Made a Discord bot to deal with CGNAT - spins up quick tunnels when I need them
So I've been dealing with CGNAT for a while now and it's annoying as hell. Can't access my Gitea or anything else when I'm not home, port forwarding obviously doesn't work, and I didn't want to mess with a VPN every time I just needed to quickly check something.
Ended up building a Discord bot that makes temporary Cloudflare tunnels when I ask it to.
You whitelist your services in a config file, then you can just be like "!tunnel start gitea 2h" in Discord and it spits back a URL that works for 2 hours. That's it.
I mostly use it when I'm out and remember I need to check my todo on vikunja or stuff like that.
link: https://github.com/Goofygiraffe06/tunbot
https://redd.it/1qyy4wr
@r_SelfHosted
Photos, mount my T7 to NR6S with a USB cable, permanently mounted it in OpenWrt, used Immich-Go to upload it to Immich, and bob's your uncle. So. fucking. cool.
Wait, now I have anxiety about losing years of my photos and videos if I fully migrate to Immich. How can I fix that? Immich recommends 3-2-1 backup strategy, and they link this article from Backblaze. Hmm, I've heard that name before. Wait, these guys will give me terabyte of storage for $6/month? Wtf do I pay Google for? But wait, how can I upload there? God bless rclone. Let's also clone to my Windows PC to fully complete the 3-2-1 strategy. Let's automate cloning processes for both local and remote backups, so that all my data gets backed up every night while I'm sleeping. All that work in less than two hours.
By the way, I thought Immich app was supposed to be inferior to Google Photos? Are you serious? I finally have a reliable search by context, file name, file extension, etc. I can set up auto-moving and archiving with CLI and so much more. Fuck Google Photos. Delete every single byte I have on there, uninstall it from all of my devices, cancel the subscription.
Okay, this post is getting terribly long, so I'll try to fast-forward.
I want to remotely turn on my stupid Samsung monitor without using a remote? Home Assistant.
I want to have a universal note-taking and link-saving solution? Linkwarden.
I want to expose my services to the internet so I can access them remotely? Cloudflared.
I want to stash my fucking porn? Stash.
There are solutions for literally everything. My post serves two purposes. The first is to push all of you lurking in this subreddit, hesitant to pull the trigger, thinking you need to be Gilfoyle reincarnated to have any success at this stuff. My modest home lab is no Anton, but boy does it make this shitty corpo-ridden internet a much more tolerable place. All I needed to have was a bit of Googling skills, and a bit of patience reading through the official docs, forum threads, and reddit comments. I still have a LOT to learn about networking, but I already feel like this has been one of the most fulfilling hobbies I've had, and I'm already thinking about getting a NAS to host some stuff for my friends.
Second is to say a massive thank you to the absolute legends behind all the open-source services that we all use and love. I'm sure I will find a lot more in the coming months, and I will try my absolute best to buy all of them a coffee.
I'm not sure if anyone's even going to read all of this, I just felt so good about and so passionate about my new hobby that I wanted to share it with everyone.
P.S: This subreddit desperately needs a "Discussion" flair.
https://redd.it/1qyssf6
@r_SelfHosted
Safebucket v0.3.0 - Now with generic S3 support
https://redd.it/1qygcz2
@r_SelfHosted
I built a Zero Trust Firewall using eBPF & XDP (Rust + Go). It handles 25M+ packets/sec, but it’s NOT a VPN replacement.
Hey r/selfhosted,
I've been working on a project [Aegis](https://github.com/pushkar-gr/Aegis). A high performance, distributed firewall designed to enforce identity based micro segmentation using eBPF.
I wanted to share it here because of the love towards self hosted networking gear, but to be honest about what it is (and what it isn't), don't waste your time here if you're looking for a WireGuard wrapper.
It’s a distributed firewall that blocks everything by default. You log in via a web portal, and the agent dynamically opens a pinhole to a specific service for your IP. Because it runs at the driver level, it benchmarks at **<100ns latency** and **25M+ packets/sec**.
* **It is NOT a VPN:** It doesn't encrypt traffic like Tailscale/WireGuard. It just allows or drops packets.
