this post was submitted on 27 Dec 2023
63 points (97.0% liked)

Selfhosted

40329 readers
421 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I have an old laptop lying around and I have been meaning to self host some stuff on it but never got around to it.

My biggest limitation is that I only have WIFI and I do not control the network. It's basically your default residential WIFI network.

The only thing I actually need is self-hosted cloud. What can I utilize this laptop for?

top 50 comments
sorted by: hot top controversial new old
[–] Bluefruit@lemmy.world 15 points 11 months ago (1 children)

I started off with pi hole when i started messing around with an old laptop for self hosting. My advice is setup what you think is useful.

To access the server outside your home, tailscale is a great option. Fairly simple to setup especially if its just you accessing the server.

Reverse proxy would be best if you intend to let others acess your servers services often or if you dont wanna mess with tunnels. I settled on cloudflare tunnels because i didn't want another thing to turn on to acess my server outside my house.

When I didn't have a carrier grade nat to deal with, i used caddy server for automatically getting ssl certs from lets encrypt and reverse proxy all in one. I really liked that once i got it setup.

[–] driveway@lemmy.zip 4 points 11 months ago (6 children)

I can't be connected to Tailscale and some other VPN at the same time, can I?

[–] Sethayy@sh.itjust.works 5 points 11 months ago

Depends on the device, but on devices like android no.

I can't say I've gone through with it myself, but in theory you could have a host somewhere connected to a VPN that you send a your tailscale traffic through as an exit node

[–] habitualTartare@lemmy.world 4 points 11 months ago

On Android and I believe IOS it's a single connection. I would start with the basic functionality (also don't create a tailscale account with GitHub bc it does weird things with sharing if you ever want to have multiple users).

Once you've got the VPN and storage working I can think of two options to give you the functionality of 2 vpns

  1. tasker is an android app that can let you automate a lot. It might let you switch vpns when opening say your storage app and switch back a bit easier than toggling it in settings.
  2. setup your lap-server at home with an outgoing public VPN so traffic goes mobile device> tailscale> public VPN. Essentially acting like you're home using your public VPN. This may take some tinkering to work properly, especially when you're home on the same network. Plus you would definitely see a Network speed impact on your phone.
[–] LunchEnjoyer@lemmy.world 4 points 11 months ago (2 children)

Tailscale and Mullvad VPN recently partnered up to solve this exact issue. So in the admin panel of tailscale you could set up a device as an exitnode and then have that run through one of Mullvads servers. It's all very neat and simple 😊

[–] BearOfaTime@lemm.ee 3 points 11 months ago* (last edited 11 months ago)

~~Exit nodes~~ Subnet Routers KICK ASS.

Makes it so my RPi enables me to manage any device on my home network from anywhere. I can print from my laptop or phone to my home printer. No need for a Tailscale client on hardware devices.

An Exit Node provides a LAN exit path for connected devices - so any of my TS connected devices can route to the internet through my home network, gaining RPi DNS filtering along the way (though I don't do this for performance reasons, it's just an example).

Edited to correct my misuse of exit node, and clarify the difference between it and Subnet routing.

[–] driveway@lemmy.zip 1 points 11 months ago

That sounds awesome.

[–] Bluefruit@lemmy.world 1 points 11 months ago (1 children)

That i can't say. Id imagine no at least on android.

If you dont mind the extra setup, cloudflare tunnels are awesome. https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/

I prefer this over tailscale as i dont want to have an app i need to access my server.

[–] BearOfaTime@lemm.ee 2 points 11 months ago* (last edited 11 months ago) (1 children)

Tailscale only requires one app install, on a device in your network.

That device can be configued as a subnet router (providing local network access to Tailscale connections).

Then using either the Funnel or Serve option, remote devices can access your Tailnet without a client installed.

Just an option, another way of achieving similar results (though with different capabilities) as Cloudflare.

Edit: Funnel enables non-TS clients to access TS resources. Serve enables foreign TS clients to access your TS network.

[–] Bluefruit@lemmy.world 2 points 10 months ago* (last edited 10 months ago)

The more you know! Do you know any guides that go over this? I'd be interested in setting this up.

Edit:

Its apart of thier docs. https://tailscale.com/kb/1019/subnets?q=subnet

load more comments (2 replies)
[–] KeepFlying@lemmy.world 10 points 11 months ago (1 children)

With most consumer wifi networks you can usually enable port forwarding. That would let you access services from anywhere.

Personally I would set up a Wireguard VPN server on the laptop and enable port forwarding only for the Wireguard port. This will let you access your laptop from anywhere, and it will protect you by limiting your attack surface (basically you only need to have a device Wireguard connection and you don't need to worry as much about securing every other service you want to run).

Then I'd set up dynamic DNS with any DNS provider so you don't need to keep track of a changing IP.

Then you can install whatever services you want on the laptop and you'll be able to access them from anywhere by connecting to the Wireguard VPN. It does mean you can't easily let a friend access a service on your laptop, but the tradeoff is you don't have to worry as much about security while you're learning.

