Selfhosted

I have a lemmy instance running but I'm having trouble with my reverse proxy config. I'm using Caddy. Previously I had used nginx but didn't end up keeping the instance alive. Now I want to get it back up but I've since switched to Caddy because it's just easier. I have several self hosted services already working great with caddy and don't want to disrupt that.

I've found a few configs online but none seem to work. I'm running this on a standard ubuntu server 22.04 box.

Any ideas or suggestions?

This is coming from a general perspective of wanting more privacy and seeing news of Mozilla creating an email service "which will definitely not train AI on your email". Sure Mozilla, whatever you say.

Rant aside, here's my question: is it possible to store all of your email on your own infrastructure (VPS or even NAS at home) and simply using an encrypted relay to send emails out to the public internet? My idea is that this removes the problems of keeping your IP whitelisted from the consumer, but the email provider doesn't actually hold your emails. This means your emails remain completely in your control, but you don't have to worry about not being able to send emails to other people as long as your storage backend is alive.

I don't know much about email to comment on what this would take. I think something similar is already possible with an SMTP relay from most email providers, but the problem is that my email also resides on their servers. I don't like that. I want my email to live on my servers alone.

Do you think this is possible? Does any company already do this?

Thanks

Hi Lemmy! First post, apologies if it's not coherent :)

I have a physical home server for hosting some essential personal cloud services like smart home, phone backups, file sharing, kanban, and so. I'm looking to re-install the platform as there are some shortcomings in the first build. I loosely followed the FUTO wiki so you may recognise some of the patterns from there.

For running this thing I have a mini-pc with 3 disks, 240GB and 2x 960GB SSDs. This is at capacity, though the chassis and motherboard would in theory fit a fourth disk with some creativity, which I’m interested to make happen at some point. I also have a Raspberry Pi in the house and a separate OPNsense box for firewall/dns blocking/VPN etc that works fine as-is.

In the current setup, I have Ubuntu Server on the 240GB disk with ext4, which hosts the services in a few VMs with QEMU and does daily snapshots of the qcow2 images onto the 960GB SSDs which are set up as a mirrored zfs pool with frequent automatic snapshots. I copy the zpool contents periodically to an external disk for offsite backup. There’s also a simple samba share set up on the pool which I thought to use for syncthing and file sharing somehow. This is basically where I’m stopping to think now if what I’m doing makes sense.

Problems I have with this:

• When the 240GB disk eventually breaks (and I got it second hand so it might be whatever), I might lose up to one day of data within the services such as vikunja, since their data is located on the VMs, which are qcow2 files on the server’s boot drive and only backed up daily during the night because it requires VM shutdown. This is not okay, I want RPO of max 1 hour for the data.
• The data is currently not encrypted at rest. The threat model here is data privacy in case of theft.

Some additional design pointers:

• Should be able to reboot remotely in good weather.
• I want to avoid any unreliable or “stupid” configurations and not have insane wear on my SSDs.
• But I do want the shiny snapshotting and data integrity features of modern filesystems for especially my phone’s photo feed.
• I wish to avoid btrfs as I have already committed to zfs elsewhere in the ecosystem.
• I may want to extend the storage capacity later with mirrored HDD bulk storage.
• I don’t want to use QEMU snapshots for reaching the RPO as it seems to require guest shutdown/hibernation to be reliable and just generally isn’t made for that. I’m really trying to make use of zfs snapshots like I already do on my desktop.

My current thoughts revolve around the following - comments most welcome.

• Ditch the 240GB SSD from the system to make space for a pair of HDDs later. So, the 960GB pair would have both boot and data, somehow. (I'm open to having a separate NAS later if this is just not a good idea)
• ZFS mirror w/ zfs-auto-snapshot + ZVOLs + ext4 guests? Does this hurt the SSDs?
• Or: ext4 mdadm raid1 + qcow2 guests running zfs w/ zfs-auto-snapshot? Does this make any sense at all?
• ZFS mirror + qcow2 + ext4 guests? This destroys the SSDs, no?
• In any case, native encryption or LUKS?
• Possibly no FDE, but dataset level encryption instead if that makes it easier?
• I plan to set up unattended reboots with the Pi as key server running something like Mandos. Passphrase would be required to boot the server only if the Pi goes down as well. So, any solution must support using a key server to boot.
• What FS should the external backup drives have? I'm currently leaning into ZFS single disk pools. Ideally they should be readable with a mac or windows machine.
• Does Proxmox make things any easier compared to Ubuntu? How?
• I do need at least one VM for home assistant in any case. The rest could pretty much all run in containers though. Should I look into this more or keep the VM layer?

I'm not afraid to do some initially complex setting up. I'm a full stack web developer, not a professional sysadmin though, so advice is welcome. I don’t want to buy tons of new shit, but I’m not severely budget limited either. I’m the only admin for this system but not the only user (family setting).

What’s the 2025 way of doing this? I’m most of all looking any inspiration as to the “why”, I can figure out ways to get it done if I see the benefits.

tldr: how to best have reliable super-frequent snapshots of a home server’s data with encryption, preferably making use of zfs.

