Sidebar
Selfhosted
Hello everyone! Mods here 😊 Tell us, what services do you selfhost? Extra points for selfhosted hardware infrastructure. Feel free to take it as a chance to present yourself to the community! 🦎
Thought this might be helpful as a lot of these mini PCs are hitting the used market.
Most of my friends are in tech, and I think one of them would enjoy hosting their own services if they got into it. Currently, I do most of our hosting, from media servers to game servers, but I think the hardest part is to give people an enticement to host. For example, maybe they saw the lights automatically come on through the use of home automation like Home Assistant or maybe they wanted to control their own music library. I think the idea of managing your own hardware and services doesn't become enjoyable until you've already seen the outcome, such as having a resource or service available to you that you didn't before. When I first got into selfhosting, I also had the problem with identifying *what* I wanted to host. How do/did you get your friends interested in selfhosting? What services did they look into hosting themselves? I'm not going to force someone into a hobby they aren't interested in, I'm just curious how people brought the conversation up. Thanks.
Quick overview of my setup: Synology NAS running a whole bunch of Docker containers and a couple of full blown VMs, and an N100 based mini PC running Ubuntu Server for those containers that benefit from hardware acceleration. On the NAS I have a Linux Mint VM that I use for various desktoppy things, but performance via RDP or NoMachine and so on is just *bad*. I think it's ultimately due to the lack of acceleration, so I'd like to try running it from the mini PC instead but I'm struggling to find hypervisor options. VirtualBox *can* be done headless, apparently, but the package installed via Apt wants to install X/Wayland and the entire desktop experience. LXC looks like it might be a viable option with its web frontend but it appears to be conflicting with Docker atm and won't run the setup. Another option is to redo the machine with UnRaid or TrueNAS Scale but as they're designed to be full fledged NAS OSes I don't love that idea. So what would you do? Does anyone have a similar setup with advice? Thanks all! Edit: Thanks for everyone's comments. I still can't get LXC to work, which is a shame because it has a nice web frontend, so I'll give KVM a go as my next option. Failing that I might well backup my Docker volumes, blat the whole thing and see what Proxmox can do.
I've tried a few options over the years, including SMB and NFS, XBMC as well as HTML with javascript I found online. I don't have a large collection of music (fewer than 100 albums), so hand coding things was actually one of the quicker options to setup. That's despite then hassle of hand coding the URL to each FLAC file as well as the album art. But sometimes the javascript doesn't handle large collections of FLAC and each implementation I tried had different quirks so I've sunk a lot of time into that in other ways without a satisfactory result. I've heard of Emby, Jellyfin, Plex, Roon and Servio. I just need something that's simple to set up and access. I don't need fancy features beyond the ability to play the music with a pleasant UI that can be accessed from the web (HTTP, not HTTPS). I'd be running this from a Raspberry Pi 3B which already has the lighttpd server running. I'm also considering just getting a portable, 128GB FLAC player with a minijack connection and moving on with my life without getting involved in networking at all. Any recommendations for an uncomplicated way to approach to doing this? Edit: Thanks so much for the helpful and enthusiastic comments! I tried Navidrome and had it up and running in ten minutes thanks to this tutorial video: https://invidious.nerdvpn.de/watch?v=7V5UUJlSknY I had to install docker-compose on the RPi. Then I got an error which turned out to be because I also needed a separate docker daemon which I installed following these instructions: https://www.simplilearn.com/tutorials/docker-tutorial/raspberry-pi-docker In just 10+ minutes I had my music collection accessible from all my devices - thanks again!
Hi, I'm searching something for manga/books. I'm currently use jellyfin, but I don't really like it (to import metadata it's very complex and mechanic thing), there are some good alternatives?
