I thought I was going to use Authentik for this purpose but it just seems to redirect to an otherwise Internet accessible page. I'm looking for a way to remotely access my home network at a site like remote.mywebsite.com. I have Nginx proxy forwarding with SSL working appropriately, so I need an internal service that receives the traffic, logs me in, and passes me to services I don't want to expose to the Internet.

My issue with Authentik is if I need to access questionable internal websites I have to make an Internet accessible subdomain. I don't want authentik.mywebsite.com to redirect to totallyillegal.mywebsite.com. I want it to redirect to 10.1.1.30:8787.

Is there anything that does that?

Hello, I'm relatively new to self-hosting and recently started using Unraid, which I find fantastic! I'm now considering upgrading my storage capacity by purchasing either an 8TB or 10TB hard drive. I'm exploring both new and used options to find the best deal. However, I've noticed that prices vary based on the specific category of hard drive (e.g., Seagate's IronWolf for NAS or Firecuda for gaming). I'm unsure about the significance of these different categories. Would using a gaming or surveillance hard drive impact the performance of my NAS setup?

Thanks for any tips and clarifications! 🌻

I've been using RealVNC for family computer help and have been wanting to setup a self hosted replaced for a while now, but haven't had the time. RealVNC has recently axed their free levels, so I'll use it as a reason to setup a self hosted solution.

Ideally it would be something like a web page (I have a domain and reverse proxy) where family can go, get a code or a software to run, which will then let me control their system securely.

I was considering guacamole on a pi at each location I'm likely to have to support, but this doesn't help when family is away from their home network on laptop.

What is out there for this? Have you used it? What are your experiences?

Thanks

I am looking to buy a new mini PC home server and I want to be able to pass through my iGPU and NIC to different VMs. Where can I find a well-maintained database of IOMMU groups so that I can pick a good match for my needs?

There exists iommu.info but that barely has any entries.

*What rights do you have to the digital movies, TV shows and music you buy online? That question was on the minds of Telstra TV Box Office customers this month after the company announced it would shut down the service in June. Customers were told that unless they moved over to another service, Fetch, they would no longer be able to access the films and TV shows they had bought. *

I currently have an Odroid H4C that has two SATA with two 12TB hard drives.

It's starting to get too small, so I was thinking of taking the step and move to a 4/5 bays NAS and reuse the disks (the other option was to add disks via USB).

What NAS do you recommend me to continue being able to have my *ARR suite + torrent + nextcloud + syncthing + small services(gitea, trillium notes, etc)?

I would like to already have some redundancy, can I use the hard drives as they are or will I have to do something to them besides adding other hard drives? (my idea was to add one more disk of 12 to have redundancy and already expand space with a fourth disk)

Edit:

I wan't to buy and forget, so no to build myself.

I really don't think in any budget, but as cheat as can be, without loss any funcionality that i stated before.

I run my services mostly in docker

Currently stream in my lan without any web, in samba folders but jellyfin could be interesting (not Plex, trying to FOSS to maximum)

The redundancy is for data safe

Thanks for your answers

I'm duplicating my server hardware and moving the second set off site. I want to keep the data live since the whole system will be load balanced with my on site system. I've contemplated tools like syncthing to make a 1 to 1 copy of the data to NAS B but i know there has to be a better way. What have you used successfully?

I am currently trying to create my own Lemmy instance and am following the join-lemmy.org docker guide. But unfortunately docker compose up doesn't work with the default config and throw's a yaml: line 32: found character that cannot start any token error. Is there something I can do to fix this?

The section in question is

{% for item in lemmy_env_vars %}
{% for key, value in item.items() %}
      - {{ key }}={{ value }}
{% endfor %}
{% endfor %}
{% endif %}

Take a skim through the link for full details (especially the breaking changes), but I have included some parts that I thought were important:

This release has been over two years in the making, so we're really glad to finally get it out to you. The long cycle does mean quite an extensive changelog however, with well over 1100 pull requests merged into our master branch since 10.8.0 first dropped back in 2022.

General

• We now support "trickplay" a.k.a. live video scrubbing. When scrubbing through a video with this enabled, you will be able to see a live preview of the video at that timestamp. Note that this requires explicit client support, which may require some time to become available depending on your client.

• [...]

• We now support AVIF and WEBP images for Pictures libraries.

• Tags are now accounted for during searches, allowing one to search by tag.

