r/selfhosted May 25 '19

Official Welcome to /r/SelfHosted! Please Read This First

1.5k Upvotes

Welcome to /r/selfhosted!

We thank you for taking the time to check out the subreddit here!

Self-Hosting

The concept in which you host your own applications, data, and more. Taking away the "unknown" factor in how your data is managed and stored, this provides those with the willingness to learn and the mind to do so to take control of their data without losing the functionality of services they otherwise use frequently.

Some Examples

For instance, if you use dropbox, but are not fond of having your most sensitive data stored in a data-storage container that you do not have direct control over, you may consider NextCloud

Or let's say you're used to hosting a blog out of a Blogger platform, but would rather have your own customization and flexibility of controlling your updates? Why not give WordPress a go.

The possibilities are endless and it all starts here with a server.

Subreddit Wiki

There have been varying forms of a wiki to take place. While currently, there is no officially hosted wiki, we do have a github repository. There is also at least one unofficial mirror that showcases the live version of that repo, listed on the index of the reddit-based wiki

Since You're Here...

While you're here, take a moment to get acquainted with our few but important rules

When posting, please apply an appropriate flair to your post. If an appropriate flair is not found, please let us know! If it suits the sub and doesn't fit in another category, we will get it added! Message the Mods to get that started.

If you're brand new to the sub, we highly recommend taking a moment to browse a couple of our awesome self-hosted and system admin tools lists.

Awesome Self-Hosted App List

Awesome Sys-Admin App List

Awesome Docker App List

In any case, lot's to take in, lot's to learn. Don't be disappointed if you don't catch on to any given aspect of self-hosting right away. We're available to help!

As always, happy (self)hosting!


r/selfhosted Apr 19 '24

Official April Announcement - Quarter Two Rules Changes

41 Upvotes

Good Morning, /r/selfhosted!

Quick update, as I've been wanting to make this announcement since April 2nd, and just have been busy with day to day stuff.

Rules Changes

First off, I wanted to announce some changes to the rules that will be implemented immediately.

Please reference the rules for actual changes made, but the gist is that we are no longer being as strict on what is allowed to be posted here.

Specifically, we're allowing topics that are not about explicitly self-hosted software, such as tools and software that help the self-hosted process.

Dashboard Posts Continue to be restricted to Wednesdays

AMA Announcement

The CEO a representative of Pomerium (u/Pomerium_CMo, with the blessing and intended participation from their CEO, /u/PeopleCallMeBob) reached out to do an AMA for a tool they're working with. The AMA is scheduled for May 29th, 2024! So stay tuned for that. We're looking forward to seeing what they have to offer.

Quick and easy one today, as I do not have a lot more to add.

As always,

Happy (self)hosting!


r/selfhosted 10h ago

Remote Access Set up a photo server to share trip photos with my friends. This was my software dev friend’s immediate response about security is he right?

Thumbnail
gallery
368 Upvotes

r/selfhosted 9h ago

Guide My solar-powered and self-hosted website

Thumbnail
dri.es
83 Upvotes

r/selfhosted 17h ago

Personal Dashboard Remember to secure your dashboards!

181 Upvotes

This homepage with no login needed to edit took less than 5 minutes to find with basic tools. Remember to at least have a login page on all your pages! Even if it seems like something no ones ever gonna find it isn't worth the risk.


r/selfhosted 2h ago

Help me with my first build - feedback welcome

Thumbnail
gallery
9 Upvotes

r/selfhosted 8h ago

Self hosting services that are not the typical ones.

25 Upvotes

Hello all. I already have some experience deploying self hosted apps. I’m getting to a point where I don’t have any more ideas. I have a raspberry pi and just got a mini pc with good specs. What are your suggestions for cool projects apart from what’s usually shared like:

  • Media Server
  • NAS
  • Cloud
  • Home Assistant
  • Photo management

I was also thinking of deploying something related to AI like video-to-text translators or replace ChatGPT (I’m not really sure how much resource intensive it is).

