I have already hosted nextcloud and bitwarden on my old laptop as a trial. (I have been using this for 6 months and the hard-drive is a failing now)

Now I want to have my own board to set up my own server to host such as True NAS, bitwarden, pi-hole and Fresh RSS.

Any suggestions on which board to run this. Thanks for all the help.

Ill keep it short and sweet, io have a pi4 that i tried to use for a couple of things and never really quite worked, whats a genuine helpfull thing to use it for? what system/program would be cool? multiple maybe?

how would an amateur that wasnts thing to just work that dont require an hour of commandline fiddling to work?

I tried a pihole, barely got it to work and never properly connected with the internet i tried retroarch, mostly worked but realized its way easier and more comfortable to use my main machine i tried funkwhale, never got it to install i tried invidious, worked on my main machine, never was able to connect via another machine on the pi (and with the program feeling a little in danger now i felt a lil iffy)

i request assistance and would appreciate it heavily, any and all alternatives, tutorials and help will be seriously considered

Hello!

I am starting to self host a number of small services on a commercial VPS. I'm looking for guidance on how to lock it down, and in general best security practices. I've found some resources online, but any advice from others would go a long way. For reference, I have almost no web management or web services background, but am very comfortable with *nix/CLI etc.

My current structure is this:

• stock Debian, fully updated
• nginx for webserving and reverse proxy (not the reverse proxy standalone tool, just regular nginx installed as a service)
• various services built and deployed through docker-compose
• services are proxied to subdomains
• SSL certs for everything with LetsEncrypt

I've done things like disabled root ssh, disabled ssh passwords (only key pairs allowed) and set ufw to only allow http, https, and ssh, and set https for everything to the best of my ability.

What best practices should I be following? How often should I restart/update services? Is using 'latest' through docker-compose sufficient?

What else should I do to harden nginx? Any admin tools to use for monitoring, white or blacklisting?

Lots of newbie questions here - I appreciate any help or guidance the community has. Thank you!

Hi everyone! So I installed docker the other day and I'm currently getting used to the terminal. I had a few questions about self-hosting web apps that would determine what apps I start using.

1. If I hypothetically moved, would the change in IP address affect anything?
2. Can other people on my internet access my webapps?
3. Would a VPS solve any issues caused by question 1/2? Or is there a different type of software that would help?
4. When I install an app and they both require the same localhost, is there a list of numbers that I can use as an alternative? For example, instead of 8080 could I use a hypothetical number like 1234?

Thank you very much. Sorry if these questions seem rather obvious, I'm just very new to self-hosting and I don't want to lose any data in the future. 😅

I installed Lemmy on Debian 11 using Yunohost, and everything appears to be working except that I can't upload photos, and I get this error: SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data.

I found this ticket on the Lemmy github, but it's not the same error language: https://github.com/LemmyNet/lemmy/issues/2475

Anyone dealt with this before? I appreciate any pointers.

Hey guys, I'm currently studying computer science and have used Google domains for a while to host my own website. In lieu of domains being discontinued by Google I'm thinking about moving every service I've used there to a Debian VM, which would be hosted by a company in my country, but I would have root access.

This would include a Web- and a Mailserver pretty much. I'm not a beginner when it comes to handling a CLI, but I am quite rusty and would prefer a solution that I set up once and don't have to maintain weekly to keep it going.

I'm aware selfhosting entails some kind of maintenance, I pretty much just don't want to be overwhelmed and suddenly lose access to my mails by being lazy.

Serverwise I've setup Apache and Postfix already in my studies, but I'm not sure if those are the best solutions.

I'd really love a few pointers and do's and don'ts if you'd be so kind to help me out 😄

Thanks!

Reposting this since my last one never got any replies and I'm still on it lol

Hey all, as the title says I’m interested in hosting an instance in the cloud, just as a little bit of a project to improve my skills. Was wondering if there are any considerations I should keep in mind while doing this?

Here’s what I architected so far:

I’m going to be using a t3.small as the main webserver and a db.t3.micro RDS for PostgreSQL for the DB. The t3.small is going be running on Ubuntu 20.04 with a 20GB gp3 EBS volume. The DB is 30GB single AZ to save some money. Everything’s going to be in a custom VPC, the web server in a public subnet and DB in a private subnet, with an SG to allow the two to talk

Seems like that’s about all I’m going to need for now to get started, is there anything I’m missing here?

Overall, I am thinking about self-hosting, but I am very very confused on the procedure. How does one run a physical server at home, and then open it to the internet? And even them, what are the pros and cons of self-hosting your own services?

