Welcome to /r/selfhosted!

I haven't seen other people mention this yet, but I noticed a subtle change in the way Siri Shortcuts works in iOS17, where it gives you the option to run pretty much all automations immediately now.

​

On iOS16, it was hit/miss especially with automations where Wifi or Bluetooth connections were the triggers.

​

The reason I bring this up here is because it's finally a simple solution to have an automation run to connect to your VPN when you leave the house (and subsequently disconnect from your VPN when you arrive back home). The automation now simply runs in the background, which is great!

​

So a simple "When HomeWifi disconnects, connect to VPN." and "When HomeWifi connects, disconnect from VPN" automation works pretty much flawlessly, as it should, now.

Happy Friday, r/selfhosted! Below is a link to This Week in Self-Hosted, a weekly newsletter recap of the latest activity in self-hosted software.

This week's features include:

• The latest in self-hosted and open-source industry activity
• Noteworthy software updates and launches
• Featured content generated by the self-hosted community
• A spotlight on Nextcloud Hub 6, the latest and greatest from the self-hosted cloud collaboration platform

As usual, feel free to reach out with questions or comments about the publication. Thanks!

This Week in Self-Hosted (22 September 2023)

Please read the linked release notes for all the details.

Massive thank you to Jonathan Jogenfors, Jason Rasmussen, and Daniel Dietzler for their work on this PR.

I am a sponsor of immich and I urge all those who have been wanting external libraries in immich to support the project via GitHub or Patreon.

Hi all.

Currently I am looking for a SPAM Filter tool that scans my IMAP inbox on my (not selfhosted) mail server.

I found https://gitlab.com/isbg/isbg but it seems to be kind of old and last update 3 years ago.

In general I am looking for a way that a SW does scan the (unread?) mails my inbox and move it into a spam folder.

If there is another solution out there that "remotely" cleanup a mailbox, I am also highly interested.

Thanks! :)

I'm Simon, I'm the OSS contributor to OneUptime (https://github.com/oneuptime/oneuptime) . It's an open-source alternative to StausPage.io + UptimeRobot + PagerDuty. We're working on adding APM functionalities to it to make it closer to an open-source alternative to data dog. It's 100% free and you can self-host it on your VM / server.

Updates since my last post:

I have posted to this subreddit several times. Here are the updates since the last time I've posted.

- Based on your feedback, we have made it easier to run OneUptime. All you need to do is run one docker-compose file.

- We have launched On Call Policies. So, you can create escalation policy, etc for your team and make alerts more dynamic.

- SMS and Call Alerts - Use Twilio API key to enable SMS and Call alerts.

- Logs: Added email, sms and call logs so you know who was alerted and when.

Let me know what you think! Happy to hear early feedback and make the tool better.

Press release: https://www.netmaker.io/resources/netmaker-goes-open-source-why-we-switched-to-apache-2-0

Exciting news to share! Netmaker has officially embraced open source. This momentous decision was unveiled at the Open Source Summit in Europe when the pull request successfully merged, transitioning their server from the SSPL to the widely recognized Apache License 2.0.

This transition represents a significant milestone for the Netmaker project, and we are thrilled about the opportunities it opens up for the community and the future of network automation.

What would you start with hardware-wise when attempting selfhosting for the first time?

I have no hosting knowledge so I am learning from the very beginning. I thought of getting a raspberry pi to familiarize myself with the concepts and tools to self host. Or is a raspberry pi too far fetched from a basic Intel server? I thought of choosing RPi as it is not using a lot energy.

My long term goals are: * pi-hole * NAS for photos first, maybe video streaming and document storage later * Mail Server * ... probably a lot more to come

EDIT: Thanks everyone for your input. It seems the overall consensus for a start into self hosting is a mini pc. I got myself a ThinkCentre M910Q Tiny on eBay. Lenovo simply was cheaper than HP or DELL models at equivalent performance. The M910Q is a lot more expensive than a Pi, but comes with a power supply, housing, 8GB RAM and 128GB SSD.

