q7mJI7tk1

@q7mJI7tk1@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Self hosting Sunday! What's up, selfhosters?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Sometimes all it takes is a random comment from a fellow self-hoster to put me on another journey… Thanks for the tip on passkeys and Pocket ID! Love the Pocket ID guides on all popular services. This looks to make it much easier for family logins to all my services. I’m starting the migration now already from Pangolin and inward.

I love the seemingly never-ending journey of self hosting!
⁨Comment⁩ on ⁨I finally understand Cloudflare Zero Trust tunnels⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Pangolin is a reverse proxy, so it can forward a URL to any backend service on any port. But you’re right in that you have to be signed in on the browser you access it on. Therefore an app won’t directly work without prior login. You can create a ‘shareable link’ in Pangolin, which I use for the Immich app. This gives me header tokens that the Immich app can take in its advanced settings, and that’s how that one works.

I’ve recently moved away from dedicated apps for mobile services and toward web-based access for most things (I use Music Assistant in browser). This isn’t perfect for everything and everyone, but I realise now with your question that it’s worked well for me transitioning to Pangolin (and at least Immich app works).
⁨Comment⁩ on ⁨I finally understand Cloudflare Zero Trust tunnels⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Not my expertise I’m afraid. Geoip blocking is straightforward with traefik (and Pangolin docs), Crowdsec is a little more complicated, and with the external firewall into the VPS, there isn’t much more I can think to do.

It’s likely more a factor of how secure Pangolin itself is at that stage.
⁨Comment⁩ on ⁨I finally understand Cloudflare Zero Trust tunnels⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
If today’s outage is anything to go by, you’re better off not using Cloudflare!!

I have continued to use it for public websites so that, in my thinking, at least the Cloudflare network is scrutinising who is accessing my webpages in case of attacks etc.

Pangolin is a simpler cloud reverse proxy, whereas Cloudflare has more bells 'n whistles for quick-set security. You just need to harden your VPS that Pangolin runs on. You can activate Crowdsec etc on it as well.

I run mine on a Hetzner VPS which has a nice firewall feature in the control panel securing the VPS ports for SSH and Pangolin tunnel to my home IP. This adds a comfort for me to know now that it’s then only the ports 80 & 443 exposed. And I think from memory Pangolin doesn’t play nicely with UFW (well, Traefik doesn’t).
⁨Comment⁩ on ⁨I finally understand Cloudflare Zero Trust tunnels⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I only started using Cloudflare tunnels recently, but I’m now using the self hosted alternative Pangolin on a VPS for private services, and I keep the Cloudflare tunnel for public web hosting, i.e WordPress. This also allows easy restriction to the WordPress login page for other users via Google auth etc which is something very simple with CF.

Having split up my private/public services to seperate tunnels also means I don’t stand the chance of taking the public services offline with my constant tinkering of Pangolin and the VPS it runs on.

I have pushed the CF tunnel for file transfers occasionally (which is against their terms), but it hits remarkable speeds for a ‘free’ service.
⁨Comment⁩ on ⁨What is a good self-hosted solution for sharing files with friends?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I had Nextcloud running for several years (VM is the best way IMO, I would avoid the Docker AIO). However I found Filebrowser and it rocks as a file share service. Filebrowser Quantum is a fork with more feature as the original no longer has a maintainer. The most I’ve had someone upload to it was 300GB.
⁨Comment⁩ on ⁨What is a good self-hosted solution for sharing files with friends?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I use Filebrowser Quantum if you are happy opening up a port for it. It supports 2fa. Also requires Docker which isn’t too difficult.
⁨Comment⁩ on ⁨YSK tricks for one of the cheapest meals: beans and rice⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
We also do the sauté onions (which is just onions cooked slooooowly). They caramelise and become sweet, add some generic chicken seasoning to them (I use a salt/paprika mix from the general store), tinned baked beans in tomato sauce, rice, and that’s all. Spice it up with some jar jalapeños and its a damn fine meal for nearly no prep or cost.
⁨Comment⁩ on ⁨Replacing a small business windows server⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I ran Blue Iris, but despite my love for it, my disdain at having to run it on Windows made me move away. You can run it still in a VM, but it’s not ideal, and also not meeting your requirement of moving off Windows.

