Selfhosted

!

Only use jellyfin. Have a list of things want to update... but it works for now.

Yes that is a laptop usb cooler used as supplemental placebo cooling. Also a pc fan I have propped up against the hard drive feeding into the pi.

Can't recall last time used the ps4 or switch. But they're there

Hey everyone, I was wondering about possible solutions to reach my home network when travelling. At the moment, I have a Wireguard VPN to my home router running OpenWRT. However, this is increasingly useless as Wireguard connections (even on port 80 and 443) are being blocked by hotels etc. (presumable DPI?). I have read about Shadowsock being a possible solution but struggled setting it up on my OpenWRT router.

Are there any other options? Preferably those that can run on an OpenWRT router, or on a server at home.

Any help is much appreciated.

publication croisée depuis : https://lemmy.pierre-couy.fr/post/805239

> Happy birthday to Let's Encrypt ! > > Huge thanks to everyone involved in making HTTPS available to everyone for free ! > > !

My current system is running on an old 2U HP rackmount server with dual 16-core AMD Opteron-6262HE CPU's and two RAID-5 arrays (fast SSD array and slow 2.5" HDD array). There are generally 5-6 VMs running under a Linux master at a given time but none of them are using a whole lot of CPU cycles.

In general, it's noisy but fairly effective for my needs.

I'm looking at the future and what might be good replacement that offers a blend of power-efficiency, flexibility, and storage cost.

In particular, I'd like to:

• Ditch the 2.5" HDD array in favor of an efficient separate storage system, preferably an attached NAS with 3.5" disks on RAID5 but probably actually networked and not USB based (both for reliability and also so I can potentially provide storage directly to stuff running on separate SBC's etc). A storage system I could drop in now and still use after I upgrade the compute system would be great

• I'd like to keep the SATA-SSD array for stuff that needs faster disk, or possibly move up to a RAID'ed M2/NVMe.

• Move up to a more modern CPU that has a good Power-per-watt balance. 8-16 cores totally is probably good if that can be reasonably power efficient for idle cores etc, but dropping some VM's to run stuff on the aforementioned SBC's is also an option

• Still be rack-mounted for the main system, but not so freaking loud, and actually fit in a standard 24" deep rack

• Potentially be able to add a decent GPU or add-on board for processing AI models etc

Generally what it will be running is a bunch of VM's for stuff like NextCloud, remote-admin software, Media servers (Plex/Jellyfin), a Fileserver, some virtual desktops and various other fairly low-power VMs, BUT it'd be nice if I could add the dGPU or something with the horsepower for AI processing and periodic rendering/ripping/etc

I'm sorry debating on whether might make more sense to move all storage to BAD, then just replace the always-running stuff (NextCloud, Plex,Fileserver) with SBC's so that they're fairly easily swappable if something fails.

I use around 10 browser profiles, each of which has its own set of bookmarks, plugins, self-enforced rules, etc. I want to synchronise browsing history, bookmarks, plugins using a single account. They are managed with a dedicated Firefox account, but I was wondering if I can self host accounts so that I can synchronise stuff over my VPN, and I don't have to do mail verification every time I create a new profile. But I can't find much on how online.

I know syncserver-rs but that is not enough. The accounts are still registered with Mozilla's server.

I followed this tutorial to set up local domain names with SSL-certificates using DuckDNS: https://notthebe.ee/blog/easy-ssl-in-homelab-dns01/

I have three local domains for my Nginx Proxy Manager running on a VPS, for my self-hosted Nextcloud and my Proxmox-WebGUI both running on my local Homeserver. They follow the scheme service.dataprolet.duckdns.org.

Now I use Uptime-Kuma to monitor my services including the three domains and for some reason those three domains constantly time out after 48 seconds. I already set up the retries to 3, but to no avail.

I also use Pi-hole and Unbound and thought, that might be an issue, but testing my DNS using dig, mtr, traceroute, nslookup and host all returned normal values and no errors.

Does anybody have any idea what could cause this? I'm kind of clueless at this point. Thanks in advance!

