r/selfhosted

I hope folks are very skeptical of what seems like 90% of the posts in /r/selfhosted. They are bot posts. They read like someone is just starting out on their selfhosting journey or they're asking for the best way to do something...and then you get the random user engaging with the post...they're all bots. Take a moment to check the account age. Take a moment to look at the recent post history of the engagers. Before you engage...disengage and do just a bit of sleuthing. These accounts are advertising, trying to get natural engagement for AI training material, etc. And honestly, it's frustrating, aggravating, and completely off-putting.

Update: Account age isn't everything. Sometimes, just use your gut. You'll read a post and something will just seem off. You really can't put your finger on it, but something just doesn't read right. Basically, critically think; feels like a skill we've all just stopped exercising.

Over the last decade I’ve been playing with dozens of servers from multiple providers. These are the steps I’ve been perfecting to get up to speed fast and feel right at home on a new machine. Wrote it down here mostly as a personal reference, but hopefully useful to someone else too.

I’ve got an old laptop I’m considering using with Kali to try and attack my own network for fun and help confirm my precautions actually work. Hoping to hear success stories of others doing the same.

I'm trying to come up with a better way of managing my docker stacks. And I keep running into a wall when it comes to managing secrets. Looking around, there are few ways being used but I feel like each of them has some limitations and doesn't fit into my desired workflow.

Issues:

• _FILE env variables are not supported by all images
• majority of containers expect passwords and other sensitive data to be passed as env vars

This is my setup currently:

• I store my docker compose and .env files in a private github repo
• .env files stored in the repo don't include any sensitive values
• portainer is used to deploy my stacks, it pulls the config from the repo
• I override the env vars in portainer UI to add any sensitive values. These changes get persisted in portainer, so even if I pull latest changes from the repo, my overrides will still be applied.

I'm now experimenting with Arcane, and while I'm starting to like it more than portainer, it has one fundamental issue. If I make any changes to the .env file, they get reverted next time I do git sync.

I haven't tried Komodo yet, It looks like it supports secrets, and can substitute placeholders in compose files with the actual values, but it doesn't look like it's using standard docker-compose syntax for it (square brackets around placeholders), which is a blocker for me as I'd like to keep the config generic enough so that it's not tied to any specific tool.

sops and age seems to be something that people are using, but I don't see a way to get it to work with portainer or arcane.

I'm experimenting with few different approaches, I have my secrets stored in vaultwarden so I can retrieve them with bw cli. I also have ansible playbook that saves them as files on my docker host.

What I'm looking for is a way of injecting those secrets into .env files while using portainer or arcane.

I'm setting up a WireGuard VPN as a relay between my devices and my home network (homelab access, not exit-node browsing). Trying to pick a host and would value real-world experience over marketing.

Why I'm not using a mainstream provider: Hetzner asked for ID + selfie at signup, which I'm not willing to provide for a €4/month VPS. Looking for hosts that don't require that.

Shortlist so far:

- Njalla — most-recommended for privacy, but expensive (~€15/mo) and I've read mixed things about their network reputation

- 1984 Hosting — Iceland, lighter KYC, seems like a balance

- BuyVM — cheap, accepts Monero, US-based

Questions for anyone with direct experience:

1. Network reputation — how often do the IPs get blocklisted by services like Google, Cloudflare, streaming sites? Matters because a relay that gets captcha'd constantly is annoying
2. Abuse handling — if someone else on the IP range does something, do they nuke your VM or work with you?
3. Anyone left one of these for another? Why?

Not looking for "just use Mullvad" answers — I specifically want a server I control to terminate the tunnel at, not a commercial VPN.

Thanks for any input.

Wondering if there is any kind of selfhosted equivalent to ultimate guitar.

If possible, some kind of selfhosted alternative to musescore (ability to render sheet music, and to transpose said sheet music).

Hi everyone,

I'm hoping someone has run into this issue before and can help me out.

I currently have a Proxmox server running some LXCs, but i have a problem with this three:

• Cloudflared (for my Cloudflare Tunnel)
• AdGuard Home
• Nginx Proxy Manager (NPM)

My router's DNS is set to the AdGuard IP so it handles requests and redirects them to NPM when needed. I have a DNS rewrite configured in AdGuard Home so that *.mydomain.com always points to the NPM IP.

Here is the issue: I think there's a problem with the services I have exposed to the internet. Even though my local DNS should be routing them directly to NPM, the traffic seems to be going out to the internet because I'm hitting the Cloudflare Access screen asking for an email/One-Time Pin.

This only happens with Home Assistant and my NAS, which are the only services I have exposed. Any other service that doesn't have a CNAME record in Cloudflare resolves internally perfectly fine through AdGuard/NPM.

For context, I bought the domain directly through Cloudflare and the tunnel itself is working without any issues.

Why is the local DNS rewrite being bypassed for services with a Cloudflare CNAME?

Thanks in advance for any help!

Hey guys,

I'm conducting a survey for those using containers to deploy software. Thanks ahead of time to everyone who responds. To the Komodo users, I hope you have been enjoying Komodo v2.

If you don't know: Komodo is a platform to build and deploy software on many servers. There is no limit to the number of servers you can connect, or to any features including SSO and RBAC. For more information, check out the introduction docs.

Have a good day!

🦎 Homepage: https://komo.do

🦎 GitHub: https://github.com/moghtech/komodo

🦎 Demo: https://demo.komo.do (login with demo : demo)

🦎 Discord: https://discord.gg/DRqE8Fvg5c

I have a nightly cron which

• Automatically stops all the docker containers (based on some folder and/or container name conventions)
• runs borg (configured using borgmatic) to take a backup of /myeverythingfolder
• Starts back all the previously stopped containers
• rclone syncs the backup to backblaze b2

How you take your backups?

I'm just about to start setting up my first home server on a Beelink ME Mini. I've read/seen that you can install the OS (probably Proxmox in my case) onto the eMMC. I have also seen that that may not be recommended. Would it be more prudent to use one of my six NVME drives to install Proxmox onto and then have the other five drives as storage? I would prefer not to dedicate an entire terabyte to just the OS, if I can successfully run the whole setup from the OS being on the eMMC.

I built nylon because I wanted one unified VPN that connects across all my cloud servers, mobile devices and workstations, whether they are on the same LAN, or across the internet.

I also had latency-sensitive "work" ahem (game streaming). So if I were on the same physical network as my gaming pc, I want my VPN to route via the lowest latency LAN path, only falling back to other nodes when needed.

Note: I have considered Tailscale and Nebula. These work most of the time, but do not give me control over how data is routed. They generally establish direct links (or at most, 1-hop via a relay), and do not take the state of the underlying network into account.

With nylon, I can choose to add links with more premium networks like CN2 GIA or Akamai's (via two Linodes in diff regions). Nylon would take these links into account, and dynamically pick the best routing using Babel (RFC 8966).

If you're interested in the details, I wrote a blog post diving into the challenges of building this: https://jiaqi.dev/posts/nylon

Docs for getting started: https://nylon.jq.ax

Would love to hear thoughts & feedback! Thanks :)

I have Nextcloud running on TrueNAS and it works ok, however I only use the file sync feature and nothing else. Is there a good lightweight alternative that just syncs files? I just want the documents on my pc to sync to my Truenas and also be available on my iPhone.