q7mJI7tk1

@q7mJI7tk1@lemmy.world

• ⁨Comment⁩ on ⁨Using VPS for remote access of my server - some questions⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  I haven’t tried TBH. Because the VPS is restricted to my home IP for SSH using Hetzner’s firewall, I wireguard to home, then SSH to the VPS direct. I’ve been updating Pangolin since last summer, but haven’t really played with the newer features. I should have a proper look really.

• ⁨Comment⁩ on ⁨Using VPS for remote access of my server - some questions⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  I do this currently. I have a Hetzner VPS with Pangolin, giving access to family services like Immich etc, and my own nerdy services I keep locked to my home IP, and if I’m away from home, I tunnel in with Wireguard and hence then the home IP kicks in and they work.

  You can issue traefik IP rules with Pangolin as well to limit what IPs can access services.

  I have Pangolin and all family services behind Pocket ID with passkey only auth.

  The VPS I protect with Hetzner’s firewall, so only SSH is allowed from my home IP.

  The whole setup is as secure as I can make it. My family would just roll their eyes at any VPN I asked them to use, so it has to be publicly accessible for some things annoyingly.

  I also have private services coming direct to my home firewall away from the VPS (for speed efficiency), and for truly public services (websites), I have those tunneled through a Cloudflare tunnel that can handle Google Auth for WordPress login pages etc.

  It made me uncomfortable to start with using the VPS, but in time, confidence grows.

• ⁨Comment⁩ on ⁨Self hosting Sunday! What's up and how long?⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:

  Moved all my Unraid ‘apps’ to Dockhand, and linked my Pangolin VPS with the Hawser agent. I had Dockge for a while on newer container deployments, but wanted something a bit more playful, Dockhand is it.

  I degoogled my GMail last year to Infomaniak, which was OK, but moved to Fastmail last week, which I now love! Setting the custom domain pulled in the sites favicon for the Fastmail account header, which made me smile too much for such a simple thing. Think I’ll be on Fastmail for the future. (Background syncing with the new Bichon email archiver).

• ⁨Comment⁩ on ⁨Self-hosting in 2025 isn't about privacy anymore - it's about building resistance infrastructure⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  I was just thinking this week, that those who self host (and more importantly, those who program the code we self host), are at the front line of the modern digital resistance: in the sense that the world is burning due to the greed of the tech bros that run our daily lives. Convienience for the masses is what gives them power over us, and any one who rejects their systems is helping to fight back.

  Voting with your wallet helps, so not giving them your money is the first step. Then managing and keeping your own data private is the next one.

• ⁨Comment⁩ on ⁨open source journey - 2025 was a big year!⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:

  2024 was the year I got more serious with self hosting and migrating away from the cloud offered by Google etc. But 2025 was the year I pushed to run all my own services and get the family on board as well; trying to educate my kids with running our own services (the wife is so not interested!).

  There were some really cool projects released last year and some oddly well-timed ones as I was looking for various services, and Jotty was one of those!

  Thanks so much for you work and rest assured amongst the negativity you may receive in certain corners of the web, there are people truly appreciative of yours and other like you hard work.

• ⁨Comment⁩ on ⁨Self hosting Sunday! What's up, selfhosters?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

  Sometimes all it takes is a random comment from a fellow self-hoster to put me on another journey… Thanks for the tip on passkeys and Pocket ID! Love the Pocket ID guides on all popular services. This looks to make it much easier for family logins to all my services. I’m starting the migration now already from Pangolin and inward.

  I love the seemingly never-ending journey of self hosting!

• ⁨Comment⁩ on ⁨I finally understand Cloudflare Zero Trust tunnels⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

  Pangolin is a reverse proxy, so it can forward a URL to any backend service on any port. But you’re right in that you have to be signed in on the browser you access it on. Therefore an app won’t directly work without prior login. You can create a ‘shareable link’ in Pangolin, which I use for the Immich app. This gives me header tokens that the Immich app can take in its advanced settings, and that’s how that one works.

  I’ve recently moved away from dedicated apps for mobile services and toward web-based access for most things (I use Music Assistant in browser). This isn’t perfect for everything and everyone, but I realise now with your question that it’s worked well for me transitioning to Pangolin (and at least Immich app works).

• ⁨Comment⁩ on ⁨I finally understand Cloudflare Zero Trust tunnels⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

  Not my expertise I’m afraid. Geoip blocking is straightforward with traefik (and Pangolin docs), Crowdsec is a little more complicated, and with the external firewall into the VPS, there isn’t much more I can think to do.

  It’s likely more a factor of how secure Pangolin itself is at that stage.

• ⁨Comment⁩ on ⁨I finally understand Cloudflare Zero Trust tunnels⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

  If today’s outage is anything to go by, you’re better off not using Cloudflare!!

  I have continued to use it for public websites so that, in my thinking, at least the Cloudflare network is scrutinising who is accessing my webpages in case of attacks etc.

  Pangolin is a simpler cloud reverse proxy, whereas Cloudflare has more bells 'n whistles for quick-set security. You just need to harden your VPS that Pangolin runs on. You can activate Crowdsec etc on it as well.

