[docker] Macvlan network with adguard seems to work, how to reach adguard?
I have created a macvlan network via portainer, that seems to work (ish). I created adguard with this docker-compose file. According to portainer it has got the right IP addresses. But i cannot seem to open the adguard dashboard plus i cannot ping adguard on either IP address.
172.16.20 subnet is the subnet i use for my (v) LAN.
I have tried to # all the ports but then i get any error "ports must be in an array".
Any ideas?
​
version: "3"
services:
adguardhome:
image: adguard/adguardhome
container_name: adguardhome
restart: unless-stopped
networks:
dockermacvlan:
ipv4_address: 172.16.20.230 # IP address inside the defined range
ipv6_address: 2***:****:****:20::230
volumes:
- ./config:/opt/adguardhome/work
- ./config:/opt/adguardhome/conf
- /home/nick/NPM/letsencrypt:/opt/adguardhome/ssl
ports:
- 53:53/udp
- 53:53/tcp
- 784:784/udp
- 853:853/tcp
- 3333:3000/tcp
- 99:80/tcp
- 459:443/tcp
networks:
dockermacvlan:
external: true
​
https://redd.it/1avf1kg
@r_SelfHosted
Announcing Backrest: the missing WebUI and automator for restic backup
Backrest is a self-hosted and FOSS WebUI for backup automation and browsing that is built on restic. I built Backrest because I wanted a backup tool with the reliability and openness one gets from restic (e.g. it's entirely possible to understand the backup format and failure modes) but with the ease of use features one finds in many commercial backup options (e.g. broswing snapshots, easily scheduling operations, etc). The major difference here being that Backrest is fully open source (GPL3) now and forever.
The common complaint with restic is that it's a cli tool which makes it great for scripting but can be hard to approach. Backrest fills a hole in the restic ecosystem in that it is an all-in one solution that tackles both scheduling and browsing backups and in that it is compatible with most systems: Backrest runs on both headless systems (e.g. a web accessible UI for your NAS) as well as interactive devices (e.g. on a personal laptop). Backrest runs on Linux (headless and interactive), in docker, MacOS, and Windows (experimental).
Philosophically Backrest is a fairly thin wrapper around restic. It aims to create snapshots that are easy to view in the UI but that can also be easily manipulated out-of-band with the restic cli (without breaking anything!). Each operation Backrest performs on your behalf will be presented in the UI with visible status information and detailed error messages to help diagnose problems if any occur.
Backrest’s WebUI features:
Creating restic repositories
Creating backup schedules (backrest orchestrates backup operations, no need to configure cron jobs, systemd timers, or launchd agents)
Browsing backup operation history (backrest keeps a log of every command run on your behalf)
Browsing snapshot contents and restoring files from the UI (e.g. no need to fiddle with the cli in a high-stress moment when you've lost data!)
Pre and post backup hooks for running commands (e.g. shell scripts) and sending notifications (e.g. on success, error, etc) supporting discord, slack and gotify (with more to come).
Darkmode and lightmode theme supported matching system settings.
You can find the project and releases on github: https://github.com/garethgeorge/backrest
https://redd.it/1avbxp0
@r_SelfHosted
Single point of failure concern
I'm considering using virtual machines on a single home server to replace multiple barebone PCs, which seems like a common and efficient practice. However, the idea of the server being a single point of failure is concerning. What's the general consensus or best practices regarding this? How do you address or mitigate the risks associated with relying on a single home server for virtualization?
I'm currently running:
* Home Assistant (HAOS) running on a Lenovo ThinkCentre M93p Tiny PC
* If this HW brakes, I can run a VM momentarily
* Openmediavault + Docker on a more robust PC with 3 WD RED HDD
* Arrs, Plex, Backup, Pi-hole
* Dahua NVR which I want to replace with Frigate (VM or on a Lenovo as HAOS)
TIA
https://redd.it/1auyis8
@r_SelfHosted
Help connecting Cloudflare Tunnel connect to NGINX Proxy manager
Hi All,
What I have completed so far:
External access:
1. Created tunnel and ran the docker command it shown to create secure tunnel between my server and cloudflare.
2. I access my services via internet using subdomains I created in cloudflare.
I installed tunnel as
"docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token mykey_asdasdqweqweqweqweqweasdasdasd"
If i open https://home.domainname.com it connects to my server using tunnel outside of my home network.