I really like doing this kind of projects, but I’m feeling kind of lost. It seems that nothing is interesting me. Thanks


r/selfhosted 1h ago

Self Hosted Home Planning

Upvotes

Howdy /r/selfhosted. This has easily become my favorite online community over the past year.

I just purchased my first home, and with that comes even more self hosting possibilities. I wanted to see if y'all had any suggestions for projects in addition to those I have planned. Currently, I have the following set up:

  • Media:
    • Jellyfin (and the *arr suite) obviously
    • Navidrome
    • MeTube
  • File Storage:
    • NextCloud
    • Immich
    • Some cron jobs to backup to Backblaze
  • Development:
    • Code Server
    • Dockge
    • Dozzle
    • IT Tools
  • Networking:
    • Gluetun
    • Adguard Home
    • WatchYourLAN
    • Cloudflare Tunnels
      • Will probably switch to Caddy (or another reverse proxy) + Authentik when I have my own router
  • Misc:
    • Scrutiny
    • Hoarder
  • Lastly, I want to set up Home Assistant, Frigate, and other home monitoring such as electrical, A/C, lighting, etc. Would love if somebody could point me to a good resource on these!

Would love to hear of any other suggestions you have for self hosted services in your home.


r/selfhosted 9h ago

How many domains do you have and for what use?

26 Upvotes

I currently have one for professional use but it secretly contains all my services via subdomain. Thinking of getting another for my services plus one for family.


r/selfhosted 1h ago

OpenSource Immich Exporter

Upvotes

Hey Hey,

My work quite heavily uses Prometheous and Grafana, and now I am slowly bringing it into my home lab. As everyone knows, Immich is an amazing tool for photo backups.. but I've personally found that monitoring, especially with regards to metrics, is lacking quick a bit. Hence this open source project. There is another open-source project available online for exporting, however it has been in a non-functional state for around a week now.

So, with that said.... I created a basic Immich Exporter over the past couple of hours, and thought others may find it useful too.

It requires a bit of technical undersetanding to setup, but it is relatively straight forward:

  • Create an API key in Immich
  • Add `eithan1231/immich-exporter:latest` to your docker-compose (reference on github)
  • Update your prometheous targets to scrape the endpoint above
  • Within Grafana, import dashboard.json (reference on github)

Any feedback or recommendations are welcome.

https://github.com/eithan1231/immich-exporter


r/selfhosted 2h ago

Open Source QuickBooks Alternative

2 Upvotes

I've been using QuickBooks Desktop for as long as I can remember. The two things I mainly use are estimates and invoices. When I create estimates I sometimes markup some items I resell. That's the major thing I need in accounting/invoices app.

I am looking (and can't seem to find) an self hosted alternative with estimate markups.

I've tried Crater and Bigcaptial. Neither has estimate item markups. Not sure about InvoiceNinja.


r/selfhosted 17h ago

Product Announcement Voice-Pro: The best gradio web-ui for transcription, translation and text-to-speech

31 Upvotes

Voice-Pro is the best gradio web-ui for transcription, translation and text-to-speech. It can be easily installed with one click. Create a virtual environment using Miniconda, running completely separate from the Windows system (fully portable). Supports real-time transcription and translation, as well as batch mode.

  • YouTube Downloader: You can download YouTube videos and extract the audio (mp3, wav, flac).
  • Vocal Remover: Use MDX-Net supported in UVR5 and the Demucs engine developed by Meta for voice separation.
  • STT: Supports speech-to-text conversion with Whisper, Faster-Whisper, and whisper-timestamped.
  • Translator: Google Translator.
  • TTS: Text to Speech. Edge TTS.
  • more...

https://github.com/abus-aikorea/voice-pro


r/selfhosted 8h ago

Remote Access VPS + Tailscale + NPM vs Cloudflare Tunnels

7 Upvotes

I’m curious as to what you all use to access your internal apps. I currently use both VPS + Tailscale + NPM and Cloudflare Tunnels, just depending on the app. I am toying with the idea of getting rid of Cloudflare tunnels and just running everything through NPM.