• We now support multiple simultaneous subtitle tracks (maximum of two, a primary and secondary) in the web player.

• We've revamped the administrative dashboard UI to help improve usability and ease of finding options.

API & Security

• All API endpoints now return proper return codes, ensuring that API endpoint results can be reliably interpreted without additional parsing.

• Parental ratings are significantly improved, with better enforcement, inheritable ratings, and more.

• LiveTV and Collection permissions are now discrete and configurable per-user.

• The EasyPassword (PIN) feature has been removed as this was a big security risk especially for administrator accounts; QuickConnect login is still supported however.

• User permission handling has been unified and numerous bugs fixed, ensuring a more secure server from untrusted users.

Core Server & Networking

• [...]
• The server now supports in-process restarting, and removes the old hacky restart.sh method. This should make things like installing plugins much more robust and ensure a consistent restart experience regardless of platform or install method.
• [...]
• The backend SQLite database now supports connection pooling, which should improve performance for database operations.
• [...]

Also sections on Packaging, Transcoding & FFmpeg improvements/support, Scanning, Library & Playlist Management, and Casting

The Next Version

With our continuous integrations improvements outlined previously, we're quite confident that this will be our last "very long" release cycle. Our plan is for the next major version (10.10.0) to be released at most 6 months from now, some time in October. We hope this increased cadence will help alleviate the problems with large releases such as a very long time-to-stable for new features, translations, etc. and help lower the number of major bugs at each major release, streamlining the upgrade process. But this needs everyone's help. Back in October 2023, we made a call for developers, and we've gotten a lot of interest, but this is not a one-and-done event. We need contributions now more than ever, especially around the web frontend to help implement our planned design changes. If this interests you, please reach out and we can help get you set up.

Hi everyone,

As always, every time I look at the AWS Glacier egress fee calculator I get fairly irked at how much they charge. Was wondering if anyone knew of any alternatives for cold storage in the cloud without such egregious charges. I will likely not access it ever because I have another offset backup, but just in case I do, I wouldn't want to fork over thousands, really.

I don't know how reliable Scaleway's service is, and Cloudflare's R2 doesn't have a Archive offering. I would be interested in the Azure if anyone can convince me that I won't go bankrupt trying to retrieve my data from them. I don't want to go with Google with the recent stuff they have been doing with data on their servers.

Thanks!

Hey all,

Almost as impressive as all the LLMs these days is the voice that ChatGPT uses with its emphasis and dramatic pauses and umms, etc.

I would love to integrate that with a self-hosted Llama3 engine.

Is there a project that y'all have heard of?

I started tinkering with frigate and saw the option to use a coral ai device to process the video feeds for object recognition.

So, I started checking a bit more what else could be done with the device, and everything listed in the site is related to human recognition (poses, faces, parts) or voice recognition.

In some part I read stable diffusion or LLMs are not an option since they require a lot of ram which these kind of devices lack.

What other good/interesting uses can these devices have? What are some of your deployed services using these devices for?

I am currently using an old laptop (circa 2015) with a 250GB SSD in it, and 4GB of RAM. It runs Fedora 39 Server, and only hosts a Jellyfin instance through Docker right now (though I want to use Nextcloud later too). There is only 15GB of storage left on it, and the CPU is constantly overloaded (due to forced transcoding). I happen to have a lot of 500GB 3.5" HDDs laying around, and I want to use them in RAID 5. What hardware would be good for having 4 HDDs, and running Jellyfin and Nextcloud in Docker? I'm okay with either having just a 4-bay NAS (as long as it can handle transcoding (MKV 480p -> MP4)), or having a 4-bay NAS and a server/computer/NUC. I only have a budget of CAD$900 (USD$658 as of writing), but I am willing to go to CAD$1000 if absolutely necessary.

Hey hello, self-hosting noob here. I just want to know if anyone would know a good way to host my writing. Something akin to those webcomic sites, except for writing. Multiple stories with their own "sections" (?) and a chapter selection for each. Maybe a home page or profile page to just briefly detail myself or whatever, I don't know. It doesn't have to be fancy, and I apologize for not knowing how to describe this well. I've just been searching and searching and I don't know what to look up to find what I want, it's extremely frustrating. Any help is greatly appreciated.