  I run mine on a Hetzner VPS which has a nice firewall feature in the control panel securing the VPS ports for SSH and Pangolin tunnel to my home IP. This adds a comfort for me to know now that it’s then only the ports 80 & 443 exposed. And I think from memory Pangolin doesn’t play nicely with UFW (well, Traefik doesn’t).

• ⁨Comment⁩ on ⁨I finally understand Cloudflare Zero Trust tunnels⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

  I only started using Cloudflare tunnels recently, but I’m now using the self hosted alternative Pangolin on a VPS for private services, and I keep the Cloudflare tunnel for public web hosting, i.e WordPress. This also allows easy restriction to the WordPress login page for other users via Google auth etc which is something very simple with CF.

  Having split up my private/public services to seperate tunnels also means I don’t stand the chance of taking the public services offline with my constant tinkering of Pangolin and the VPS it runs on.

  I have pushed the CF tunnel for file transfers occasionally (which is against their terms), but it hits remarkable speeds for a ‘free’ service.

• ⁨Comment⁩ on ⁨What is a good self-hosted solution for sharing files with friends?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  I had Nextcloud running for several years (VM is the best way IMO, I would avoid the Docker AIO). However I found Filebrowser and it rocks as a file share service. Filebrowser Quantum is a fork with more feature as the original no longer has a maintainer. The most I’ve had someone upload to it was 300GB.

• ⁨Comment⁩ on ⁨What is a good self-hosted solution for sharing files with friends?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  I use Filebrowser Quantum if you are happy opening up a port for it. It supports 2fa. Also requires Docker which isn’t too difficult.

• ⁨Comment⁩ on ⁨YSK tricks for one of the cheapest meals: beans and rice⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  We also do the sauté onions (which is just onions cooked slooooowly). They caramelise and become sweet, add some generic chicken seasoning to them (I use a salt/paprika mix from the general store), tinned baked beans in tomato sauce, rice, and that’s all. Spice it up with some jar jalapeños and its a damn fine meal for nearly no prep or cost.

• ⁨Comment⁩ on ⁨Replacing a small business windows server⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  I ran Blue Iris, but despite my love for it, my disdain at having to run it on Windows made me move away. You can run it still in a VM, but it’s not ideal, and also not meeting your requirement of moving off Windows.

  I would recommend Home Assistant with Music Assistant for music playback of local library files, and that gives you a web page controller. I see Home Assistant also integrates iSpy DVR. No experience of iSpy, but the Music Assistant integration is superb. I use it to stream all music at home for the family to Chromecasts etc and this way everyone just accesses the same web portal.

  Home Assistant can be Docker or it’s own OS.

• ⁨Comment⁩ on ⁨Best "bang for your buck" NUC/Pi setup for Jellyfin/HomeAssistant/PiHole?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  Perhaps not the size you’re after, but I have a HP Z1 G5, i9-9900, 5 SSD, 3 HDD, and that can idle as low as 45W and costs me £60/yr in electric. I managed to pick it up off eBay for only £260 (discounted from £350; if you keep an eye on certain things, sellers drop prices to rid of their gear).

• ⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  I love it. I started with pFsense, then really liked Untangle for its ease of use, then went (back) to OPNsense and preferred that for the fact it could run Caddy internally as a reverse proxy and was fast, but I was a bit frustrated at wanting to do more with it and needing to research everything. I already had Unifi APs and decided that it just made sense to have a Ubiquiti router. I’ve found it stable, easy to use with good feature updates, and have also just paid for the annual Cybersecure add-on which is reporting loads.

• ⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  I was being too simplistic in my other reply. I was referring to basic router based DNS and NextDNS as the upstream resolver.

  I don’t have an answer for hard coded DNS when it comes to NextDNS, which is essentially an upstream resolver with block lists functionality.

  And to be honest, I misinterpreted OPs original question which was to take PiHole to the next level, whereas NextDNS is an alternative to.

  I can run app based routing and blocking on my router, but whether that would restrict DNS for those services I don’t know.

  Thanks for the clarification, you’ve got me wanting to pursue more DNS control now!

• ⁨Comment⁩ on ⁨Backup recommendations⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  I think they’re forked form the same source, Bittorrent Sync, so function the same under the hood. I wasn’t suggesting Resilio did something Syncthing didn’t. I’ve just found Resilio easier to use for client devices. And that OP was concerned about losing files from syncing.

  The only odd behaviour I’ve had with Resilio, is when hosted on Unraid, random files on the SMB share sometimes have database names on large folders with lots of files (RSH-78254 for example), but when synced to remote devices, the filenaming is then accurate. I’ve been meaning to spin up Syncthing to see if it does the same, but as Resilio has yet to lose me any files, I’m sticking with it.

  Could be a Docker issue as well I guess.

• ⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  If you’re referring to network based DNS, I use their script to have it on my Ubiquiti router as well. I have that with its own profile with full blocking for iot etc.

  I had PiHole with unbound on my OPNsense way back when, but the internet just needs to work for both me and my family and not go offline with me tinkering with the homelab. NextDNS takes all of that hassle out of the equation.