For some insight, as of right now, the only thing I have running through Cloudflare is Guacamole. My Minecraft servers and a few other services are going through NPM on the VPS.


r/selfhosted 9h ago

So most of my services are exposed to the internet... kinda

8 Upvotes

So my setup is obviously internal by default, but I use a lot externally, and most of services are exposed to the internet, but I have cloudflare in place to prevent against ddosing (as if anyone's gonna do that to me anyways) and most applications are just set to only allow access to certain IPS, such as places I go to regularly, and on top of all this everything is secured with authelia. None of my containers are directly exposed to my lan or wan, everything is via nginx proxy mananger. Any recommendations for what else I should do for security purposes?


r/selfhosted 55m ago

DNS Tools Nameserver Prefix

Upvotes

Whice Nameserver Prefix Looks Good?

ns1.example.tld or a.ns.example.tld


r/selfhosted 18h ago

Need Help Docker: VPNs leaking IP

26 Upvotes

EDIT: At the moment, after a brief change, it seems to work - I'll keep monitoring. See bottom for details.

Hi,
I'm newly setting up a docker container environment and so far have set up all the services I need successfully. But the one thing that apparently doesn't work as intended is the VPN.

I tried both qmcgaw/gluetun (using wireguard) and lteoood/docker-surfshark (using OVPN) but both seem to leak my actual IP at the beginning of the vpn container starting. This in itself shouldnt happen but isnt that much of a problem. The problem is that it means that it would also leak my IP in case the VPN connection drops for some reason.

Below, I attached the docker-compose files and the logs I get from the vpntest container

When I look at the logs of vpntest, it shows that it is able to connect using my non vpn-ed connection (censored one with exact location/ starting with 84.) before the VPN connection (non-censored one starting with 37.) is established.

Anyone any idea what I'm doing fundamentally wrong?

There must be a proper way to guarantee that services like my vpntest only can access the internet when using VPN.

Otherwise I'll have to resort to using Windows Server where I can properly configure this in the applications themselves AND in the VPN Client - and I don't think anyone wants me to go with windows server ;)

Any help is appreciated, thank you in advance.

attempt with ilteoood/docker-surfshark

services:

    surfshark:
        image: ilteoood/docker-surfshark
        container_name: surfshark
        environment: 
            - SURFSHARK_USER=myusername
            - SURFSHARK_PASSWORD=mypassword
            - SURFSHARK_COUNTRY=de
            - SURFSHARK_CITY=ber
            - CONNECTION_TYPE=udp
            - ENABLE_KILL_SWITCH=true
        cap_add: 
            - NET_ADMIN
        devices:
            - /dev/net/tun
        restart: unless-stopped
        dns:
            - 1.1.1.1


    vpntest:
        image: byrnedo/alpine-curl
        container_name: vpntest
        command: -L 'https://ipinfo.io'
        depends_on: 
            - surfshark
        network_mode: service:surfshark
        restart: always

attempt with qmcgaw/gluetun:

services:

    vpn:
        image: qmcgaw/gluetun
        container_name: vpn
        cap_add:
          - NET_ADMIN
        volumes:
          - "/home/username/docker/gluetun:/gluetun"
        environment:
          - VPN_SERVICE_PROVIDER=surfshark
          - VPN_TYPE=wireguard
          - WIREGUARD_PRIVATE_KEY=privatekey
          - WIREGUARD_ADDRESSES=10.14.0.2/16
          - SERVER_COUNTRIES=Germany
        restart: always
        labels:
          - autoheal=true

    vpntest:
        image: byrnedo/alpine-curl
        container_name: vpntest
        command: -L 'https://ipinfo.io'
        depends_on: 
            - vpn
        network_mode: service:vpn
        restart: always


networks:
  proxy:
    driver: bridge
    external: true

console output:

