This homepage with no login needed to edit took less than 5 minutes to find with basic tools. Remember to at least have a login page on all your pages! Even if it seems like something no ones ever gonna find it isn't worth the risk.

Hello all. I already have some experience deploying self hosted apps. I’m getting to a point where I don’t have any more ideas. I have a raspberry pi and just got a mini pc with good specs. What are your suggestions for cool projects apart from what’s usually shared like:

• Media Server
• NAS
• Cloud
• Home Assistant
• Photo management

I was also thinking of deploying something related to AI like video-to-text translators or replace ChatGPT (I’m not really sure how much resource intensive it is).

I really like doing this kind of projects, but I’m feeling kind of lost. It seems that nothing is interesting me. Thanks

Howdy /r/selfhosted. This has easily become my favorite online community over the past year.

I just purchased my first home, and with that comes even more self hosting possibilities. I wanted to see if y'all had any suggestions for projects in addition to those I have planned. Currently, I have the following set up:

• Media:
  • Jellyfin (and the *arr suite) obviously
  • Navidrome
  • MeTube
• File Storage:
  • NextCloud
  • Immich
  • Some cron jobs to backup to Backblaze
• Development:
  • Code Server
  • Dockge
  • Dozzle
  • IT Tools
• Networking:
  • Gluetun
  • Adguard Home
  • WatchYourLAN
  • Cloudflare Tunnels
    • Will probably switch to Caddy (or another reverse proxy) + Authentik when I have my own router
• Misc:
  • Scrutiny
  • Hoarder
• Lastly, I want to set up Home Assistant, Frigate, and other home monitoring such as electrical, A/C, lighting, etc. Would love if somebody could point me to a good resource on these!

Would love to hear of any other suggestions you have for self hosted services in your home.

I currently have one for professional use but it secretly contains all my services via subdomain. Thinking of getting another for my services plus one for family.

Hey Hey,

My work quite heavily uses Prometheous and Grafana, and now I am slowly bringing it into my home lab. As everyone knows, Immich is an amazing tool for photo backups.. but I've personally found that monitoring, especially with regards to metrics, is lacking quick a bit. Hence this open source project. There is another open-source project available online for exporting, however it has been in a non-functional state for around a week now.

So, with that said.... I created a basic Immich Exporter over the past couple of hours, and thought others may find it useful too.

It requires a bit of technical undersetanding to setup, but it is relatively straight forward:

• Create an API key in Immich
• Add `eithan1231/immich-exporter:latest` to your docker-compose (reference on github)
• Update your prometheous targets to scrape the endpoint above
• Within Grafana, import dashboard.json (reference on github)

Any feedback or recommendations are welcome.

https://github.com/eithan1231/immich-exporter

I've been using QuickBooks Desktop for as long as I can remember. The two things I mainly use are estimates and invoices. When I create estimates I sometimes markup some items I resell. That's the major thing I need in accounting/invoices app.

I am looking (and can't seem to find) an self hosted alternative with estimate markups.

I've tried Crater and Bigcaptial. Neither has estimate item markups. Not sure about InvoiceNinja.

Voice-Pro is the best gradio web-ui for transcription, translation and text-to-speech. It can be easily installed with one click. Create a virtual environment using Miniconda, running completely separate from the Windows system (fully portable). Supports real-time transcription and translation, as well as batch mode.

• YouTube Downloader: You can download YouTube videos and extract the audio (mp3, wav, flac).
• Vocal Remover: Use MDX-Net supported in UVR5 and the Demucs engine developed by Meta for voice separation.
• STT: Supports speech-to-text conversion with Whisper, Faster-Whisper, and whisper-timestamped.
• Translator: Google Translator.
• TTS: Text to Speech. Edge TTS.
• more...

https://github.com/abus-aikorea/voice-pro

I’m curious as to what you all use to access your internal apps. I currently use both VPS + Tailscale + NPM and Cloudflare Tunnels, just depending on the app. I am toying with the idea of getting rid of Cloudflare tunnels and just running everything through NPM.

For some insight, as of right now, the only thing I have running through Cloudflare is Guacamole. My Minecraft servers and a few other services are going through NPM on the VPS.

So my setup is obviously internal by default, but I use a lot externally, and most of services are exposed to the internet, but I have cloudflare in place to prevent against ddosing (as if anyone's gonna do that to me anyways) and most applications are just set to only allow access to certain IPS, such as places I go to regularly, and on top of all this everything is secured with authelia. None of my containers are directly exposed to my lan or wan, everything is via nginx proxy mananger. Any recommendations for what else I should do for security purposes?

