Selfhosted

Cross-posted from "Update Synapse ASAP, there is a high severity vulnerability which malicious actors could use to prevent your homeserver from federating with other servers" by @[email protected] in [email protected]

Disclaimer: I am running personal website on cloud, since it feels iffy to expose local IP to internet. Sorry for posting this on selfhosting, I don't know anywhere else to ask.

I am planning to multiplex forgejo, nextcloud and other services on port 80 using caddy. This is not working, and I am having issues diagnosing which side is preventing access. One thing I know: it's not DNS, since dig <my domain> works well. I would like some pointers for what to do in this circumstances. Thanks in advance!

What I have looked into:

• curling localhost from the server works well, caddy returns a simple result.
• curl <my domain> times out, currently trying to inspect packets - it seems like server receives TCP without HTTP.
• curl <my domain>:3000 displays forgejo page, as forgejo exposes at 3000 in its container, which podman routes to host 3000.

EDIT: my Caddyfile is as follows.

:80 {
    respond "Hello World!"
}

http://<my domain> {
    respond "This should respond"
}

http://<my domain 2> {
    reverse_proxy localhost:3000
}

EDIT2: I just tested with netcat webserver, it responds fine. This narrows it down to caddy itself!

EDIT3: (Partially) solved, it was firewall routing issue. I should have checked ufw logs. Turns out, podman needs to be allowed to route stuffs. Now to figure out how to reverse-proxy properly.

EDIT4: Solved, created my own internal network between containers, besides the usual one connecting to the internet. Set up reverse-proxy to correctly connect to the container. My only concern left is if I made firewall way permissive in the process. Current settings:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
3000/tcp                   ALLOW       Anywhere                  
222/tcp                    ALLOW       Anywhere                  
8080/tcp                   ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
8443/tcp                   ALLOW       Anywhere                  
Anywhere on podman1        ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
3000/tcp (v6)              ALLOW       Anywhere (v6)             
222/tcp (v6)               ALLOW       Anywhere (v6)             
8080/tcp (v6)              ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
8443/tcp (v6)              ALLOW       Anywhere (v6)             
Anywhere (v6) on podman1   ALLOW       Anywhere (v6)             

Anywhere on podman1        ALLOW FWD   Anywhere on ens3          
Anywhere on podman0        ALLOW FWD   Anywhere on ens3          
Anywhere (v6) on podman1   ALLOW FWD   Anywhere (v6) on ens3     
Anywhere (v6) on podman0   ALLOW FWD   Anywhere (v6) on ens3

podman0 is the default podman network, and podman1 is the internal network.

I know for many of us every day is selfhosting day, but I liked the alliteration. Or do you have fixed dates for maintenance and tinkering?

Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.

This post is proudly sent from my very own Lemmy instance that runs at my homeserver since about ten days. So far, it's been a very nice endeavor.

Hey c/selfhosted,

It's been a while since our last update, but we've been busy working on exciting new GameVault features!

For those unfamiliar: GameVault is a self-hosted gaming platform that offers a Steam-like library experience for DRM-free games on your own server. It allows you to organize, share, and play your game collection with friends and family, all while keeping complete control over your data. If you are a gamer and self-hoster and never heard of it, you are probably missing out!

Based on your valuable feedback, we've significantly improved GameVault+, our main source of income, to ensure that it truly provides value for its price.

So what's new in GameVault+?

💾 Cloud Saves

GameVault now supports cloud saves through integration with Ludusavi. Your server becomes your personal cloud - automatically syncing save files between PCs and your GameVault server. Easily continue playing on another device or uninstall games and return to them later without losing your progress!

💬 Discord Integration

Your friends can now see exactly which GameVault games you're playing, thanks to a brand-new Discord Presence integration.

🚂 Steam Integration

Manage all your games in one place! GameVault can now fully synchronize your library with Steam as non-Steam shortcuts, letting you launch everything from Steam's familiar interface or your TV using Steam Big Picture.

👪 Affordable Family & Friends Plan

We've especially heard your feedback on pricing for families and groups loud and clear. Our new Family & Friends Plan lets you use GameVault+ with up to 6 users for just €8.99/month - making the premium features affordable for almost everyone!

🎯 Other Improvements

The latest updates also includes various bug fixes, improved stability, better theme management, UI enhancements, and performance optimizations.

Lastly.. Thank you for reaching 1k Discord members, 10k active users, and over 100k Docker Pulls, and for supporting our passion and work on this hobby project by subscribing to GameVault+. Your feedback continues to shape GameVault, so please share your thoughts and suggestions here, on our GitHub, or on our Discord!

Happy Gaming,

The Phalcode Team

I recently setup a immich server on a mini PC, and can access it through cloudflare etc.

It works pretty smoothly except for files bigger than 100mb (cloudflare limitation)

I have a few questions, if you can answer some please do.