Hi! My Proxmox machine has 3 disks (see pic). I wish to migrate sdc to a 2TB SSD. I have LXCs on all drives and I would really like to avoid having to restart from backups. I don't have any special configuration on my proxmox, it's pretty clean and basic. Is it safe to simply dd the old disk to the new one? I can't find an explicit answer to this question that doesn't also have a lot of other variables not relevant to me. If not, what else can I do?
**Solution**: I just had to create the file I wanted to install Pi-Hole on my server and noticed that port 53 is already in use by something. Apparently it is in use by systemd-resolved: ``` ~$ sudo lsof -i -P -n | grep LISTEN [...] systemd-r 799 systemd-resolve 18u IPv4 7018 0t0 TCP 127.0.0.53:53 (LISTEN) systemd-r 799 systemd-resolve 20u IPv4 7020 0t0 TCP 127.0.0.54:53 (LISTEN) [...] ``` And the solution should be to edit `/etc/systemd/resolved.conf` by changing `#DNSStubListener=yes` to `DNSStubListener=no` according to [this post](https://discourse.pi-hole.net/t/update-what-to-do-if-port-53-is-already-in-use/52033) I found. But the `/etc/systemd/resolved.conf` doesn't exist on my server. I've tried `sudo dnf install /etc/systemd/resolved.conf` which did nothing other than telling me that `systemd-resolved` is already installed of course. Rebooting also didn't work. I don't know what else I could try. I'm running Fedora Server. Is there another way to stop `systemd-resolved` from listening on port 53? If not how do I fix my missing `.conf` file?
So I am working on my home server. I installed docker and use a dnsmasq container as my dns server to resolve local ip adresses. Laptop and server are both linux (ubuntu LTS 24.4) What works: - 'resolvectl status' shows the ip of my dns server - i can ping the ip of the dns server (that will run other stuff like nextcloud soon as well) - i can use nslookup to resovle server.local to the correct ip address (even after changing the entry, so its not the cache in my laptop) what does not work: - i can not ping server.local (- for testing i have to stop the systemd-resolved.service to run the dnsmasq server, or else there are port collisions, but that should not be the problem i guess. I am happy to hear your solution :)) - i can also not use ssh to log in to server.local, ip address works What am i missing? Thanks a lot already! BTW: ZFS is crazy nice :D
I am looking to get into self hosting, for setting up a simple plex + nextcloud server. However I also would like to buy a nice desktop pc soon which I would like to access at at least two locations, I think I should be able to combine this with a home server but I unsure what the best way to do this/what are the right software tools for this. The situation currently is: I have a television in my living room on which me and my partner regularly game (for now using an hdmi cable and a shitty laptop) and we have a study room where we work and play games involving a keyboard (currently also on laptop). I would like to be able to access the compute of the desktop in both locations, for this I see two options: 1. Setup a small mini pc that is also connected to the tv, use it to always run nextcloud + plex, set the main pc in the study and use steam link to forward just games to the tv. 2. Put the pc in the living room connected to the tv and use it as a home server, and setup a small pc in the study connected to the monitors and other peripherals. Then connect to the main pc with a different tool. Option 1 seems more simple but a bit limited, while option 2 should give a more powerful home server but also increase power draw (I have been thinking if there could be a good solution to this using wake-on-lan when it is not in use) but also needing a more refined way of connecting the two pcs. For sharing the computational power I have found steamlink, a remote desktop (like anydesk/teamviewer), and I have some experience with using SSH which is nice for coding but doesn't seem to work well for anything graphical. Any advice or insight what would be a good way to set this up would be appreciated!
I've been watching some One Marc Fifty stuff on YouTube. I can follow him well, and I'm decent at much of the hardware stuff. At least I can compile OpenWRT or do a basic Gentoo install with a custom kernel. I dread staring at NFTables, but can hack around some. I don't fully understand networking from the abstract fundamentals. Are there any good sources that break down the subject like Ben Eater did with the 8 bit bread board computer, showing all the basic logic, buses, and registers surrounding the Arithmetic Logic Unit? I'm largely looking for a more fundamental perspective on what are the core components of the stack and what elements are limited to niche applications. I just realized I want to use self signed client certificates between devices. It was one of those moments where I feel dumb for the limited scope of my knowledge about the scale of various problems and solutions.