I would recommend Home Assistant with Music Assistant for music playback of local library files, and that gives you a web page controller. I see Home Assistant also integrates iSpy DVR. No experience of iSpy, but the Music Assistant integration is superb. I use it to stream all music at home for the family to Chromecasts etc and this way everyone just accesses the same web portal.

Home Assistant can be Docker or it’s own OS.
⁨Comment⁩ on ⁨Best "bang for your buck" NUC/Pi setup for Jellyfin/HomeAssistant/PiHole?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Perhaps not the size you’re after, but I have a HP Z1 G5, i9-9900, 5 SSD, 3 HDD, and that can idle as low as 45W and costs me £60/yr in electric. I managed to pick it up off eBay for only £260 (discounted from £350; if you keep an eye on certain things, sellers drop prices to rid of their gear).
⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I love it. I started with pFsense, then really liked Untangle for its ease of use, then went (back) to OPNsense and preferred that for the fact it could run Caddy internally as a reverse proxy and was fast, but I was a bit frustrated at wanting to do more with it and needing to research everything. I already had Unifi APs and decided that it just made sense to have a Ubiquiti router. I’ve found it stable, easy to use with good feature updates, and have also just paid for the annual Cybersecure add-on which is reporting loads.
⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I was being too simplistic in my other reply. I was referring to basic router based DNS and NextDNS as the upstream resolver.

I don’t have an answer for hard coded DNS when it comes to NextDNS, which is essentially an upstream resolver with block lists functionality.

And to be honest, I misinterpreted OPs original question which was to take PiHole to the next level, whereas NextDNS is an alternative to.

I can run app based routing and blocking on my router, but whether that would restrict DNS for those services I don’t know.

Thanks for the clarification, you’ve got me wanting to pursue more DNS control now!
⁨Comment⁩ on ⁨Backup recommendations⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I think they’re forked form the same source, Bittorrent Sync, so function the same under the hood. I wasn’t suggesting Resilio did something Syncthing didn’t. I’ve just found Resilio easier to use for client devices. And that OP was concerned about losing files from syncing.

The only odd behaviour I’ve had with Resilio, is when hosted on Unraid, random files on the SMB share sometimes have database names on large folders with lots of files (RSH-78254 for example), but when synced to remote devices, the filenaming is then accurate. I’ve been meaning to spin up Syncthing to see if it does the same, but as Resilio has yet to lose me any files, I’m sticking with it.

Could be a Docker issue as well I guess.
⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
If you’re referring to network based DNS, I use their script to have it on my Ubiquiti router as well. I have that with its own profile with full blocking for iot etc.

I had PiHole with unbound on my OPNsense way back when, but the internet just needs to work for both me and my family and not go offline with me tinkering with the homelab. NextDNS takes all of that hassle out of the equation.
⁨Comment⁩ on ⁨Backup recommendations⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I use Resilio to duplicate locally to my Unraid, which I know is hated as it’s not the FOSS Syncthing, but in 5 years of use, it’s never gone wrong, and the client software is dead easy to use. That has a hidden .sync folder which archives deleted files for 30 days. You can change the timeframe or remove this feature in settings. I go into the sync folder and remove the deleted files manually if it becomes too bloated.

From my Unraid, I then backup to Hetzner using Duplicacy, which with the GUI is also very easy to use. From what I’ve read about the other backup solutions being a bit flaky, Duplicacy seems to have nothing but love.
⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I’ve had pihole running in the past, then Adguard, but moved to NextDNS several years ago and have been happy with it. For a small fee, it removes all need for self hosting your own. I set up profiles for the kids etc, then set the DNS in their phones, tablets, so I know its always working. You can set local IPs in it if you want, but I use a reverse proxy for all LAN requests instead.