* **The "Coffee Shop" Issue:** It authenticates your **Source IP**. If you are behind CGNAT (shared public IP), authenticating effectively opens the door for everyone sharing that IP.
* **Best For:** Internal homelab segmentation.
I wrote the data plane in Rust and the control plane in Go. I'd love for you guys to check it out or roast the code.
Repo: [https://github.com/pushkar-gr/Aegis](https://github.com/pushkar-gr/Aegis)
https://redd.it/1qy4x83
@r_SelfHosted
SparkyFitness v0.16.4.0 — A Self-Hosted MyFitnessPal alternative
https://preview.redd.it/qw4qqpiqayhg1.png?width=1192&format=png&auto=webp&s=eb5789a87e6524863d90807b74a96ebd5790b58a
The wait is over — SparkyFitness now supports Fitbit sync!
We’ve crossed 2100+ users on GitHub and have 20+ developers contributing to the project, and we’re scaling up bigger than ever.
With this update, SparkyFitness now works with multiple providers, letting you truly own your health data on your own server. Current integrations include Google Health Connect, Apple HealthKit, Garmin, Fitbit, Withings, and more.
https://preview.redd.it/e5l9zjh9cyhg1.png?width=1024&format=png&auto=webp&s=5c44ac84b65afde549a1e906f69737a0f135cfef
Our iOS and Android apps are currently pending Apple and Google approval. We’ll be live on the App Store and Play Store very soon.
https://github.com/CodeWithCJ/SparkyFitness
Nutrition Tracking
OpenFoodFacts (Enabled as default external provider)
Nutritioninx
Fatsecret
Mealie
Tandoor
USDA
Exercise/Health metrics Logging
Github Free Exercise DB (Enabled as default external provider)
Garmin Connect
Withings
Wger
Fitbit
Water Intake Monitoring
You can create custom water bottles to track water intake.
Body Measurements
Supports Custom measurements
Goal Setting
Use onboarding to set your Goal based on various algorithms
Daily Check-Ins
Comprehensive Reports
Nutrition Trends
Workout Heat Map, Max Weight Trend, Volume Trend, Reps vs Weight
Garmin - Advanced Activity insights including Heart Rate trend, Map etc.
Seep Analysis (Rem, Deep, Light, Awake)
Stress Analysis
Tabular reports
OIDC Authentication, Magic Link, MFA etc.
Mobile App : Refer Wiki page in Github for install Mobile apps.
Android app is available via Play store closed testing and as well as under each release.
iPhone app available via Testflight
Web version Renders in mobile similar to native App - PWA
AI Chat Bot - WIP
Log food by chat text & uploading images
Log exercise
Log water intake
Log check-in measurements
Coach - Not started yet.
Ollama (slow & could timeout), Gemini, Open router, Mistral, Groq etc.
API
Swagger & Redoc are available.
Web URL in docker has some issues but works in localhost.
Caution: This app is under heavy development. BACKUP BACKUP BACKUP!!!!
You can support the project in many ways — by submitting bug reports, suggesting new features, improving documentation, contributing PRs if you’re a developer, or sponsoring the project on GitHub.
https://redd.it/1qxwbnf
@r_SelfHosted
A mini/micro PC alternative...
Hey self host friends, not sure if anyone has ever done the same thing but I wanted to share my experience.
Recently I had two of my Beelink SER5 computers go down. They died due to an internal power supply failure. A good amount of my critical home services lived on those boxes and luckily I had backups of the VMs. But what I decided to do was look into a more robust solution.
I landed on the Mac Pro 6,1... the 2013-2019 trashcan version. I was fortunate to find two of them with the top of the line processors and 128gigs of DDR3 Ram for under $1000. Both also had 2TB of SSD.
Not trying to brag but just trying to let people know that this does work using Proxmox. So for I have loaded my entire lab onto both of them (43 vms total) on both with 0 issue.