Hi folks! As the title suggests, is there anything out there similar to Lunatask to help with personal organisation for neurodivergent brains?

As far as I’m able to find, it looks to be the only app built to propose. I’m not really interested in adapting some other solution to match it (normally I’d be up for the challenge but not with a tool like this).

We're at a great nexus for Lemmy here, with so many users (including me) giving up Reddit for good and moving to the federated universe.

One thing I loved and will miss about Reddit are the sports-related subs I had -- large league subs (like NBA and NFL) and smaller team subs.

There are efforts to organize new communities across Lemmy servers (including some on lemmy.world), but I see a great opportunity to start a new server focused on sports and team subs.

Why not just make these communities on an existing server?

My thoughts are -- right now there are various team and sports subs across many servers. The natural expectation is eventually one of these team or sports subs will become the main community people will subscribe to. Having a sports-specific server will expedite this process, and will give sports fans a one-stop shop for where to go to subscribe.

My goal would be a server instance people would know is the 'source' for the largest sports communities.

Tell me I'm dumb, or provide me constructive feedback, or let's talk more about setting up a server!

Cheers

I once bought a router to use for my internet when I moved into my new house just to find out that it "wasn't compatible" with Verizon's service. I still have it (because I'm terrible about returning things). Is there any point in keeping it? Is there anything fun or interesting that I could do with it?

Hello looking for a file sharing app, preferable that I can run in a docker container with a UI that displays for file recipients over a reverse proxy.

Hi, I am teacher. I want to make a tutorial site like here or svelte.dev/tutorial or vuejs.org/tutorial to teach basic html, css and javascript to my students. Is that kind of tutorial page custom made or part of lms-apps like moodle or something? is it possible for me to selfhost it? preferably on our school's local network? thanks...

Hopefully this is the last time I need to bug you guys here about stuff. :)

I added a postfix relay to my Lemmy instance and configured the email settings in my lemmy.conf file but no matter what I do I keep getting a "no_email_setup" error when I try to test the SMTP server. Is there an obvious step I'm missing?

This is my full docker-compose.yml:

version: "3.3"

networks:
  lemmyexternalproxy:
  lemmyinternal:
    driver: bridge
    internal: true

services:
  proxy:
    image: nginx:1-alpine
    networks:
      - lemmyinternal
      - lemmyexternalproxy
    ports:
      # only ports facing any connection from outside
      - 80:80 
      - 443:443
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      # setup your certbot and letsencrypt config 
      - ./certbot:/var/www/certbot
      - /etc/letsencrypt:/etc/letsencrypt
    restart: always
    depends_on:
      - pictrs
      - lemmy-ui

  lemmy:
    image: dessalines/lemmy:0.17.3
    hostname: lemmy
    networks:
      - lemmyinternal
      - lemmyexternalproxy
    restart: always
    environment:
      - RUST_LOG="warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemmy_db_views_moderator=info,lemmy_routes=info,lemmy_utils=info,lemmy_websocket=info"
    volumes:
      - ./lemmy.hjson:/config/config.hjson
    depends_on:
      - postgres
      - pictrs

  lemmy-ui:
    image: dessalines/lemmy-ui:0.17.3
    networks:
      - lemmyinternal
    environment:
      # this needs to match the hostname defined in the lemmy service
      - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
      # set the outside hostname here
      - LEMMY_UI_LEMMY_EXTERNAL_HOST=localhost:1236
      - LEMMY_HTTPS=true
    depends_on:
      - lemmy
    restart: always

  pictrs:
    image: asonix/pictrs:0.3.1
    # this needs to match the pictrs url in lemmy.hjson
    hostname: pictrs
    # we can set options to pictrs like this, here we set max. image size and forced format for conversion
    # entrypoint: /sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp
    networks:
      - lemmyinternal
    environment:
      - PICTRS__API_KEY=API_KEY
    user: 991:991
    volumes:
      - ./volumes/pictrs:/mnt
    restart: always

  postgres:
    image: postgres:15-alpine
    # this needs to match the database host in lemmy.hson
    hostname: postgres
    networks:
      - lemmyinternal
    environment:
      - POSTGRES_USER=lemmy
      - POSTGRES_PASSWORD=PASSWORD
      - POSTGRES_DB=lemmy
    volumes:
      - ./volumes/postgres:/var/lib/postgresql/data
    restart: always
  
  postfix:
    image: mwader/postfix-relay
    networks:
      - lemmyinternal
      - lemmyexternalproxy
    environment:
      - POSTFIX_myhostname=myhostname.here
      - POSTFIX_inet_protocols=ipv4
    restart: always

And my lemmy.hjson has this block:

email: {
  smtp_server: "postfix:25"
  smtp_from_address: "Lemmy <noreply@myhostname.here>"
  tls_type: "none"
}

Is there a self hosted web based note app similar to Obsidian or Joplin? I've tried Trilium and its ether above my pay grade in terms of knowledge, or I've set it up wrong. I'm mostly looking for something that has support for folders or a tree structure, markdown or simple text based and all accessible buy web browser.