1. What's your setup like? Do you have any tips/tricks for a newbie I should know about?
2. What's your backups like? Is your data safe if your house burns down?
3. Is there a cloudflare alternative I can use that will handle any file size from anywhere in the world without needing to tun on/off a vpn like tailscale?

(i would like to also set it up for my family, but for that is needs to work VERY smoothly, no needing to turn on and off VPN's to sync)

From what I have seen, rootless podman seems to take more effort (even if marginal) than rootful one. I want to make a more informed decision for the containers, so I would like to ask.

1. What is a rootless podman good for? How much does it help in terms of security, and does it have other benefits?
2. One of the benefits commonly mentioned is for when container is breached. Then, running container on sudo-capable user would give no security benefits. Does it mean I should run podman services on a non-privileged user?

Thank you!

With talk of Android 16 having a Linux terminal, I'm curious what people have already hosted from Android with emulators like Termux or rooted terminal, and/or ideas of things that make sense (or would at least be cool) to run or host from a tablet or phone if/when it's officially supported.

Myself, I mostly got Grist to run on Termux. However, not everything worked when importing a project and I wasn't willing to rebuild mine from scratch. So I just kept it on the free cloud Grist has. Would've been cool to self host it though.

Edit to add: I bought a $35 Walmart tablet on a whim to try and host Grist on it and it was fun. I feel like there probably are some cool and resourceful/relevant things to be ran on a cheap tablet like that. Just not sure what they are lol.

I got a stack of PCS that are very similar if not identical. Third gen i7, 8 gigs of ram, one terabyte hdd, all but one are the same HP model with the same motherboard, etc too. I upgraded the RAM in a few of them, and I have enough spare TB hard drives to put an extra in each. Two have Nvidia GeForce 210 gpus, and the unique one out of the bunch I'll probably throw in a spare RX 570 I have.

But, what to do with them? Easiest answer is probably sell them all for $75 each but that's not what we do here, right? Right now I'm assuming they all support w o l and I can easily set up ansible/awx for orchestration. I'm just looking for some fun experiments, projects, or actual uses for this Tower of PC towers

I commented this in another thread, but thought that it could do with its own post.

It's a solid list to go off of if you want to pick a few to host. The link has more info on each, as well as which ones are non-profit / for-profit

Overview

Have some space computing power and want to donate it to a good cause? How about 10+ good causes at once?

♻️ put an under-utilized system to good use
🚲 use as much or as little CPU/RAM/DISK as you want
✨ 100% more soul warming than mining
📈 geek out over your CPU/disk/bandwidth stats on the leaderboards

This is a collection of containers that all contribute to public-good projects:

• networks: Tor, i2p
• computing: boinc, foldingathome
• archiving: archivewarrior, zimfarm, kiwix, archivebox, pywb
• storage: ipfs, storj, sia, transmission

This v1 list was started by the ArchiveBox project, but it's open to contributions.

I recently set up a probe on a box in my home lab for Open Observatory of Network Interference (OONI) that does distributed monitoring of access to various Internet services to monitor censorship. It got me thinking there must be other distributed/collaborative things I could contribute to. I know of some others like:

• BOINC is a grid computing academic research thing where you run a client and donate CPU to crunch academic research data
• NYC Mesh you can volunteer to run a node for their community wireless mesh network

What are some other do-gooder things you can self host on your home network?

I recently posted about upgrading my media server and migrating off Windows to Proxmox. I've been following an excellent guide from TechHut on YouTube but have run into issues migrating my media into the new Proxmox setup.

Both my old Windows machine and new Proxmox host have 2.5Gb NIC cards and are connected together with a 2.5Gb switch and running on the same subnet. Following the guide, I've created a ZFS pool with 7x14TB drives and created an Ubuntu LXC which is running Cockpit to create Samba shares.

When transferring files from Windows, I'm only seeing 100MB/s speeds on the initial transfer and every other transfer after that caps out at >10MB/s until I reboot the Cockpit container and the cycle completes.

I'm not very knowledgeable on Proxmox or Linux but have run an iperf3 test between Windows > Proxmox and Windows > Cockpit container and both show roughly 2.5Gb transfer speeds yet I am still limited when transferring files.

Googling the issue brings up some troubleshooting steps but I don't understand a lot of it. One fix was to disable IPv6 in Proxmox (I dont have this setup on my network), which was successful, but didn't fix anything. I no longer see the interface when doing an 'ip a' command in Proxmox, though I do still see it when doing it in the SMB container.

Does anybody have any experience with this that can offer a solution or path toward finding a solution? I have roughly 40TB of media to transfer and 8MB/s isn't going to cut it.

With the outages this week I have decided to revisit synchronized multiroom audio. The important feature for me is that it needs to utilize the "cast" button within the Spotify/Tidal/etc apps because that's what my family uses.

Does anything exist other than the chromecast audio pucks?