Hi everyone!

I want this to be my first post here over Lemmy.

Recently, I moved my domains from GoDaddy to OVH due to GD's policy changes that removes the ability of using its API for updating the IP of subdomains if you don't pay more or you don't have more than X domains with them.

When I looked up for methods or APIs to update the IP of my subdomains on OVH, I realised that all the methods that I found uses the the "DynHost" option from OVH, so you need to create another subdomain with credentials, that were the one you will update with your IP, and then associate that with your real A subdomain.

I'm more an API guy, so I made a quick research and found that OVH has also API endpoints that allows to update the IP of the subdomain(s) you want, as I was doing with GoDaddy and other providers.

So I made a real simple IP updater for OVH that uses this method! Feel free to comment, use or share, this is my real first opensource and selfhosted project and I want to learn :)

Hi all, I am new at Lemmy, 👋🏻

I'm one of the contributors to Taipy, an open-source Python Data & AI web application builder.

Glad to receive feedback and even a few contributors! 😊

https://github.com/Avaiga/taipy

Taipy 4.0 just launched! It's similar to tools like Streamlit, Gradio, Dash, Reflex, etc., but with some unique twists.

Recap about Taipy

Taipy is an open-source Python framework designed to simplify the creation of data-driven web applications. It provides powerful tools for data scientists and engineers to build GUIs and manage complex scenarios without needing extensive front-end development skills. Whether you're creating dashboards, chatbots, or any other type of interactive data application, Taipy aims to make the process as intuitive as possible.

Key features in Taipy 4.0:

• Enhanced Integrations: Improved compatibility with platforms like Databricks, Snowflake, and Dataiku, making data-driven application building smoother than ever.
• Databricks Technology Partner: Officially validated as a Databricks Technology Partner, allowing for seamless orchestration and visualization of data.
• UI & Scenario Management Improvements: Significant upgrades to our GUI and scenario management tools for a more intuitive experience.
• Backend Performance Boosts: Major backend optimizations for faster, more efficient apps.

A look back at Taipy 3.0:

• Taipy Studio: Graphical editor for managing configuration elements, stored in TOML for runtime use.
• Python Page Builder API: Everything in Python, including Markdown support.
• Scenario Management Controls: Graphically interact with Data Nodes, Jobs, and Scenarios.
• Scheduler: Automate your tasks, let Scheduler handle the runs.
• Style Kit: Customize your app's look with our cascading stylesheets.
• Broadcast Updates: Keep every connected user in sync for live monitoring.

Fully open-source (Apache-2) and continuously evolving. Come check it out, and let us know what you think!

Hi everyone,

I'm seriously thinking about moving from Nextcloud AIO to OwnCloud Infinite Scale (OCIS), and I'd love to hear your thoughts.

Here’s why I’m considering the switch:

1. I need software that’s stable and doesn’t break after every update.
2. Minimal maintenance is a priority for me.
3. A solution that works out of the box with minimal setup complexity.
4. Support for Docker Compose deployment.
5. Support for S3 storage as the primary storage backend.

What I like about OCIS:

1. It's written in Go (which I prefer over PHP).
2. It doesn’t require a database, simplifying setup and maintenance. (Not sure about it)

However, I’m still hesitant due to:

1. The limited documentation for OCIS.
2. Concerns about whether it’s as open-source friendly as Nextcloud.

While I’ve been using Nextcloud Talk, I find it slow and unstable, so I’m planning to transition to XMPP. That said, Nextcloud itself has been challenging to maintain, and I’m looking for something faster and more reliable.

For those who have experience with OCIS, would you recommend switching, or should I stick with Nextcloud despite its issues?

Thanks in advance for your input!

