Self Hosted - Self-hosting your services.

11514 readers
7 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Cross-posting

If you see a rule-breaker please DM the mods!

founded 3 years ago
MODERATORS
1
2
 
 

Has anyone seen any particularly good deals for NAS's, storage or memory, mini computers, things like that, for this Black Friday / Cyber Monday season?

3
 
 

I came across mention of IMAPSync and Larch as tools to move emails out of Gmail to a new email account. Does anyone have any experience using these?

I have a family's worth of email gmail accounts all of which are running out of space and will need to be moved to a new email provider. They would of course all like to keep their historical sent and recieved emails.

4
 
 

I've been stressing out for some hours now, but I think I know what has happened, although there are still some things that's not quite adding up, and was hoping someone could help me get to the bottom of it. The actual question is at the bottom.

First some background I'm self-hosting Nextcloud on a Linode, and was notified that the public out network traffic exceeded my set threshold. I first assumed that I've had a breach on my server, but could find no trace of someone logging in. The reason I now feel at least somewhat easier is:

  1. No sign of anyone ssh-ing in successfully before the time this happened from /var/logs/auth.log (I guess this is not hard to cover though...)
  2. ssh through root is disabled - they would have to know my username and my password, which should not be brute-forceable, and the way it's stored in my password manager does not immediately allow linking the two (although, if my password manager is compromised I don't know what to do). I have no other signs that this has been compromised, and I think my Nextcloud-server would be a weird place to start if they had access to it all.
  3. I have 2FA on my Linode account, so accessing root (which also has a different and not easily brute-forceable password) through LISH should also be difficult.
  4. The amount of traffic (based on the average network traffic Linode reported) amounts to several times the total data stored on the server. I would expect a malicious actor to grab everything once, and not spend more time than necessary to needlessly duplicate the data.

What I now think happened instead is that my desktop client has resynced everything several times over. The reasons I think this:

  1. The network activity started more or less when I opened my laptop this morning
  2. The desktop client was for some reason entered twice in the autostart, causing two version of the client to be started at the same time. This caused some conflicts today - when I noticed this and resolved these, I quit the second instance, and that is about the time the network activity stopped
  3. The same thing happened later today, which caused a spike in CPU-usage on the server, but did not trigger the same network traffic as the desktop client seems to have crashed quickly after.

The actual question However, the last piece of the puzzle that I can't figure out that still has me somewhat nervous: the maximum outbound transfer speed greatly exceeds my download speed (about 4 times). From the graph, it seems as though it maintains this high speed, but it seems to maybe just log the maximum value every five minutes, so maybe these are just spikes? The reported average over the two hours this occurred more or less matches my maximum download speed however, although I don't really think I can get that from where I am sitting on my WiFi.

Is this the glove that doesn't fit?

5
 
 

I thought it would be cool to have my own TLD, but apparently it's all managed by the ICANN, so you can't just name your website with any TLD you want. There are different prices. But at least you can customize your second level domain. Why aren't TLDs like this?

6
25
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
 
 

Hey; I just got a Lemmy instance up and running. I'd like to share some tips and things that helped me along the way.

I used the Ansible installer found here. Just following the instructions is pretty clear if you've ever set up a server before. I did have a couple of hickups though:

  • In the hosts config file, there's a like that says "[email protected]: replace with the destination you use to connect to your server via ssh."" There's a typo down below where there is no [email protected], it actually says example.com instead. Do replace it with your username and domain.
  • The customPostgresql.conf DOES need to be tuned for your server memory and CPU; the default did not work for me
  • When it says Configure a DNS A Record to point at your server's IP address. it means you need an IPv4 address for your server. Unfortunately, this means you can't use the cheapest Vultr tier at $2.5/mo, but you have to use the $3.5/mo instance at least.
  • I used the $5/mo Vultr instance instead of $3.5 because 512MiB of RAM caused my server to run out of memory and start killing processes. For some reason nginx would be the first to go.
  • Speaking of nginx; it was not configured to start on startup for some reason. A quick sudo systemctl enable nginx fixed that.
  • To diagnose the memory issue; I had to go docker ps | grep postgres, get the hash/ID for postgres, then do sudo docker logs 5115641fc0b2 to see the logs
  • To see the server logs, the /srv/lemmy/<domain name here> is where the docker-compose.yml file is, so if you cd into this dir, only then can you run docker compose logs -f lemmy or docker compose logs -f lemmy lemmy-ui pictrs to see the lemmy logs
  • Sometimes, pressing a button in the config menu doesn't do anything. Generally, it's a backend issue and not a frontend one, but the front-end does not tell you that anything has gone wrong. If you "Inspect" and open up the console in your browser, you'll see the server request done and you can see the response.
  • I was surprised to learn that you can't make a federated AND private Lemmy instance. I guess it makes sense? I kind of want to save on server bandwidth/resourse by being the only user though...
  • My ISO of Debain did not have a swap file or partitioned any swap space. Create a swap file and make it permanent through the following commands: sudo fallocate -l 1G /swapfile sudo chmod 600 /swapfile sudo mkswap /swapfile sudo swapon /swapfile and then edit sudo nano /etc/fstab and add the line /swapfile none swap sw 0 0. Without the swap Lemmy would crash the server.

