correct way to backup with rsync?
I edited cron file on a headless Debian server, to back up my entire computer to a Synology NAS on my same network
0 2 * * * rsync -ax / --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} USER@LOCAL_IP:/volume1/BACKUP/SERVER>
Am i doing something wrong? I just want to have full backup of my server, in case internal disk die.
https://redd.it/18wlmw5
@r_SelfHosted
Best AM4 motherboard for home server?
I'm not sure if this is a good place to post this, but I'll give it a shot. I'm working on building a home server and I plan to repurpose some old hardware that I have laying around. Currently I have a Ryzen 3700x and 16 gb off ram, but no motherboard. I mostly plan to use the server for jelly fin and a nas with about 6 hard drives. I also want to play around with VM's and dockers. I'm trying to do the whole thing on a budget so I'd like to keep the motherboard under $150, but I'm willing to spend more if necessary. What would be a good motherboard with plenty of sata ports and pcie lanes? Also how important is a graphics card for what I'm doing? I have a 2070 super I could use, but if that would be over kill I'd rather use it for something else and get something like a gt710 just to get a video output.
https://redd.it/18wkt54
@r_SelfHosted
Sophos Free Firewall Home Edition
Anyone using it? Good? Bad? Downsides?
https://redd.it/18wezwc
@r_SelfHosted
Cloudflare Tunnel and VPN Questions
Hello all, I have a somewhat unique setup that I'm trying to run, and I'm hoping some folks here can help me hash out what I should do here. Here's the end result that I want, and what I have, and then the solution I'm trying to use that may or may not work.
Have a server at home with a static public IP address. I want to protect that IP address at all costs (well, not really all costs -- I'm broke AF). With that in mind, I'm providing two services:
1. Public gaming servers for my community using Pterodactyl.
2. VPS services using Proxmox.
ProxMox will be my main OS on this server, Pterodactyl will be a Guest VM on ProxMox, and VPS servers will sit along side Pterodactyl (but not communicate with at all). I want each game server within proxmox to have its own subdomain hosted through cloudflare tunnel. I think this portion may be relatively simple to do as I only need each tunnel to use a specific port or specific ports.
The difficulty I'm finding is properly securing these VPS servers I'm providing. I want to use cloudflare tunnel, but I don't want the customers to be able to manipulate or change the files for the cloudflare tunnel on their machines (if I installed it on their machines directly in the first place).
​
Ideally, I would prefer to have cloudflare tunnel working within ProxMox itself, and each server has a subdomain assigned to it and it acts sort of like a blanket VPN for each server. The customer will be able to use ports like 80/443/22, etc standard and nonstandard without worry that another VPS may already occupy that port number (avoiding collisions) and if they attempt to find their public IP they'll be met with a public IP address provided by cloudflare, and not my public IP address.
I also have a Linode Server setup specifically with the purpose for creating an OpenVPN service directly to ProxMox through my PfSense firewall. My head is swimming with everything I'm trying to do here, and I really could use some other minds to sift through this for me and offer either some changes or some other solutions that could make this work for me.
https://redd.it/18wftrz
@r_SelfHosted
Advice on setting up HA on a Ubuntu server
I am current running a version of Windows on a "server" and have recently installed ubuntu server, as I am working on learning more about Linux.
On my Windows server, I have a VM running Home Assistant and I am wanting do move it over to my Ubuntu instance.
From my research, I cannot use HA in a docker, because I am wanting the supervised version of HA. So I was going to use Proxmox to install a new VM, but it sounds like I cannot do that either.
Looking for input for the best way to run HA with the new setup I am wanting. If setting up HA on a Pi is the best option, that is ok, just want to check before I go that route.
https://redd.it/18wb70p
@r_SelfHosted
Switch and WAP for 10Gbe Homelab with Proxmox
Happy new year everyone!
I’ve got some refurbished SFF PC which I want to use as homelab. I’m running Proxmox on bare metal. I’ve already added/upgraded some parts.
HP EliteDesk 800 G5 SFF (Specs: https://support.hp.com/us-en/document/c06403210)
CPU: Intel Core i5-9500
GPU: Intel UHD Graphics 630
PSU: 250 W (80 PLUS Platinum)
SSD: Crucial P3 M2 NVMe SSD (2 x 2TB)
SSD: Crucial MX500 SATA SSD (1 x 500GB)
HDD: Seagate Exos X18 (2 x 16TB)
RAM: Crucial Pro RAM DDR4 2666 (4x32GB)
NIC: Mellanox ConnectX-3 546SFP+ 10GbE Dual-Port PCI-Express Server Adapter
Modem / ISP Router: AVM FRITZ!Box 7490
I want to run several services in Kubernetes and want to leverage 10Gbe. Since I need to externalize some of my services I have to create several VLANs.
