Evening y’all

I’ll try to keep it brief, I need to move my reverse proxy (traefik) to another machine and I’m opting to utilize Docker Swarm for the first time this way I’m not exposing a bunch of ports on my main server over my network, so ideally I’d like to have almost everything listening on local host while traefik does it’s thing in the background

Now I gotta ask, is Docker Swarm the best way to go about this? I know very little about Kubernetes and from what I’ve read/watched it seems like Swarm was designed for this very purpose however, I could be entirely wrong here.

What are some key changes that differ typical Compose files from Swarm?

Snippet of my current compose file:

services:
  homepage:
    image: ghcr.io/gethomepage/homepage
    hostname: homepage
    container_name: homepage
    networks:
      main:
        ipv4_address: 172.18.0.2
    environment:
      PUID: 0 # optional, your user id
      PGID: 0 # optional, your group id
      HOMEPAGE_ALLOWED_HOSTS: MY.DOMAIN,*
    ports:
      - '127.0.0.1:80:3000'
    volumes:
      - ./config/homepage:/app/config # Make sure your local config directory exists
      - /var/run/docker.sock:/var/run/docker.sock #:ro # optional, for docker integrations
      - /home/user/Pictures:/app/public/icons
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.homepage.rule=Host(`MY.DOMAIN`)"
      - "traefik.http.routers.homepage.entrypoints=https"
      - "traefik.http.routers.homepage.tls=true"
      - "traefik.http.services.homepage.loadbalancer.server.port=3000"
      - "traefik.http.routers.homepage.middlewares=fail2ban@file"
  traefik:
    image: traefik:v3.2
    container_name: traefik
    hostname: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      main:
        ipv4_address: 172.18.0.26
    ports:
      # Listen on port 80, default for HTTP, necessary to redirect to HTTPS
      - target: 80
        published: 55262
        mode: host
      # Listen on port 443, default for HTTPS
      - target: 443
        published: 57442
        mode: host
    environment:
      CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token # note using _FILE for docker secrets
      # CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN} # if using .env
      TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
    secrets:
      - cf_api_token
    env_file: .env # use .env
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./config/traefik/traefik.yml:/traefik.yml:ro
      - ./config/traefik/acme.json:/acme.json
      # - ./opt:/opt
      #- ./config/traefik/config.yml:/config.yml:ro
      - ./config/traefik/custom-yml:/custom
      # - ./config/traefik/homebridge.yml:/homebridge.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.MY.DOMAIN`)"
      #- "traefik.http.middlewares.traefik-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.0/24, 208.118.140.130, 172.18.0.0/16"
      #- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.MY.DOMAIN`)"
      #- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=MY.DOMAIN"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.MY.DOMAIN"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "traefik.http.routers.traefik.middlewares=fail2ban@file"

networks:
  main:
    external: true
    ipam:
     config:
       - subnet: 172.18.0.0/16
         gateway: 172.18.0.1

I censored out my actual domain with MY.DOMAIN so if that confuses people i apologize.

I've just re-discovered ollama and it's come on a long way and has reduced the very difficult task of locally hosting your own LLM (and getting it running on a GPU) to simply installing a deb! It also works for Windows and Mac, so can help everyone.

I'd like to see Lemmy become useful for specific technical sub branches instead of trying to find the best existing community which can be subjective making information difficult to find, so I created !Ollama@lemmy.world for everyone to discuss, ask questions, and help each other out with ollama!

So, please, join, subscribe and feel free to post, ask questions, post tips / projects, and help out where you can!

Thanks!

I made this website to improve the experience of shopping for drives on https://serverpartdeals.com/ as I find their interface not very helpful.

If there are any additional features or changes you want to make feel free to open a pull request https://github.com/Ykrej/ServerPartDealsTable

EDIT: critiques on my code also welcomed, this is my first time writing Svelte.

What (lightweight) solution are you using for network monitoring? Routers, switches, AP's fw's.

I'm looking for some kind of File Drop / File Upload service.

I'd like to be able to create a folder, and create a share / upload link for that folder that I can give to a customer to use to upload their documents.

I've been using nextcloud but I don't use nextcloud for any other purpose and it's a behemoth so I'd like to transition to something else.