If you have any questions I will do my best to answer.
https://redd.it/1qm6r0n
@r_SelfHosted
who told journalists about self hosting?
https://redd.it/1qlzjs5
@r_SelfHosted
SelfHosted voicemail with AI spam filter
https://redd.it/1qln2ys
@r_SelfHosted
D-Dash: A self hosted dashboard with Caddy integration.
https://redd.it/1qlc8b8
@r_SelfHosted
Ignidash - An open source & self-hosted alternative to ProjectionLab for simulating your long-term personal finances
https://redd.it/1ql7q71
@r_SelfHosted
Demonstration of how serviceable a self hosted & entirely local (no external API's) voice assistant can be (homeassistant voice + local LLM + jabra 410) - have entirely replaced my Alexa devices and handles both simple and complex commands (detailed within)
https://streamable.com/jsc46s
https://redd.it/1ql1429
@r_SelfHosted
Pangolin 1.15: iOS and Android apps, device approvals and posture, stability, and more
Hello everyone,
One year ago, in January 2025, we unleashed the very first beta of Pangolin and today, we are thrilled to release Pangolin 1.15.0. This update officially takes Private Access out of beta and introduces some heavy hitters: iOS and Android apps, device fingerprinting, posture tracking, and more. We can't believe it has been 1 year!
For those who don’t know, Pangolin is an identity-aware VPN and proxy for remote access to anything, anywhere. It’s like an open-source alternative to Cloudflare Tunnels and Twingate.
* Github: [https://github.com/fosrl/pangolin](https://github.com/fosrl/pangolin)
* Blog and video: [https://pangolin.net/blog/posts/1-15-0-release](https://pangolin.net/blog/posts/1-15-0-release)
# iOS/iPadOS and Android
[iOS app screenshots](https://preview.redd.it/b4mzuhswo5fg1.png?width=3780&format=png&auto=webp&s=a2d8ca4c9dbdc269d445de495e210ca090f83990)
Developing for mobile is a journey through the seven circles of... well, let’s just call it "challenging." Beyond the technical hurdles, there’s the arduous dance with Apple and Google to get through the App Store gates.
After weeks of refreshing our developer dashboards, the wait is over. You can now take your zero-trust network on the road:
* **iPhone and iPad**: Download on the [Apple App Store](https://apps.apple.com/kz/app/pangolin-client/id6757407406).
* **Android**: Download on the [Google Play Store](https://play.google.com/store/apps/details?id=net.pangolin.Pangolin).
# Device Fingerprint and Posture Collection
[Screenshot of dashboard showing device fingerprint and posture info with pending approval](https://preview.redd.it/vecygwt6m5fg1.png?width=4520&format=png&auto=webp&s=6eecc6978a27650ce0ce694d8f9a0ec442a5bc79)
Long-time users likely remember Olm, our Go-based client (named after the small, cave-dwelling salamander). Olm is the workhorse under the hood, handling all of the networking like holepunching and NAT traversal to websocket enforcement.
We architected Olm to be as headless and portable as possible, which allowed us to use it as the "brain" for all of our clients across Mac, Windows, Linux, and iOS and Android. In addition to the Olm core, now each client can collect specific device data.
**What is fingerprinting?** It’s like a digital ID card for your hardware. We collect identifying info like serial numbers, OS versions, and hostnames. This helps you distinguish between "My Work Laptop" and "My 4th Replacement Laptop," and it ensures that if you block a device, it stays blocked.
What are posture checks? Fingerprinting tells us who the device is; posture checks tell us if the device is healthy. We look for security vitals like: Disk encryption status, firewall status, and antivirus activity.
# Device Approvals
[Screenshot of dashboard showing pending device approvals feed](https://preview.redd.it/kp6cm5zbm5fg1.png?width=4524&format=png&auto=webp&s=601f22bf7a68a5777ac0631d5c3c515892882af2)
Previously by default, a user could connect any number of devices as long as they could log in with an approved account. With version 1.15, we are extending zero-trust to the hardware layer by introducing Device Approvals.
When enabled on a user’s role, Pangolin shifts to a "deny by default" stance for new hardware. Even with valid credentials, a new device is entirely blocked until an admin decisively approves the connection. We’ve also added an Approvals Feed to the sidebar where you can see a running log of pending requests.
# Device Blocking and Archiving
Have a device that’s gone rogue or been lost? You can now officially Block it via the Action Menu (three dots). This moves the device to a restricted list and kills its access immediately.
You’ll also notice you can’t "delete" a device; you can only Archive it so that Pangolin can keep a permanent record of every device that has touched your resources.