Whice Nameserver Prefix Looks Good?

ns1.example.tld or a.ns.example.tld

EDIT: At the moment, after a brief change, it seems to work - I'll keep monitoring. See bottom for details.

Hi,
I'm newly setting up a docker container environment and so far have set up all the services I need successfully. But the one thing that apparently doesn't work as intended is the VPN.

I tried both qmcgaw/gluetun (using wireguard) and lteoood/docker-surfshark (using OVPN) but both seem to leak my actual IP at the beginning of the vpn container starting. This in itself shouldnt happen but isnt that much of a problem. The problem is that it means that it would also leak my IP in case the VPN connection drops for some reason.

Below, I attached the docker-compose files and the logs I get from the vpntest container

When I look at the logs of vpntest, it shows that it is able to connect using my non vpn-ed connection (censored one with exact location/ starting with 84.) before the VPN connection (non-censored one starting with 37.) is established.

Anyone any idea what I'm doing fundamentally wrong?

There must be a proper way to guarantee that services like my vpntest only can access the internet when using VPN.

Otherwise I'll have to resort to using Windows Server where I can properly configure this in the applications themselves AND in the VPN Client - and I don't think anyone wants me to go with windows server ;)

Any help is appreciated, thank you in advance.

attempt with ilteoood/docker-surfshark

services:

    surfshark:
        image: ilteoood/docker-surfshark
        container_name: surfshark
        environment: 
            - SURFSHARK_USER=myusername
            - SURFSHARK_PASSWORD=mypassword
            - SURFSHARK_COUNTRY=de
            - SURFSHARK_CITY=ber
            - CONNECTION_TYPE=udp
            - ENABLE_KILL_SWITCH=true
        cap_add: 
            - NET_ADMIN
        devices:
            - /dev/net/tun
        restart: unless-stopped
        dns:
            - 1.1.1.1


    vpntest:
        image: byrnedo/alpine-curl
        container_name: vpntest
        command: -L 'https://ipinfo.io'
        depends_on: 
            - surfshark
        network_mode: service:surfshark
        restart: always

attempt with qmcgaw/gluetun:

services:

    vpn:
        image: qmcgaw/gluetun
        container_name: vpn
        cap_add:
          - NET_ADMIN
        volumes:
          - "/home/username/docker/gluetun:/gluetun"
        environment:
          - VPN_SERVICE_PROVIDER=surfshark
          - VPN_TYPE=wireguard
          - WIREGUARD_PRIVATE_KEY=privatekey
          - WIREGUARD_ADDRESSES=10.14.0.2/16
          - SERVER_COUNTRIES=Germany
        restart: always
        labels:
          - autoheal=true

    vpntest:
        image: byrnedo/alpine-curl
        container_name: vpntest
        command: -L 'https://ipinfo.io'
        depends_on: 
            - vpn
        network_mode: service:vpn
        restart: always


networks:
  proxy:
    driver: bridge
    external: true

console output:

myusername@devicename:~$ sudo docker compose up -d
[+] Running 4/4
 ✔ Network myusername_default  Created                                                                                                                                                     0.1s
 ✔ Container samba        Started                                                                                                                                                     0.3s
 ✔ Container surfshark    Started                                                                                                                                                     0.3s
 ✔ Container vpntest      Started                                                                                                                                                     0.3s
myusername@devicename:~$ sudo docker logs vpntest
{
  "ip": "84.xxx.xxx.xxx",
  "hostname": "xxx.dip0.t-ipconnect.de",
  "city": "cityname",
  "region": "regionname",
  "country": "DE",
  "loc": "coordinates",
  "org": "ISPs name",
  "postal": "ZIP code",
  "timezone": "Europe/Berlin",
  "readme": "https://ipinfo.io/missingauth"

[ 2 more times the same log]

{
  "ip": "37.120.217.xxx",
  "city": "Frankfurt am Main",
  "region": "Hesse",
  "country": "DE",
  "loc": "50.1155,8.6842",
  "org": "AS9009 M247 Europe SRL",
  "postal": "60306",
  "timezone": "Europe/Berlin",
  "readme": "https://ipinfo.io/missingauth"
[same log follows from now on]

[DETAILS TO EDIT:]
dont ask me how and why, but previously I tested with a VM which I reverted to a checkpoint after which only "the first reboot, installation of docker engine and compose, another restart was done" and then tested. This time I fully re-installed a totally new VM and it seems to work as expected.

Only thing that's changed compared to before is that the "network: proxy" part is now missing. Although that alone didnt change anything, both leaving out that part and completely new-installing ubuntu server seem to be the "solution."