Internal access:
1. Installed Adguard home dns server and created dns re-write to my server using local ipaddress and domain. This way i can access my server using domain name instead of IP and also it connects via local network instead of going via internet
2. Configured NGINX proxy manager to redirect submain request in my local network to connect to respect services
If i open https://home.domainname.com it connects to 192.168.0.88:3000. I also confirmed this is working via dns query log that shows rewritten to local IP entry. And nginx also creates log that i accessed the local ip with 3000 port URL.
​
Help needed on the following:
1. Instead of connecting via tunnel for each ports/services in my server, I want to direct everything to NGINX in the tunnel.
2. Nginx is running on 443 porta and 81 for dashboard. I tried both of these IP address in the tunnel and tried to access https://home.domainname.com . It didn't connect to the service running in 3000 port to show my home screen. Also no log in my nginx log folder.
Why I am doing:
1. SOmeone suggested nginx is good & secure compare to direct tunnel. I don't know if this is all worth. But at least in my local network, I don't have to connect via internet. Rather local dns+ngix takes care of re-directing it as local connection.
2. Crowdsec is another tool someone suggested. I saw it could be used to ban bad bots/connection by making it to talk to nginx(i haven't figured it out yet)
​
https://redd.it/1av5d8r
@r_SelfHosted
hosting my own resume website.
I am hosting a website that I wrote from scratch myself. This website is a digital resume as it highlights my achievements and will help me get a job as a web developer. I am hosting this website on my unraid server at my house. I am using the Nginx docker container as all I do is paste it in the www folder in my appdata for ngx. I am also using Cloudflare tunnel to open it to the internet. I am using the Cloudflare firewall to prevent access and have Cloudflare under attack mode always on. I have had no issue... so far.
​
I have two questions.
​
Is this safe? The website is just view only and has no login or other sensitive data.
​
and my second question. I want to store sensitive data on this server. not on the internet. just through local SMB shares behind my router's firewall. I have been refraining from putting any other data on this server out of fear an attacker could find a way to access my server through the Ngnix docker. So, I have purposely left the server empty. storing nothing on it. Is safe to use the server as normal? or is it best to keep it empty so if I get hacked they don't get or destroy anything?
https://redd.it/1av1qb5
@r_SelfHosted
Announcing New Unraid OS License Keys
https://forums.unraid.net/topic/154463-announcing-new-unraid-os-license-keys/
https://redd.it/1auus7v
@r_SelfHosted
Spam email from my own domain? Did my keys leak?
https://redd.it/1auk63i
@r_SelfHosted
If you're using Docker containers, restic backups are a must
I recently reinstalled my home server's OS (Ubuntu) and I used restic to restore all Docker volumes. Everything was so smooth, I was able to get back to the previous state (even Jellyfin, I use the Linuxserver image, remembered every episode/movie position) within an hour of starting everything afresh.
I would strongly recommend regularly backing up Docker volumes using restic (it's in the Ubuntu repository already) because it works like magic.
I can now sleep easy knowing that even if the OS gets messed up, I can simply start from scratch and restore everything from restic backups.
https://redd.it/1aufnlf
@r_SelfHosted
PSA: Unraid might be changing license models
So, it looks like Unraid is switching things up and moving towards an "annual support" model for updates. They just rolled out this new update system, and in their latest blog post, they mentioned:
>This is an entirely new experience from the old updater and was designed to streamline the process, better surface release information, and resolve some common issues.
>
>(https://unraid.net/blog/new-update-os-tool)
Their code tells a different story, though:
if (cee.value) {
const eee =
"Your {0} license included one year of free updates at the time of purchase. You are now eligible to extend your license and access the latest OS updates.",
tee =
"You are still eligible to access OS updates that were published on or before {1}.";
Or:
text: tee.t("Extend License"),
title: tee.t(
"Pay your annual fee to continue receiving OS updates."
),
}),
Some translation pieces too:
Starter: "Starter",
Unleashed: "Unleashed",
Lifetime: "Lifetime",
"Pay your annual fee to continue receiving OS updates.":
"Pay your annual fee to continue receiving OS updates.",
"Your license key's OS update eligibility has expired. Please renew your license key to enable updates released after your expiration date.":
"Get a Lifetime Key": "Get a Lifetime Key",
"Key ineligible for future releases": "Key ineligible for future releases",
(Source for all of these: /usr/local/emhttp/plugins/dynamix.my.servers/unraid-components/_nuxt/unraid-components.client-92728868.js)
https://redd.it/1aue3rc
@r_SelfHosted
My first dashboard
https://redd.it/1aub2zy
@r_SelfHosted
Cheap VPS Host with lots of HDD Storage ?