# Give it a try!
* Try for for free on [Pangolin Cloud](https://app.pangolin.net/auth/login).
* Self-host the [Open Source
Self-hosting Weatherstar 4000 as Plex channel, can't get Plex to load the channel
Hi all, I figured I would ask this here as Plex is a bit of a dumpster fire these days but I'm sticking with it because my family likes it.
I have a single Docker host that runs my Plex server, and I also set up a local instance of Weatherstar 4000 and WS4Channels so I could add the m3u stream from WS4Channels as a tuner in Plex (under Settings > Manage > Live TV and DVR). The WS4Channels are pretty simple in that you go into the Live TV and DVR settings in Plex, click the link to add a manual device, and enter the URL of your stream, which is http://<my LAN docker host IP>:9798/playlist.m3u. I have tested this URL in my own web browser and successfully played it with VLC, and I also docker exec'd into the Plex container and verified I could cURL the URL successfully. Nevertheless, whenever I add that same URL in the Live TV settings in Plex it just says "There was a problem adding the device: http://<my docker host IP address>:9798/playlist.m3u".
I noticed that the Plex docker compose instructions have network_mode: host, so I set that in WS4Channels, but I have the same issue.
What's really weird is I accidentally pasted the GitHub URL of Weatherstar 4000 in the Live TV setup once and it actually added a tuner. I attempted to proceed and it just got into some crazy loop between two of the setup steps.
Has anyone gotten this working? Here's some relevant docker-compose.yml snippets.
plex:
image: `lscr.io/linuxserver/plex:latest`
container_name: plex
network_mode: host
environment: - PUID=1000 - PGID=1000 - TZ=America/New_York - VERSION=docker - PLEX_CLAIM= #optional
weatherstar4000:
container_name: weatherstar4000
image: `ghcr.io/netbymatt/ws4kp`
ports: - 8080:8080
environment: - KIOSK=true - WSQS_latLonQuery="Mytown MyState USA" - WSQS_hazards_checkbox=true - WSQS_current_weather_checkbox=true
ws4channels:
container_name: ws4channels
image: `ghcr.io/rice9797/ws4channels`
environment: - WS4KP_HOST=<my docker host IP> - WS4KP_PORT=8080 - ZIP_CODE=90210 - CHANNEL_NUMBER=275
network_mode: host
https://redd.it/1qks8ek
@r_SelfHosted
Introducing Urocissa 2.0 - A lightweight open-source photo gallery that handles 1M+ photos smoothly on limited hardware
https://redd.it/1qkpuz3
@r_SelfHosted
TrustTunnel - Adguard VPN now opensource !
Hi everyone !
I just saw that AdGuard is open our VPN Protocol (based on HTTP 2/3 & QUIC) TrustTunnel !
See : https://github.com/TrustTunnel/TrustTunnel
and : https://www.reddit.com/r/Adguard/comments/1qj3j4v/we\_kept\_our\_word\_trusttunnel\_vpn\_protocol\_is/?utm\_source=share&utm\_medium=web3x&utm\_name=web3xcss&utm\_term=1&utm\_content=share\_button
https://redd.it/1qklwt3
@r_SelfHosted
Feishin audio visualizer is now something else ...
https://redd.it/1qyh63m
@r_SelfHosted
Everything is so... easy?
So a few weeks ago, one of my close friends got into homelabbing and naturally started talking to me about it. I've always wanted to try similar things but never got around to it, so this time I just said what the hell and after some research, I ordered NanoPi R6S. I found it to be a solid upper mid-range device that could satisfy my thirst for knowledge and help me learn the niche.
Now, I'm pretty good with tech, and I'm very enthusiastic about it, but I'm a total noob when it comes to networking. I know what LAN stands for, and I know how to set up a Cloudflare DNS on an ISP modem, but apart from that, I might as well be a boomer. I'm kinda nervous about setting up a new router, messing with its firmware, opening ports, configuring firewall, and so on.
NR6S arrives and I start researching firmware options. OpenWrt just calls my name because I have used it once years ago, and I didn't really find anything wrong with it.
After some trial and error, I managed to flash OpenWrt on the eMMC storage of NR6S, thanks to this absolute chad.