Some of these requirements are essential (!):

• no login for customers uploading (!)
• optional password protection for uploads
• can't see / download files already present in the shared folder

Hey c/Selfhosting, I'm finally dipping my toes into creating a NAS for my household, after saving up funds for awhile. Hopefully this is an okay place to ask a dumb question:

Is it possible to gradually add drives to a NAS while maintaining a RAID array?

I'm about to pull the trigger on an aoostar WTR Pro (4 bay), but budget will only allow for 2x 4tb drives to start off with. I'm wanting to do RAID1 for data redundancy, but eventually I'd want to add another 2x 4tb drives to get to 8tb of RAID1. Is this possible without having to copy out all the data from the NAS? Would I have to start the initial setup as RAID10 instead of RAID1? I wouldn't mind doing trial and error with it if storage wasn't so expensive down here in NZ, and the whole household's data is going to be on it. Thanks for any guidance in advance

Context: Currently the plan is to either go with the 4 bay or 2 bay R1 pro with the Intel N150, install TrueNAS, Immich and Jellyfin, pretty lightweight stuff (I hope). Trying to keep it around NZD1000.

Hey,

I'm using Joplin (a Markdown note taking app) and think about migrating to Logseq because of multiple reasons.

The main problems I have not yet solved:

1. OSS-Syncing Logseq notes between Desktop OS and Android. Logseq does not have an OSS selfhostable sync-server like Joplin has...
2. Making sure to transform my stuff, so that Logseq can work with it. Yes, it's both Markdown, but especially images and how Joplin handles them seem to be a problem for this migration.

What are your experiences? Have you ever switched between 2 Markdown note taking apps?

• Which ones?
• How well went it?

Is it maybe even possible to use app 1 and a Desktop OS and a totally different app on Android simultaneously on the same data? The common standard is Markdown...

I'm looking for experiences and opinions on kubernetes storage.

I want to create a highly available homelab that spans 3 locations where the pods have a preferred locations but can move if necessary.

I've looked at linstore or seaweedfs/garage with juicefs but I'm not sure how well the performance of those options is across the internet and how well they last in long term operation. Is anyone else hosting k3s across the internet in their homelab?

Edit: fixed wording

So, recently I spun up cAdvisor to provide some metrics for the Grafana dashboard. I created both the docker-compose.yml and prometheus.yml thusly:

prometheus.yml:

scrape_configs:
- job_name: cadvisor
  scrape_interval: 5s
  static_configs:
  - targets:
    - cadvisor:8080

docker-compose.yml

services:
  prometheus:
    image: prom/prometheus:latest
    container_name: prometheus
    ports:
    - 9090:9090
    command:
    - --config.file=/etc/prometheus/prometheus.yml
    volumes:
    - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
    depends_on:
    - cadvisor
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    container_name: cadvisor
    ports:
    - 8080:8080
    volumes:
    - /:/rootfs:ro
    - /var/run:/var/run:rw
    - /sys:/sys:ro
    - /var/lib/docker/:/var/lib/docker:ro
    depends_on:
    - redis
  redis:
    image: redis:latest
    container_name: redis
    ports:

- 6379:6379

Placed them both in /tmp/cadvisor/ and ran docker compose up. All well and good, got some metrics to feed Grafana and all would seem jippity jippity.

Next day I notice Prometheus is off line. Hmm, check everything out. Logs complaining of a missing prometheus.yml. On a hunch I recreated the above prometheus.yml and placed it back in /tmp/cadvisor/, restart Prometheus, and it fires right up no runs, no drips, no errors. Before I uploaded the new prometheus.yml, I notice that there is a directory now named prometheus.yml in /tmp/cadvisor/, which is empty. Deleted it.

Next day, same scenario. Missing prometheus.yml, directory called prometheus.yml in /tmp/cadvisor/. I thought well, if it's getting deleted, change the permissions, and continued my daily affairs.

Today, same exact scenario. So, wtf, over? Run some commands:

stat /tmp/cadvisor/prometheus.yml
sudo lsof /tmp/cadvisor/prometheus.yml
grep "delete" /var/log/syslog

I can see that the file IS being deleted, but I cannot seem to trace down what is deleting it. It's like there is a cron job that fires off every day at a certain time and deletes prometheus.yml, and in it's place, creates a directory called prometheus.yml effectively taking Prometheus offline. I have no such cron job tho.