Only slight issue I’ve had with it was recently making several quick changes to DNS in Cloudflare, and NextDNS took several hours to propagate which was a PITA at the time.
⁨Comment⁩ on ⁨I am attempting to get into self hosting after a shockingly frightening experience. I am very lost though.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Backup. I use Backblaze personal which is $179 for two years of ‘unlimited’ storage. All my important self hosted data is duped to some old 2.5" external drives connected to my work machine that then is backing up to Backblaze. I also have 1yr retention, so any deleted file is accessible for up to 1yr.

After backups are sorted, stick with the OS you know best. If Windows (I hope not), then HyperV for VMs is good. Try the official Nextcloud VM from Hanson IT. Nextcloud is a good catch-all, but it’s beaten by other specific tools. I now host all I need from specific Docker containers: photos, calendar, email backup etc etc

But I would say Docker. Docker desktop if Macos or Windows if your thing. Get to know docker and the world of self hosting is your oyster.

As what others say, keep it all to your home network and tread carefully when trying to remote access it all.
⁨Comment⁩ on ⁨v2.0.0: Stable Release of Immich (complete with Merch and DVD)⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
The absolute irony… I’ve used Immich for nearly 2 years without fail; it’s never skipped a beat. Today I update to the stable release and my Immich mobile app now has a sync error warning. This is the first issue I’ve ever had.
⁨Comment⁩ on ⁨Mail Backup/Alternative server for access?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I too looked for a way to move my imap emails out of the cloud, and after looking for years, 2 came along in a matter of months. Mail Archiver and Open Archiver. I’ve been using Open Archiver for about 2 months and like it. I just VPN to home (well, Pangolin), and have it as a proxied web page to search old emails.
⁨Comment⁩ on ⁨Security camera recommendations?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I suppose there’s always a catch with them opening up for 3rd party support.

I was keen to move to Unifi primarily for a doorbell. I had a Hikvision which was very temperamental, and I didn’t want a cloud based one like Ring or Nest, so believe it or not, most of my decision was made around a stupid doorbell.
⁨Comment⁩ on ⁨Security camera recommendations?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Not FOSS, and with an entry price tag, but I ditched my OPNSense firewall for a Ubiquiti UDM Pro SE router about 2 years ago and invested in 3 of their cameras plus a doorbell and love it. I previously had Blue Iris for CCTV.

The Unifi Protect app is great. Easy to navigate, great detection, and easy to store clips. There’s no subscription fees, and I get a great firewall/router alongside a CCTV package.
⁨Comment⁩ on ⁨Started hosting my own Nextcloud and its awesome!⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I’ve run Nextcloud several ways, the smoothest and easiest being the official image by Hanssen IT. Run that in a VM and use their setup/update scripts to do all the hard work. I highly recommend.
⁨Comment⁩ on ⁨Do I need the ISPs home router?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I’m on Vodafone here in the UK (CityFibre), and they let me use my own firewall to the ONT, and give me a static IP for no extra cost. It’s a PPPoE connection with a VLAN id. With work recently I’m using about 5-6TB monthly data. I should count my blessings for their service given all I’ve read here!

I had issues with connectivity around 2020 and they wouldn’t engage with any help troubleshooting it unless I used their provided router, which was a pita, but a few days of speed tests and they escalated it and fixed it.
⁨Comment⁩ on ⁨GitHub - voidauth/voidauth: An Easy to Use and Self-Host Single Sign-On Provider 🐈‍⬛🔒⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Just to say I’ve tried this today and love it. Was running Authelia but wasn’t happy with the way it was configured. I spun up VoidAuth in about 5mins and am impressed. Running as basic auth for a Caddy reverse proxy, this feels very slick. Well done!

Easy to follow documentation as well. Less is more sometimes.

I like the way you have it checking SMTP credentials in the background with a simple ‘this is not configured properly’ on the UI.
⁨Comment⁩ on ⁨Is there a last resort, whistleblowing like app that requires a password on a timer?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
just schedule an email to send at a later date/time, then if you don’t login to cancel it, off it goes.
⁨Comment⁩ on ⁨What network hardware should I get for my homelab?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I started with pfsense on Virtualbox, then quickly moved to HyperV on Windows, where I had 3 locations running this as their routers for almost 2 years, even through COVID when I couldn’t get to some locations. I never had a single issue, just got annoyed at the constant Windows updates rebooting the systems and internet going down when it did.