Howdy Everyone! As I am setting up my infrastructure at home using docker I wanted to ask, is it better to have DNS, something like pi-hole, on my main docker swarm or would it be better to have it on a dedicated machine/docker host separate from the rest of my infrastructure? Thanks for the input!
Hi there, I've just done the switch from NextDNS to PiHole. Simply because I want to test it out + self-host my DNS. I set up PiHole+Unbound two days ago, and yesterday the amount of "Queries blocked" was much higher that it is now. But this morning the number was down back to 100ish. Is this normal behaviour, is it supposed to reset the counter? I'd rather it didn't. Let me know if this is my fault or a setting I've managed to miss. Thank you.
github.com
This may be more of an Android issue than self-hosting, but i run Radicale on my personal server to host caldav/carddav services. I want to login with uname&pword with a certificate. I found this video in Davx5 github page showing that a user can select the cert: [video](https://github.com/bitfireAT/davx5-ose/discussions/787#discussioncomment-9557861) I generated a self-signed cert from my server and installed that to my Android phone via Settings > Security&Privacy > Encryption&Credentials. But i dont get the same as the video. It keeps telling me `No certificate found`  Clicking the install button and selecting my cert will say > Install CA certificates in Settings > This certificate from null must be installed in Settings. Only install CA certificates from organizations you trust.
Has anyone got some experience/advice for choosing between the options? It seems like they are: - [Minio](https://min.io/docs/minio/container/index.html) - [Garage](https://garagehq.deuxfleurs.fr/documentation/quick-start/) - [SeaweedFS](https://github.com/seaweedfs/seaweedfs) My usecase is just to have a local single instance for testing apps against. I prefer to spin stuff up in Docker on the homelab.
I'm curious what the benefits are of paying for SSL certificates vs using a free provider such as letsencrypt. What exactly are you trusting a cert provider with and what are the security implications? What attack vectors do you open yourself up to when trusting a certificate authority with your websites' certificates? In what way could it benefit security and/or privacy to utilize a paid service? And finally, which paid SSL providers are considered trustworthy? I know Digicert is a big player, but their prices are insane. Comodo seems like a good affordable option, but is it a trustworthy company?
Hello! currently i use Jellyfin for my music library but i am not really happy with it. I used to use Plex and it was wonderful but... here we are... I already tried Navidrome but for me a crucial feature is to be able to import spotify playlists and rebuild them with my local library. For jellyfin there is a plugin that does that and it works 90% of the time. But even after finding several scripts and docker-composes i could host i was never able to properly import my spotify playlists into navidrom. Reason why that is so crucial is that i use spotify to build playlists, make song-radios and add them back into the playlist and then i download this playlist using various tools. I then rebuild these playlists inside my music library. Now i found Music Assistant 2.0 for my HomeAssistant and it's incredibly awesome! Being able to fully use my sonos speakers and group them on the fly is amazing! But using song radios inside it with my jellyfin as the media provider apparently uses jellyfin's "instant mix" and my goodness is that ever hot garbabe... i have my whole library being properly tagged by Picard and every song has the proper metadata and all that but Instant mix is just plain useless. For 50% of my songs it will just put the same song 5 times into the queue and be done with it. Sometimes it's actually able to build a good sounding radio but that's really hit or miss. So to conclude, what would you guys recommend if i want a music library that: 1. Has preferably a subsonic API to maximise compatibility with different players 2. Has the ability to import and reconstruct my spotify playlists 3. Has a working song radio / instant mix feature that will not collapse as soon as you try to use it Thank you very much!
