Hi Everyone! Lately I've been captivated by the idea of self-hosting, and 2 days ago I got an old laptop from my sister and now I think it's time for me to actually try. I have ZERO experience: I've always been interested in Tech and I like to try and play with lot of stuff, but apart from super basic use of bash and some fun in Android modding (playing with ROM, kernels and recovery) I know nothing. My idea is to start simple by self-hosting a mastodon server to learn the basic and maybe later try something like jellyfin, joplin and airsonic.

I tried to read as much as I could online, but it seems like there's a jungle of possibilities out there and so I came here to ask if what would be my approach is sound or if I am completely out of my mind.

I started by installing NixOs on the above mentioned old laptop. Installing it was actually easy, knowing how to use will be the problem.

My idea is the following:

• Getting Cloudflare CDN with the Free-plan to hide my server IP
• Learn the basic of SSH and use it to to authenticate only via keys
• Learn and use nginx for reverse proxy
• Set up a firewall
• Install Mastodon code on NixOs
• Set-up my instance
• Use and maintain it

I understand that Docker is widely use to have multiple applications running on server and the advantage is that each application has its dependencies divided from the others. From my understanding though, also NixOs works in the same way (having dependencies divided for each package), so in theory once I install different applications on my machine I should be fine, or am I missing something?

Last but not least : do I need to buy a domain or is it just something cool/easier to have but that I can do without?

Many thanks in advance!

EDIT: Thank you all for the tips and suggestions! Really appreciate it! I will start by setting up my little media home server and then from there I'll see 😊

What apps do you recommend for people? Which apps did you start integrating into your day to day once you discovered they were there? Which apps solved a problem you faced?

Hey Everyone,

Just wanted to ask if anyone has some more user friendly guides for setting up lldap? I've read through the github page but can't seem to wrap my head around it.

Hi, I offer a year subscription based service. I would like to quit from PayPal and Stripe as they charge you for refunds.

Do you have any recommendations for this services that doesn't charge for refunds?

Thanks in advance :)

I don't have any other servers that i could run the whole time so it should just be based on one single device,

I did it with Lemmy Easy Deploy

Looking for feedback and suggestions for my self-hosting website. Let me know if you'd like to see anything added.

Hi everyone,

My router went from IPv4 to IPv6 after an update from my ISP back in April, and so I decided to try and get my selfhosted Raspberry Pi server to work with it. It's been less trivial than I hoped it would be, though. It worked and was reachable when it still used IPv4, but it's been out of the air since April.

I'm running Arch Linux ARM on the device and use networkd to connect it to the internet. I use https://now-dns.com to get a dynamic DNS and have connected it to my server using their Linux script.

This is my Caddyfile:

{
	debug
	
}

# Jellyfin:
https://myserver.now-dns.net:26347,
https://myserver.now-dns.net:443,
[(my IPv6 address here)]:26347 {
	header / {
		# Enable cross-site filter (XSS) 
		# and tell browser to block detected attacks    
		X-Frame-Options "Deny"
		Content-Security-Policy "
	            default-src 'self' data: blob:;
	            style-src 'self' 'unsafe-inline' bootstrapcdn.com *.bootstrapcdn.com https://ctalvio.github.io/Monochromic/default_style.css https://ctalvio.github.io/Monochromic/jfblue_style.css https://ctalvio.github.io/Monochromic/jfpurple_style.css https://ctalvio.github.io/Monochromic/bottom-progress_style.css https://ctalvio.github.io/Monochromic/customcolor-advanced_style.css https://ctalvio.github.io/Monochromic/improve-performance_style.css https://fonts.googleapis.com/css2;
	            script-src 'self' 'unsafe-inline' bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com https://www.gstatic.com/cv/js/sender/v1/cast_sender.js worker-src 'self' blob:;
	            font-src 'self' bootstrapcdn.com *.bootstrapcdn.com;
	            img-src data: 'self' imgur.com *.imgur.com;
	            form-action 'self';
	            connect-src 'self' pokeapi.co;
	            frame-ancestors 'self';
	            report-uri {$CSP_REPORT_URI}
	        "
	}
	reverse_proxy 127.0.0.1:8093
	#reverse_proxy localhost:8093
}