Hello All,

I am trying to run scrutiny via docker compose and I am running into an issue where nothing shows up on the wub UI. If anyone here has this working would love some ideas on what the issue could be.

as per there trouble shooting for this I followed those steps and here is the output

$ smartctl --scan /dev/sda -d scsi # /dev/sda, SCSI device /dev/sdb -d sat # /dev/sdb [SAT], ATA device /dev/nvme0 -d nvme # /dev/nvme0, NVMe device docker run -it --rm \ -v /run/udev:/run/udev:ro \ --cap-add SYS_RAWIO \ --device=/dev/sda \ --device=/dev/sdb \ ghcr.io/analogj/scrutiny:master-collector smartctl --scan /dev/sda -d scsi # /dev/sda, SCSI device /dev/sdb -d sat # /dev/sdb [SAT], ATA device So I think I am imputing the devices correctly.

I only really changed the port number for the web UI to 8090 from 8080 in there example as 8080 is taken. compose file ``` services: influxdb: image: influxdb:2.2 ports: - '8086:8086' volumes: - './influxdb:/var/lib/influxdb2' healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8086/health"] interval: 5s timeout: 10s retries: 20

web: image: 'ghcr.io/analogj/scrutiny:master-web' ports: - '8090:8090' volumes: - './config:/opt/scrutiny/config' environment: SCRUTINY_WEB_INFLUXDB_HOST: 'influxdb' depends_on: influxdb: condition: service_healthy healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8090/api/health"] interval: 5s timeout: 10s retries: 20 start_period: 10s

collector: image: 'ghcr.io/analogj/scrutiny:master-collector' cap_add: - SYS_RAWIO volumes: - '/run/udev:/run/udev:ro' environment: COLLECTOR_API_ENDPOINT: 'http://web:8090/' COLLECTOR_HOST_ID: 'scrutiny-collector-hostname' depends_on: web: condition: service_healthy devices: - "/dev/sda" - "/dev/sdb" ``` everything appears to start and work and no errors in the terminal.

Thanks for the help.

I want to capitalise on the current "X-odus" momentum, and convince my university (or at least my department, which is quite big) to have its own Mastodon server.

My rationale is that if I can convince my uni/dept that they will have better reach, control and experience with Mastodon, it will help populate the Fediverse and bring more academics on this platform to disseminate their research.

The reason I am asking the self-hosting community for help is because I know nothing about hosting my own Mastodon server, but should I manage to have a talk with my IT head or the dept head and convince them to come to the Fediverse, I might need to spin up a server for them.

1. How easy is it to get Mastodon up and going?
2. How costly a hardware do I need to ask for?
3. How expensive is it to run the server annually?
4. Any other points or aspects I need to keep in mind?

Some people my server admin uncle included believe that bringing any device to China automatically compromises it even if you reinstall a new OS. Is this warranted as some random person?

Can I go to my public sites and/or VPN into my servers?

Edit: I go there all the time. Also, I can take these precautions but I can’t expect my family to take them. What about family members phones?

A lot of great replies, thank you! Would love the read more specifics so I can know exactly the threats and my actions

Also, this is not an anti-China post. My field is Chinese related. Just learning more about the hosting side :)

Hello self hosters, I was wondering if you could fact check my training plan?

I work in Tech but haven't done any hands on programming work since school (visual basic). This was very basic, I built a calculator program.

I've got an idea for an app and think this is a good learning opportunity.

My goals are:

1. Learn programming skills that I can use for personal projects in the future i.e. making apps, using programs fron github, hosting containers to run Plex etc.

2. Learn skills that can help in my current job (I work with Engineers but don't do any actual coding).

I am planning to learn the following, more or less, in order:

• Docker (in the past I've had a lot of trouble trying to code in Virtual Box).

• Linux command line

• JavaScript boot camp. Good for coding a single app that will work across, browser IOS and Android.

*Typescript - extension of JS.

*SQL - for apps that require a query to a database

*node.js - for REST APIs and cloud server infrastructure

I may also learn these languages/ methods as I need them:

*Git *Terraform

I appreciate this will be a lot of work and take a long time to master, however I think it is worth the investment from a hobby and professional perspective.

Any recommendations or comments on the above?

Any pointers where I've gone wrong or tips/ideas are greatly appreciated!