Recently saw a post regarding pi-hole, and I am considering to try it out. I am wondering if it would fit my usecase, so I want to ask about specifically what it solves.

I heard pi-hole blocks ads at DNS resolution level, so it does not block e.g. youtube ads. For me and my family who mostly watch youtube with handful of blog surfing, what value would it bring? Most blogs do not seem to contain much ads, so I am not sure ad-blocking helps much there.

Given the praise pi-hole is getting, I guess there are more to it than limited blocking of ads. I would love to learn more about this topic, as I am blind on the networking stuff. Thanks in advance!

Wondering about services to test on either a 16gb ram "AI Capable" arm64 board or on a laptop with modern rtx. Only looking for open source options, but curious to hear what people say. Cheers!

Currently have nice long docker compose file that hosts my PiHole V6 container (along with a bunch of other containers) however, reason i ask this question is because whenever I go to pull an updated image and recreate the container I experience about 20 minutes of no DNS resolution which to my knowledge is due to the NTP clock being out of sync.

What’s the best way to host a DNS sinkhole/resolver that can mitigate this issue?

Was thinking of utilizing Proxmox & LXC but I suspect I’ll get the same experience.

~~Update: Turns out PiHole doesn’t support two instances, I got both of them on separate devices also set the 2nd DNS server in my routers WAN & LAN DNS settings which did in fact split DNS between both instances however, I lost access to my routers web-ui, my Traefik instance & reverse proxies died and I lost all internet access.~~

~~So, don’t do what I did.~~

Update 2: So everything I said in my first update let’s disregard that, turns out I had my router forcing all DNS to PiHole server 1 which caused my issues mentioned above.

Two servers appears to work!

I have a "homelab" (well it's not a lab hosted at home, but on the cloud) running k3s and hosting my website, IRC and Matrix. I'm moving all of these services to Podman, since it's easier and you don't have to deal with the headaches of k3s.

I spent a lot of time the past months searching about Podman and couldn't find so much information about it. I managed to get a Authentik pod up and running with Quadlet (systemd unit), and I have a basic Caddy container acting as the reverse proxy for it. These are hosted in another VPS I have, and they are running rootless.

I want to move the other services to Podman, but I'm a bit lost. Right now, I have all the Podman containers allocate specific ports on the host, and communication between Caddy and Authentik, for example, is done by specifying the local IP address of my VPS.

Is it a bad approach to do inter pod/container communication using the local host IP address? I read that you can create a network that pods/containers can use and each gets assigned its own IP from the network range, but I also read that it doesn't go well with rootless. I started using slirp4netns, but then migrated to pasta since I had some issues with getting IPv6 with the former.

So, what would be the "correct" approach here? Create a separate network for the pods and use their assigned IP addresses, or use the local IP address from the host to communicate between pods?

cross-posted from: https://lemmy.world/post/26728988

Hi - I'm rebuilding my homelab and want to give docker compose another try. It looks like Watchtower is years out of date now. I see two forks that look more promising per https://techgaun.github.io/active-forks/index.html#https://github.com/containrrr/watchtower

These two: https://github.com/beatkind/watchtower https://github.com/nicholas-fedor/watchtower

The former seems to have more activity. What are you all using?

I dont mean to be a bother, but recently i got wiregaurd setup so myself and my friends can access resources such as my server. i have it setup for the client and the server to only allow 192.168.8.170. To be tunneled, so for example my friends can google and resolve DNS just fine and its all in there network, then when they want to access the server it will be at 192.168.8.170 and the docker services will run on ports for example 8080:80. and to be honest it works great for me and friend 1. but for friend 2 DNS doesnt resolve???

he can ping 9.9.9.9 he can acess the services on 192.168.8.170 but he cant resolve DNS when wiregaurded in.

his network has ipv6 and ipv4, my network only has ip4 and friend 1's network is ipv4 only. do you smart people on the internet think ipv6 could be an issue? friend 2 is running linux mint if that matters. I know a little about networking but by no means am an network engineer.

its a slight issue friend 2 really wants to be able to google and play command and conquer pvp at the same time. any help would be greatly appreciated as im kinda stumped!

-edit SOLVED i had a DNS for the client config and i just had to remove it client side.

I have no idea why this is happening on my arch linux machine. I was trying to set it up as a client device, and now i have no internet connection on my wired network. This is bare metal not docker. I just wanted to add the device to my tailnet.

Any help is appreciated

Thank you for your time.

EDIT: I have completely uninstalled tailscale yet I still do not have internet access. I am connected to the network fine. If i cinnect through wifi it is the same result.

EDIT 2: the error I am recieving is limited connectivity.

EDIT 3: It has been fixed! [email protected] solution fixed it!

I've gotten a bit tired of Nextcloud as of late an I'm curious it is a viable alternative. I like having Nextcloud Talk but I can live without it.