Any ideas? Suggestions? Ancient wizardry? Any mystical incantations or tomes to consult?

Seedit is a selfhosted peer-to-peer Reddit Alternative using IPFS

doesn’t rely on any servers or instances .

We mainly use 3 technologies, which each have several protocols and specifications:

IPFS (for content-addressed, immutable content, similar to bittorrent) https://docs.ipfs.tech/ https://specs.ipfs.tech/

IPNS (for mutable content, public key addressed)

https://docs.ipfs.tech/concepts/ipns/

Libp2p Gossipsub (for publishing content and votes p2p)

https://docs.libp2p.io/concepts/pubsub/overview/

They also have a youtube channel where they cover how most of their tech works:

https://www.youtube.com/c/IPFSbot

the problem with federated social media is that each federated instance is just a regular centralized sites. They can censor each other, they can get taken down at any moment, and they are hard to run and manage. Whereas on p2p tech like bittorrent or bitcoin or plebbit, the p2p nodes don't require domains, they just work straight out of the box. On plebbit, you open the app, and you're instantly receiving p2p connections right away, just like a bittorrent client, no domain or server required. Users connect to your node directly, p2p, and nobody can stop you. P2P also scales infinitely, which is the reverse of centralized websites like federated instances: the more users there are, the faster it gets. And it's impossible to censor at scale.

Seedit is not Nostr

nostr isnt p2p, the relays can censor you, the relays can run out of money and shut down, the relays can get DDOSed, they earn no money to serve your content.

the people running the relays are probably legally obligated to censor you by their jurisdiction. for example in the UK you go to jail for mean tweets. the person running the relay with mean content would probably go to jail if they set foot in the UK.

CP

• the protocol is text only, to embed media, you need to host it on the regular ( Centralized ) internet, and then you link to it like https://example.com/image.jpg, and the host will stop hosting that image and report your IP.

• the community creator can assign mods, mods can remove posts from that community. if a community is badly moderated, the user will never see it, it wont be recommended to him. the user can visit bad communities directly just like you can visit a bad website directly, but it's not recommended to you so it's safe to use.

it’s the same as bittorrent , this p2p tech can’r prevent people from sharing stuff, but on seedit you can’t share media, it’s text-only so the liability falls to the centralized provider of the embedded media from the link the user shares as text. Also being p2p, seedit is not private, so it can’t really be used for illegal activity

About ActivityPub

the problem with federated social media is that each federated instance is just a regular centralized sites. They can censor each other, they can get taken down at any moment, and they are hard to run and manage. Whereas on p2p tech like bittorrent, p2p nodes don't require domains, they just work straight out of the box. On seedit, you open the app, and you're instantly receiving p2p connections right away, just like a bittorrent client, no domain or server required. Users connect to your node directly, p2p, and nobody can stop you. P2P also scales infinitely, which is the reverse of centralized websites like federated instances: the more users there are, the faster it gets. And it's impossible to censor at scale.

Also the code is fully open source

https://github.com/plebbit/seedit

https://getoffpocket.com/self_hosted

The link is the view for people who like to self-host. I'm also hoping to guide people who would never self-host to using open source tech. I'm a big proponent of that myself. I switched to Wallabag quite some time ago.

I am in the EU. I want to help make the TOR network more robust by contributing a relay node. I have one of three hardware options: a raspberry pi zero W, raspberry pi 4B, or ThinkPad T470s.

In your practical experience, which of these computers would be the best for the network? As I understand, beyond a point, the CPU power doesn't matter unless massive traffic loads go through the node.

P.S: Not sure if this is relevant, but I currently have a pihole hosted in a separate RPI zero. I plan to host this at home. I do not have a separate connection line. My router doesn't support vlan.

Add: Thank you for the kind replies. Based on the feedback, it think I'm currently not setup to help the network. I will instead continue with my annual contribution.

I will look into hosting a node on a VPS and just pay a monthly subscription fee or something.

I started a webui container and then I started to get this error in OpenWebUI interface.

SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data

• latest Ollama on windows
• latest Open WebUI in docker desktop

according to a post online, I should set ENABLE_WEBSOCKET_SUPPORT=True in my docker compose, but I'm not using reverse proxy. Is ENABLE_WEBSOCKET_SUPPORT=True necessary?