Hey, I’m using Jellyfin and AndroidTV as client. Everything is usually working fine using direct play. But for a few files, when using subtitles, I will get the message "burning subtitles" and the server will start transcoding it. I haven’t really figured out what format is causing it, but it only happens when enabling subtitles. Anyone else having this issue? Can I do anything to fix it?
Hi there! Wondering what types of setup people have that allow them to, while the internet is down, still watch/stream media from their servers. I have a stacked Jellyfin library that, and would like to see this feature/setup in my own house. My Unraid server is on the other side of the house from where the living room is. Is there actually a sane way to achieve this?
But I want it so badly! All i need to figure out is: reverse proxys (I stumbled through getting one caddy instance setup so far but gosh I struggle with that also, nginx proxy manager seems like my next step) a rock solid backup/restore setup (but first I need to figure out where the vaultwarden alpine files live, then be able to get those off of the proxmox vm) this is more of a vent, than a request for someone to spell it all out for me. But I wouldn't be upset if anyone had the time to point me in the right direction for me. Would it just be easier to run a keypass XC and syncthing setup?
I just started setting up a Jellyfin server and am moving all of my old DVD backups off of an ancient NAS that doesn't play well with modern TVs or Chromecast. Can't cast half the videos anymore because crhomecast says F you to certain audio and video formats, but jellyfin has zero trouble talking to my TV. It was going so well that I thought I might try to back up some of the aging DVD/BluRays we have laying around because they don't last forever and I'd hate to lose these titles. I used to use Handbrake/AnyDVD, but it seems AnyDVD is defunct these days... What are people using to back up their personal DVD collections these days? I prefer Windows apps, but I do have a good linux system that I can use to back them up with too, it's just slower than my Win PC.
I'm considering a business plan for people getting in to self-hosting. Essentially I sell you a Mikrotik router and a refurbished tiny x86 server. The idea is that the router plugs in to your home internet and the server into the router. Between the two they get the server able to handle incoming requests so that you can host services on the box and address them from the broader Internet. The hypothesis is that $150 of equipment to avoid dozens of hours of software configuration is a worthwhile trade for some customers. I realize some people want to learn particular technologies and this is a bad fit for them. I think there are people out there that want the benefit of self-hosting, and may find it worth it to buy "self-hosting in a box". What do you think? Would this be a useful product for some people?
Hi everyone, I decided there simply were not enough docker apps for downloading Youtube videos, and so I made the situation worse :p In all seriousness, I couldn't find one that fulfilled all my desires in a YT downloader, so I wrote my own in python using pytubefix and streamlit. It's still fairly rough, but it works, and i'd love to get your feedback. Installation is just a simple docker compose. ```yaml services: pytube-gui: container_name: pytube-gui image: artisanbytecrafter/pytube-gui:develop ports: - 8501:8501 volumes: - /path/to/downloads:/app/downloads # set to where you want downloads to go ``` Please let me know if you run into any issues, or have any feedback. I do still have a long list :) Source code: https://codeberg.org/ArtisanByteCrafter/pytube-gui
Hi, how do you run forgejo under a reverse proxy while using an ssh channel to pull/push commits? From what I understand caddy is only able to proxy http traffic.
So i've been hosting a modded Minecraft server for my friends and me on weekends. While it's been a blast, I've noticed that our current setup using LAN has its limitations. My friends have been eagerly waiting for their next "fix" (i.e., when they can get back online), and I've been replying with a consistent answer: this Friday. However, exploring cloud providers to spin up a replica of my beloved "Dog Town" Server was a costly endeavor, at least for a setup that's close to my current configuration. As a result, I've turned my attention to self-hosting a Minecraft server on my local network and configuring port forwarding. To harden my server, I've implemented the following measures: 1. Added ufw (Uncomplicated Firewall) for enhanced security. 2. Blocked all SSH connections except for the IP addresses of my main PC and LAN rig. 3. Enabled SSH public key authentication only. 4. Rebuilt all packages using a hardened GCC compiler. 5. Disabled root access via `/etc/passwd`. 6. Created two users: one with sudo privileges, allowing full access; the other with limited permissions to run a specific script (`./run.sh`) for starting the server. Additionally, I've set up a fcron job (a job scheduler) as disabled root, which synchronizes my Minecraft server with four folders at the following intervals: 1 hour, 30 minutes, 10 minutes, and 1 day. This ensures that any mods we use are properly synced in case of issues.  any suggestions of making the computer any more secure, aswell as backup solutions? thanks! --added note, what hostnames do you guys call your servers? I used my favorite band albums and singles for hostnames.