# Nextcloud:
#https://192.168.1.96:65002,
https://myserver.now-dns.net:65001 {
	root * /usr/share/webapps/nextcloud
	file_server
	#        log {
	#                output file     /var/log/caddy/myserver.now-dns.net.log
	#                format single_field common_log
	#        }

	#php_fastcgi 127.0.0.1:9000
	#php_fastcgi unix//run/php-fpm/php-fpm.sock # veranderd naar correcte adres uit /etc/php/php-fpm.d/www.conf
	php_fastcgi unix//run/nextcloud/nextcloud.sock # veranderd naar nieuwe correcte adres uit /etc/php/php-fpm.d/nextcloud.conf

	header {
		# enable HSTS
		Strict-Transport-Security max-age=31536000;
	}

	redir /.well-known/carddav /remote.php/dav 301
	redir /.well-known/caldav /remote.php/dav 301

	# .htaccess / data / config / ... shouldn't be accessible from outside
	@forbidden {
		path /.htaccess
		path /data/*
		path /config/*
		path /db_structure
		path /.xml
		path /README
		path /3rdparty/*
		path /lib/*
		path /templates/*
		path /occ
		path /console.php
	}

	respond @forbidden 404
}

(myserver.now-dns.net is not actually my server name, I changed it to stay a bit more anonymous. Maybe this is unnecessarily cautious, let me know if I should change this to my actual address to aid your help.)

This is a journalctl log from fresh after a Caddy restart:

