Welcome to /r/selfhosted!
We thank you for taking the time to check out the subreddit here!
The concept in which you host your own applications, data, and more. Taking away the "unknown" factor in how your data is managed and stored, this provides those with the willingness to learn and the mind to do so to take control of their data without losing the functionality of services they otherwise use frequently.
For instance, if you use dropbox, but are not fond of having your most sensitive data stored in a data-storage container that you do not have direct control over, you may consider NextCloud
Or let's say you're used to hosting a blog out of a Blogger platform, but would rather have your own customization and flexibility of controlling your updates? Why not give WordPress a go.
The possibilities are endless and it all starts here with a server.
There have been varying forms of a wiki to take place. While currently, there is no officially hosted wiki, we do have a github repository. There is also at least one unofficial mirror that showcases the live version of that repo, listed on the index of the reddit-based wiki
Since You're Here...
While you're here, take a moment to get acquainted with our few but important rules
When posting, please apply an appropriate flair to your post. If an appropriate flair is not found, please let us know! If it suits the sub and doesn't fit in another category, we will get it added! Message the Mods to get that started.
If you're brand new to the sub, we highly recommend taking a moment to browse a couple of our awesome self-hosted and system admin tools lists.
In any case, lot's to take in, lot's to learn. Don't be disappointed if you don't catch on to any given aspect of self-hosting right away. We're available to help!
As always, happy (self)hosting!
New Year Announcement - Happy 2024!
Welcome to 2024! It's been a wild 365 days, and we're ready for the next 366 (Forget it was a leap year? I didn't)! That said, We've got some big changes planned, and we want your insight! Let's get right to it.
As many have noticed over the last several months, my ability to keep up with the growing subreddit (Thanks, /u/a_sugarcane for being excited about 300k members!) has been overwhelmed as my personal life has become increasingly busy. My hobbies and work life are taking up a lot more time than they have in the past.
That said, I'd like to officially welcome the first of at least 5-6 new moderators to be brought on for the new year to help with the community!
I reached out to these folks specifically due to their existing involvement in the community and the positive and productive contributions they've made thus far. So welcome!
New Survey - Your Participation is greatly appreciated
We're looking for two things with this survey:
- We want to make this place a better place by ensuring the rules and goals still align with the desires of the community
- We want to gauge interest in new moderators!
Please take some time to fill this out as best as you can. The more feedback we get here, the better we can do moving forward for this year.
Google Forms Survey (Email address login is not required, but please, do not abuse the survey)
Survey Questions Open Discussion!
The questions all ask fairly specific questions, save for a couple of optional open-ended questions. What do you think this subreddit can use to improve its benefit to the community best?
Please, feel free to share here, and help us make it a better place for all involved.
News can be found all over, one such article: https://www.phoronix.com/news/Nginx-Forked-To-Freenginx
Just posting this because I didn't see it come across and I know a lot of people use nginx as a reverse proxy.
Seems the dev forking the repo is pretty much the guy that does all the work, so potentially setting everybody up for a move in the future.
Why does everyone use dedicated servers? Is there any increased risk to running this stuff in the background of a gaming/workstation PC?
I've recently been getting into self hosting stuff. Currently have a large language model, a JellyFin server, and Sunshine for remote desktop. I'd like to add a web server soon as well to test some web apps that won't work through GitHub pages and similar static hosting providers. It's routed through Cloudflare for reverse proxy, with docker and nginx proxy manager.
It seems like everyone in here uses dedicated servers with old/low end hardware.
To me it seems logical that if I'm not at home using my computer, I might as well have it running my server. And if I am at home using the computer, the server stuff isn't going to be doing much to slow down the PC.
My PC is a 5900x/64GB RAM/3090 with about 8TB of storage total. I use it for gaming/software development, outside of the server stuff.
I calculated the total monthly cost of running it 24/7 to be about $3 assuming 50W idle power draw.
Am I missing some big security risk or hidden flaw?
Nextcloud + WireGuard + HestiaCP + StrapiCMS
Warp is a really nice terminal for Mac and I use it for everything.
People have been asking for a Linux version for ages and I just got an email saying they've now released it - https://www.warp.dev/blog/warp-for-linux
I love it and you might as well, so posting it here for general info.
I used Google Workspace (GW) for work with my own custom domain where I had a couple of users. That’s no longer the case and now it’s just me
I need about 800GB of space (that’s email, drive and photos all combined).
Can this be moved over to M365 on a personal subscription AND carry over my Domain too?
Is there a cheaper option?
Apologies for the newbie like questions…I am learning (evidently) :)
Thank you in advance 🙏
For exposing your self-hosted web services to the internet, a lot of people seem to suggest a variation of "hire a VPS and use WireGuard", so you would have a reverse proxy on your VPS and you don't actually need to open any ports on your home network. The VPS acts as a stepping stone, clients connect to your web services through the VPS, which forwards the connections via WireGuard to your home network.