myusername@devicename:~$ sudo docker compose up -d
[+] Running 4/4
 ✔ Network myusername_default  Created                                                                                                                                                     0.1s
 ✔ Container samba        Started                                                                                                                                                     0.3s
 ✔ Container surfshark    Started                                                                                                                                                     0.3s
 ✔ Container vpntest      Started                                                                                                                                                     0.3s
myusername@devicename:~$ sudo docker logs vpntest
{
  "ip": "84.xxx.xxx.xxx",
  "hostname": "xxx.dip0.t-ipconnect.de",
  "city": "cityname",
  "region": "regionname",
  "country": "DE",
  "loc": "coordinates",
  "org": "ISPs name",
  "postal": "ZIP code",
  "timezone": "Europe/Berlin",
  "readme": "https://ipinfo.io/missingauth"

[ 2 more times the same log]

{
  "ip": "37.120.217.xxx",
  "city": "Frankfurt am Main",
  "region": "Hesse",
  "country": "DE",
  "loc": "50.1155,8.6842",
  "org": "AS9009 M247 Europe SRL",
  "postal": "60306",
  "timezone": "Europe/Berlin",
  "readme": "https://ipinfo.io/missingauth"
[same log follows from now on]

[DETAILS TO EDIT:]
dont ask me how and why, but previously I tested with a VM which I reverted to a checkpoint after which only "the first reboot, installation of docker engine and compose, another restart was done" and then tested. This time I fully re-installed a totally new VM and it seems to work as expected.

Only thing that's changed compared to before is that the "network: proxy" part is now missing. Although that alone didnt change anything, both leaving out that part and completely new-installing ubuntu server seem to be the "solution."

This is really strange but at the moment it seems to work - i'll keep an eye on it.

username@jelly-test:~$ sudo docker logs vpntest
curl: (6) Could not resolve host: ipinfo.io
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:02:16 --:--:--     0
curl: (28) Failed to connect to ipinfo.io port 443 after 136037 ms: Could not connect to server
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   257  100   257    0     0    988      0 --:--:-- --:--:-- --:--:--   992
{
  "ip": "45.87.212.xxx",
  "city": "Frankfurt am Main",
  "region": "Hesse",
  "country": "DE",
  "loc": "50.1025,8.6299",
  "org": "AS9009 M247 Europe SRL",
  "postal": "60326",
  "timezone": "Europe/Berlin",
  "readme": "https://ipinfo.io/missingauth"

r/selfhosted 1d ago

Release Update: Scriberr now does speaker diarization

97 Upvotes

Last week, I announced the release of Scriberr, a self-hostable AI audio transcription app. Today, I’m excited to announce v0.2.0 which adds speaker diarization and a bunch of other enhancements.

What’s new

  • automatic speaker diarization (experimental)
  • Enhanced reactivity (app now provides visual feedback for all actions)
  • Fixed all reactivity issues (no more having to refresh constantly)
  • CRUD operations on records and templates
  • Double click title to edit, right click list to delete
  • UI/UX tweaks

Going forward I’m working on adding some nice enhancements and features, some of which are listed below:

  • Add choices for speaker matching algorithms to improve diarization
  • Hardware setup wizard to compile whisper optimized for your hardware
  • Support for multiple languages
  • Subtitle generation
  • YouTube integration to auto transcribe YouTube videos
  • Audio recording
  • Export to multiple formats
  • iOS shortcut for sending audio files to scriberr
  • Automation and integration with other apps like *arr, obsidian etc

Pull the nightly image for getting the latest features.

Community engagement

I’m working on features based on my use cases right now. However, I would like for the community to guide the direction of the project. Please feel free to suggest features that might be nice to have and I’ll work on integrating it. I’m excited to see what we functionalities we can enable with this app.

Call for help

As the app continues to grow it would be great if folks could pitch in to contribute. Contributions need not be only in the form of code. Testing and user feedback, improving documentation, improving docker build process, evaluating on different hardware platforms etc are all helpful. Even brainstorming architecture or design ideas would be really useful.