• ⁨Comment⁩ on ⁨Backup recommendations⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  I use Resilio to duplicate locally to my Unraid, which I know is hated as it’s not the FOSS Syncthing, but in 5 years of use, it’s never gone wrong, and the client software is dead easy to use. That has a hidden .sync folder which archives deleted files for 30 days. You can change the timeframe or remove this feature in settings. I go into the sync folder and remove the deleted files manually if it becomes too bloated.

  From my Unraid, I then backup to Hetzner using Duplicacy, which with the GUI is also very easy to use. From what I’ve read about the other backup solutions being a bit flaky, Duplicacy seems to have nothing but love.

• ⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  I’ve had pihole running in the past, then Adguard, but moved to NextDNS several years ago and have been happy with it. For a small fee, it removes all need for self hosting your own. I set up profiles for the kids etc, then set the DNS in their phones, tablets, so I know its always working. You can set local IPs in it if you want, but I use a reverse proxy for all LAN requests instead.

  Only slight issue I’ve had with it was recently making several quick changes to DNS in Cloudflare, and NextDNS took several hours to propagate which was a PITA at the time.

• ⁨Comment⁩ on ⁨I am attempting to get into self hosting after a shockingly frightening experience. I am very lost though.⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  Backup. I use Backblaze personal which is $179 for two years of ‘unlimited’ storage. All my important self hosted data is duped to some old 2.5" external drives connected to my work machine that then is backing up to Backblaze. I also have 1yr retention, so any deleted file is accessible for up to 1yr.

  After backups are sorted, stick with the OS you know best. If Windows (I hope not), then HyperV for VMs is good. Try the official Nextcloud VM from Hanson IT. Nextcloud is a good catch-all, but it’s beaten by other specific tools. I now host all I need from specific Docker containers: photos, calendar, email backup etc etc

  But I would say Docker. Docker desktop if Macos or Windows if your thing. Get to know docker and the world of self hosting is your oyster.

  As what others say, keep it all to your home network and tread carefully when trying to remote access it all.

• ⁨Comment⁩ on ⁨v2.0.0: Stable Release of Immich (complete with Merch and DVD)⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:

  The absolute irony… I’ve used Immich for nearly 2 years without fail; it’s never skipped a beat. Today I update to the stable release and my Immich mobile app now has a sync error warning. This is the first issue I’ve ever had.

• ⁨Comment⁩ on ⁨Mail Backup/Alternative server for access?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:

  I too looked for a way to move my imap emails out of the cloud, and after looking for years, 2 came along in a matter of months. Mail Archiver and Open Archiver. I’ve been using Open Archiver for about 2 months and like it. I just VPN to home (well, Pangolin), and have it as a proxied web page to search old emails.

• ⁨Comment⁩ on ⁨Security camera recommendations?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:

  I suppose there’s always a catch with them opening up for 3rd party support.

  I was keen to move to Unifi primarily for a doorbell. I had a Hikvision which was very temperamental, and I didn’t want a cloud based one like Ring or Nest, so believe it or not, most of my decision was made around a stupid doorbell.

• ⁨Comment⁩ on ⁨Security camera recommendations?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:

  Not FOSS, and with an entry price tag, but I ditched my OPNSense firewall for a Ubiquiti UDM Pro SE router about 2 years ago and invested in 3 of their cameras plus a doorbell and love it. I previously had Blue Iris for CCTV.

  The Unifi Protect app is great. Easy to navigate, great detection, and easy to store clips. There’s no subscription fees, and I get a great firewall/router alongside a CCTV package.

• ⁨Comment⁩ on ⁨Started hosting my own Nextcloud and its awesome!⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

  I’ve run Nextcloud several ways, the smoothest and easiest being the official image by Hanssen IT. Run that in a VM and use their setup/update scripts to do all the hard work. I highly recommend.

• ⁨Comment⁩ on ⁨Do I need the ISPs home router?⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

  I’m on Vodafone here in the UK (CityFibre), and they let me use my own firewall to the ONT, and give me a static IP for no extra cost. It’s a PPPoE connection with a VLAN id. With work recently I’m using about 5-6TB monthly data. I should count my blessings for their service given all I’ve read here!

  I had issues with connectivity around 2020 and they wouldn’t engage with any help troubleshooting it unless I used their provided router, which was a pita, but a few days of speed tests and they escalated it and fixed it.

• ⁨Comment⁩ on ⁨GitHub - voidauth/voidauth: An Easy to Use and Self-Host Single Sign-On Provider 🐈‍⬛🔒⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:

  Just to say I’ve tried this today and love it. Was running Authelia but wasn’t happy with the way it was configured. I spun up VoidAuth in about 5mins and am impressed. Running as basic auth for a Caddy reverse proxy, this feels very slick. Well done!

  Easy to follow documentation as well. Less is more sometimes.

  I like the way you have it checking SMTP credentials in the background with a simple ‘this is not configured properly’ on the UI.

• ⁨Comment⁩ on ⁨Is there a last resort, whistleblowing like app that requires a password on a timer?⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:

  just schedule an email to send at a later date/time, then if you don’t login to cancel it, off it goes.