Selfhosted

50637 readers

324 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Selfhosting Sunday - What's up to date, selfhosters? (lemmy.nocturnal.garden)

submitted 3 days ago by tofu@lemmy.nocturnal.garden to c/selfhosted@lemmy.world

40 comments fedilink hide all child comments

With the recent Proxmox 9 release, many of us have the upgrade ahead or already done. What about you, and how do you generally approach updating your services? Which other updates are you looking forward to or is it just an annoying chore?

Also the usual - let us know what you are currently working on, what problems you are encountering and what you are excited about.

As for updates, I update my machines semi-regularly with Ansible. The Proxmox 9 update was unspectacular (good thing!), I just had to change some things in my Promox-post-install automation (nag bar removal and package sources). I still plan to get a merge request based update process for my containers as mentioned here but I'm just not there yet. That guide was also posted on reddit recently and got some traction.

I also spent some time yesterday to organize my nginx logs, they basically all got their own folder in /var/log/nginx with their own access log file by adding access_log /var/log/nginx/$server_name/access.log vhost_combined; to each config. Error log file paths can't contain variables so I kept them in the default file so far.

Recently enabled wireguard (easy setting in my FritzBox router) and stopped exposing some of my services to the internet. That process isn't finished yet though as I'll need to switch to wildcard certificates in order to keep valid SSL for the now local-only services.

you are viewing a single comment's thread
view the rest of the comments

[–] thzihdd@feddit.org 7 points 3 days ago (3 children)

I use Traefik as reverse proxy for local only services with let's encrypt certificates. Just needed to a) register the subdomains and b) expose port 80 for the challenges without anything being served on that port.

Wireguard into my network and local DNS via Pihole to ensure proper local IPs. Works like a charm.

[–] Lem453@lemmy.ca 1 points 1 day ago

Keeping 80 open is useful so that traefik can redirect all traffic to 443 (https)

[–] Appoxo@lemmy.dbzer0.com 1 points 1 day ago* (last edited 1 day ago)

You could do the DNS challenge instead.
That way you wouldnt even need to publish port 80.

[–] tofu@lemmy.nocturnal.garden 1 points 3 days ago

I need to check what exactly I need to expose. I had 80 and 443 exposed but limited the access to local IPs in nginx like this:

    allow 192.168.x.0/24;  # Allow FritzBox subnet
    allow 10.0.0.0/24;       # Allow OpnSense subnet
    deny all;                # Deny all other IPs

I still have some services I want to expose so generally I'll keep the ports open.