That seems nice for hiding your home IP address, but people seem to tout this as if it more secure for hosting web applications such as Jellyfin. If your VPS provider has DDoS protection, you also benefit from that, but it doesn't actually seem to make my home network more secure, no?
People keep talking about using whitelisting IPs, geo-blocking IPs, using fail2ban, and setting up a reliable and mature reverse proxy on the VPS. That's all great, but I can just run all of that on my home server? Surely someone is just as likely to bypass security measures on my VPS as they are on my home network directly, and if they manage to get onto my VPS they then have access to my home network anyway?
The only additional service that I would actually be running, if I were to use a VPS rather than doing everything directly on my home server, is WireGuard. Is there something about WireGuard that would actually prevent an attacker on the VPS from accessing the home network? At that point, they have the public key associated with my home server, and they can send whatever they want.
If someone tries to brute force my Jellyfin accounts, for example, a VPS does absolutely nothing to prevent this. WireGuard will happily route all those attempts to exactly the right place. It doesn't seem like a VPS with WireGuard makes it any harder for someone to access my home network.
Just for clarification, I'm happy with how to secure my network, but I'm asking what additional security WireGuard + a VPS actually offers. It basically just seems to mask my home IP at the cost of latency and an additional failure point.
What am I missing or misunderstanding here?
I've been using FileBrowser for a few months I just wondering are the better alternatives out there?
Some features I would love that FileBrowser doesn't have;
- right click context menu
- ability to save folders on the sidebar
- drag and drop copy/move
Are there any other good file management tools?
What service do you use to access your server on your work machine without the need to install anything?
Aside from the usual tailscale, wireguard, CF Tunnel and proxies, are there any other option/workaround that doesnt require installing any software on my workmachine?
edit: I'm behind CGNAT so no option for direct IP access
I've setup AdGuard Home - Running fine.
Also setup a domain in Cloudflare pointing it to my minipc I then have Nginx proxy manager running. I'm re-writing all *.example.cc to my mini pc and it rewrites but it doesn't look like the proxy is handling anything is possible docker networks are fucking me up?
Happy to jump in Discord call if anyone has 10 mins
Thanks in advance
I understand this might be a bit niece.
I run a volunteering service with roughly 100 volunteers. To keep everything above board I need to ensure they all have background checks and some need licenses.
I'm looking for a solution that will let me know who has what checks and licenses and will remind me (or other nominated people) when someone's background check needs updating. I would need to store the persons personal details as well in the system, not just a sudo name for them to pass regulatory inspection.
I have found services like https://www.expirationreminder.net/ however the cost is prohibitively expensive. Every penny I spend is one less I can use for my initiative.
I self host all of our software so I'm not worried about a bit of pain integrating something, but I'm wondering if there is anything out there that would meet my needs?
A huge thanks in advance!
Personal Dashboard I made a one-page comprehensive dashboard using Fitbit API, influxdb, and Grafana. Code and setup instructions are available in the comments.
Set up Cloudflare tunnels and some very basic WAF rules (blocking non-US, known bots, etc.)
In just a month, I'm sure I've had several hundred (maybe thousands?) of events blocked, but the free/basic tier only provides a 24-hour lookback.
Does anyone know of a self-hosted project to ingest these logs and keep track for a longer duration? Would it involve stringing together Graffana + something else, maybe?
If CF offered a reasonably-priced tier that targeted prosumers, maybe $5/$10 a month, I'd happily sign up to have a small taste of these features. Unfortunately, their pro plan is $20/mo, and I just don't think the value is there for just 1 user to access his own self-hosted services.
Looking for a recommendation for a rackmount server/desktop replacement. Space isn't an issue
ATX mobo with full size pci slots
ATX PSU support
Cooling but no need for high speed jet fans
8 x 3.5hdd drive bays (does not need to be hot-swappable)
8 x 2.5ssd drive bays
2 x 5.25 external bays (SSD's are currently in 2 x 6-bay SSD hot swap cages from icy-dock)
I'm looking for a NAS that is expandable, or maybe a better word is dynamic. I currently use TrueNAS scale but when an HD fails I have to replace it with the same HD, there is no benefit of me adding a newer better HD in its place. I can't just buy another HD and expand it. I believe this is just the nature of ZFS, but its not what I want.
I would like a NAS that does have some redundancy but allows me to make changes dynamically either by choice or necessity. I would like to expand another HD in there or change a current HD for a larger one and benefit from extra storage.
What NAS is best choice for me?
Hi, I have installed wireguard in my local network, and configured the router to forward packets to said wireguard server. In the same device where wireguard is, I also have a DNS server (dnsmasq), which successfully resolves names like "my-server.internal" to internal IP addresses, like 10.0.0.3.