From Discord:

Hello @everyone,

Unfortunately today is the day I have to announce that LunaSea is no longer being published and all related cloud services (including notifications) will be shut down in the near future.

For more information on when things will be shut down, please read the details here: https://www.lunasea.app/

---

I understand that this comes as a surprise and originally was not the intention for the project. However, with recently enforced changes by the Play Store (and possible other storefronts in the future) to require showcasing your legal personal residential address, I am no longer comfortable publishing mobile applications for privacy reasons.

Luckily for some time I have been able to get around this by utilizing an older ID to showcase an address I no longer reside at. Unfortunately, this no longer works and I am required to re-verify which I am not willing to do.

---

With this shut down also marks the closure of the Discord and Subreddit. For the time being this Subreddit and Discord will remain open, however all channels have been removed and no new posts allowed in the subreddit.

Once again, thank you to everyone for everything over the years, I couldn't have asked for a better community. ❤️

I have several services on my home server, most of which I access using Tailscale, and it works great. I had a couple services on Cloudflare tunnels in order to access them from devices that I can't put Tailscale on.

Plex is going to start charging for remote access. So I figured now would be the time to migrate to Jellyfin. But using Jellyfin on Cloudflare tunnels is against their TOS. I have a Roku TV at a remote location that I use to watch Plex. I won't be able to do that anymore. And I can't put Tailscale on it to serve Jellyfin that way.

I was going to set up Nginx Proxy Manager to use my domain name for Jellyfin so I didn't have to use Cloudflare tunnels. But in setting that up I found out that my ISP is double NATting me, and I haven't been able to find a way around it.

So I'm left with two options: 1) buy Plex Pass so I can continue to stream remotely; or 2) get a VPS, run Tailscale and NPM on it and switch to Jellyfin.

I'm looking for a sanity check to make sure the VPS thing would work the way I think it would. If it's running Tailscale then the double NAT would be a non-issue, correct? Is there another option that I haven't thought of yet? Which of the two options would you choose?

Obviously if public the material would be important. But private, only over ssh or vpn? Free internet, power, and backup!

Hi!

2 of my drives failed recently (as well as an external drive), plus my faithful HP Proliant Gen 8 is ripe for retirement (I'm small potatoes compared to you guys).

So I bought a mini-PC (with a N100). I'm considering going all SSDs.

What are the cheapest ones? They can be slow.

Is there a "storage SSD" category?

I've looked at OEMs but they're not that interesting, or I didn't know where to look.
Aliexpress is full of fakes. As is the second hand market. Or it's legit but as expensive as new.

Thanks for reading!

Inspired by this comment to try to learn what I'm missing.

• Cloudflare proxy
• Reverse Proxy
• Fail2ban
• Docker containers on their own networks

Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?

Not sure if this is the right place, if not please let me know.

GPU prices in the US have been a horrific bloodbath with the scalpers recently. So for this discussion, let's keep it to MSRP and the lucky people who actually managed to afford those insane MSRPs + managed to actually find the GPU they wanted.

Which GPU are you using to run what LLMs? How is the performance of the LLMs you have selected? On an average, what size of LLMs are you able to run smoothly on your GPU (7B, 14B, 20-24B etc).

What GPU do you recommend for decent amount of VRAM vs price (MSRP)? If you're using the TOTL RX 7900XTX/4090/5090 with 24+ GB of RAM, comment below with some performance estimations too.

My use-case: code assistants for Terraform + general shell and YAML, plain chat, some image generation. And to be able to still pay rent after spending all my savings on a GPU with a pathetic amount of VRAM (LOOKING AT BOTH OF YOU, BUT ESPECIALLY YOU NVIDIA YOU JERK). I would prefer to have GPUs for under $600 if possible, but I want to also run models like Mistral small so I suppose I don't have a choice but spend a huge sum of money.

Thanks

You can probably tell that I'm not very happy with the current PC consumer market but I decided to post in case we find any gems in the wild.

Hello everyone.

I bought domain name (example.com) from https://njal.la/ and I want to direct it to my server but I need help with it.

Let's say that I have public and static home IPv4 address 10.172.172.172 (example) and on that address is a computer running on 192.168.200.101 (example) and there is jellyfin server (port 1020/tcp), immich server(port 1021/tcp) and bitwarden server (port 1022/tcp).

My question is can I create a subdomain and point it to these servers?

Like; jellyfin.example.com -> 192.168.200.101:1020

immich.example.com -> 192.168.200.101:1021

bitwarden.example.com -> 192.168.200.101:1022

Or do I have to buy two more separate domains for these servers? Like example2.com and example3.com?

Sorry for english and also if this is a stupid question but I need to know. I have never so far used domains and never dabbled in dns setting and I don't know where to search for info.

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform designed to operate entirely offline. It supports various LLM runners like Ollama and OpenAI-compatible APIs, with built-in inference engine for RAG, making it a powerful AI deployment solution.