Currently I’m only using the FRITZ!Box 7490 router/modem which doesn’t support VLAN.
I want use OPNsense as VM on Proxmox host.
I’ve already defined my VLANs and security zones like trusted zone, management zone, untrusted zone and DMZ.
Here’s the plan:
I need to get a 10Gbe capable switch and an access point since the router doesn’t act as WiFi router anymore because it needs to be in modem-only / bridge mode to prevent double NAT.
Modem > Firewall > Switch
So wiring modem with firewall via RJ45 cable (WAN) and wiring firewall and switch via SFP+ cable (LAN).
So I’ll need a good value switch which supports SFP+ and an access point so I can connect my devices (mobile phones, desktop PCs, notebooks, TVs) via WiFi … of course I’ll need a SFP+ cable, too.
Ideally I’d be able to control/configure all my network settings at one place (like UniFi controller).
Switch: 150-250€ price range
Access point: 150€ max.
Do you got any recommendations concerning switch and wireless access point (WAP)?
I’ve heard some good things about Ubiquiti devices but I don’t wanna be trapped in an ecosystem :)
Switch: MikroTik CRS326-24G-2S+IN ?
Access point: TP-Link, NetGear?
Thanks for your help.
https://redd.it/18wc47u
@r_SelfHosted
Mobile notification service (PUSH)
Does anyone know a notification service for mobile. I would like to send myself a push notification to my cell phone with a message when certain events occur. For example sensor values, status messages when the NAS disks are full or or or.
​
I would like it to be very simple. Basically, it doesn't have to be able to do much except PUSH to the cell phone and show a bit of history when you click on the message to see which messages have been sent. WEBHOOKS would also be very helpful.
​
In my search I found NOVU (https://novu.co/), but I think that a) it is too big and b) if I understood it correctly, the frontend is completely missing, which you have to build yourself. So rather a notification backend for an application that you build.
​
Does anyone have any suggestions?
https://redd.it/18w4d8t
@r_SelfHosted
MATER in 2024: Your Self-Hosted Solution for Maintenance, Asset Tracking, and Equipment Registry!
Hey, fellow self-hosters! I'm excited to share a project I've been working on - MATER! I've made a few posts on here about it. But now I am getting more and more people asking for features and making things. I decide to release a post along side our GitHub and discord. I have had a bunch of support and people helping me on this coding adventure.
Github: [RyGuy994/MATER: Self-hosted asset information backup (github.com)](https://github.com/RyGuy994/MATER)
Discord: [https://discord.gg/KegQrAVrUa](https://discord.gg/KegQrAVrUa)
Latest release: [Release MATER v0.0.14 Release · RyGuy994/MATER (github.com)](https://github.com/RyGuy994/MATER/releases/tag/v0.0.14-alpha)
**What is MATER?** MATER is a powerful self-hosted solution designed for managing maintenance tasks, tracking assets, and maintaining an organized equipment registry. Whether you're a tech enthusiast, car dude/dudette, small business owner, or just someone who loves DIY projects, MATER has something for everyone.
[MATER ](https://preview.redd.it/s1tbdt3vnv9c1.png?width=256&format=png&auto=webp&s=6e35d71ff0bd6490a635d596b28a4f11b49d1707)
🌟 **Key Features:**
* **Asset Management:** Keep track of all your assets with ease.
* **Service Records:** Log and manage service activities for each asset.
* **User-Friendly Interface:** Intuitive design for a seamless user experience.
* **Calendar Views:** Stay organized with views for all services, upcoming services, and completed services.
* **Breakaway Database (BYODB):** Choose to bring your own database or use the built-in one.
* **Multi-User Support:** You have assets, now your friends and family can have assets!
* **Basic API:** Start integrating this into other programs.
**Showcase:**
[part 1](https://i.redd.it/1ctldnbslv9c1.gif)
[part2](https://i.redd.it/01mvmgctlv9c1.gif)
[Mobile](https://i.redd.it/lzlu2bf5lv9c1.gif)
**Roadmap:**
* Mobile app iOS
* Mobile app Android
* Basic sharing (may turn into a fork)
* Personal Dashboard
* Asset location
* API ongoing
**How to Get Started:**
1. Clone the Repository: git clone https://github.com/RyGuy994/MATER.git
2. Navigate to the project directory: cd MATER
3. Install dependencies: pip install -r requirements.txt
4. Visit [http://localhost:5000](http://localhost:5000/) in your browser to explore MATER.
**Feedback and Contributions:** I welcome your feedback and contributions to make MATER even better! If you encounter issues or have ideas for improvement, please [open an issue](https://github.com/RyGuy994/MATER/issues).
**Thank you for being part of the MATER community. Happy tracking!**
https://redd.it/18w4l9m
@r_SelfHosted