What do you recommend for an at-a-glance access log dashboard? Kibana and Grafana seem cool but overkill. All I want is a dashboard that can ingest and parse syslogs from various services and neatly display a list of currently connected IPs and usernames if applicable as well as a IP connection history.
I’m running opnsense on proxmox with some lxc containers and docker hosts. I’ve never done internal DNS routing, just a simple DMZ with Cloudflare proxies and static entries for some external services. I want to simplify things and stop using my IPs from memory internally. For example, I have the ports on my docker hosts memorized for the services I use, only a couple mapped hosts in opnsense, but nothing centralized. What is the best way to handle internal DNS name resolution for both docker and the lxc containers? Internal CA certs? External unroutable (security)? Any tips and setups appreciated.
github.com
(I'm not affiliated with them, I just saw a post about the update) What it is: > The Open Source Alternative To Notion and for those not familiar with notion: > Notion is a collaboration platform with Markdown and including kanban boards, tasks, wikis and databases. It is a workspace for notetaking, knowledge and data management, as well as project and task management --- About the update: > New Features > > - Added a new property type, 'Files & media' > - Supported Apple Sign-in > - Displayed the page icon next to the row name when the row page contains nested notes > - Enabled Delete Account in Settings > - Included a collapsible navigation menu in your published site > Bug Fixes > - Fixed the space name color issue in the community themes > - Fixed database filters and sorting issues > - Fixed the issue of not being able to fully display the title on Kanban cards > - Fixed the inability to see the entire text of a checklist item when it's more than one line long > - Fixed hide/unhide buttons in the No Status group > - Fixed the inability to edit group names on Kanban boards > - Made error codes more user-friendly > - Added leading zeros to day and month in date format
Hi guys! Back in the day I used to have a VM holding nginx and all the crap exposed...and I did set it up with fail2ban. I moved away from it, as the OS upgrade was turning messy, and rebuilt onto an LXC container. How should I use fail2ban/iptables in order to protect/harden my LXC container/server? Do the same conditions apply, or will I have any limitations/issues due to the container itself? Thanks!
Hi. I am currently using google drive mounted with rsync (encrypted) to stream files over my VPS since my VPS provider charges a lot for extra storage compared to google. I have offline backups of the said data at home I currently have a 100GB google drive plan and it's working suprisingly great. Also it's cheap in my country due to regional pricing Now, as I learned, Google keeps your files for 2 years after you cancel your extra storage subscription. It also doesn't allow you to upload anything which locks up Gmail but that doesn't matter if it's an alt account. So, can I just create an alt account, buy a 1 month subscription, upload everything, cancel it, then read it using rclone? Does Google restrict api access (for rclone) on drives with expired subscriptions? Yeah I know I'm stretching this a bit too far but I just wanna know
I am trying to not use any Google services for notifications and so I'd like to make a script to send notifications via ntfy based on discord messages. How would I get access programmatically to my own discord account? Do they even support it? They have bots, but is their api for DMs? --- Edit: the solution may just be a bot in servers, then not responding to DMs unless they use signal