Okay, I now have NR6S powered by OpenWrt standing between my ISP modem and my Wi-Fi AP. I find a lot of people mentioning bridging the router on forums, so I start looking into what bridging is. OF COURSE, it makes sense, for years both my ISP modem and my Wi-Fi AP have been doing routing, but both are terribly underpowered for that task, so I can now have a dedicated ROUTER for that. I bridge the ISP modem, set my Wi-Fi unit as Dumb AP, and I already feel better about myself. But, I need some more ports... I find Netgear GS308 locally for dirt cheap and for the first time in my life, I have a dedicated network switch. Pretty cool... I guess? WAIT, you're telling me that connecting 2 of my PCs to a single switch allows me to transfer Steam games over LAN? I don't have to wait twice as long for game downloads to play something with my brother? I can just send him game files at gigabit speeds instead of my ISPs shitty 100Mbps? W switch, W Valve, W whoever's reddit comment I came upon about Steam's LAN feature.
Okay, now that I have stable internet, let's Google "self-hosted projects reddit." I find tons of threads, and I find some project names coming up in every single one of these threads. AdGuard Home sounds interesting, it can block ads, trackers, AND help me monitor who and what is using my bandwidth? Let's fucking go. How can I deploy it? Docker, huh? Well hello old friend, you've saved me countless hours deploying my clients' websites on VPSes, let's see how I can set you up on an OpenWrt. Well, that took less than 20 minutes, nice.
I now have Docker, but do I want to ssh into my router every time I want to change a config, see the status of my containers, or restart them? There has to be a solution for that. Huh, there is, and it's called Dockge, cool. Wait, Dockge developer also has this pretty cool project called Uptime Kuma, which will give me a fancy interface for monitoring the status for all of my services. Both of them deployed in less than 10 minutes, just following the official instructions.
Okay, back to AdGuard Home, what can I do here? Holy shit I can just delegate AdGuard Home to be my DNS resolver and configure a bunch of options for it? Count me in. 20 minutes of brokering peace between AGH and OpenWrt over port 80, and now I have redundant DNS resolvers, resolving all of my domain needs using parallel requests to get me to websites ASAP. Oh, and I can see AGH blocking all the TikTok and Google trackers from my family's devices, so I already want to buy a coffee for the developers.
I'm fucking hooked. Let's Google some more interesting projects. Immich? I can take my data back from Google? The app looks just as fancy, and I don't care for some of the features it lacks. What could I use for storage? Maybe this spare Samsung T7 Shield I have lying around? Let's go. Export the whole data from Google
Warning: pihole + cloudflared no longer proxying DNS request.
If you are currently proxying your DNS traffic over cloudflared do not update to the latest version. The dns-proxy feature was deprecated in November 2025 and it is no longer supported as of the latest image. It should work for another year as per pihole's docs https://docs.pi-hole.net/guides/dns/cloudflared/
https://redd.it/1qyakvz
@r_SelfHosted
My annual electricity bill got upped by 1000€. Now I need to make my server use less power.
My consumer-parts server has a Ryzen 5600 CPU and 8 x 18TB HDDs together with my modem, firewall and switch is consistently using at least 150W 24/7.
24/7 availability (at least SSH) is non-negotiable for me, but I need to find other ways to get this power usage down.
Should I segment my media library so I can spin down most of the HDDs or something? Does stopping/scheduling Docker containers actually have an impact?
How did you guys get power usage under control? Which compromises did you make? (Performance, availability, ECC memory, media library size, transcoding via dGPU, comfort, etc)
Edit: I ran some numbers and while the +1000€ on my annual bill is real, my homelab would only account for 500-600€ of that (0,40€/kWh) assuming 150W average power draw (which isn't the actual average but I don't have enough measurements for that yet). There's some other additional power usage that's unrelated to my server, but the server is still the biggest single contributor to this adjusted bill by a lot. My guess is that the server accounts for 650€ of this bill, which would mean an average of 180W usage, 24/7, 365.
https://redd.it/1qxxbi8
@r_SelfHosted
I built DockTail - Traefik-style labels to expose Docker containers as Tailscale Services
https://redd.it/1qxn9bp
@r_SelfHosted
How do you prefer to deploy services?