I'm a happy user of Inoreader. I like it so much I'm considering buying a premium plan. However, I'm looking for an alternative I wouldn't have to pay for. I came across FreshRSS. The only thing that's keeps me from moving is the sync. I don't want to expose it to the internet but I want to be able to access it on a move. My first idea was to use Syncthing. Is there a way to use Syncthing to sync feeds, settings (read articles, subscriptions, etc.) across different devices? By different devices I mean Linux, macOS (optional) and GrapheneOS (Android) phone.

I am currently setting up a Proxmox box that has the usual selfhosted stuff (Nextcloud, Jellyfin, etc) and I want all of these services in different containers/VMs. I am planning to start sharing this with family/friends who are not tech savvy, so I want excellent security.

I was thinking of restricting certain services to certain VLANs, and only plugging those VLANs into the CT/VMs that need them.

Currently, each CT/VM has a network interface (for example eth0) which gives them internet access (for updates and whatnot) and an interface that I use for SSH and management (for example eth1). These interfaces are both on different VLANs and I must use Wireguard to get onto the management network.

I am thinking of adding another interface just for “consumption” which my users would get onto via a separate Wireguard server, and they would use this to actually use the services.

I could also add another network just to connect to an internal NFS server to share files between CT/VMs, and this would have its own VLAN and require an additional interface per host that connects to it.

I have lots of other ideas for networks which would require additional interfaces per CT/VM that uses them.

From my experience, using a “VLAN-Aware” bridge and assigning VLANs per interface via the GUI is best practice. However, Proxmox does not support multiple VLANs per interface using this method.

I have an IPv6-only network, so I could theoretically assign multiple IPs per interface. Then I would use Linux VLANs from within the guest OS. However, this is a huge pain and I do not want to do this. And it is less secure because a compromised VM/CT could change its VLAN tag itself.

I am asking if adding many virtual interfaces per CT/VM is good practice, or if there is a better way to separate internal networks. Or maybe I should rethink the whole thing and not use one network per use-case.

I am especially curious about performance impacts of multiple interfaces.

Mostly I'm curious what people's setups are. Are you using docker or a VM? Which tools are you using to stream and play your roms or steam games?

Looking for suggestions for myself as well... I'm on unraid and looking to support multiple users.

I have a trusty UnRaid server that has been running great for almost 3 years now, with some kinks and headaches here and there, but mostly very stable. Now I'm entertaining the idea of setting that box up with ProxMox, and running UnRaid virtualized. The reason being that I want to use UnRaid exclusively as a NAS and then run all dockers and VMs on ProxMox (at least that's how I'm picturing it). I would like to know your opinion on this idea. All I have is Nextcloud, Immich, Vaultwarden, Jellyfin, Calibre, Kavita and a Windows VM I use to update some hardware every now and then. I mainly want to do that for the backup capabilities in ProxMox for each instance. Storage is not a concern, and I have 64GB of ECC Ram running in that box. What are the Pros and Cons, or is it even worth it to move all this to ProxMox?

Is anyone currently self hosting an Anytype backup node? In case you don't know, Anytype is a privacy focused, local first note app. Can be found in anytype.io. Their docs give informartion on how to self host. I only have a laptop, so I'm trying to create a node in a VirtualBox VM, using Vagrant to automate box creation and provision. Sorry if the post is messed up, first timer here.

Edit: Thanks for the help, issue was solved! Had Traefik's loadbalancer set to route to port 8081, not the internal port of 80. Whoops.

Intro

HI everyone. I've been busy configuring my homelab and have run into issues with Traefik and Vaultwarden running within Podman. I've already successfully set up Home Assistant and Homepage but for the life of me cannot get things working. I'm hoping a fresh pair of eyes would be able to spot something I missed or provide some advice. I've tried to provide all the information and logs relevant to the situation.

Expected Behavior:

1. Requests for *.fenndev.network are sent to my Traefik server.
2. Incoming HTTPS requests to vault.fenndev.network are forwarded to Vaultwarden
   • HTTP requests are upgraded to HTTPS
3. Vaultwarden is accessible via https://vault.fenndev.network and utilizes the wildcard certificates generated by Traefik.