Probably a dumb question, thanks for all the front end responses, I’ve been watching using them but want to engage. I really don’t want to keep using Google though!

Or should I just get used to not engaging or maybe bringing videos here and commenting if they’re that interesting.

Hello everyone!

After much pain and agony I was able to setup my matrix server! Huzzah!

Until I went to sign in with element x :(

It says my server does not have sliding sync support. I have tried looking at the official documentation and trying to getbit working but to no avail. I went thrught the only limited tutorial provided by the actual matrix channel. Still no success.

I was able to install shildichat and that works just fine! Same with the element desktop client.

Do I need to completely restart my matrix installation to get this working? Is there an easy way to get it working now that my mattix-synapse server is already setup?

For context I followed this exact tutorial (though instead of nginx proxy manager I used cloudflare tunnel)

https://www.youtube.com/watch?v=TFDFR6EBG3k

In the video it says nothing about sliding sync but when you go to his wiki site the matrix config has been updated with an empty sliding scale patameter.

Any help would be appreciated!

EDIT:

I am using ubuntu 20.04 deploying my matrix server through docker. I am using the latest build of dendrite matrix-synapse

Dendrite monolith matrix github:

https://github.com/matrix-org/dendrite/blob/main/build/docker/README.md

This is the documentation I followed:

https://wiki.opensourceisawesome.com/books/setup-matrix-chat/page/install-matrix-using-the-dendrite-server

EDIT 2:

please forgive my idiocy. What I wanted was element the app not element x. Unless there is a problem wjth me running matrix without this supposed sliding sync, my issue is solved lol. I will take the advice to implement it if necessary.

Like the title says, I want to replace the IP address in a wireguard .conf file to be a domain instead.

I own a domain through cloudflare, so say I wanted to use vpn.example.org

What DNS record and info do I need to put into Cloudflare? (I am aware I'll need to update it if my ip changes)

This is a problem I have been having for a while and I thought I had fixed it but it has recently returned.

Sometimes my raspberry pi will lose connection on a random device. Sometimes it's tailscale, sometimes it's wlan, sometimes it's both. It still shows as connected in my router even when it is unreachable. When I can access it through one device while the other is down I check for errors but can't see any. If left alone for long enough it will fix itself (today it fixed itself after 6 hours) or I can reboot if I still have access to ssh through a working device.

To fix it last time I fixed wireless localisation settings (it was set to us instead of gb) but it being fixed after that change might have been a coincidence.

My only idea for why it doesn't always work is because of a range extender I have upstairs (where the pi is) which is connected to the network using fritz! mesh. I think it's a bad idea since it is placed very close to the main router (almost directly above) but my dad insists on having it.

Moving away from Google. I just added my fav subs into my rss feed but that isn’t an enough to get good recs. What else can one do? Alternative front ends that work?

Or perhaps a self-hosteable webapp i could add the words myself from curated sources on the internet to then do quizzes on it?

Need to expand local storage for local media streaming. Running a regular desktop on linux.

I am willing to spend money on "the best" for streaming purpose while and hopefully something I can keep reusing down the road if it lasts.

I'm looking for something that can help me create an inventory so that later it's easier to find things in boxes.

After he notified the community that he is in hospice care a few weeks ago, his wife has now notified the community that TTeck, the founder of the Proxmox Helper Scripts, has sadly passed away.

The project has been transferred to the community earlier so the Proxmox Helper Scripts as TTeck's legacy will live on.

Only a few people have contributed so much to Open Source as his scripts were a gateway for a lot of people who then ventured into self hosting an then onwards into an IT career.

I’m moving to a new machine soon and want to re-evaluate some security practices while I’m doing it. My current server is debian with all apps containerized in docker with root. I’d like to harden some stuff, especially vaultwarden but I’m concerned about transitioning to podman while using complex docker setups like nextcloud-aio. Do you have experience hardening your containers by switching? Is it worth it? How long is a piece of string?