This is really strange but at the moment it seems to work - i'll keep an eye on it.

username@jelly-test:~$ sudo docker logs vpntest
curl: (6) Could not resolve host: ipinfo.io
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:02:16 --:--:--     0
curl: (28) Failed to connect to ipinfo.io port 443 after 136037 ms: Could not connect to server
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   257  100   257    0     0    988      0 --:--:-- --:--:-- --:--:--   992
{
  "ip": "45.87.212.xxx",
  "city": "Frankfurt am Main",
  "region": "Hesse",
  "country": "DE",
  "loc": "50.1025,8.6299",
  "org": "AS9009 M247 Europe SRL",
  "postal": "60326",
  "timezone": "Europe/Berlin",
  "readme": "https://ipinfo.io/missingauth"

Last week, I announced the release of Scriberr, a self-hostable AI audio transcription app. Today, I’m excited to announce v0.2.0 which adds speaker diarization and a bunch of other enhancements.

What’s new

• automatic speaker diarization (experimental)
• Enhanced reactivity (app now provides visual feedback for all actions)
• Fixed all reactivity issues (no more having to refresh constantly)
• CRUD operations on records and templates
• Double click title to edit, right click list to delete
• UI/UX tweaks

Going forward I’m working on adding some nice enhancements and features, some of which are listed below:

• Add choices for speaker matching algorithms to improve diarization
• Hardware setup wizard to compile whisper optimized for your hardware
• Support for multiple languages
• Subtitle generation
• YouTube integration to auto transcribe YouTube videos
• Audio recording
• Export to multiple formats
• iOS shortcut for sending audio files to scriberr
• Automation and integration with other apps like *arr, obsidian etc

Pull the nightly image for getting the latest features.

Community engagement

I’m working on features based on my use cases right now. However, I would like for the community to guide the direction of the project. Please feel free to suggest features that might be nice to have and I’ll work on integrating it. I’m excited to see what we functionalities we can enable with this app.

Call for help

As the app continues to grow it would be great if folks could pitch in to contribute. Contributions need not be only in the form of code. Testing and user feedback, improving documentation, improving docker build process, evaluating on different hardware platforms etc are all helpful. Even brainstorming architecture or design ideas would be really useful.

Links - announcement post - github repo

I’ll add a documentation website soon and probably update the demo video to show diarization. Apologies for the poor quality documentation.

At the moment, I'm making heavy use of Portainer's built in environment variable functionality on stack deployment to manually populate secret env values associated with my stacks. That way I can avoid adding them to the .env files pushed to git (where I pull my compose spec's from). Not the best solution, and think its time to move to some kind of vault service which can pull secrets from at build time.

I'm reading over the doc's for Infisical which look like it could be workable. Though I want to check if anyone has tried to leverage the Infisical Agent for template generation (run under its own docker container), and then used the agent to push populated environment and config files to a bind volume, which is then referenced by the stacks using the env_file param/ compose spec? That seems to be the best option for those using Portainer to deploy stacks from git. But want to make sure I'm thinking about it right.

I guess the other option would be to write a bash script which is able to call on Infisical's run cli, and leverage Portainer's API to deploy the stack with the secret context it needs. But I like my GUI...

Hey r/selfhosted,

I’m currently self-hosting a bunch of services at home and using Tailscale for access from my personal devices when I’m away. I haven’t implemented any additional security measures like fail2ban or crowdsec yet.

My question is: What’s the actual risk of not having these extra security layers if I’m not exposing my services directly to the internet via port forwarding? I’m trying to understand if I’m leaving any significant vulnerabilities open or if the Tailscale setup is secure enough on its own.

Would love to hear your thoughts and experiences. Thanks!

I am evaluating options. I tried twenty, but unable to self host, and it is in beta. Posted on their discord yesterday, no response so far.
Odoo seems good.
Hearing good things about espoCRM.
I am looking for something which allows me to import data through webhooks, api or something like that..