Quick Facts

Overview

• I'm running Traefik and Vaultwarden in Podman, using Quadlet
• Traefik and Vaultwarden, along with all of my other services, are part of the same fenndev_default network
• Traefik is working correctly with Home assistant, Adguard Home, and Homepage, but returns a 502 Bad Gateway error with Vaultwarden
• I've verified that port 8081 is open on my firewall and my service is reachable at {SERVER_IP}:8081.
• 10.89.0.132 is the internal Podman IP address of the Vaultwarden container

Versions

Server: AlmaLinux 9.4

Podman: 4.9.4-rhel

Traefik: v3

Vaultwarden: alpine-latest (1.30.5-alpine I believe)

Error Logs

Traefik Log:

2024-05-11T22:09:53Z DBG github.com/traefik/traefik/v3/pkg/server/service/proxy.go:100 > 502 Bad Gateway error="dial tcp 10.89.0.132:8081: connect: connection refused"

cURL to URL:

[fenndev@bastion ~]$ curl -v https://vault.fenndev.network
*   Trying 192.168.1.169:443...
* Connected to vault.fenndev.network (192.168.1.169) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
* TLSv1.0 (OUT), TLS header, Certificate Status (22):

Config Files

vaultwarden.container file:

[Unit]
Description=Password 
After=network-online.target
[Service]
Restart=always
RestartSec=3

[Install]
# Start by default on boot
WantedBy=multi-user.target default.target

[Container]
Image=ghcr.io/dani-garcia/vaultwarden:latest-alpine
Exec=/start.sh
EnvironmentFile=%h/.config/vault/vault.env
ContainerName=vault
Network=fenndev_default

# Security Options
SecurityLabelType=container_runtime_t
NoNewPrivileges=true                                    
# Volumes
Volume=%h/.config/vault/data:/data:Z

# Ports
PublishPort=8081:80

# Labels
Label=traefik.enable=true
Label=traefik.http.routers.vault.entrypoints=web
Label=traefik.http.routers.vault-websecure.entrypoints=websecure
Label=traefik.http.routers.vault.rule=Host(`vault.fenndev.network`)
Label=traefik.http.routers.vault-websecure.rule=Host(`vault.fenndev.network`)
Label=traefik.http.routers.vault-websecure.tls=true
Label=traefik.http.routers.vault.service=vault
Label=traefik.http.routers.vault-websecure.service=vault

Label=traefik.http.services.vault.loadbalancer.server.port=8081

Label=homepage.group="Services"
Label=homepage.name="Vaultwarden"
Label=homepage.icon=vaultwarden.svg
Label=homepage.description="Password Manager"
Label=homepage.href=https://vault.fenndev.network

vault.env file:

LOG_LEVEL=debug
DOMAIN=https://vault.fenndev.network 

🗃 Open source self-hosted web archiving. Takes URLs/browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more…

My server (fedora) stops all podman containers after 2-3 hours since 3 days. I can start all containers again, and the same happens after a while. I do not know where to look for the problem.

In top, I found a oom message. I assume that the system runs out of memory and stops all services. How can I find the problem? I can’t find anything in the container logs.

I can see that systemctl status is always starting. It doesn’t become “running”. But I do not know how to proceed.

So I'm just getting started with selfhosting things, and I have a minor problem which I'm having some trouble solving, as I keep getting a connection refused error when trying to connect:

send() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53

I run a jellyfin server on a NUC - it works well and is accessible on the private network. I want to have a public URL for this server - and other stuff, eventually.

Here's my setup

• I have a subdomain - jellyfin.mydomain.com - pointed to the external IP for my router
• I have the router set up to allow remote access, and port forwarding directing all port 80 traffic to my public ip > port 80 on the server
• On my server - running ubuntu - I installed nginx
• I used the official jellyfin nginx config for access from a subdomain
• I edited the server_name variable to match my subdomain

Now, whenever I access the subdomain in a browser I get a 502 Bad Gateway error. The /var/lof/nginx/error.logshows:

2024/05/10 08:26:37 [error] 95335#95335: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53
2024/05/10 08:26:37 [error] 95335#95335: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53
2024/05/10 08:26:42 [error] 95335#95335: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53
2024/05/10 08:26:47 [error] 95335#95335: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53
2024/05/10 08:26:52 [error] 95335#95335: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53
2024/05/10 08:26:57 [error] 95335#95335: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53
2024/05/10 08:27:02 [error] 95335#95335: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53
2024/05/10 08:27:07 [error] 95335#95335: *69 jellyfin could not be resolved (110: Operation timed out), client: 193.29.107.173, server: jellyfin.mysubdomain.com, request: "GET /web/ HTTP/1.1", host: "jellyfin.mysubdomain.com"

I have almost no experience with networking, linux, or nginx :D So I am sure the problem is obvious to someone else....

Can you help?