I'm looking for a self-hosted alternative for Omnivore. To keep it short and sweet, I'm looking for an app that I can subscribe to RSS feeds from and maintain Reader Mode-esque archives of news articles and interesting things I've read. Obsidian integration would be nice but is not a priority; however, the ability to save from Android is a must.

Hoarder is something I've recently spun up on my home server but despite looking great, it doesn't do what I'd like it to do. Clicking on an article doesn't present me with a Reader Mode archive, it takes me to the actual webpage; I have to click on something else to get the cached version (and even then, it doesn't format things in the way I'd like). I feel this order of operations should be reversed. On the mobile app, you can't even access the cached version.

I've used Wallabag before, but disliked the mobile interface. I wasn't self-hosting, however, so I'm not sure the difficulty level for it. Barring finding anything better, I'll likely try and self-host Wallabag.

Shiori looks fantastic but I'd rather not resort to using Termux on my Android phone to share content. No mobile app makes it difficult.

Any suggestions?

SOLVED

Following numerous suggestions, I spun up a FreshRSS container and will be looking into both Shiori (which has a third-party mobile app) and Linkwarden. Thanks, everyone!

I never could get Nix working but maybe someone will

Hello All,

I am really new to selfhosting, trying to learn the basics. I have a raspi 5 with docker installed and a domain. My question is, as I collect all my knowledge from all over the internet, is there a selfhosting guide for dummies? IT would be cool to have some guidance at hand to rfer to when i do dumb shit.

Thanks

Hello,

I would like to use the URL of Whoogle's settings so that I can use different settings.

How can I save and use the settings via the URL?

https\://tst.us?preferences=uG8MBIJwHdiwDp1QdzDg92Jvu-uXf9XXc4pizSjScK0YUIsWiEyA-\_U3hz5hFvMYUeiUWWOdbNNUzMuFyMZNVFye-vhkKn2L\_sXt5XNyOvkpjwBhPP2MsakXYPsw227zq00CMwioW33qsIsoNbTFDCw9VkCLrGLHxYCq3D9ZtT53ho0glFtjopDko5ucuPeYJU7QbyQWbNAT0xxeTqiXDLneMMDXCiexiWcjc0B4F4msP7JwS605uJuHFJHCHwcDQCa6VHw==

(tst.us does not exist, it is a sample.

Unfortunately, it has no effect on the settings if I use this URL for the search.

> As Synology explains in security advisories published two days after the flaws were demoed at Pwn2Own Ireland 2024 to hijack a Synology BeeStation BST150-4T device, the security flaws enable remote attackers to gain remote code execution as root on vulnerable NAS appliances exposed online. > > "The vulnerability was initially discovered, within just a few hours, as a replacement for another Pwn2Own submission. The issue was disclosed to Synology immediately after demonstration, and within 48 hours a patch was made available which resolves the vulnerability," Midnight Blue said.

From a different source:

> Synology proactively sponsors and works with security researchers as part of product security initiatives. At this year's Pwn2Own Ireland 2024 event, which took place in late October, we successfully discovered and resolved multiple security vulnerabilities. > > While these vulnerabilities are not being exploited, we recommend all Synology device administrators immediately take action to secure their systems by updating due to the scope and severity of specific issues.

Hello everybody, Daniel here! We're excited to be back with some new updates that we believe the community will love!

As always before we start, we'd like to express our sincere thanks to all of our Cloud subscription users. Your support is crucial to our growth and allows us to continue improving. Thank you for being such an important part of our journey. 🚀

What’s new:

🖼️ Custom Preview Image

Allows users to set a specific preview image for links, making them more visually distinctive and personalized.

!

🎨 Custom Icons for Links and Collections

Thanks to Phosphor Icons, users can now assign unique icons to both individual Links and Collections, each with thousands of unique combinations.

!

ℹ️ New Link Details Drawer

We added a new drawer to display a full view of Link Details, Preserved Formats, and Additional information.

!

🛠️ Customizable View and Adjustable Columns

You can now customize what to view and adjust the number of columns in the Linkwarden dashboard.

!