Aug 01 14:36:12 baspi2 systemd[1]: Starting Caddy web server...
Aug 01 14:36:13 baspi2 caddy[23895]: {"level":"info","ts":1690893373.0834036,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Aug 01 14:36:13 baspi2 caddy[23895]: {"level":"warn","ts":1690893373.0915132,"msg":"No files matching import glob pattern","pattern":"/etc/caddy/conf.d/*"}
Aug 01 14:36:13 baspi2 caddy[23895]: {"level":"info","ts":1690893373.1047359,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x4394a00"}
Aug 01 14:36:13 baspi2 caddy[23895]: {"level":"info","ts":1690893373.1278725,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Aug 01 14:36:13 baspi2 caddy[23895]: {"level":"info","ts":1690893373.1279871,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv1","https_port":443}
Aug 01 14:36:13 baspi2 caddy[23895]: {"level":"info","ts":1690893373.1280322,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
Aug 01 14:36:13 baspi2 caddy[23895]: {"level":"info","ts":1690893373.128112,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv2"}
Aug 01 14:36:13 baspi2 caddy[23895]: {"level":"info","ts":1690893373.1328619,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0x4394a00"}
Aug 01 14:36:13 baspi2 caddy[23895]: Valid configuration
Aug 01 14:36:13 baspi2 caddy[23904]: caddy.HomeDir=/var/lib/caddy
Aug 01 14:36:13 baspi2 caddy[23904]: caddy.AppDataDir=/var/lib/caddy
Aug 01 14:36:13 baspi2 caddy[23904]: caddy.AppConfigDir=/etc/caddy
Aug 01 14:36:13 baspi2 caddy[23904]: caddy.ConfigAutosavePath=/var/lib/caddy/autosave.json
Aug 01 14:36:13 baspi2 caddy[23904]: caddy.Version=v2.6.4
Aug 01 14:36:13 baspi2 caddy[23904]: runtime.GOOS=linux
Aug 01 14:36:13 baspi2 caddy[23904]: runtime.GOARCH=arm
Aug 01 14:36:13 baspi2 caddy[23904]: runtime.Compiler=gc
Aug 01 14:36:13 baspi2 caddy[23904]: runtime.NumCPU=4
Aug 01 14:36:13 baspi2 caddy[23904]: runtime.GOMAXPROCS=4
Aug 01 14:36:13 baspi2 caddy[23904]: runtime.Version=go1.20.1
Aug 01 14:36:13 baspi2 caddy[23904]: os.Getwd=/
Aug 01 14:36:13 baspi2 caddy[23904]: LANG=C
Aug 01 14:36:13 baspi2 caddy[23904]: PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
Aug 01 14:36:13 baspi2 caddy[23904]: NOTIFY_SOCKET=/run/systemd/notify
Aug 01 14:36:13 baspi2 caddy[23904]: HOME=/var/lib/caddy
Aug 01 14:36:13 baspi2 caddy[23904]: LOGNAME=caddy
Aug 01 14:36:13 baspi2 caddy[23904]: USER=caddy
Aug 01 14:36:13 baspi2 caddy[23904]: INVOCATION_ID=131202f1b6e3472bab7e6fc48933c731
Aug 01 14:36:13 baspi2 caddy[23904]: JOURNAL_STREAM=8:2593614
Aug 01 14:36:13 baspi2 caddy[23904]: SYSTEMD_EXEC_PID=23904
Aug 01 14:36:13 baspi2 caddy[23904]: XDG_DATA_HOME=/var/lib
Aug 01 14:36:13 baspi2 caddy[23904]: XDG_CONFIG_HOME=/etc
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.4270308,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"warn","ts":1690893373.4276912,"msg":"No files matching import glob pattern","pattern":"/etc/caddy/conf.d/*"}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.4616253,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.4650905,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x4e32000"}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.4871185,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.4872386,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv1","https_port":443}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.4872835,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.4874046,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv2"}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.9077604,"logger":"pki.ca.local","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/local/root.crt"}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.9084256,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.909473,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy"}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"debug","ts":1690893373.9139633,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.9140959,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.9144514,"logger":"http","msg":"enabling HTTP/3 listener","addr":":65001"}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"debug","ts":1690893373.91526,"logger":"http","msg":"starting server loop","address":"[::]:65001","tls":true,"http3":true}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.9154122,"logger":"http.log","msg":"server running","name":"srv2","protocols":["h1","h2","h3"]}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"debug","ts":1690893373.9156892,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.9158008,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.9160817,"logger":"http","msg":"enabling HTTP/3 listener","addr":":26347"}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"debug","ts":1690893373.9165256,"logger":"http","msg":"starting server loop","address":"[::]:26347","tls":true,"http3":true}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.9165914,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.916624,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["(my IPv6 address here)","myserver.now-dns.net"]}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"info","ts":1690893373.917206,"logger":"tls","msg":"finished cleaning storage units"}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"warn","ts":1690893373.920347,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [(my IPv6 address here)]: no OCSP server specified in certificate","identifiers":["(my IPv6 address here)"]}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"debug","ts":1690893373.920421,"logger":"tls.cache","msg":"added certificate to cache","subjects":["(my IPv6 address here)"],"expiration":1690917213,"managed":true,"issuer_key":"local","hash":"8aa98ab4d6a397ee8784859f4ba69d8df96d6d978247a3436a20cc8373cf9a8a","cache_size":1,"cache_capacity":10000}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"debug","ts":1690893373.920493,"logger":"events","msg":"event","name":"cached_managed_cert","id":"2420e703-5823-4962-ad5b-05a084aafacb","origin":"tls","data":{"sans":["(my IPv6 address here)"]}}
Aug 01 14:36:13 baspi2 caddy[23904]: {"level":"debug","ts":1690893373.923109,"logger":"tls","msg":"loading managed certificate","domain":"myserver.now-dns.net","expiration":1697974414,"issuer_key":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy"}
Aug 01 14:36:14 baspi2 caddy[23904]: {"level":"debug","ts":1690893374.1269143,"logger":"tls.cache","msg":"added certificate to cache","subjects":["myserver.now-dns.net"],"expiration":1697974414,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"7db3c32211ccb2942c5d329650e92ddd63cd9a17670eba2ce29476f3c3e3a741","cache_size":2,"cache_capacity":10000}
Aug 01 14:36:14 baspi2 caddy[23904]: {"level":"debug","ts":1690893374.1271243,"logger":"events","msg":"event","name":"cached_managed_cert","id":"fc000be0-ac06-4ca2-aa53-c14c6fb3ae27","origin":"tls","data":{"sans":["myserver.now-dns.net"]}}
Aug 01 14:36:14 baspi2 caddy[23904]: {"level":"info","ts":1690893374.1345215,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/autosave.json"}
Aug 01 14:36:14 baspi2 systemd[1]: Started Caddy web server.
Aug 01 14:36:14 baspi2 caddy[23904]: {"level":"info","ts":1690893374.137206,"msg":"serving initial configuration"}
Aug 01 14:36:14 baspi2 sudo[23887]: pam_unix(sudo:session): session closed for user root