(I’m really not sure that is the right flair for this poll, sorry if I chose the wrong one. )
View Poll
https://redd.it/1qlw8ln
@r_SelfHosted
Booklore turns 1 year 🎂 - v1.18.5 released!
Hard to believe it’s been one full year since I started Booklore.
What began as a small personal project (just a grid of books, a basic reader, and downloads) has grown, largely thanks to feedback from this community, into a solid self-hosted book server used by thousands of people.
Over this past year, Booklore has reached:
9,200+ GitHub stars ([https://github.com/booklore-app/booklore](https://github.com/booklore-app/booklore))
\~500 forks
85+ contributors
Huge thanks to everyone here who’s tested it, opened issues, suggested features, or contributed code. The self-hosted community played a big role in shaping where the project is today.
If you’ve been running Booklore and finding it useful, I’d really appreciate a ⭐ on GitHub, let’s see if we can push it to 10k stars as a 1-year milestone.
v1.18.x highlights
This release marks one of the biggest steps forward so far:
New ebook reader (Foliate.js based**)** Clean, responsive reader with support for EPUB, AZW3, MOBI, and FB2, plus highlights, notes, and bookmarks.
Streaming ebook reading (beta) Large ebooks (cookbooks, textbooks, etc.) can now be streamed page-by-page instead of loading the entire file.
Optimized PDF & CBZ streaming PDFs and CBZ/CBX files stream pages directly without full extraction, much faster for large files.
Progressive Web App (PWA) support Install Booklore as a PWA for a cleaner, app-like reading experience.
More improvements are already in progress, but I wanted to mark the 1-year point, share the latest release, and say thanks again to everyone running Booklore at home.
Links:
Website: https://booklore.org
GitHub: [https://github.com/booklore-app/booklore](https://github.com/booklore-app/booklore)
Demo: https://demo.booklore.org (username: booklore | password: 9HC20PGGfitvWaZ1)
Discord: [https://discord.com/invite/Ee5hd458Uz](https://discord.com/invite/Ee5hd458Uz)
Support via Open Collective: https://opencollective.com/booklore
Feedback (and stars 😉) always welcome.
https://redd.it/1qluqek
@r_SelfHosted
A free and open-source tool to backup and visualize your long term Garmin data
https://redd.it/1qlhv8i
@r_SelfHosted
Thank you Mods .
This Friday thing is working out. Now we know when to come to visit our beloved selfhosted subreddit. Just ignore the Fridays . I hope for other days you will remain strict and vigilant. I know it's lot to ask, but I can only say a big thank you on behalf of real devs and the community for your hard work.
Thank you.
You guys acted like ocean clean up iniciative. ❤️
https://redd.it/1qlhbeh
@r_SelfHosted
qbitwebui v2.40.0 - now with cross seed, custom themes, file manager, RSS feeds and more
https://redd.it/1ql1v19
@r_SelfHosted
Community or Enterprise Editions](https://github.com/fosrl/pangolin).
* You can dive into the details in the [Official Documentation](https://docs.pangolin.net).
https://redd.it/1ql1b2v
@r_SelfHosted
BentoPDF … Any update?
Last week its developer posted here that they lost control of the bentopdf namespace on Docker Hub, leaving us with...
> DO NOT perform a docker pull bentopdf/
> DO NOT update your existing containers to latest
Comments in that thread indicated that such things are often quickly resolved w/Docker Hub. Yet, that post seems deleted, and the developer is silent on GitHub.
Any update?
https://redd.it/1qkxw0e
@r_SelfHosted
CLU v4.3 Release - Pull List, Weekly Releases, Auto-Downloads and Timeline
https://redd.it/1qkqm0u
@r_SelfHosted
yubal v0.2 - YouTube Music downloader now with playlists support
https://redd.it/1qknc0i
@r_SelfHosted
keywords.
NOTICE: Installation of above is risky, as misconfiguration can lead to email globally being blocked. Yes this will block globally on one specific server and all incoming email boxes emails like the above. But it's needed since the ever growing spam of trustpilot nonsense just keeps growing. Enjoy.
https://redd.it/1qklab6
@r_SelfHosted