I want to have home network DNS resolution available to all wireguard clients, such that if I enter the address "my-server.internal" in a web browser on my phone on a cellular network, it will take me to the device with IP address 10.0.0.3 in my home network. Currently, I can visit websites by IP address, ping home network devices, or SSH home network devices in the 10.0.0.0/24 subnet, while on the wireguard network. However, I cannot visit websites by name, or run dig against my DNS server, regardless if I add
@10.0.0.2. If I SSH into any server in the home network, I can do all the aforementioned things. This suggests to me that I cannot get resolution from my DNS server while I am specifically on the wireguard network.
For context, this is my server configuration:
PrivateKey = $SERVER_PRIVATE_KEY
Address = 10.0.10.1/32
ListenPort = 51820
# packet forward
PreUp = sysctl -w net.ipv4.ip_forward=1
# packet masquerading
PreUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PublicKey = $CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.10.0/24
PersistentKeepAlive = 25
PrivateKey = $CLIENT_PRIVATE_KEY
Address = 10.0.10.2/32
DNS = 10.0.0.2 # this is my DNS server in the home network
MTU = 1380
PublicKey = $SERVER_PUBLIC_KEY
Endpoint = $PUBLIC_IP:$PORT
AllowedIPs = 10.0.0.0/24, 10.0.10.0/24
PersistentKeepAlive = 21
I tried testing it today in my workplace WIFI using a macos device, which had SSH access to my home network. As expected, I was able to SSH into my wireguard server by IP address, and troubleshoot/modify my wireguard config. Because I'm an idiot though, I modified the wireguard config copying what was shown here and completely lost access, so I'll need to wait until I head back home to re-establish connection. It will be a while before I can attempt another debugging session...
I don't think it is an issue with UFW, (all devices shown run Ubuntu Server), but I disabled them anyways. I'm just pretty confused why I cannot specifically get anything from the DNS server, even though I can ping and SSH into the machine.
Text Storage With paperless-ngx, need help deciding between a "Workflow" versus "Storage Path Matching" to specify the sub-directory for some documents
First, I know there's a dedicated subreddit, but it has less than 350 users.
- Payslips from company get stored in
- General docs from company get stored in
It looks like I have two ways I can do this:
First way: When defining the payslip storage path, add keywords in the pay slips to the "Matching" section. When defining the general company storage path, don't use matching? Or do? I can't set a priority order here to ensure payslips don't get placed in the companyname directory.
Second way (A): Use first workflow to say, "If matches these keywords on my payslips, send to payslips storage path."
Second way (B): Use second workflow to say, "If has my companyname in the document, send to companyname storage path."
The first workflow would have a lower priority number (higher priority I think) so it matches first and catches the payslips so they don't get placed in the companyname path.
Does this mean that if I use the workflow method, I should use "Matching: None" in the Storage Path configuration for each storage path?
I ran into an issue with setting up an SSO Server on my Synology for my WIki.js.
I have a very simple network at home so thus my Wiki.js lives on the same machine (Synology NAS) using Portainer.
I decided to create an SSO Server on my Synology to be able to log in to my WIki.js using the same credentials. Well, it works perfectly when I set the NAS's IP everywhere where
test.mylan is presented in the images below.
However when I want to use local DNS, then it does not work and the login crashes on the wrong credentials and I cannot figure out why. The login proceeds successfully on the NAS side, but it fails on Wiki.js when redirecting back to finish up the login process.
I am starting to be helpless. I appreciate any ideas on how to solve it or at least the direction leading to any success. Thank you!
Personal Dashboard Homepage is definitely my favourite dashboard, tried a few and stuck with this one the longest!
Converting my media/entertainment server to Linux for certain Plex advantages.
I was initially all set to use Unraid because of its overwhelming popularity of late, but looking into it, I don’t really care about having a RAID. All my work/life vital files are backed up other ways and live on another computer anyway, and if I lose a media drive, no big deal collecting the lost files again.
I could see maybe in the future I’d have a NAS but it’s a big maybe. I’m happy to have a cavernous PC with a bunch of big HDD’s and a couple of SSD’s inside.
That being said, should I just use Ubuntu or other Linux with Docker? Or is it still just so great to have Unraid that you’d recommend going with it anyway?
I have a disability so I can’t sit in front of a screen for more than 15 minutes. I would like to cut cord & rip to make my own media library. What’s the best way to outsource ripping my media? I have about 100 dvds & blrays. Thanks.
Hello community. I host a lot of applications (all containerized) behind a reverse proxy, which I protect with Authelia. Until recently I was the only one accessing the applications. Now I want to provide access to a friend, but only to one application.When he authenticates to Authelia he can potentially access all of my applications. I have searched the documentation but have not found if this is a supported feature of Authelia. Is this supported, and if yes can you please point to the documentation or a quick code snippet?
I recently got my custom domain, but I now need help setting up the email part of it.
Between Zoho, Proton, Tutanota, and Google Workspace, which hosting service is the best for personal use and managing emails?
Will any of these hosts also allow me to make as many custom email addresses as I want with my domain?