Anyways, hope these notes help someone! If you've got any tips I'd love to hear.

7
 
 

So I'm using a lot the option to chat myself in apps like WhatsApp or Telegram. But I don't wanna put my trust in them.

I tried about using NextCloud (I have an instance) Talk, but I'm not satisfied: the app won't load if I have no internet connection.

What I am actually looking for:

  • something with cross client sync that sync is ideally on my server
  • simple to use like sending message to self but with good search options, maybe even tagging
  • ability to send images, files etc
  • caches offline on clients

thanks.

P.S. wasn't really sure what tag to use here. Help seems like I'd use when I have an issue with an existing project. but I'm looking for a new one so I used this.

thanks!

8
 
 

Hello!

I have Jellyfin running locally on my linux pc, in a docker container but I also use Mullvad vpn. I'm still newish to linux but I can access jellyfin through my lan. I am at a total loss with how to remotely access it remotely and securely. I think I need to split tunnel jellyfin but I also run arr apps in other containers. Maybe gluetun? I cant find a guide that tells me for sure but it sounds like what I may need

I have been through several guides for different methods but I'm at a loss on what to do.

Can anyone point me in the right direction?

9
 
 

Hi :)

I've been playing around with a pi 4 for a few months now, but I want a dedicated home server now, since I want my pi to run HomeAssistantOS.

I'm looking for something that can store documents and photos (paperless and immich) and maybe run a small program like Ad guard. At first I just want to hookup an old SSD (250GB) and a HHD (1TB), but maybe I will buy a second one for RAID in the future. Power consumption at idle is really important for me (energy prices in Germany are really high).

As a beginner I find it very hard to find the right hardware, because everyone is recommending different things. (Slim-Clients, Intel Nuc, Raspberry Pi, Synology NAS).

I hope someone can recommend me something that will work for me.

10
 
 

Does anyone recommend a VPS to run Nextcloud? @selfhost

I convinced my brother to stop paying for Office Online and give us this money to use a self-hosted Nextcloud.

11
 
 

tl;dr: Run "docker run -it --rm --log-driver none --cap-drop=ALL --read-only --net none --security-opt=no-new-privileges --name ascii-matrix defnotgustavom/ascii-matrix" for a perfect cmatrix clone + ascii elmo.

Check thread link for more info.

12
 
 

The number of containers I'm running on my server keeps increasing, and I want to make sure I'm not pushing it beyond its capabilities. I would like a simple interface accessible on my home network (that does not make any fishy connections out) that shows me CPU and RAM-usage, storage status of my hard drives, and network usage. It should be FOSS, and I want to run it as a Docker container.

Is Grafana the way to go, or are there other options I should consider?

13
 
 

I'm looking into self-hosting a SearXNG instance for my own use. One thing I don't get is how the results are aggregated if I'm using a local instance. Is it just going to all the configured search engines and making requests? If that's the case, what's the benefit of using SearXNG instead of just going to that search engine myself from a privacy perspective?

14
 
 

cross-posted from: https://lemmy.ca/post/30126699

I created this guide on how to install Jellyfin as a Podman Quadlet on your server. Enjoy.

15
133
submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]
 
 

I accidentally attempted to SSH into one of my servers from a device that did not contain my ssh key. I configure all of my servers to only allow authentication via cryptographic keys. Root ssh as well as password auth are disabled.

To my surprise, I was able to log in to my server with a password despite this. Baffled, I first tried some other servers. 2 of the 5 other servers I tried were accessabke via password.

After some swift investigation the culprit was found, a cloud-init ssh config in sshd_config.d/ with one line: password_authentication Yes.

So TLDR PSA....if you run a server in any type of virtualized environment, including a VPS, check your /etc/ssh/sshd_config.d/ folder. And more broadly, actually thoroughly test your ssh access to confirm everything is working as you intend it to.

16
17
 
 

cross-posted from: https://programming.dev/post/19958073

Hi,

I'm looking for a solution to archive files in a decentralized system. that would meet those requirement:

  • FLOSS
  • date-stamp the upload of the file.
  • immutable storage ~ WORM
  • anonymous (like TOR)

I was considering IPFS but it does not date-stamp the upload :'( you can make a description-file but this is unreliable, as you can set any date..

I'm lost between hyphanet.org and Freenet.org ?!
are those the same project ?