I developed an app in Laravel that uses Google authentication, it works perfectly on my localhost. When I deployed it in my nginx server (ubuntu 24.04) I get the Google login correctly and it proceeds to my main page as expected. But after that, no route is accessible. All of them throw me a 404. I've been googling it for ages but I can't for the life of me find the solution for this. EDIT: The 404 comes from Laravel, not nginx. The weird part is if I try php artisan route:list on the ser the routes are indeed missing but on the localhost they all show. The code is pretty much the same. Here's is my app conf file: ``` server { server_name partituras-cmcgb.duckdns.org; root /var/www/html/partviewer/public; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ /\.ht { deny all; } error_log /var/log/nginx/partviewer-error.log; access_log /var/log/nginx/partviewer-access.log; listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/partituras-cmcgb.duckdns.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/partituras-cmcgb.duckdns.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = partituras-cmcgb.duckdns.org) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name partituras-cmcgb.duckdns.org; return 404; # managed by Certbot } ```
I just setup a minecraft server on an old laptop, but to make it acessible i needed to open up a port. Currently, these are the ufw rules i have. when my friends want to connect, i will have them find their public ip and ill whilelist only them. is this secure enough? thanks `Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere Anywhere ALLOW my.pcs.local.ip` also, minecraft is installed under a separate user, without root privlege
These seem to be purpose built for home servers. Is there a benefit to using one of them?
So, I have a rpi4b that's currently running a VPN for family abroad. I'm just finishing setting up Ubuntu server 24.04LTS(I have limited number of USB sticks, and the largest is only 8gb, so this choice was one of size, I can go into ones I had considered before) on an old laptop. For my small business I've also bought a domain for a work email, and eventually a website both are/will be hosted externally as I don't want to faff about with securing those aspects on my home network. The VPN though, that is currently pointing to no-ip dns service, and I want to migrate that to both the laptop and my own registered domain. What's best practices here? I do need the VPN to exit through to my network, so that my MiL can watch UK streaming from abroad(TV licence shenanigans).
discourse.practicalzfs.com
I'm syncoiding from my normal RAIDz2 to a backup mirror made of 2 disks. I looked at `zpool iostat` and I noticed that one of the disks consistently shows less than half the write IOPS of the other: ``` capacity operations bandwidth pool alloc free read write read write ------------------------------------ ----- ----- ----- ----- ----- ----- storage-volume-backup 5.03T 11.3T 0 867 0 330M mirror-0 5.03T 11.3T 0 867 0 330M wwn-0x5000c500e8736faf - - 0 212 0 164M wwn-0x5000c500e8737337 - - 0 654 0 165M ``` This is also evident in `iostat`: ``` f/s f_await aqu-sz %util Device 0.00 0.00 3.48 46.2% sda 0.00 0.00 8.10 99.7% sdb ``` The difference is also evident in the temperatures of the disks. The busier disk is 4 degrees warmer than the other. The disks are identical on paper and bought at the same time. Is this behaviour expected?
Is there any service that will speak LDAP but just respond with the local UNIX users? Right now I have good management for local UNIX users but every service wants to do its own auth. This means that it is a pain of remembering different passwords, configuring passwords on setting up a new service and whatnot. I noticed that a lot of services support LDAP auth, but I don't want to make my UNIX user accounts depend on LDAP for simplicity. So I was wondering if there was some sort of shim that will talk the LDAP protocol but just do authentication against the regular user database (PAM). The closest I have seen is [the `services.openldap.declarativeContents` NixOS option](https://search.nixos.org/options?channel=unstable&show=services.openldap.declarativeContents&from=0&size=1000000&sort=alpha_asc&type=packages&query=services.openldap.declarativeContents) which I can probably use by transforming my regular UNIX settings into an LDAP config at build time, but I was wondering if there was anything simpler. (Related note: I really wish that services would let you specify the user via HTTP header, then I could just manage auth at the reverse-proxy without worrying about bugs in the service)
github.com
This is a decent writeup on applying "Zero Tust" principles to a home lab using mostly open source tools. I'm not the author, but thought it was worth sharing.