What could a possible solution be for this?

My docker compose

services:
  open-webui:
    image: ghcr.io/open-webui/open-webui:cuda 
    container_name: open-webui
    restart: unless-stopped
    ports:
      - "3000:8080"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - ./data:/app/backend/data
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: all
              capabilities: [gpu]
volumes:
  open-webui:

log

2025-06-21 10:43:57 open-webui  | 2025-06-21 00:43:57.601 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 172.21.0.1:37276 - "GET /_app/version.json HTTP/1.1" 304 - {}
2025-06-21 10:44:58 open-webui  | 2025-06-21 00:44:58.114 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 172.21.0.1:49064 - "GET /_app/version.json HTTP/1.1" 304 - {}
2025-06-21 10:45:58 open-webui  | 2025-06-21 00:45:58.779 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 172.21.0.1:55958 - "GET /_app/version.json HTTP/1.1" 304 - {}
2025-06-21 10:46:59 open-webui  | 2025-06-21 00:46:59.179 | INFO     | uvicorn.protocols.http.httptools_impl:send:476 - 172.21.0.1:47424 - "GET /_app/version.json HTTP/1.1" 304 - {}

UPDATE:

• when I open http://localhost:3000/ in another browser it works perfectly fine. I think the issue is about the browser I used (firefox with a lot extension installed and setting tweaked)

UPDATE 2: The problem is with this plugin https://addons.mozilla.org/en-US/firefox/addon/chameleon-ext/ Everything works fine with it disabled.

The reason my chameleon breaks openwebui is because I changed a setting in it that it blocks all websocket connection

Thank you everyone for your help

cross-posted from: https://slrpnk.net/post/23642763

Hi c/selfhosted,

I just released wanderer v0.17.0, which brings full federation support to the project.

E.g.: https://lemmy.world/u/demo@demo.wanderer.to

For anyone new to it: wanderer is a self-hosted platform for managing hiking, biking, or running trails. You can upload or draw GPS tracks, organize them into lists, add photos, metadata, waypoints, and summit logs. It’s open source and designed for people who want full control over their outdoor data, with a clean UI and no third-party dependencies.

What’s new in v0.17.0

This release adds support for ActivityPub, meaning instances of wanderer can now talk to each other—and to the wider fediverse. Here’s what that enables:

• Follow users across instances When you follow someone, any new trails or lists they upload will show up in your feed automatically.
• Like and comment on trails, even across servers.
• Mentions You can mention other users in trail descriptions, comments, or summit logs, and they’ll be notified—regardless of which instance they’re on.
• Summit logs from others Other users can now log their own visits to your public trails with GPS data and photos.
• Cross-instance trail sharing Public trails can be shared with users on other instances.

If you’re not interested in federation, that’s fine too. wanderer still works completely standalone—federation only kicks in when you start interacting with other instances.

Links:
Demo: https://demo.wanderer.to/
GitHub: https://github.com/Flomp/wanderer
Discord: https://discord.gg/USSEBY98CP
Support wanderer: https://buymeacoffee.com/wanderertrails, https://liberapay.com/wanderer

I inherited a decommissioned Dell PowerEdge T610 from my work recently. I have it setup with Truenas and plan to have it be our new Jellyfin, file storage, and whatever else I can figure out. But I'm new to Raid setups and was hoping for advice before proceeding. After doing a little research I figured a Raid 5 configuration would be a fun experiment and could help with stability in the long run.

My question is, should I manage drives via the hardware controller? Or Truenas?

The server has a hardware raid controller and the drives have to be configured in the bios in order to be visible by an OS. Easy enough. I setup 4 drives in a Raid 5 configuration, boot to Truenas. I try to make a pool with the vdrive but then Truenas wants to configure it. If I chose anything other than Raid 0 it would cut into the storage even more. So I went back in, changed the 4 drives to Raid 0 in the bios, then setup the pool in Truenas using the 4 individual vdrives. But then I started to wonder if the two would be compatible in the long run?

Then in wondered, is Raid 5 even worth it? I have a single drive I currently use as a direct backup of our important photos, videos, etc. That one is not going in the array but will be copied over for easy access and kept as a backup. So with a direct backup of the important stuff do I really need to sacrifice space for mirroring and parity?