I then moved to Untangle, still on Hyper V, then moved off VM onto baremetal on an HP Elitedesk 800 with 10GbE card that cost about £100 total, which ran wonderfully until Untangle got sold out.

So, then onto OPNSense on the same Elitedesk (after reading about PFSenses silly games they played), and this ran perfectly for about 18 months, and with solid 1Gbps on Wireguard, then after all these years of messing with routers, I finally switched to a Unifi UDM Pro SE last year and I couldn’t be happier. It does all I need, plus also CCTV recording (away from Blue Iris). I no longer have to worry that my DIY routers are going to fail on me. So, I would recommend Unifi hardware, despite it not being open source, mainly because, well, internet is a crucial service, especially in my household. And the UDM does WAN fail over well with my backup 4G modem.

I did once however, move from PFSense to Untangle on a remote machine. Because Untangle had a GUI, I fired up a VM on the same Windows machine as PFSense, set it all up with the same NIC settings, then adjusted Hyper V so that the Untangle VM booted and the PfSense one didn’t, then rebooted the machine and waited nervously for a few minutes, then boom, up popped the Untangle router! It felt good getting that done. It was only at my parents house, but still, it required a 90min journey if it failed.

With all the drama of Windows 11 in recent years, I’m glad I switched away from HyperV when I did.
⁨Comment⁩ on ⁨3-2-1 Backups: How do you do the 1 offsite backup?⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I spend my days working on a MacBook, and have several old external USB drives duplicating my important files, live, off my server (Unraid) via Resilio to my MacBook (yes I know syncthing exists, but Resilio is easier). My off-site backups are to a Hetzner Storage Box using Duplicacy which is amazing and supports encrypted snapshots (a cheap GUI alternative to Borgbackup).

So for me, Resilio and Duplicacy.
⁨Comment⁩ on ⁨Your favorite "one click" self hosted open source app installer/server manager?⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I guess there is no one-size-fits-all for self hosting. We all have different requirements. Mine is NAS based, so hence Unraid. I think mostly we all rotate around the core of photo storage, and Immich is likely what’s fuelling a lot of self hosting now as it’s a legit alternative to Google Photos. As I’ve moved out of the Google eco system now for everything; it creeps me out to think how much of my information they used to have access to.
⁨Comment⁩ on ⁨Your favorite "one click" self hosted open source app installer/server manager?⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I read your post last night, thought I’d reply this morning and am disappointed in the replies you’ve already had. So you’ve got issues with your self hosting, and it annoys people you haven’t figured out the solution?!? Odd.

Anyway, well done on recommending Runtipi as I’ve never heard of it and looks interesting. I’m on the look out for things to recommend to people, and that looks good.

As for what else there is, there was a thread here this week asking similar, and lots got mentioned in there. I’m too lazy to find the link, but dig about on the 1st page. Most have already been repeated in here already.

I think self hosting is a journey, where you learn as you go. It’s all part of the fun of it. And perhaps using a platform that has a healthy amount of solutions already posted is the key for you rather than focussing on a one-click interface. I myself use Unraid, and that community is full of Q&A for every type of user.
⁨Comment⁩ on ⁨Suggestion request: Self-hosted app for shared directories like google drive⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Yes, as @Darkassassin07@lemmy.ca says, just create a new user for each event you want to share photos about: ‘BeachBBQ’, ‘WeekendStay-July’ etc, then bind those user accounts to whatever folders you want to have the photos in and set the user restrictions to upload, share, but not delete for example.

I also use various FileBrowser instances, with a different subdomain pointing to them, also as a way to filter out usage as well. collegefriends.mydomain.com could take you to a FileBrowser instance that only has access to photos from a certain friend group. Not sure how useful that would be to you, but it’s another way of controlling the data flow.