I have a number of services that I host and expose to the internet via Cloudflare Tunnels, but I also have a number of services that are only accessed from my own network that still give me the “danger! This is not secure!” warning when I try to access them.

Can I or should I do something about this to fix it?

EDIT: Ended up installing NGINX Proxy Manager (which I had used before Cloudflare Tunnels, so i was already familiar), spun up a Let's Encrypt wildcard certificate, and assigned the host names. Working like a charm! Thanks for the help and suggestions, everyone.

Hello.

The Jellyfin player on Android or Linux shows the subtitles with ?.

Same movie played with Kodi shows correct subtitles.

Anyway to fix it in Jellyfin ?

Thanks.

Hey all,

I'm looking for an app similar to Heimdall or Homer, (preferably one that runs via docker) that will allow me to create 'links' to not just web apps (https://somelink.com), but also has the ability to launch apps using their custom protocol handlers.

Use case: I'd like to create a 'dashboard' of links for different '.ts' streams, that will load in a locally installed network stream player, such as VLC. I know I can run vlc://<link-to-stream> just fine in via Cmd prompt on my PC (locally), but I'd like to be able to invoke that command via a browser.

I do run an instance of Heimdall in my home lab, and IF this is a current feature of the product, then can someone point in the right direction as to HOW this is currently implemented, as I haven't had much luck with it so far!

AnyAll suggestions welcome! :)

Thanks.

Greetings, tech aficionados! We're thrilled to announce that the MiroTalk Team has just rolled out comprehensive documentation to assist you in self-hosting MiroTalk projects on your very own Virtual Dedicated Server (VDS) or Virtual Private Server (VPS). Additionally, we'll guide you through the seamless integration of MiroTalk into your web projects or applications.

MiroTalk WebRTC

Curious about MiroTalk? Delve into the details with this informative Reddit post: Learn more

Ready to dive into the technical aspects? Head straight to our GitHub repository for all the step-by-step instructions: MiroTalk Docs on GitHub

By teaming up, we can elevate MiroTalk into an even more accessible and potent tool. Your support is invaluable to us, and we're eagerly anticipating the remarkable creations you'll craft using MiroTalk.

We extend our heartfelt thanks for your attention and enthusiasm!

Warmest regards,

The MiroTalk Team 🌟

I’m playing about with a ftps server (hosted on my network which has a unique public IP ) and was testing the connection from my 4g hotspot which uses cgnat and was unable to connect. I confirmed that ftp was accessible via another IP so I’m just wondering if CGNAT could potentially block the connection?

It fails on establishing the control connection so I’m suspecting that maybe my carrier is blocking the ftp protocol entirely

Hey guys,

Signal just added quantum resistent Deffie Hellman to its protocol, to protect you messages from decryption attempts by quantum computers.

As a privacy aware East German, I would like to protect my data as best a possible from the government. Is there already a trusted, good developed, encryption software, which offers a quantum resistent protocol? I currently use a Synology NAS, but I think it would be a dream, to implement something like this natively currently, so I would by a new pc with Linux to act as an file server.

Hey r/selfhosted,

After 8 months of feedback, I'm excited to announce the self-hosted alternative version of Reclaim AI you guys have been waiting for!

Atomic can help with rearranging your schedule based on priority and time preferences. It can also help with flexible meetings, time blocking of tasks from a project, and creating breaks and priority links [for urgent meetings]. Also, you can chat with it.

The prior version of Atomic was only hosted on AWS.

The new version is a docker-compose file completely rewritten with open-source software for self-hosting

main features link: https://github.com/rush86999/atomic

self-hosted link: https://github.com/rush86999/atomic/blob/main/atomic-docker/README.md

Would love to get a star from you if you think it's useful.

​

Hi, I am looking for something to download ebooks and forward those downloads to my kindle email. For the first part I am aware that there are solutions available, can anyone point me in right direction on how to send ebooks to kindle automatically after download ?

