tofuwabohu

Wofür nutzt du sonst noch so Essig?

Cool guide, I'll keep it in mind when setting up my own Lemmy, even though I won't go through cloudflare. Some things I noticed:

• Since I didn't see you mentioning it, ufw (idk about gufw) doesn't actually block the ports opened by docker. Make sure to only forward your docker ports to localhost and only make the actual webservice available (e.g. 127.0.0.1:8888:8080 for piefed adminer), otherwise the ports will be accessible from your LAN
• In your update process, you can docker compose pull before docker compose down, makes a little difference especially on a slow connection/big images. I think you don't even need the down command since docker does that automatically if something changes (e.g. new build)

I've had similar problems with some other Fedi service once and it was indeed a permission problem. Good luck!

I used to host kanboard for a while, maybe I should set it up again for my homelab

Interesting, I think I should do the same for the services that are only used to people real close.

I'll just start! Personally, I'm tinkering with my local network to create a subnet for my homelab.

I want to set up Lemmy and Audiobookshelf next, but I want to tweak the infrastructure a bit before hosting more stuff.

Before the firewall thing, I set up authentik and am integrating it in more services. Migration was mostly straightforward so far in Bookstack and Paperless. Also the proxy authentication is pretty cool, finally being able to ditch basic auth in Prometheus was cool.

Thanks for keeping us up to date and for caring for the instance!

I'm always torn when it comes to recommending VPN privacy wise. I don't know if handing all my traffic to a company rather than my ISP is really that much of a benefit. Personally I'm not using them.

I choose depending on whether I'll ever have to touch the files in the volume (e.g. for configuration), except for debugging where I spawn a shell. If I don't need to touch them, I don't want to see them in my config folder where the compose file is in. I usually check my compose folders into git, and this way I don't have to put the volumes into gitignore.

Thanks a lot for your explanation, this sounds like an interesting approach! And yes, I'm trying to deepen my mostly shallow understanding of networking a bit.

Makes sense to have it at that level instead of each client, thanks

Recently set up cwa, mostly to have an easier way to get my books on my e-reader since koreader supports opds. It's been super easy so far and has a great interface, like it way better thenz calibre desktop.

Same, always checking if I missed something on my own stuff :)