I need to get a new VPN setup. Been using OpenVPN through OPNsense for years but I’m fed up with the abysmal performance of the OpenVPN client on iOS. Open to suggestions but it has to be fully self hosted.
Wireguard is where it's at.
Good on iOS too, albeit a bit battery hungry if you route 0.0.0.0/0 and ::/0
I dunno if there's an iOS equivalent but on my Android phone I use the WG Auto Connect app so it's only active when not on my home wifi.
I recently setup a full matrix server. What I am currently worried about is my server. I am currently shopping for a used dual Xeon server. I am hosting close to 40 docker containers on 2 1 liter PCs with very low specs. I would love to bring it all in house to a single server with a separate NAD which I do have currently holding 60 terabytes of storage space.
I've installed coraza web app firewall with OWASP ruleset this weekend. I must admit that it wasn't as easy as I expected it, but it now (mostly) works. I had to give up with nextcloud though.
I'm still trying to get a good backup strategy. I am currently using Duplicati but I cannot get the before script execution to work. I will eventually look at Kopia.
What kind of hardware are you using for a mini lab? I want to switch from a raspberry pi 5 to a small form factor Intel based system so I can run Proxmox. I was looking at the Lenovo m920q or an Optiplex 79xx series machine.
Do you have any recommendations for backups or the hardware switch I mentioned?
Have a look at Backrest for Restic. It works great with pre/post scripting and supports healthchecks for monitoring status and stats.
Also is a nice easy to use WebUI which is great for servers.
Anyone have a good guide on setting up a reverse proxy that works with tailscale? Not sure if there's anything specific I need to keep in mind or if it would just be setting up the reverse proxy like normal. Thinking of using either traefik or caddy.
I know next to nothing about using the command line, so I’ve been relying pretty heavily on ChatGPT to set my stuff up and so far it has reliably helped me overcome every issue. The problem is, of course, that I often don’t even understand what the issue was in the first place so I don’t even know if the fix that the ai spits out is, let’s say, correct. I don’t really want to become an It expert, I just want to be able to host some services on my own to depend less on corps, is it alright if I continue to rely on the AI? Or do you guys think that I just have to learn this stuff or else I might mess up?
I don’t have great security concerns btw, my ISP doesn’t allow port forwarding, so I access my server exclusively though Tailscale.
Most of the stuff will somewhat work, but you'll introduce side effects sooner or later by using commands that might work but are not the proper ones and alter unrelated things. At some point those will likely bite you and you have no idea where it's coming from. I'd suggest to check at least what the commands you are copying are doing.
What you can probably do to build some knowledge if you're going to be using AI anyway is ask it to explain some of the concepts to you. You also have the ability to ask clarifying questions about anything you don't understand.
Yes I do that, and it does help me a lot to understand what I’m doing it’s just I’m a top down type of guy. Like I don’t like messing with anything unless I fully understand it, which often makes me very unproductive. I decided to not be that way with this self hosting thing because I realized I would never get around to it with that mentality. Better to break shit as I go.
I've had some amusing mixed experience with ChatGPT for this. When I asked about iptables rules to restrict podman, it was great. About podaman quadlets, though, which I first misspelled 'quartlets', it completely made it up, and even sent me a fake link to nonexistent documentation when I challenged it!
Try to understand whatever you use from AI. At least understanding the general picture of what it means, and a basic idea of "this flag is for this; this option is for that". AI can also help you with that understanding, but again beware of it completely making up something logically coherent but wrong.
For some reason Grafana started to sync roles with my IdP (google) and now my own user keeps getting a read only role, so I decided to take this opportunity to finally move away from google and start hosting keycloak instead.
It was a busy week so I could not get the time to finish it yet.
I’m currently trying to figure out why my email server got blocked by Proofpoint and they refuse to talk to me. Really about ready to give up on email after self-hosting it for a decade with few problems.
There is still the relay through the cloud route (SES, but also at least Scaleway)
Oh that sucks! One would think that after that long, it'd be somewhat established.
My problem is that I'm moving in the not so far future and I don't know where to put my server. Physical security is important and if someone gets into my house, takes the computer and leaves, it'll be worthless due to encryption. But if it's in somebody's datacenter (co-location or whatever), they could be forced to monitor my traffic, tamper with my system, and I'd have to entrust the key to somebody in order to boot the system and decrypt the drives should it restart for an update or for any other reason.
I'm considering asking a friend to host the homeserver and reimburse them for a better internet connection (fiber) + electricity costs. But I'm not sure they'd be up for it.
How would you solve the problem?
Myself right now I'd probably take it with me - in fact that's that I'm planning to do in a couple of months - but it sounds like my needs are a bit less than yours, and i can do some stuff just over LAN and on the 'server' (which is also a laptop) itself.
For more, I think I'd also ask a friend like you're thinking.
I did that before with a relative - just had to ask them to restart the server every now and again!
About trusted encryption keys, I did it with a simple password for boot encryption, that my relative knew, so in the event of theft it'd still be hard for thieves to get anything; but after boot I'd ssh in and unlock the second disk with my own password, then start up the services.
What do you actually need to run on your server? I'd look into downsizing. A single small form factor computer or even a newer Raspi can do a lot these days.
My problem isn't the hardware, it's that the place I'm moving to will have a bad internet connection. My current homeserver has stuff like a CI (currently being tested), a builder for software (compiling rust, C/C++, go, and whatever else), immich, nextcloud with an extension to download from youtube and other sources (basically to circumvent geoblocking of multiple friends and family), and it could be expanded to host other services e.g a seedbox. All that stuff needs good hardware and a good connection.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!