• I "opened" the necessary ports on my router (my router calls it that, I realise it's probably more like I unblocked these ports in its IPv6 firewall)
• I scanned the open ports with an IPv6 port scanner (this one) and it shows ports 80 and 443 to be open, as well as ports 65001 and 26347
• I used my public IPv6 address to scan, as well as the myserver.now-dns.net address (which is actually another server name)
• I used a smart phone unconnected to wifi to test, but the site cannot load there, either. I tested from other networks while away from home, too, which also didn't work.

Unfortunately, I still cannot connect to the server with a browser. https://myserver.now-dns.net:26347/ gives an ¨Unable to connect" error on Firefox.

I have been whittling away at this issue on and off since April and haven't really made any big breakthroughs. What would be your first steps in troubleshooting this issue?

When I scan one of the open ports with an online tool, a message like this pops up in the journalctl log:

Aug 01 14:45:49 baspi2 caddy[23904]: {"level":"debug","ts":1690893949.6947021,"logger":"http.stdlib","msg":"http: TLS handshake error from [2a01:4f8:1c1c:2d4e::1]:50079: EOF"}

Hello again. I have several movies saved on my NAS, and wanted to have them in one folder for easy searching while also having folders for specific genres.

I tried creating some symlinks on my Linux machine, but those aren't visible on Windows or Android. I then tried creating shortcuts on a Windows machine, but those don't work on Linux or Android.

Is there any hope for setting up universally recognized symlinks/shortcuts?

I know it's odd, but I have this Chinese setup box with S905x processor, 2GB of RAM, and 500GB of USB Storage. I love it. Really really love it. I unlocked it and It runs OpenWRT with Docker installed and I wonder whether or not this board can be my OnlyOffice server. Thanks.

[Question] Podcast streaming to Raspberry Pi

@selfhost

I'm planning on setting up a #rasberrypi music streamer. I'll be throwing headless #plexamp to play my music library and I'll probably use #moodeaudio as the base image to get me bluetooth, airplay and a few other bits. Does anyone know how I can integrate podcasts into the platform? I was thinking of setting up an #audiobookshelf server and clients on my mobile devices but I'm not sure how to stream a podcast to the pi so that it keeps track of my position across all my devices.

#selfhosted

Hi all. I recently (yesterday) set up a TrueNAS Core server from some old hardware I had lying around, and it feels great to be self-hosting!

I currently only have Syncthing set up on it for a couple of files, but I'd like to be able to manage all the files on the pool from my phone if I need to. What would be the best software to accomplish this?

can other instances see this post?

