@jyarbrough @selfhost
@bravemonkey @selfhosting @selfhosted @linux @MangoPenguin @geillescas Yeah, I'm very tempted to go back to the way I had things, which allowed me to access services with my Raspberry Pi's IP and a port number. Since I don't leave home much and I'm not the ISP account holder, this is starting to seem like more trouble than it's worth.
@geillescas @selfhost @selfhosting @selfhosted @linux I'll have to see about this. I'm not the account holder and the one who is, my stepdad, isn't exactly tech-savvy. My router did have a firewall blocking traffic, but I changed its security level and looked at the rules, so that shouldn't be an issue anymore.
@selfhost @selfhosting @selfhosted @linux Authelia docker-compose.yml:
services:
authelia:
image: authelia/authelia:latest
container\_name: authelia
volumes:
\- ./config:/config
\- ./logs:/var/log/authelia
networks:
\- web
\- authelia\_internal
environment:
\- TZ=America/Chicago
\- AUTHELIA\_JWT\_SECRET\_FILE=/config/secrets/jwt\_secret
\- AUTHELIA\_SESSION\_SECRET\_FILE=/config/secrets/session\_secret
\- AUTHELIA\_STORAGE\_ENCRYPTION\_KEY\_FILE=/config/secrets/storage\_encryption\_key
labels:
\- "traefik.enable=true"
\- "traefik.http.routers.authelia.rule=Host(`auth.laniesplace.us`)"
\- "traefik.http.routers.authelia.entrypoints=websecure"
\- "traefik.http.routers.authelia.tls.certresolver=le"
\- "traefik.http.middlewares.authelia.forwardauth.authRequestHeaders=X-Forwarded-Proto,X-Forwarded-Host"
\- "traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User,Remote-Name,Remote-Email"
\- "traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true"
\- "traefik.http.services.authelia.loadbalancer.server.port=9091"
\- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=[https://auth.laniesplace.us](https://auth.laniesplace.us)"
\- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
\- "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
restart: unless-stopped
security\_opt:
\- no-new-privileges:true
depends\_on:
\- redis
healthcheck:
test: ["CMD", "wget", "--no-check-certificate", "--quiet", "--tries=1", "--spider", "http://localhost:9091/api/health"]
interval: 30s
timeout: 10s
retries: 3
start\_period: 60s
redis:
image: redis:alpine
container\_name: authelia\_redis
networks:
\- authelia\_internal
restart: unless-stopped
volumes:
\- ./redis:/data
command: redis-server --save 60 1 --loglevel warning
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 10s
retries: 3
security\_opt:
\- no-new-privileges:true
networks:
web:
external: true
authelia\_internal:
internal: true
@selfhost @selfhosting @selfhosted @linux traefik services.yml:
http:
services:
\# Docker Services
homer:
loadBalancer:
servers:
\- url: "http://homer:8080"
glances:
loadBalancer:
servers:
\- url: "http://glances:61208"
uptime-kuma:
loadBalancer:
servers:
\- url: "http://uptime-kuma:3001"
miniflux:
loadBalancer:
servers:
\- url: "http://miniflux:8080"
pihole:
loadBalancer:
servers:
\- url: "http://pihole:8088"
portainer:
loadBalancer:
servers:
\- url: "http://portainer:9000"
linkding:
loadBalancer:
servers:
\- url: "http://linkding:9090"
\# Non-Docker Services
filebrowser:
loadBalancer:
servers:
\- url: "http://127.0.0.1:8085"
netdata:
loadBalancer:
servers:
\- url: "http://127.0.0.1:19999"
forgejo:
loadBalancer:
servers:
\- url: "http://127.0.0.1:3000"
dokuwiki:
loadBalancer:
servers:
\- url: "http://127.0.0.1:81"
cockpit:
loadBalancer:
servers:
\- url: "http://127.0.0.1:9090"
@selfhost @selfhosting @selfhosted @linux Web services docker-compose.yml, includes Linkding:
services:
linkding:
image: sissbruecker/linkding:latest-plus
container\_name: linkding
environment:
LD\_ENABLE\_AUTH\_PROXY: "true"
LD\_AUTH\_PROXY\_HEADER: "Remote-User"
LD\_AUTH\_PROXY\_AUTO\_LOGIN: "true"
LD\_AUTH\_PROXY\_LOGOUT\_URL: "[https://auth.laniesplace.us/logout](https://auth.laniesplace.us/logout)"
volumes:
\- linkding\_data:/etc/linkding/data
healthcheck:
test: ["CMD", "node", "-e", "const http = require('http'); const options = {host: 'localhost', port: 9090, path: '/', timeout: 2000}; const request = http.request(options, (res) =\> { process.exit([200, 302].includes(res.statusCode) ? 0 : 1)}); request.on('error', () =\> process.exit(1)); request.end()"]
interval: 30s
timeout: 10s
retries: 3
networks:
\- web
labels:
\- "traefik.enable=true"
\- "traefik.http.routers.linkding.rule=Host(`bookmarks.laniesplace.us`)"
\- "traefik.http.routers.linkding.entrypoints=websecure"
\- "traefik.http.routers.linkding.tls.certresolver=le"
\- "traefik.http.services.linkding.loadbalancer.server.port=9090"
\- "traefik.http.routers.linkding.middlewares=authelia@docker"
volumes:
linkding\_data:
networks:
web:
external: true
@ocean Honestly, I didn't know cloudflare domains were that cheap. Also, yes, there's eu.org and a couple other ways to get free domains.
@virtuous_sloth @selfhost @selfhosting @selfhosted @mastoblind @main No, my situation is weird. My domain is hosted on Porkbun.com but its nameservers point to Vultr.com, where my WordPress install is hosted on a friend's server. Porkbun won't let me edit DNS records or do much of anything with my domain unless I change back to the default nameservers, which would break my WordPress setup.
@jdw @selfhost @selfhosted @linux @selfhosting Not sure what you mean. I have a Raspberry Pi with MiniFlux, LinkAce, and a bunch of other stuff on it. The only thing I'm not hosting is the WordPress site.
@remakingeden @selfhost @selfhosted @linux @selfhosting Yeah I don't want to add a whole log, just alerts that backups were done successfully or if something goes down, or a daily summary of how my system is doing. I'll look into Pushover.
RareBird15
joined 3 months ago
@NegativeLookBehind I updated the gist with some log files. There are a lot of 401 errors in the homepage logs. I know my API keys are correct so I'm not sure how to fix them.