🔄 Browser Synchronization

Special thanks to Marcel from Floccus, you can now sync your browser bookmarks with Linkwarden using Floccus.

• Floccus GitHub Repository
• Floccus Chrome Extension
• Floccus Firefox Add-on

↗️ Open all Links under a Collection

Allows users to open all links under a collection in a new tab.

!

🌐 Added many more Translations

Thanks to all the contributors, we now support the following languages to make Linkwarden accessible to a broader, global audience:

• 🇹🇼 Chinese - Taiwan (zh-TW)
• 🇳🇱 Dutch (nl)
• 🇩🇪 German (de)
• 🇯🇵 Japanese (ja)
• 🇧🇷 Portuguese - Brazil (pt-BR)
• 🇪🇸 Spanish (es)
• 🇹🇷 Turkish (tr)
• 🇺🇦 Ukrainian (uk)

👥 Reserve more Seats

Cloud subscribers can now add more seats and invite users who aren’t on Linkwarden from their billing page. Learn more about managing seats in our documentation.

🔗 Editable Link URL's

Users can now directly edit link addresses without needing to create a new entry.

🐳 Smaller Docker Image

The Docker image size has been reduced by around 50%, optimizing storage usage and making deployment faster.

✅ And more...

Check out the full changelog below.

Full Changelog: https://github.com/linkwarden/linkwarden/compare/v2.7.1...v2.8.0

---

If you like what we’re doing, you can support the project by either starring ⭐️ the repo to make it more visible to others or by subscribing to the Cloud plan (which helps the project, a lot).

Feedback is always welcome, so feel free to share your thoughts!

Website: https://linkwarden.app

GitHub: https://github.com/linkwarden/linkwarden

Read the blog: https://blog.linkwarden.app/releases/2.8

Warning there are some tall-ass images in this post.

A few years ago I got mad enough at the temperature gradient in my town house that I designed and build a bunch of ESP8266 sensors to feed data into an RRD so that I could have some pretty graphs to be angry about as well. (As of this week I have also started logging stats from my UPS and server.) Using the minimum of HTML and CSS I threw those graphs, a map of the previous day's incoming network traffic, and some convenient links onto a homepage that I use on all of my devices. At a glance this tells me if the furnace/AC is working, if my server is having a fit for unknown reasons, and if the local power grid is playing it fast and loose with the voltage and frequency (which I suspect they do).

!

Clicking the temperature/humidity data leads to a long term data page covering 2 years of data in varying resolution. The gap last fall was when the garage sensor failed and I was waiting for Aliexpress.

!

There are also long term trends for the server load and UPS but they have only been logging for a few days so there is not much to look at.

Clicking the map on the home page leads to a text file containing a summary of all incoming traffic to apache and ssh. The ssh server is on a high port number and doesn't see much traffic but occasionally a persistent bot will find it.

!

Everything but my landing page (this animation in p5.js https://old.reddit.com/r/cellular_automata/comments/1djwjbu/waves_processingorg/ with the text "Hey this isn't where I parked my car" overlayed) is behind basic auth or better and I have push notifications set up for every ssh login (even my own), in 5 years I have never had a successful login from an attacker, this is not an invitation, have mercy.

All the data is gathered with python scripts and stored in RoundRobinDatabases or, in the case of network data, digested down into a CSV. The climate sensors respond to requests on port 80 with the temperature and humidity separated by a comma to allow for easy polling. The map is generated by looking up the IPs' information on Shodan then plotting the location data if it was present.

Absolutely none of this is the ideal solution, there are existing projects that cover literally every aspect plus a dozen extra features I could never hope to implement. I wrote as much as I could from scratch just to see if I could, it's more fun to drive a shitty car that you built than one you bought from the dealer.

Aaaand I accidentally made the UPS database only 24hrs instead of the 10years I had intended. Lucky for me rrdtool has a function to expand an rrd without wiping out the data!

Hello I've been playing around with an old laptop as my home server for 1 year and I think that now it's a good time to upgrade to something better since it feels a bit too slow.