According to A.I:

Hyphanet is focused on secure, private, and efficient communication and data sharing, with an emphasis on enabling users to monetize their data while maintaining control over their data sovereignty.

is that true ? I can't found the information on their website...

18
 
 

I am on a shared network. I'd like to self host services and access them from all my devices but I do not want these exposed to other people in my network. I've noticed that I can just change the port mapping in Docker to <Tailscale IP>:<port>:<port> from <port>:<port> and it just works. Works as in the service is accessible from my Tailnet, inaccessible from the local network or the internet. Is it really this easy or am I missing something? Just sounds too good to be true so I am suspicious it might somehow be insecure.

19
 
 

Hello everyone,

I have a few questions about Frigate and security cameras, and I thought this would be a good place to ask.

I’m new to security cameras and Frigate, so please excuse any basic questions I might have.

I have a PC at home with an i7-8700 CPU running Proxmox, where I plan to install Frigate in an LXC container for device passthrough.

I came across this Amcrest camera on Amazon: Amcrest IP5M-B1276EW-AI. Since Amcrest is recommended, I assume it should work well, but I’d like to confirm before purchasing. If you have any camera recommendations in the $60 range, I’d appreciate them.

I also read that having dual network interfaces is recommended. My router doesn’t support creating new subnets (I don't know if that would be a problem), and my PC currently has only one network interface. My initial plan was to get a PoE switch and connect the cameras and the router to it, but would getting a separate PCIe network card, and then connect my PC to the switch instead of the router work for creating a separate, internet-less network?

Lastly, I understand that using a Coral accelerator is highly recommended. I’m deciding between the $25 PCIe version and the $60 USB version. Does Frigate benefit from the more expensive USB Coral, or is the $25 PCIe version sufficient? My motherboard is a Gigabyte B365M DS3H, in case that’s relevant.

Thanks in advance for your help!

20
 
 

cross-posted from: https://lemm.ee/post/41196370

I have a spare 3070 GPU, as well as 16GB of Memory and my friend has a spare PSU, this part list has everything else I would need+everything I already have. Is there anything I should tweak or modify or will this build work, I plan to use it as a headless server.

Thanks for the feedback!

https://pcpartpicker.com/list/2fJJYN

21
 
 

I built a system around a 3U chassis, then tried to stuff a GPU in the box and couldn't close the lid. I got a 4U chassis and rebuilt the system, but I still have the 3U and I'm thinking about filling it back out so I have a failover for Proxmox. Is there a GPU I should consider or just stick with the integrated graphics? I'm currently only using the GPU for Steam remote play using pass-though to a Windows VM, but Jellyfin, Frigate, Immich are on my to-do list.

22
 
 

I've recently gotten on board with Invidous/Viewtube - and they're both great in their own ways. I like not having the algorithm hide or force new content down my throat, but I'm wondering if there's a way to take this to the next level.

I also subscribe to nebula - and have some patreon exclusive videos. It would be amazing to gather them all together in one location - is there some self-hosted option for this? Maybe some combination of yt-dlp + plex/jellyfin?

23
 
 

How can you increase the disk capacity on a MiniPC?

I already have a 2TB SSD but I would like to have a raid of SSD or NVMe, but I'm not sure what is the best solution for MiniPCs

Any experience with a similar problem?

cc @[email protected] @[email protected]

24
 
 

Does anyone know of a self hosted food journal? I'm looking for an application that allows me to record all of the things I eat as well as how I feel so patterns of foods can be found when various symptoms are triggered. Bonus points for machine learning analysing the data and telling me what foods cause which problems!

25
 
 

I just setup my first automated and encrypted backup with borg. It's got me thinking about other chaotic events, and how to respond accordingly. I figured now is a good time to document my infrastructure: hardware, network, a files. This way if something bad happens, like my house burns down, I or a family member has instructions for how to quickly recover data and services. Examples:

  1. If my website goes down, with my nextcloud on it, what steps do I need to take to recover the data and restore service?
  2. If my harddrive fails, how do I access lost data and reimplement redundancy after a replacement is stood up?
  3. If someone important to me needs to access encrypted files, how can that access that data and get access to the passwords/encryption keys?
  4. If my phone bricks, how to recover 2fa codes?

So I'd like to have a physical printing copy that tries to cover these emergency scenarios. Of course, I'll have digital copy around as well.

I'm focusing more on digital assets, like encryption keys, personal files and media, cloud service access, accessing inaccessible machines, how to restart/recover from self hosted service if its down, etc. I understand how much wider this document can be to include physical assets, so to start I want to start with digital infrastructure.

So my big questions: what scenarios should be documented in this disaster recovery document? What should I prepare for? The nice correlary of this is that documenting a recovery plan will force me to actually stand up the backups/redundancy needed to recover.

view more: next ›