What's up, selfhosters? - Sunday thread
-
Is exposing it to the internet not an option? Boarding more family members on could be cool.
-
Interesting, I wasn't aware Talk has Text, always thought it's video only.
-
It was built in the late 80s so I doubt it's cat5. But I also know the basement was finished later, so maybe I'll get lucky at least with those.
I just need to figure out where it's all going to see if I can reuse it.
-
I expose mine for convenience, and I use multiple layers of security to reduce risk:
- Cloudflare protections at edge
- IP filtering at VPS
- connection from VPS to NAS is over Wireguard
- TLS handled in my network (so no snooping at VPS)
- all exposed services are in containers with minimal access
That cuts most of the issues.
-
ACLs are not a bad as they look.
Get your nextcloud instance hooked into tailscale
You just need a sample file
Group for admins, add yourself
Tag owner for internal is admins
Tag owner for nextcloud is adminsAction accept, src admin, dst :
Action accept, src nextcloud, dst nextcloud *.
Then tag your nextcloud ts connection as nextcloud in the webadmin
Tag all your other clients admin in the webadmin
-
I'm trying to figure out setting up TrueNAS scale and docker for the first time. Building a NAS and self hosting a few things from an old all in one mini PC.
-
Cheers! Will have a look when I have time
-
Yup. It does individual/group chat messages too.
-
I really like the concept of Proxmox; however, it’s not for my use case. Mainly running a media server. As you have mentioned, I’m also sceptical about plug-and-play OS.
I just can’t make up my mind. -
While reviewing Cosmos yesterday, I stumbled upon another operating system called ZimaOS. It’s also pretty interesting.
-
If you just want to install some apps directly on the server, I'd just go with Debian headless and set up docker, if you like with portainer or some similar GUI.
-
And that is why I no longer run Nextcloud
-
Considering moving my stuff into a VirtualBox VM or two rather than running directly on my PC. Then at some point in the future when I have the hardware for it I can fairly easily move it to proxmox. Also means installing a clean OS on my main PC is a quicker task as it would just be install virtual box, load up the VMs and a lot of stuff would already be done.
-
What router did you use?
-
Consider using containers. I used to think this way, though now my goal is to get down to almost all containers since it's nice to be able to spin up and down just what the one 'thing' needs.
-
Did system76 doing cosmic lit fire under gnome devs asses?
-
Trying to figure out how to get my qBittorrent docker container to route all traffic through my VPS through wireguard. The catch is that the webui needs to be accessible through LAN.
-
Just looking through the features, things like their own VPN.
-
So I recently sandboxed a webapp I am getting ready to launch.
Basically Unifi switch > Vlan port > Server > Hosting Webapp instances, worker instance, cloudflared and DBs.
Pretty chuffed at the docker config actually. Just configuring my WAF and tunnel settings with Cloudflare to reduce the scanning from VPS providers. Anyone have a solution or will I need to configure some sort of nginx instance to do it as Cloudflare only allows a certain length for each WAF rule for free.
-
My big problem is remote stuff. None of my users have aftermarket routers to easily manipulate their DNS. One has an android modem thing which is hot garbage.
Chrome, the people's browser of choice, really, really hates http so I'm putting them on my garbage ######.xyz domain. I had plans to one day deal with Https, just not this day. Locally I just use the domain for vaultwarden so the domain didn't matter. But if people are going to be using it then I'll have to get a more memorable one.
System updates have been a faff. I'm 'ssh'ing over tailscale. When tailscale updates it kicks me out, naturally. Which interrupts the session, naturally. Which stops the update, naturally. Also, it fucks up dkpg. I'll learn to update in background one day, or include tailscale in the unattended-upgrades. Honestly, I should put everything into unattended-upgrades.
Locally works as intended though, so that's nice.