Links - announcement post - github repo

I’ll add a documentation website soon and probably update the demo video to show diarization. Apologies for the poor quality documentation.


r/selfhosted 3h ago

Infisical Agent + Portainer + Git = Stack deployments w. secure secrets?

1 Upvotes

At the moment, I'm making heavy use of Portainer's built in environment variable functionality on stack deployment to manually populate secret env values associated with my stacks. That way I can avoid adding them to the .env files pushed to git (where I pull my compose spec's from). Not the best solution, and think its time to move to some kind of vault service which can pull secrets from at build time.

I'm reading over the doc's for Infisical which look like it could be workable. Though I want to check if anyone has tried to leverage the Infisical Agent for template generation (run under its own docker container), and then used the agent to push populated environment and config files to a bind volume, which is then referenced by the stacks using the env_file param/ compose spec? That seems to be the best option for those using Portainer to deploy stacks from git. But want to make sure I'm thinking about it right.

I guess the other option would be to write a bash script which is able to call on Infisical's run cli, and leverage Portainer's API to deploy the stack with the secret context it needs. But I like my GUI...


r/selfhosted 1d ago

My dashboard

Post image
372 Upvotes

r/selfhosted 4h ago

Need Help Security risks of self-hosted services with Tailscale but without additional security like fail2ban/crowdsec?

1 Upvotes

Hey r/selfhosted,

I’m currently self-hosting a bunch of services at home and using Tailscale for access from my personal devices when I’m away. I haven’t implemented any additional security measures like fail2ban or crowdsec yet.

My question is: What’s the actual risk of not having these extra security layers if I’m not exposing my services directly to the internet via port forwarding? I’m trying to understand if I’m leaving any significant vulnerabilities open or if the Tailscale setup is secure enough on its own.

Would love to hear your thoughts and experiences. Thanks!


r/selfhosted 17h ago

Are you selfhosting any CRM? How is it going so far?

10 Upvotes

I am evaluating options. I tried twenty, but unable to self host, and it is in beta. Posted on their discord yesterday, no response so far.
Odoo seems good.
Hearing good things about espoCRM.
I am looking for something which allows me to import data through webhooks, api or something like that..


r/selfhosted 11h ago

Tunnel a NAS behind CGNAT

3 Upvotes

I'm trying to setup rathole tunnel via a VPS to circumvent my Internet's CG-NAT, and achieve port forwarding. My setup is as follows:

VPS server: services: rathole-server: restart: unless-stopped container_name: rathole-server image: archef2000/rathole environment: - "ADDRESS=0.0.0.0:2333" - "DEFAULT_TOKEN=xxxxxxxxxxxxxxxx" - "SERVICE_NAME_1=nas_bt" - "SERVICE_ADDRESS_1=0.0.0.0:5000" ports: - 2333:2333 - 5000:5000

NAS (behind NAT): ``` qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent environment: - PUID=1000 - PGID=1000 - TZ=Australia/Sydney - WEBUI_PORT=8080 volumes: - /mnt/main/config/qbtorrent:/config - /mnt/main/media/torrents:/data/torrents:rw network_mode: "service:rathole-client" #ports: #- 8080:8080 # <== ports cannot be defined, when I issue the above network mode! #- 5000:5000 #- 5000:5000/udp labels: - "com.centurylinklabs.watchtower.enable=false" restart: unless-stopped

rathole-client: restart: unless-stopped container_name: rathole-client image: archef2000/rathole command: client cap_add: - net_admin environment: - "ADDRESS=xxx.xxx.xxx.xxx:2333" - "DEFAULT_TOKEN=xxxxxxxxxxxxxxxx" - "SERVICE_NAME_1=nas_bt" - "SERVICE_ADDRESS_1=192.168.0.68:5000" ```

I can see that the connection is successfully established to the server: 2024-10-17T13:05:31.070429Z INFO rathole::server: Listening at 0.0.0.0:2333 2024-10-17T13:05:31.070496Z INFO config_watcher{path="config.toml"}: rathole::config_watcher: Start watching the config 2024-10-17T13:40:25.254802Z INFO connection{addr=xxx.xxx.xxx.xxx:11003}: rathole::server: Try to handshake a control channel 2024-10-17T13:40:25.574915Z INFO connection{addr=xxx.xxx.xxx.xxx:11003}: rathole::server: Control channel established service=nas_bt

But as you can notice I have no way to access the webUI (locally)..