I've gone from using Joplin, to Obsidian, I love both but am tired of waiting for sync before accessing my notes on different devices.

I'd like to share the project that I've worked on the past couple of weeks. I've started it after finding about how professional routers (specificaly Unifi) are managed and thinking that there should be a simalar open-source software for home networks.

In the near future I'd like to support automatic updates, interface auto-configuration, port redirection, UPnP, ad blocking and other functions that make home networks more transparent and easier to control.

When I see this sort of thing, and other people are trying to do it, a reverse proxy or vpn is always mentioned. Heres my question:

How Dangerous is it to just open the port for it on my router and access it like that?

Lets say i want to access jellyfin from Kodi on my xbox or something outside my network, the vpn solution wouldnt work for this i would think.

My issue with reverse proxies, and why im asking, is it seems less secure? I mean Im well aware that an IP is easy to get, i guess. But how likely is someone to look for something on my network specifically? With reverse proxies it seems like i would be broadcasting my server to the internet in a way its easier to happen across, than someone being interested in a random residential IP.

I run a minecraft server for friends on my main computer anyway, and i know tons of people do that, theoretically thats the same level of danger as opening my network for jellyfin specifically.

VPN isnt an option because of this xbox stuff i mentioned and people in my family who have 0 chance of understanding it regardless.

So what is the better option, going through this reverse proxy ( which im actually also unsure would work with kodi) or rawdog the server on my network. I guess leaving the server exposed? or every device even.

So, I have a few services (Jellyfin, Home Assistant, etc) that I am running, and have been acessing via their IP's and port numbers.

Recently, I started using NGINX so that I could setup entries in my Pi Hole, and access my services via some made up hostname (jellyfin.home, homeassistant.home, etc).

This is working great, but I also own a few domains, and thought of adding an SSL cert to them as well, which I have seen several tutorials on and it seems straight forward.

My questions:

• Will there be any issues running SSL certs if all of my internal service are inward facing, with no WAN access? My understanding is that when I try to go to jellyfin.mydomainname.com, it will do the DNS lookup, which will point to a local address for NGINX on my network, which the requesting device will then point to and get the IP of the actual server.

• Are there risks of anything being exposed externally if I use an actual CA for my cert? My main goal is to keep my home setup off of the internet.

Hi all!

I have a couple of months to create and deploy a small cluster for running docker containers.

The cluster will consist of 3 master nodes and some workers. When it is ready, it will consist of about 15 servers.

I have little experience with Docker (managing some containers on my home server), I have spent the last 4 or 5 weeks studying and testing with Kubernetes and I think it's a little overkill for what it's going to take. You run the risk of adding unnecessary complexity.

I am seeing that instead Docker Swarm seems easier to set up and manage.

To consider that I will be on my own to manage it.

What do you think?

Thanks!

Is there a good way to use the "become: yes" for the needed escalation to sudo for a handful of commands which need it while limiting the user's access to passwordless root? I've added this line to /etc/sudoers.d/$USER

(username) ALL=(ALL:ALL) NOPASSWD: /usr/sbin/omv-upgrade, /usr/sbin/reboot

Which should allow my user to use the omv-upgrade script (which does some apt stuff) without a password prompt for sudo. This allows it to perform the needed apt commands for an upgrade without actually giving full apt access to install whatever. Likewise with reboot, though I'm not sure which command ansible will actually try with these:

    - name: Check if a reboot is required.
      ansible.builtin.stat:
        path: /var/run/reboot-required
        get_md5: no
      register: reboot_required_file

    - name: Reboot the server (if required).
      ansible.builtin.reboot:
      when: reboot_required_file.stat.exists == true

I presume it's that reboot, but maybe it'll try the systemctl one instead. Is there a better method to give the user the needed passwordless sudo actions without the security risk of opening everything up to that user (which I don't want to do at all)

Hello, I thought I'd share my own setup with Ansible.
Two motivations that played a factor here. First, I wanted to use Podman instead of Docker and second, I already have an Nginx Proxy that I wanted to use it. Lastly, I like managing my containers through systemd, which is very easy to do with Podman.
Tested on Debian 11, though it should work on most other distros as well.
Do look over the playbook, there might be some decisions you don't agree with. For example, the different directories I'm creating for the various containers. (I'm creating multiple directories under /mnt)
Other variables, mainly logins, are already modifyable using the Ansible vault file included here.