Hi All,

I'm just setting out on building my homelab on Docker in Swarm Mode and have run into some difficulty in configuring Authelia with Traefik. I've read through Traefik and Authelia's docs and some guides and have got a little lost with setting up the middleware.

I can visit authelia.example.com and get the login page.

I have traefik.example.com without authentication yet and can visit that.

I've setup whoami.example.com with what should be Authelia authentication but just get a 404 on that domain.

In Traefik I get an error popping up when I look at whoami.example.com saying middleware "authelia@docker" does not exist

I've obviously got something wrong in my config, below:

traefikv2.yml

version: "3.2"

services:
  app:
    image: traefik:v2.9
    env_file: /var/data/config/traefikv2/traefikv2.env
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - config:/etc/traefik
      - /var/data/traefikv2/traefik.log:/traefik.log
      - /var/data/traefikv2/acme.json:/acme.json
      - /var/data/config/traefikv2/traefik.toml:/traefik.toml
    networks:
      - traefik_public
    deploy:
      mode: global
      labels:
        - "traefik.docker.network=traefik_public"
        - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
        - "traefik.http.routers.api.entrypoints=https"
        - "traefik.http.routers.api.tls.domains[0].main=example.com"
        - "traefik.http.routers.api.tls.domains[0].sans=*.example.com"
        - "traefik.http.routers.api.tls=true"
        - "traefik.http.routers.api.tls.certresolver=main"
        - "traefik.http.routers.api.service=api@internal"
        - "traefik.http.services.dummy.loadbalancer.server.port=9999"
        - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare"
      placement:
        constraints:
          - node.role == manager

volumes:
  config:
    driver_opts:
      type: nfs
      o: addr=10.10.69.20,nfsvers=4
      device: :/Docker/swarm/traefik/config

networks:
  traefik_public:
    external: true

traefik.toml

[global]
  checkNewVersion = true

# Enable the Dashboard
[api]
  dashboard = true

# Write out Traefik logs
[log]
  level = "INFO"
  filePath = "/traefik.log"

[entryPoints.http]
  address = ":80"
  # Redirect to HTTPS
  [entryPoints.http.http.redirections.entryPoint]
    to = "https"
    scheme = "https"

[entryPoints.https]
  address = ":443"
  [entryPoints.https.http.tls]
    certResolver = "main"

# Let's Encrypt
[certificatesResolvers.main.acme]
  email = "novasuspect@example.com"
  storage = "acme.json"
  [certificatesResolvers.main.acme.dnsChallenge]
    provider = "cloudflare"

# Docker Traefik provider
[providers.docker]
  endpoint = "unix:///var/run/docker.sock"
  swarmMode = true
  watch = true

authelia.yml

version: "3.2"

services:
  authelia:
    image: authelia/authelia
    volumes:
      - config:/config
    networks:
      - traefik_public
    deploy:
      labels:
        # traefik common
        - traefik.enable=true
        - traefik.docker.network=traefik_public

        # traefikv2
        - "traefik.http.routers.authelia.rule=Host(`authelia.example.com`)"
        - "traefik.http.routers.authelia.entrypoints=https"
        - "traefik.http.services.authelia.loadbalancer.server.port=9091"

  whoami-2fa: 
    image: containous/whoami
    networks:
      - traefik_public
    deploy:
      labels:
        # traefik
        - "traefik.enable=true"
        - "traefik.docker.network=traefik_public"

        # traefikv2
        - "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
        - "traefik.http.routers.whoami.entrypoints=https"
        - "traefik.http.routers.whoami.middlewares=authelia"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"

volumes:
  config:
    driver_opts:
      type: nfs
      o: addr=10.10.69.20,nfsvers=4
      device: :/Docker/swarm/authelia/config

networks:
  traefik_public:
    external: true 

authelia configuration.yml

server:
  host: 0.0.0.0
  port: 9091

log:
  level: warn

jwt_secret: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
default_redirection_url: https://authelia.example.com

totp:
  issuer: authelia.example.com
  period: 30
  skew: 1

authentication_backend:
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      salt_length: 16
      parallelism: 8
      memory: 1024 # blocks this much of the RAM. Tune this.