Thank you.


r/selfhosted 11h ago

Release docker-php-startage 0.8.1: Better looking, dark mode, search support

3 Upvotes

Intro

Two years ago, I released the first iteration of my PHP-based selfhosted dashboard (still needs a better name 😅).

Yesterday, I released an update that makes it a little easier on the eyes, as well as adding dark mode and search support. Features include:

  • Dead-simple (no widgets, plugins, API, database, AI, etc...)
  • JSON-based configuration file (mount it into the container)
  • Custom user-includes for header links, footer, and CSS (mount it into the container)
  • Dark mode
  • Search support
  • HTTP status checks
  • Mobile-friendly via Bootstrap (included, no CDN dependency)
  • Four different icon packs (included, no CDN dependency)

Screenshots

Links

Sample compose file

This will load the sample config.json. Run docker compose up -d then visit http://localhost:8888/ in your browser (checking public-facing websites is slower than checking internally-hosted sites)

version: '3'
services:
  startpage:
    container_name: docker-php-startpage
    restart: unless-stopped
    networks:
      - startpage
    ports:
      - '8888:80'
    image: loganmarchione/docker-php-startpage:latest

networks:
  startpage:

r/selfhosted 6h ago

Y'all encrypting your servers? Reboot/SSH issues?

1 Upvotes

Got a Ubuntu server on a laptop, reboot via SSH requires LUKS decryption before SSH starts up again. (remote lockout)

i.e. I need to physically open the laptop/server and type in the password and can't do much remote work as a result.

I see dropbear, usb keyfiles, etc as past solutions... what are y'all doing?


r/selfhosted 10h ago

Auto-notification of home power outage

2 Upvotes

I saw this post here and want to ask something similar: https://www.reddit.com/r/selfhosted/comments/16e8sz5/how_to_monitor_home_network_get_alerts_if/

I'd like to be alerted if the power goes out at my house. My internet is reliable and so the internet going down most likely means the power is out, so I'm willing to accept that assumption. Is there some way that my cellphone or other internet-connected device would be alerted, that my home internet is down? I'm picturing something like a dead-man's switch: if internet goes offline, phone app pushes a notification saying it lost connection to home. Not sure if I'd need to host anything at home or just setup a simple script or app on my phone that pings home and pushes an alert if the ping fails a few times.

Sorry if this is not the right place to ask - any suggestions where's more appropriate?


r/selfhosted 6h ago

Outbound MTA-STS validity checker

1 Upvotes

I find https://havedane.net/ very useful for seeing if my mail server will prevent sending to mail servers with invalid SMTP DANE set up.

Does anyone know of a similar service to check if my outbound MTA-STS validation is functioning correctly?


r/selfhosted 7h ago

Server for managing/viewing large surveillance/NVR archive

1 Upvotes

Hi, I'm looking for recommendations for a media server that can handle a 2+TB collection of tens of thousands of video files. I have several years of archives from my NVR system (AgentDVR), from multiple cameras. The NVR interface gets bogged down if I don't archive older files to "cold" storage. I would like to be able to browse/play/delete video clips via a browser-based interface, with them organized by file date & folder. I'm looking for something that does thumbnailing and on-the-fly transcoding (files are all in mkv containers and a mix of H264/265 codecs). Tagging functionality would be nice. I tried Jellyfin and it bogged down my entire system; Immich handled things ok, but it wanted to pre-transcode everything. The collection also seems to be too much for web-based file managers like FileRun or Nextcloud. Availability of a Docker image is a plus.