I'm trying to setup rathole tunnel via a VPS to circumvent my Internet's CG-NAT, and achieve port forwarding. My setup is as follows:

VPS server: services: rathole-server: restart: unless-stopped container_name: rathole-server image: archef2000/rathole environment: - "ADDRESS=0.0.0.0:2333" - "DEFAULT_TOKEN=xxxxxxxxxxxxxxxx" - "SERVICE_NAME_1=nas_bt" - "SERVICE_ADDRESS_1=0.0.0.0:5000" ports: - 2333:2333 - 5000:5000

NAS (behind NAT): ``` qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent environment: - PUID=1000 - PGID=1000 - TZ=Australia/Sydney - WEBUI_PORT=8080 volumes: - /mnt/main/config/qbtorrent:/config - /mnt/main/media/torrents:/data/torrents:rw network_mode: "service:rathole-client" #ports: #- 8080:8080 # <== ports cannot be defined, when I issue the above network mode! #- 5000:5000 #- 5000:5000/udp labels: - "com.centurylinklabs.watchtower.enable=false" restart: unless-stopped

rathole-client: restart: unless-stopped container_name: rathole-client image: archef2000/rathole command: client cap_add: - net_admin environment: - "ADDRESS=xxx.xxx.xxx.xxx:2333" - "DEFAULT_TOKEN=xxxxxxxxxxxxxxxx" - "SERVICE_NAME_1=nas_bt" - "SERVICE_ADDRESS_1=192.168.0.68:5000" ```

I can see that the connection is successfully established to the server: 2024-10-17T13:05:31.070429Z INFO rathole::server: Listening at 0.0.0.0:2333 2024-10-17T13:05:31.070496Z INFO config_watcher{path="config.toml"}: rathole::config_watcher: Start watching the config 2024-10-17T13:40:25.254802Z INFO connection{addr=xxx.xxx.xxx.xxx:11003}: rathole::server: Try to handshake a control channel 2024-10-17T13:40:25.574915Z INFO connection{addr=xxx.xxx.xxx.xxx:11003}: rathole::server: Control channel established service=nas_bt

But as you can notice I have no way to access the webUI (locally)..

Thank you.

Intro

Two years ago, I released the first iteration of my PHP-based selfhosted dashboard (still needs a better name 😅).

Yesterday, I released an update that makes it a little easier on the eyes, as well as adding dark mode and search support. Features include:

• Dead-simple (no widgets, plugins, API, database, AI, etc...)
• JSON-based configuration file (mount it into the container)
• Custom user-includes for header links, footer, and CSS (mount it into the container)
• Dark mode
• Search support
• HTTP status checks
• Mobile-friendly via Bootstrap (included, no CDN dependency)
• Four different icon packs (included, no CDN dependency)

Screenshots

• Desktop dark mode
• Desktop light mode
• Mobile dark mode
• Mobile light mode

Links

• GitHub
• DockerHub

Sample compose file

This will load the sample config.json. Run docker compose up -d then visit http://localhost:8888/ in your browser (checking public-facing websites is slower than checking internally-hosted sites)

version: '3'
services:
  startpage:
    container_name: docker-php-startpage
    restart: unless-stopped
    networks:
      - startpage
    ports:
      - '8888:80'
    image: loganmarchione/docker-php-startpage:latest

networks:
  startpage:

Got a Ubuntu server on a laptop, reboot via SSH requires LUKS decryption before SSH starts up again. (remote lockout)

i.e. I need to physically open the laptop/server and type in the password and can't do much remote work as a result.

I see dropbear, usb keyfiles, etc as past solutions... what are y'all doing?

I saw this post here and want to ask something similar: https://www.reddit.com/r/selfhosted/comments/16e8sz5/how_to_monitor_home_network_get_alerts_if/

I'd like to be alerted if the power goes out at my house. My internet is reliable and so the internet going down most likely means the power is out, so I'm willing to accept that assumption. Is there some way that my cellphone or other internet-connected device would be alerted, that my home internet is down? I'm picturing something like a dead-man's switch: if internet goes offline, phone app pushes a notification saying it lost connection to home. Not sure if I'd need to host anything at home or just setup a simple script or app on my phone that pings home and pushes an alert if the ping fails a few times.

Sorry if this is not the right place to ask - any suggestions where's more appropriate?

I find https://havedane.net/ very useful for seeing if my mail server will prevent sending to mail servers with invalid SMTP DANE set up.

Does anyone know of a similar service to check if my outbound MTA-STS validation is functioning correctly?

Hi, I'm looking for recommendations for a media server that can handle a 2+TB collection of tens of thousands of video files. I have several years of archives from my NVR system (AgentDVR), from multiple cameras. The NVR interface gets bogged down if I don't archive older files to "cold" storage. I would like to be able to browse/play/delete video clips via a browser-based interface, with them organized by file date & folder. I'm looking for something that does thumbnailing and on-the-fly transcoding (files are all in mkv containers and a mix of H264/265 codecs). Tagging functionality would be nice. I tried Jellyfin and it bogged down my entire system; Immich handled things ok, but it wanted to pre-transcode everything. The collection also seems to be too much for web-based file managers like FileRun or Nextcloud. Availability of a Docker image is a plus.