Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Why are the immich teams internal deployments available to anyone on the open web? If you go to one of their links, like they provide in the article, they have an invalid SSL certificate, which google rightly flags as being a security risk, warns you about it, and stops you from going there without manual intervention. This is standard behaviour and no-one should want google to stop doing this.
I was going to install linux on an old NUC to run immich some time soon, but think I might have to have a look to see if it has been audited by some legit security companies first. How do they not see this issue of their own doing?
It is for pull requests. A user makes a change to the documentation, they want to be able to see the changes on a web page.
If you don't have them on the open web, developers and pull request authors can't see the previews.
The issue they had was being marked as phishing, not the SSL certificate warning page.
So? What that has to do with SSL certificates? Do you think GitHub loses SSL when viewing PRs?
You can have them in the open, but without SSL you can't be sure what you're accessing, i.e. it's trivial to make a malicious site to take it's place an MitM whoever tries to access the real one.
Yes, a website without SSL is very likely a phishing attack, it means someone might be impersonating the real website and so it shouldn't be trusted. Even if by a fluke of chance you hit the right site, all of your communication with it is unencrypted, so anyone in the path can see it clearly.
No, Google has hit me with this multiple times for sub domains where the subdomain is the name of the product and has a login page.
So, for example, if I have emby running at emby.domain.com they'll mark it as a phishing site. You have to add your domain to their web console and dispute the finding which is probably automated. I've had to do this at least three times now.
All my certs were valid.
Yes, Google has miss reported my websites in the past, all of which were valid, but the person I'm replying to seemed to assume no-SSL is a requirement of the feature, and he doesn't understand that a wrong/missing SSL is indistinguishable from a Phishing attack, and that the SSL error page is the one that warns you about phishing (with reason).
Have you seen what browsers say when you have a look at the SSL certificate warning page?
Why is a user made PR publishing a branch to Immich's domain for the user to see?
I thought that was how pull requests worked, its a branch if you'veade a departure to edit code, you have the pull request and ask them to merge into the main branch. It should be visible to everyone so everyone can review the change.
The branch for the PR shouldn't be hosted on the production site's domain, and that deployment that the company will be testing and reviewing shouldn't be accessible to the public. They even have internal in the URL, while being accessible by external people lol
You could just host it inside your network and do an always on VPN. That's what I do.
Now imagine you're running a successful open source project developed in the open, where it's expected that people outside your core team review and comment on changes.
How would that work? The use case is for previews for pull requests. Somebody submits a change to the website. This creates a preview domain that reviewers and authors can see their proposed changes in a clean environment.
CloudFlare pages gives this behavior out of the box.
Ah, I missed that part