I want to have my manga collection online with Kavita, but all hosters i found so far are very overpriced for HDD Storage.
Does someone here know a hoster where i can get a VPS with these Specs under 10€(12$)
min 2 Cores
min 4GB Ram
SSD torage for OS
1TB or more HDD Storage
I tried Contabo, but their shit has like 50% availibility at best and is down like every second day for a few minutes..
At best the Hoster should have a Option so i can upgrade the HDD Storage with needs later.
https://redd.it/1au45or
@r_SelfHosted
What happened to the Pairdrop GitHub?
I’m getting a 404 Not found
https://redd.it/1au269o
@r_SelfHosted
I have an Arr setup on my NAS, but want to create a power schedule but keep Overseer requests at all times
So I have a Synology NAS set up with Plex and the Arr suite working just great, but I'd like to reduce my power consumption by implementing a startup/shutdown schedule on the NAS. I am okay with Plex only being available through part of the day, but I would like keep Overseer requests available 24/7. I have a Raspberry Pi that can host the Overseer container that I'm happy to keep running since it's got a much smaller power draw.
Will this work though? Will Overseer be able to receive requests when the NAS is powered off, or do I need to migrate more of the Arr stack over to the Pi?
Thanks in advance, would love to take your advice
https://redd.it/1atz5h1
@r_SelfHosted
Seeking advice for my SaaS CRM business - Viability and Scalability
Hey /r/selfhosted
I'm planning to start a SaaS business offering CRM solutions to businesses, and after some research, I came across PerfexCRM. It seems to have a wide range of features that could potentially meet the needs of my target market.
Before diving in, I wanted to reach out to this amazing community to get your thoughts and insights on the viability and scalability of PerfexCRM for my business. I value your experiences and expertise, and I believe your input can help me make an informed decision.
\- Does PerfexCRM offer the scalability needed to accommodate a growing customer base? Have you encountered any limitations in terms of user capacity or performance?
\- Are there any specific features or functionalities in PerfexCRM that have proven to be particularly useful for your business?
\- Have you faced any challenges or drawbacks while using PerfexCRM? If so, how did you overcome them?
​
I appreciate any insights, personal experiences, or tips you can provide. Feel free to share any other CRM scripts or alternatives that you think might be a better fit for a growing SaaS CRM business.
Thank you all in advance for your help. I look forward to hearing your thoughts and engaging in a fruitful discussion!
https://redd.it/1atwqzh
@r_SelfHosted
UPDATE: OneUptime - Self Hosted StatusPage.io + Incident.io + Loggly alternative.
OneUptime (https://github.com/oneuptime/oneuptime) is the open-source alternative to StausPage.io + UptimeRobot + Loggly + PagerDuty. It's 100% free and you can self-host it on your VM / server.
NEW UPDATES: We now support fluentd (https://www.fluentd.org/) for logs ingestion so you can use 1000+ sources like Docker, Syslog, Systemd to send logs to OneUptime. Powered by Ceph & Clickhouse. Ingest petabytes of logs and search in milliseconds. Ingest from any source, alert right team members when things go wrong.
https://redd.it/1avcs8q
@r_SelfHosted
I selfhosted a LLM with a nice frontend (well, still have some bugs) on my server
Hi there!
I selfhosted a LLM via Ollama[\^1\] on my server. It's running llama2 now and is quite fast.
Since Ollama is a CLI service, I also want to host a frontend for it. I tried BionicGPT[\^2\], but I can't get it run with Ollama backend due to this issue[\^3\]. Finally, I ran BionicGPT in CPU mode without an Ollama backend.
https://preview.redd.it/nil4rpdl4ojc1.png?width=3292&format=png&auto=webp&s=1ceb7cf3786045a46d01f39d5b0701c976b8e618
The Ollama still runs on the server though.
There's sth wrong with BionicGPT, the LLM runs so slow and it crashes frequently, I think it owes to my server's poor performance.
https://preview.redd.it/0i1lpbmj4ojc1.png?width=3796&format=png&auto=webp&s=7b08aac9c1c8b6a829e5d231a5a3d5165e5c3d58
Anyway, I couldn't find a better LLM frontend, so BionicGPT is what I'm gonna use. Do you have any recommendations for LLM stuff?