There are so many new changes, and I don't know which ones are more important. See the link for full changelog

What is it?

It’s a Media Discovery and Download Hub which acts as add-on or extension for the Arr stack and more, designed to manage and obtain media both manually and automatically. Think of it as a media manager, recommendation and helper app.

What's the Problem?

I've made a start, but for long-term stability and maintainability, the project needs more contributors. It's highly modular, with separate services, making it easy for new developers to jump in and focus on specific areas.

Where to Start?

I’ve set up the repo on GitHub at https://github.com/MediaWolfOrg/MediaWolf and I’m happy to add people to the the project. This way, the project won’t be dependent on any one individual. With enough developers, it will help keep the project alive and ensure long-term stability.

Note: This could be a great first project if you're just starting out, as the modular architecture makes it easy to contribute without needing to tackle everything at once. Apologies if you've already seen this or if its against the rules..

I've wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.

Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.

I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can't communicate with each other.

I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don't anticipate a crush of people.

I know the basics of how to set up a NodeBB instance, and I've successfully backed up and restored an instance on another machine.

I'm not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that's it.

Anything else I should know? Thanks!

EDIT:

I also have a domain, a couple of them, actually. They're like potato chips; you can't stop at just one.

I don't plan on self-hosting email used for forum registration and announcements. I'm not a masochist.

I am looking for some recommendations on how to secure the data of my physical servers (against physical theft), that I am about to set up. I am new to selfhosting but have a few years of experience running Linux on a desktop.

My usecase is a simple debian(?) server at home with Paperless ngx and Tailscale for when I am away from home. 

The question is how to encrypt the data while still being able to keep the server updated.

Coming from Desktop my first thought was to simply enable FDE on install. But that would mean supplying the password everytime the server needs to reboot for an update. Could someone provide some insights on how often updates to debian require a reboot? 

My second thought was to use an encrypted data partition. That way the server could reboot and I could use wireguard to ssh in and open the partition even when I am away from home for a longer time.

I am open to other ideas!

Activity Pods is supposed to allow you to have one account across the fediverse and it's still in early dev. I do see that they have some docker images, but there's no descriptions on what they're for and their instructions involve running make scripts to get running.

I can do that inside of a docker container, but running TrueNas I'm limited to running those, which is fine, I can do that, but the other thing that seems a bit confusing is that it looks like they want you to define "shapes" for different services to communicate with.

It might just look more complicated than it is. Has anyone successfully gotten up and running with it?

Here are some of my projects on GitHub. You can find tools like ChannelTube for downloading YouTube content, SpotTube for Spotify playlists (via yt-dlp) and more. Enjoy!

Note: You might recognize these from elsewhere, but I’m new to this platform.

Check out this blog for a setup guide: https://thewicklowwolf.github.io/

It's World Backup Day again. Good opportunity to check if your backup mechanisms work as intended.

For those unfamiliar, DockGE is "A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager."

Similar to portainer

Warning

Breaking change: Due to the security reason, the "Console" feature is now disabled by default. If you need this feature and understand the risk, you can enable it via the environment variable DOCKGE_ENABLE_CONSOLE=true.

See link for full notes

Hey y'all 👋

I usually don't post release updates, but this one has me excited :)

Here come 🔀 Workflow Automations for your network device management.

https://i.imgur.com/rhLy5WW.jpeg

So, what can you do? You can change any Device field, or delete the Device itself, if any number of custom conditions are fulfilled. For example, you can UN-archive a device if it's detected online. Or group devices with a specific name or vendor into a group. Or assign devices to a location depending on the IP they get...

These are only examples, but I think you get the idea. Happy tinkering and automating! Share your workflows in Discord or GitHub Discussions.

https://i.imgur.com/Q1Z9IOY.jpeg

I already host multiple services via caddy as my reverse proxy. Jellyfin, I am worried about authentication. How do you secure it?

cross-posted from: https://feddit.org/post/9959466

geteilt von: https://programming.dev/post/27692275

• Post
• New Git Repo.

Many users reported high memory/RAM usage, some 8GB+.

In my case gone from 1.5GB+ to 400MB or less on Raspberry Pi 4.

Adding MALLOC_TRIM_THRESHOLD_=100000can make a big difference.

With Docker:
Add to your docker-compose.yml and docker compose down && docker compose up -d

...
environment:
  - MALLOC_TRIM_THRESHOLD_=100000
...

With systemd:
Edit /etc/default/jellyfin change the value of MALLOC_TRIM_THRESHOLD_ and restart the service

# Disable glibc dynamic heap adjustment
MALLOC_TRIM_THRESHOLD_=100000

Source: https://github.com/jellyfin/jellyfin/issues/6306#issuecomment-1774093928

Official docker,Debian,Fedora packages already contain MALLOC_TRIM_THRESHOLD_.
Not present on some docker images like linuxserver/jellyfin

Check is container (already) have the variable
docker exec -it jellyfin printenv | grep MALLOC_TRIM_THRESHO LD_