Requirements

• A Server
• SSH access to the server
• Ansible Inventory file
• Basic knowledge of Ansible
• Basic knowledge of Nginx

Setup

Vault file

I'll start with the vault file. Enter your values between the quotes. Explainations for most of them can be found in the lemmy.hjson config file.

Filename: vault.yml

# postgres
var_postgres_user: ""
var_postgres_password: ""
# pictrs
var_pictrs_api_key: ""
# smtp (lemmy config)
var_smtp_server: ""
var_smtp_login: ""
var_smtp_password: ""
var_smtp_from: ""
var_smtp_tls: ""
# initial admin config
var_admin_username: ""
var_admin_password: ""
var_site_name: ""
var_admin_email: ""
# network settings
var_hostname: ""

Encrypt your file with this command.
$ ansible-vault encrypt vault.yml
You can also view or edit the file by replacing the encrypt keyword with view or edit respectively.

Lemmy config

Here's the lemmy config I used. It is mostly copied from the default config example, though a lot of the values have been replaced by the variables you just filled in above.
(btw, federation still does work with tls_enabled: true commented like this. As proof, I'm writing this post from my own instance set up this way)

{
  # settings related to the postgresql database
  database: {
    # Username to connect to postgres
    user: "{{ var_postgres_user }}"
    # Password to connect to postgres
    password: "{{ var_postgres_password }}"
    # Host where postgres is running
    host: "lemmy-db"
    # Port where postgres can be accessed
    port: 5432
    # Name of the postgres database for lemmy
    database: "lemmy"
    # Maximum number of active sql connections
    pool_size: 5
  }
  # Settings related to activitypub federation
  # Pictrs image server configuration.
  pictrs: {
    # Address where pictrs is available (for image hosting)
    url: "http://lemmy-pictrs:8080/"
    # Set a custom pictrs API key. ( Required for deleting images )
    api_key: "{{ var_pictrs_api_key }}"
  }
  # Email sending configuration. All options except login/password are mandatory
  email: {
    # Hostname and port of the smtp server
    smtp_server: "{{ var_smtp_server }}"
    # Login name for smtp server
    smtp_login: "{{ var_smtp_login }}"
    # Password to login to the smtp server
    smtp_password: "{{ var_smtp_password }}"
    # Address to send emails from, eg "noreply@your-instance.com"
    smtp_from_address: "{{ var_smtp_from }}"
    # Whether or not smtp connections should use tls. Can be none, tls, or starttls
    tls_type: "{{ var_smtp_tls }}"
  }
  # Parameters for automatic configuration of new instance (only used at first start)
  setup: {
    # Username for the admin user
    admin_username: "{{ var_admin_username }}"
    # Password for the admin user. It must be at least 10 characters.
    admin_password: "{{ var_admin_password }}"
    # Name of the site (can be changed later)
    site_name: "{{ var_site_name }}"
    # Email for the admin user (optional, can be omitted and set later through the website)
    admin_email: "{{ var_admin_email }}"
  }
  # the domain name of your instance (mandatory)
  hostname: "{{ var_hostname }}"
  # Address where lemmy should listen for incoming requests
  bind: "0.0.0.0"
  # Port where lemmy should listen for incoming requests
  port: 8536
  # Whether the site is available over TLS. Needs to be true for federation to work.
  #tls_enabled: true
}

Ansible Playbook

Now a quick overview of my playbook:

1. Installs podman
2. The systemd service for running the podman pod will be stopped. EDIT: The error will now be caught and continue
3. Create various directories
4. Copy the lemmy configuration
5. Create a podman network
6. Create a podman pod
   • Port 1234 is for the Lemmy UI
   • Port 8536 is the Lemmy backend
7. Create all the containers
8. Generate the systemd service for the pod
9. Enable the systemd service

And here's the Ansible playbook file.