​
[\^1\]: https://github.com/ollama/ollama
[\^2\]: https://bionic-gpt.com/
[\^3\]: https://github.com/bionic-gpt/bionic-gpt/issues/375
https://redd.it/1av8uw1
@r_SelfHosted
SSHGuard - Working well for SSH. Possible to protect Apache WWW as well ?
Hi Guys,
I have sshguard v2.4.3 running well - protecting SSH on a OpenSuse 15.5 box.
Is there any way to protect Apache v2.4.51 from brute force attacks as well ? These will generate '404' errors in the system log ?
The docs at https://www.sshguard.net/docs.html dont seem to have anything on this ?
https://redd.it/1av73b6
@r_SelfHosted
Local DNS with assigned service and Tailscale
Hey, is it possible that I can make a custom domain that is resolved over DNS which is hosted on my server which also hosts a web service I want to expose only to my self when I'm in my Tailscale network. To be specific, I want a website running on port 3001 in a docker container to be accessible through the domain h.lan which I don't own, obviously, but I still want it to be secure and use HTTPS and not HTTP like a normal server.
​
How can I achieve this. What I know at the moment is that I can add custom nameserver on Tailscale with Split DNS. What I also managed to do is set up a simple local DNS server that resolves h.lan to the Tailscale domain which hosts the website, but that's basically only an alias from a domain to a device, but I want it to point directly to the website.
https://redd.it/1av4gv3
@r_SelfHosted
Migrate from Wallabag to what?
Wallabag has been performing well for me both on desktop and mobile, but the archaic search functionality is pushing me to ditch it. There is a 9-year-old issue for allowing filtering by more than one tag (https://github.com/wallabag/wallabag/issues/1197)! I won't hold my breath.
A potential new system would have to:
* have a browser extension and support saving on mobile
* should work with subscription sites (e.g. FT)
* mark as read functionality
* robust search and filtering capability
* cover image for links (Linkding, shaarli, and LinkAce are too minimal for my taste)
* support imports from Wallabag as well as exports (Linkwarden and Omnivore fall short here)
* optional: have selective collaborative features between users like Linkwarden
What alternative covers all these requirements? Thanks
EDIT:
Shiori comes very close. It is only lacking the existing tags suggestion in the browser extension. Otherwise, it has multi-tag filters, previews, reader mode, imports from Wallabag, simple Docker stack, mobile app. Mark as "read" can be implemented with tags.
https://redd.it/1auszxd
@r_SelfHosted
The First Quantum-Resistant Mesh VPN (fully self hostable)
https://redd.it/1aur145
@r_SelfHosted
What kind software are you missing in your selfhosted setup ?
Hi, I'm a software developper and I'm getting really interested into the selhosted environment and would like to know what kind of software are you missing in your everyday life or what kind of software you'd like to see being improved.
I'm looking for new project ideas that I could start and I will keep posting if I'm getting any idea to retrieve feedback from the community.
Thank you for your time :)
EDIT: mb for the typo in the title ...
https://redd.it/1auikco
@r_SelfHosted
Backups without the cloud
Why is this so hard/complicated?
I have a small business with a Windows server with 10 PC's. I want to do an offsite backup (at my home) in case of a disaster. A simple NAS that backs up my systems that is off site.
Can someone please point me in the right direction?
https://redd.it/1auaywo
@r_SelfHosted
DNS blockers may have unexpected consequences
I'm sure this won't be news to many, but I wanted to post about an experience I had recently. For many years now I've been using DNS tools such a pi-hole, AdGuard Home and most recently Technitium in my home. I always knew that these could come at a price, for example blocking website X that I actually want to visit. But today I realized that some issues I was having with certain apps on my phone (that for years I was convinced were just sh*tty apps) were actually caused by my block lists.
The main example was an app for one of my credit cards. For years now the app has been working on and off (or so I thought) and the biometrics login rarely worked. Unfortunately for me, I must have missed the obvious pattern that things were only broken when on my home network. I was often getting a prompt from the app when logging in that the app was experiencing "technical issues", only to recently realize that one of the domains that was being blocked was necessary for the app to function. OK, I guess I can see that, I mean an app functions similarly to visiting a website, so that makes sense.