I was thinking to buy a synology but I would prefer something custom because I hate that sometimes the manufacturers decide to abandon support or change all their terms of service.

My budget is about 1000$ USD, I'm looking for it to have at least 20TB and the option to later add a graphics card would be nice.

What do you recommend to buy? Also what software do you recomend? Also could it work with an n100 mini PC?

I've been using Ubuntu server, with docker containers for several services, but I mainly use it for Nextcloud

Is there any way to host an android app in a web browser?

Ideally with docker, likely all of Android, not just an app, but running just an app would be amazing.

Hi everyone, I've been building my own log search server because I wasn't satisfied with any of the alternatives out there and wanted a project to learn rust with. It still needs a ton of work but wanted to share what I've built so far.

The repo is up here: https://codeberg.org/Kryesh/crystalline

and i've started putting together some documentation here: https://kryesh.codeberg.page/crystalline/

There's a lot of features I plan to add to it but I'm curious to hear what people think and if there's anything you'd like to see out of a project like this.

Some examples from my lab environment:

events view searching for SSH logins from systemd journals and syslog events: !

counting raw event size for all indices: !

performance is looking pretty decent so far, and it can be configured to not be too much of a resource hog depending on use case, some numbers from my test install:

• raw events ingested: ~52 million
• raw event size: ~40GB
• on disk size: ~5.8GB

Ram usage:

• not running searches ingesting 600MB-1GB per day it uses about 500MB of ram
• running the ssh search examples above brings it to about 600MB of ram while the search is running
• running last example search getting the size of all events (requires decompressing the entire event store) peaked at about 3.5GB of ram usage

Immich is an amazing piece of software, but because it holds such personal data I have only ever felt comfortable accessing it via VPN or mTLS. This meant that I could never share any photos, which had been really bugging me.

So I built a self-hosted app, Immich Public Proxy, which allows you to share individual files or full galleries to the public without ever exposing your Immich instance. This uses Immich's existing sharing functionality, so other than the initial configuration everything else is handled within Immich.

Why not just expose Immich publicly with Traefik / Caddy / etc?

To share from Immich, you need to allow public access to your /api/ path, which opens you up to potential vulnerabilities. It's up to you whether you are comfortable with that in your threat model.

This proxy provides a barrier of security between the public and Immich. It doesn’t forward traffic to Immich, it validates incoming requests and responds only to valid requests without needing privileged access to Immich.

Demo

You can see a live demo here, which is serving a gallery straight out of my own Immich instance.

Features

• Supports sharing photos and videos.
• Supports password-protected shares.
• Creating and managing shares happens through Immich as normal, so there's no change to your workflow.

Install

Setup takes about 30 seconds:

1. Take a copy of the docker-compose.yml file and change the address for your Immich instance.

2. Start the container: docker-compose up -d

3. Set the "External domain" in your Immich Server Settings to be whatever domain you use to publicly serve Immich Public Proxy. Now whenever you share an image or gallery through Immich, it will automatically create the correct public path for you.

For more detail on the steps, see the docs on Github.

I would like to use a smart watch with health tracking (e.g pulse, steps, sleep tracking) but I don't want to setup an account and send my data to a proprietary cloud.

Can I sit host 'tge cloud'.

If not, can you recommend any watch which i can just sync data from watch to my Linux laptop (again: no account, etc)

Thanx

Hello. I’m pretty new here. I just managed to get my Raspberry Pi setup at home to selfhost a simple website that will act as my portfolio for some art I do.

I’m using WordPress to make the content of the website, meaning it runs on Apache, MariaDB and MySQL in the background. It’s connected via port 80 since I don’t want to pay for SSL certificates to setup https. There will be no accounts or transactions happening on my website. I don’t have anything to manage my dynamic IP but I’ll figure that out later. I’ve deleted the default Pi user on the RPi.

Are there security issues I should address preemptively? I’m worried for instance that I am exposing my home network, making it easier for someone to breach into whatever is connected there.

Any tips on making sure my setup is secure?