I'm curious what you all think.

Hi all!

I'll try to be quick but I apologise first as I am pretty new to security stuff and my questions might be obvious to the more experts.

I have a VPS (hetzner) set up with docker, caddy for the reverse proxy, and authentik as the only login method for a couple of services (hedgedoc and forgejo). Since most of these has to be available and accessible on the internet, I also setup crowdsec and built caddy with the relevant bouncer. This allows crowdsec to inspect the caddy logs for all the services I am serving through it and act accordingly. Edit: all the services are in docker containers.

So far, so good. However, I also saw that crowdsec can directly monitor container logs with the docker integration or through container labels. Also, I saw a couple of collections on crowdsec hub specifically for Authentik and Gitea.

I feel I am missing something so my question are:

1. Would it be useful to monitor container logs given my setup or would it be redundant?
2. Should I add the app-specific collections, or would docker logs monitoring be enough?

Edit: bonus question, does someone know if the Gitea collection would be useful for Forgejo after it being a hard-fork now?

I would like to make myself a media server and NAS which stores my photoes and files. I have an Optiplex 3070 with a 1 TB Hdd which i plan to use for my media server and want to buy a raspberry pi to use as a NAS for photos and files. What do you think ? will raspberry pi5 be enough, i want something small.

I'm pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!

So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn't require much technical knowledge.

Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?

P.S. Apparently, what I've tried on the router does work, it's just that my NAS was sitting in the DMZ. Now it works!

Hello,

Im planning on running a postgresql server on my k3s cluster using the bitnami/postgresql helmchart & container image. I already set it up for testing and it works really well.

But since newer versions of immich are moving to VectorChord I would like to install this extention so i can move my immich database to this postgresql server.

I already tried to search how i should/could install an extention in the bitnami/postgresql image but I haven't found something usefull to me. Im not a postgresql expert so maybe i missed some stuff :).

Does someone have experience with this or know in which direction i should like i would greatly appreciate it.

Thanks for your time and have a wonderfull day!

EDIT: Could someone explain me why im getting downvotes for this post? Is the way i wrote it not good? Is it a bad question? Is the software i mentioned unpopular?

Mbin merging the world of threaded discussion and microblogging makes a lot of sense to me, but on the latest FiresideFedi Jerry mentioned that it was the most challenging thing to host and hinted that it was still very much in development. Wondering what peoples experiences have been trying to get it up and running? What’s the stability and resource usage been like? Also it seems the developers of Mbin don’t have their own general instance, which is concerning to me because that helps a project monitor stability and optimize resource usage.

You will see that I have posted about this before asking for suggestions on which software I can use to convert PDF to docx/odt.

I am a teacher. During my time as a researcher I wrote a lot of documents and regularly draw upon them to teach my students. I often have to take the text, modify them, or build upon them. A lot of my material is bound up in PDFs. Sometimes, I have grant applications to write where a previous draft I wrote was stored as a PDF. Converting them to text has become the bane of my life.

I am forced to use online tools because none of the software I have seem to do the trick. Lot of people keep saying pandoc. Pandoc does not convert PDF to any other format. It can only be the output format.

Is there a magic open source solution that I have missed out?

right now I'm trying a dedicated Jellyfin instance for audio only (bought the lifetime emby subscription before i learned about jellyfin, so video is elsewhere) but having trouble finding a good client that could run on the guts of an old autonomic MMS2A. That device has an analog and digital output, which with the normal OS treated as two separate sources. is that something anyone else has tinkered with? the original plan was to just run a kodi instance with the jellyfin addon, but im not sure if this has the horsepower to run kodi, and certainly not two at once! (4gb of ram max for this beast.

i need it to be remotely controllable, it'd be cool to have easy playlist management/backup that other devices could see, and potentially an android client if possible?

I've dabbled with the "____sonic" ecosystem back before i was really good at linux, and struggled a bunch, before giving up without anything real to show for it.

just curious if anyone else has been down this road successfully!

thanks for this community, my scrolling stops INSTANTLY when i see a post from here.

(oh my music server is a truenas SMB share, hosted in a proxmox vm! not opposed to putting a big SSD in this device if local music would make things easier)