But what only clicked today, and I couldn't believe this could happen, was that the problem with biometric login was also being caused by a blocked domain. I noticed that when I opened the app outside of my home network, the biometric prompt would show up immediately, but it never did at home. So I looked through the logs and after some trial and error, narrowed it down to sdk.iad-05.braze.com (in the case of this specific app). Whitelisted that domain, and now everything biometrics work fine!
So today I learned, blocking domains not only impacts the web, but also apps and their related services. I'm glad I figured that out, so now I won't be as quick to write-off "terrible" apps when they don't work well.
tl;dr DNS blocklists can also impact things such as app logins and their related services (such as biometric login)
https://redd.it/1aubc9y
@r_SelfHosted
Traefik: no Docker v2 image available?
Since Traefik v3 is on the horizon and as far as I understand the migration will be manual, I want do remain at v2 at the moment. Having image: traefik:latest might be a bad idea now, so I want to switch to :v2 but there seems to be no image having all of the v2 branch. Currently, I changed it to v2.11 but I want to get v2 updates to eg. v2.12 automatically with Watchtower. Am I missing something?
https://redd.it/1au3iq7
@r_SelfHosted
Bitmagnet Allows People to Run Their Own Decentralized Torrent Indexer Locally
https://torrentfreak.com/bitmagnet-allows-people-to-run-their-own-decentralized-torrent-indexer-locally-240218/
https://redd.it/1au6ow4
@r_SelfHosted
Why is plex so hated?
Hi everyone,
I’m new to this. I’ve just been getting into Plex/Jellyfin/Emby. Using Emby right now, tried Jellyfin before and planning to try Plex as well.
My main question is, why is Plex so hated right now? I see people on subreddits giving their opinion but don’t fully understand it.
https://redd.it/1au3f3q
@r_SelfHosted
Self-hosted beginner security questions
I'm trying to set up a self hosted server for personal use, and I've been reading up on how I could make it secure.
I have very limited knowledge about network security.
I'm currently planning to use Cloudflare Tunnel (avoid port forwarding), maybe use Wireguard (encrypt data), use pfSense for firewall (supposed to allow only Cloudflare IPs).
And on the server side, I'm thinking to either use a Proxmox VM & have containers within, or use Proxmox LXCs.
1. Is this setup secure enough? I've seen mentions of using VLAN & subnet to abstract them further (layer 2), but I think I'd need a separate switch to configure this. Is this necessary?
2. Is it possible to make it more secure without the use of a switch? Or alternative options for this setup?
3. Is it better to use a Proxmox VM with containers (maybe multiple VMs for each module)? From my limited knowledge, access to my network devices could be limited by using a virtualized server. Or maybe it doesn't matter, and using LXC for each module is better.
Other stuff I've come across, but haven't researched enough:
I've seen some info about some IDS like Snort, I haven't tried them yet.
I should be able to use a signed certificate with a reverse proxy (Traefik) to improve security, and maybe use Authelia for 2FA. And maybe use Cloudflare Applications for authentication.
https://redd.it/1au1upb
@r_SelfHosted
Looking for Web Analytics with custom events and GPDR focused, no cookies
I'm getting crazy. All the options I've seen they strip the custom events feature in their selfhosted version, so it's only available in paid options. I'm currently installing Ackee, but I've seen it's not touched since 2 years ago.
Does anyone know a selfhosted Web Analytics app that supports custom events and does not use cookies, so it's GPDR ready? (no need for consent)
https://redd.it/1atyncq
@r_SelfHosted
Open source frontend database/web app creator recommendations?
I'm looking for a good database UI builder for a front end web application. I thought this would be a simple google but I have been led down the rabbit hole of paid or niche but dated software.
I have also looked at this:
GitHub - awesome-selfhosted/awesome-selfhosted: A list of Free Software network services and web applications which can be hosted on your own servers
But most of these are paid and whilst good, I only need it for about 5-10 users without the arbitrary software restrictions that come with a free plan. Not only that but I have a good backup solution and don't mind hosting and developing this on the LAN.
Our current solution is a MS Access database, It's not the best.
Ideally if you know of any that is:
\- Available for docker
\- Connects to MariaDB
\- LDAP
\- Easy to use
Is this too much of a request or is this looking like its going to cost me?
https://redd.it/1atvrkq
@r_SelfHosted