[–] logir@feddit.it 11 points 11 months ago (1 children)

I think OP cannot tinker with its router. At least, that is my case.

[–] KeepFlying@lemmy.world 4 points 11 months ago (3 children)

That's a shame. I didn't realize it was that locked down. Ive had a lot of terrible routers but all the ones I remember allowed me at least a port forward.

I think OP can accomplish some of the same result if he can get a cheap VPS to connect through (have the laptop Wireguard to the VPS, then have a proxy on the VPS forward to the laptop over the VPN, but that's probably not worth the hassle for a starter project unfortunately.

[–] lhamil64@programming.dev 2 points 11 months ago

I haven't used it personally, I think Tailscale would help here. It sounds like it doesn't require port forwarding, and uses Wireguard under the covers.

[–] qjkxbmwvz@lemmy.sdf.org 1 points 11 months ago (1 children)

I did that


free VPS w/public IP, WG to my router. Works great!

[–] logir@feddit.it 1 points 10 months ago (1 children)

Which Vps provider are you using?

[–] qjkxbmwvz@lemmy.sdf.org 1 points 10 months ago

Oracle. Philosophical issues aside I've been happy, and can't beat the price. Bandwidth is pretty limited, but that's not a huge problem for me right now.

[–] logir@feddit.it 1 points 11 months ago

In my case, I don't technically own the router but it's provided by my service provider. They don't give you the password for the admin access

[–] poVoq@slrpnk.net 8 points 11 months ago (2 children)

You can, but if you don't control the main router and can't do any port forwarding, it will be hard to make it accessible from outside your LAN.

[–] habitualTartare@lemmy.world 11 points 11 months ago* (last edited 11 months ago) (1 children)

Tailscale + truenas is a ~~simple~~ solution that should allow OP access outside the network without any network config. E

[–] driveway@lemmy.zip 3 points 11 months ago

I'll give that a look.

[–] ShunkW@lemmy.world 2 points 11 months ago

Yeah the best hope is that upnp is turned on. I think that's the protocol that allows automatic port forwarding to happen

[–] hungover_pilot@lemmy.world 6 points 11 months ago (1 children)

I have a laptop motherboard setup with proxmox running:

  • plex
  • radarr,sonarr,prowlarr
  • opnsense
  • foundry VTT
  • pi-hole
  • unifi controller
  • qbittorrent
  • kavita

This is running on an i5-1135 with 40gigs of memory. If your frugal about how you have stuff setup you can pack alot of services into old laptops.

[–] rtxn@lemmy.world 1 points 11 months ago* (last edited 11 months ago) (1 children)

If I may ask, how exactly do you use OPNsense? Is it a gateway between the WAN and LAN interfaces, or do you just use it for the LAN-facing services?

[–] hungover_pilot@lemmy.world 1 points 11 months ago (1 children)

Yes its my main router. Everything comes into the laptop across one interface setup as a trunk that includes vlans for WAN, LAN, etc. From there proxmox has a vlan aware linux bridge setup that connects to all the VMs/containers that I run. The VM virtual interfaces get tagged with whatever network I want the host to be part of.

[–] rtxn@lemmy.world 1 points 11 months ago (1 children)

What about wireless devices, are they on the LAN side too?

[–] hungover_pilot@lemmy.world 1 points 11 months ago (1 children)

Yes. A unifi ap connects all my wireless devices to my LAN

[–] rtxn@lemmy.world 1 points 10 months ago

That was informative, thanks.

[–] SpicySquid@lemmy.ml 6 points 11 months ago* (last edited 11 months ago) (1 children)

I think self-hosted cloud is a vague statement, but I think with your network infrastructure you will be limited in what you can do. I think cloudflare tunnel could be a good option for getting the device available online.

Then the self-hosted part. There are so many things you can look into. You can run everything in Docker, install the software you want directly on your laptop, and much more.

You'll likely also need a reverse proxy. Can use nginx proxy manager, traefik, or something similar for that.

What are your goals with the self-hosted cloud? That would help you in making it easy to find resources and others here to give you advice.

Edit: typo's

[–] driveway@lemmy.zip 3 points 11 months ago (3 children)

What are your goals with the self-hosted cloud?

I have about several dozen GB of files that I currently sync with Syncthing between my devices. The only downsides I can see is that it takes the same amount of space on all my devices and it's hard to add a new device to the group. I'd like to store the files on the laptop instead and be able to browse, access them from my other devices (mainly Linux and Android), ideally through the internet.

[–] netburnr@lemmy.world 5 points 11 months ago

Exposing your internal devices to the internet is not suggested unless you know how to secure it behind a reverse proxy.

[–] SpicySquid@lemmy.ml 1 points 11 months ago (1 children)

Dozens of GB sounds like there's a lot of media files to me. I'd not share that via Syncthing. Assuming that is correct: Wouldn't a media server like Jellyfin be a better fit? Or if it's photos, I recommend Immich. Note that Immich is under active development and should not be your only place to store photos.