***
- hosts: all
  become: yes
  become_method: sudo
  vars:
    var_lemmy_version: "0.17.4"
  tasks:
    - name: Install podman
      ansible.builtin.package:
        name:
          - podman
        state: latest

    - name: Stop lemmy pod if necessary
      block:
        - name: Stop systemd service
          ansible.builtin.systemd:
            name: pod-pod_lemmy
            state: stopped
      rescue:
        - name: Skip stopping systemd service
          ansible.builtin.debug:
            msg: "First time setup. Ignore the error above"

    - name: Create database directory
      ansible.builtin.file:
        path: /mnt/lemmy-db
        state: directory
        owner: root
        group: root

    - name: Create lemmy directory
      ansible.builtin.file:
        path: /mnt/lemmy-app
        state: directory
        owner: root
        group: root

    - name: Create pictrs directory
      ansible.builtin.file:
        path: /mnt/lemmy-pictrs
        state: directory
        owner: 991
        group: 991

    - name: Copy lemmy config file
      template:
        dest: /mnt/lemmy-app/lemmy.hjson
        src: ./lemmy.hjson

    - name: Create lemmy network
      containers.podman.podman_network:
        name: net_lemmy

    - name: Create lemmy pod
      containers.podman.podman_pod:
        name: pod_lemmy
        network:
          - net_lemmy
        publish:
          - "1234:1234" # lemmy-ui
          - "8536:8536" # lemmy-app

    - name: Create DB container
      containers.podman.podman_container:
        name: lemmy-db
        image: docker.io/postgres:15-alpine
        volume:
          - /mnt/lemmy-db:/var/lib/postgresql/data
        env:
          POSTGRES_USER: "{{ var_postgres_user }}"
          POSTGRES_PASSWORD: "{{ var_postgres_password }}"
          POSTGRES_DB: lemmy
        label:
          io.containers.autoupdate: image
        pod: "pod_lemmy"
        state: "created"

    - name: Create pictrs container
      containers.podman.podman_container:
        name: lemmy-pictrs
        image: docker.io/asonix/pictrs:0.3.1
        #entrypoint: "/sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp"
        # flags: https://git.asonix.dog/asonix/pict-rs/src/tag/v0.3.1
        command: "/usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp"
        user: 991:991
        volume:
          - /mnt/lemmy-pictrs:/mnt
        env:
          PICTRS__API_KEY: "{{ var_pictrs_api_key }}"
        label:
          io.containers.autoupdate: image
        pod: "pod_lemmy"
        state: "created"

    - name: Create lemmy container
      containers.podman.podman_container:
        name: lemmy-app
        image: docker.io/dessalines/lemmy:{{ var_lemmy_version }}
        volume:
          - /mnt/lemmy-app/lemmy.hjson:/config/config.hjson
        interactive: true
        tty: true
        env:
          RUST_LOG: "warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemmy_db_views_moderator=info,lemmy_routes=info,lemmy_utils=info,lemmy_websocket=info"
        #requires:
        #  - lemmy-db
        #  - lemmy-pictrs
        label:
          io.containers.autoupdate: image
        pod: "pod_lemmy"
        state: "created"

    - name: Create lemmy-ui container
      containers.podman.podman_container:
        name: lemmy-ui
        image: docker.io/dessalines/lemmy-ui:{{ var_lemmy_version }}
        env:
          # this needs to match the hostname defined in the lemmy service
          LEMMY_UI_LEMMY_INTERNAL_HOST: "lemmy-app:8536"
          # set the outside hostname here
          #LEMMY_UI_LEMMY_EXTERNAL_HOST: "{{ var_hostname }}"
          LEMMY_UI_LEMMY_EXTERNAL_HOST: "{{ ansible_default_ipv4.address }}:1234"
          #LEMMY_HTTPS: true
        #requires:
        #  - lemmy-app
        label:
          io.containers.autoupdate: image
        pod: "pod_lemmy"
        state: "created"

    - name: Create systemd service
      containers.podman.podman_generate_systemd:
        name: pod_lemmy
        new: true
        dest: /etc/systemd/system/

    - name: Enable lemmy pod
      ansible.builtin.systemd:
        daemon_reload: true
        name: pod-pod_lemmy
        enabled: true
        state: started

Run the playbook with this command.
$ ansible-playbook -i inventory.yml -e @vault.yml --ask-vault-pass playbook.yml -K
You will be prompted for the sudo password and the password you set for your encrypted vault.
If you authenticate to ssh using a password, add -k to the above command and you'll be prompted for that as well.

There's a character limit on posts, so I'll put the rest as a comment below.

I am looking for something I can run on a Pi that gives me access to my private audio library plus Spotify, because I hate switching apps. I want to access it from a desktop and Android. Does someone have something like this set up?