access_control:
  default_policy: one_factor
  rules:
    - domain: "authelia.example.com"
      policy: bypass

    - domain: "whoami.example.com"
      policy: two_factor

    - domain: "*.example.com" 
      policy: one_factor

session:
  name: authelia_session
  secret: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  expiration: 3600 # 1 hour
  inactivity: 300 # 5 minutes
  domain: example.com # Should match whatever your root protected domain is

regulation:
  max_retries: 3
  find_time: 120
  ban_time: 300

storage:
  encryption_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  local:
    path: /config/db.sqlite3

notifier:
  filesystem:
    filename: /config/notification.txt

I'm honestly at a bit of a loss about what config I'm missing where. Any help would be massively appreciated.

I am setting up my first Homelab, my first computer has 1TB SSD and the other ones I plab to get 1TB SSD for each of them, making 5TB SSD in total and operate them as a cluster

Without counting large media files (i.e. films, etc), is that a good amount of storage capacity?

Googling I see this, someone know something similar to use home in me home ingredients? Or recipes?

Also interested in quantity of minerals.

I accept your recommendations.

Thank you.

Hi, yesterday I found an old HDD with a lot of old photos that I like to include on y immich instance.

So I go thro google and check he bulk import page, so start to import.

I create a bath file with the following commands inside:

docker run -it --rm -v "$(pwd):/import" ghcr.io/immich-app/immich-cli:latest upload --recursive --album --key 4aLFxg8GxAmykey --server http://myserver

So simple as that.

My instance are running on a Docker, accessible www via Cloudflare tunnel.

What I think is wrong, is on the configuration somehow, because on the Administration Screen, you see the users, and on Import column all users have "x", is correct?

​

thank you.

​

​

Hello. The one are of server admin that I have struggled to get my head around is networking. I currently have an Ubuntu server and it is not directly exposed to the internet. To access services I have a cloudflare tunnel and tailscale running on the host. Services are then accessed through tailscale and IP or reverse proxy on Cloudflare.

I am looking at moving to proxmox so I can change things and experiment a little more without tearing down the bulk of my services, however, I cannot get my head around how best to handle networking in this setup. I have looked at tailscale serve but this will only redirect to local hosts based on url params. Is there a way to have an ingress container and then some config to define where to direct traffic on the proxmox server based on source etc? Cloudflare tunnels work but I will want to stream video which is against their TOS. This is currently done through tailscale so I could install that directly on the jellyfin container but I cannot help think there is a "better" way. Ideally where I can point the traffic elsewhere if/when needed without reinstalling the VPN clients on the machine.

Hi,

I have downloaded mergefs and want to set it up so my external drives can be merged and then shared with sabnzbd/sonarr/radarr. Currently my drives are auto mounted on system boot, but looking online it seems to be recommended to use fstab. So should I set up drives in fstab and then follow a guide such as https://dop-amine.com/posts/homelab-build-guide/

Thanks in advance

Hi, I am very much new to this. I was following selfhosted for a long time and finally took the step to setup my own homelab. However I am facing problems with reverse proxy. I tried to setup nginx via docker compose, then portainer. it showed bad gateway eachtime. Then finally iwas able to run it and access it with another compose file, but then I failed to add ssl for my subdomain. I don't know what is wrong. tried to follow so many tutorials and guides but failing and failing.
Can anyone point any direction for me? Should I abandon NPM and go for another proxy like caddy? why couldn't I add the ssl via web interface. I pointed the a name record and everything else. but it showed internal error.
please help

I'm tired of using OpenCage API with the API limits and high prices.

Possible for a noob to self-host a geocoding server?