[–] driveway@lemmy.zip 1 points 11 months ago (1 children)

Yes, that's why I'm looking into alternatives. Could I use jellyfin with the limitations that I have?

[–] SpicySquid@lemmy.ml 1 points 11 months ago

I think that should be possible. You'll likely need to get Jellyfin running with that cloudflare tunnel. There are probably alternatives to cloudflare tunnel as well, but I'm not very familiar with it. I believe there are some limitations with the tunnel, so you will have to check that out. Otherwise there should be no issue.

[–] BearOfaTime@lemm.ee 1 points 11 months ago

Switch to Resilio Sync, it has a sync-on-demand feature called Selective Sync, where you can browse the share and select files to sync now.

It's a feature of Resilio I really like, but I rely on Syncthing for daily use because Resilio kills phone memory (it stores the index in ram), and it's much more resource intensive on my file server.

[–] possiblylinux127@lemmy.zip 4 points 11 months ago* (last edited 11 months ago) (1 children)

When you say WiFi to you mean that you only have WiFi access or does the labtop not have a Ethernet port? If you have a wired connection I would get either a thunderbolt or usb3 adapter to hardwire it as a hardwired connection will be more stable even on USB speeds.

The OS will depend on what you want to host. If its a older system with less than 8 GB of ram I would just install Debian with docker. You can find premade docker compose files online which should make deploying software easy.

If you have plenty of hardware you could install Proxmox and then a few VMs.

Edit2:

Actually I take back what I said, don't use Kubesail. I went back and tried it and it has a lot of issues. If you want remote access consider a VPN or remote vm

[–] logir@feddit.it 1 points 11 months ago (2 children)

What are the advantages of kubesail? I couldn't understand it form their website

[–] possiblylinux127@lemmy.zip 1 points 11 months ago (1 children)

Never mind, I actually am taking back what I said.

[–] logir@feddit.it 1 points 10 months ago* (last edited 10 months ago) (1 children)

I ended up trying it. In theory it's all nice and useful, because it solves the part that I am not comfortable with (router settings, domains and other connection stuff). But then I don't know Kubernetes so I couldn't understand what I was doing and I was not able to troubleshoot it. And I could not connect to my server remotely anyway.

[–] possiblylinux127@lemmy.zip 1 points 10 months ago

And that's the reason I am taking back what I said. At the end of the day wireguard is your friend.

[–] Decronym@lemmy.decronym.xyz 3 points 11 months ago* (last edited 10 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
IP Internet Protocol
SSH Secure Shell for remote terminal access
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)
nginx Popular HTTP server

6 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.

[Thread #379 for this sub, first seen 27th Dec 2023, 13:55] [FAQ] [Full list] [Contact] [Source code]

[–] JustEnoughDucks@feddit.nl 2 points 11 months ago (2 children)

I starter my home server with a laptop. I did nextcloud, paperless, jellyfin + *arr services, photoprism, and a few others.

Not having control over your network is the biggest hurdle because you kind of need a fixed IP to access it.

However, there are some services to broadcast your hostname to the local network (e.g. so you can log in with serveruser@myserver over SSH).

You may be able to use that to access your containers from the network, but just keep in mind that other users on the local network can also access your server.

[–] driveway@lemmy.zip 1 points 11 months ago

Local only does not provide much value over what I have, unfortunately. I would probably just use KDEconnect for that.

[–] BearOfaTime@lemm.ee 1 points 11 months ago

Fixed IP doesn't matter today with virtual/mesh network approaches like Wireguard/Tailscale.

They open an outbound connection, so the router treats it like any other connection. Once the tunnel is established, inbound comms can take place.

Using Tailscale's Subnet Router enables access to local devices that can't run a TS client, while the ~~Serve and~~ Funnel options enable external access from devices that don't have the TS client installed. Edit: Serve is for sharing to TS clients that aren't part of your TS network.

It's really interesting to see these solutions today, when Hamachi was doing it 20 years ago. Glad to see it's caught on, and being developed/extended.

[–] nik282000@lemmy.ca 1 points 11 months ago (2 children)

Without being able to set a static ip and forward ports you cant host services and point to them with a domain, like driveway-home.com or something.

But I think cloudflare has a service that lets you connect remotely without needing static ip's (some one else will know the name). If you were to use that then you can use your laptop to host pretty much anything on the Awesome Selfhosted List.

[–] deelayman@lemmy.ca 1 points 11 months ago

CloudFlared is the application you run on your server, and CloudFlare tunnels are what it connects with. You get the same outcome as a ddns but it functions differently under the hood. You also need a domain name for this I think.

DuckDNS might be a good option to start out with.

[–] possiblylinux127@lemmy.zip 1 points 11 months ago

I would advise against port forwarding without at least a proper firewall with isolation. It is very very dangerous to expose things to the internet and it will backfire at some point, sometimes without your knowledge.

Back when I first started I used a service called kubesail https://kubesail.com/

Now that I have way more hardware I just use a VPS on Linode to route traffic.

[–] shalva97@lemmy.world 1 points 11 months ago
load more comments
view more: next ›