[Question] Harbor registry with Ingress on a k3d cluster

Hi, Has anyone tried to enable #ingress + #certmanager on a #k3d cluster while installing #harbor registry via #helm ? Any inputs on how to achieve this on macos? TIA

@selfhost

Hi,

I've been trying to host my own lemmy instance for a while. i've almost got it working (i think). But my problem now is that whenever i try to post something with a picture i get an error SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data. In firefox i get a 502 bad gateway error pointing to https://lemmy.emphisia.nl/pictrs/image I don't really know why because everything seems to be working

Hello,

I am hosting a shared Minecraft server (10-15 users usually) on dedicated hardware somewhere at OVH. I am considering moving this server to my home. I would save 25$ per month doing this, which would be my main motivation.

I am aware of other considerations (I'll mention them later) but maybe I am missing something? Is there anyone who did the reverse (hosting a service with multiple users, moving them from your home to a hosting company) and what was your reason

Things I already considered:

• when my electricity/connection goes down the server goes down (that's ok it's just a game and my connection has always been very very stable)
• hosting at home eats bandwidth (I have 50mbit which is way more than I use, I don't stream or download much)
• electricity costs money too
• when the server is compromised my home network is compromised (handling servers and networks is my hobby and my job, I think I can make it safe)

Thank you for your thoughts!

I suffer several micro cuts a day since a couple weeks. I'd like to monitor these cuts to help diagnose the issue with my ISP.

Is there any docker image that allows to do this ? I only found internet speed monitoring.

Is there an active self-hostable solution similar to Dropbox, GDrive? NextCloud not considered, too bloated, not polished.

I made this stack based on my own deployment of Lemmy, it should allow anyone to run a Lemmy stack in Compose, with LE SSL behind Traefik. I've tested it behind docker-compose on Windows and Ubuntu. Interested in any feedback or PRs :)

I have a handful of NodeJS websites that are almost ready to be deployed publicly. All of them are very simple sites which I don't expect to get much traffic.

I'm thinking I could make a docker container for each website using the NodeJS docker image, then route them using traefik or nginx. This way there's a good degree of separation between the sites and everything will be organized and easy to backup/transfer around if needed.

Is it a decent plan? Got any better ideas or tips?

geteilt von: https://kerala.party/post/34434

I tried to install pixelfed on my server using the docker compose file from the pixelfed repository. The installation was not straightforward and there were many problems. So I created an ansible playbook to automate the installation. Hope this is helpful and let me know your feedback.

Hi everyone,

My router went from IPv4 to IPv6 after an update from my ISP back in April, and so I decided to try and get my selfhosted Raspberry Pi server to work with it. It's been less trivial than I hoped it would be, though. It worked and was reachable when it still used IPv4, but it's been out of the air since April.

I'm running Arch Linux ARM on the device and use networkd to connect it to the internet. I use https://now-dns.com to get a dynamic DNS and have connected it to my server using their Linux script.

This is my Caddyfile:

{
	debug
	
}

# Jellyfin:
myserver.now-dns.net:26347,
myserver.now-dns.net:443,
[my ipv6]:26347 {
	header / {
		# Enable cross-site filter (XSS) 
		# and tell browser to block detected attacks    
		X-Frame-Options "Deny"
		Content-Security-Policy "
	            default-src 'self' data: blob:;
	            style-src 'self' 'unsafe-inline' bootstrapcdn.com *.bootstrapcdn.com https://ctalvio.github.io/Monochromic/default_style.css https://ctalvio.github.io/Monochromic/jfblue_style.css https://ctalvio.github.io/Monochromic/jfpurple_style.css https://ctalvio.github.io/Monochromic/bottom-progress_style.css https://ctalvio.github.io/Monochromic/customcolor-advanced_style.css https://ctalvio.github.io/Monochromic/improve-performance_style.css https://fonts.googleapis.com/css2;
	            script-src 'self' 'unsafe-inline' bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com https://www.gstatic.com/cv/js/sender/v1/cast_sender.js worker-src 'self' blob:;
	            font-src 'self' bootstrapcdn.com *.bootstrapcdn.com;
	            img-src data: 'self' imgur.com *.imgur.com;
	            form-action 'self';
	            connect-src 'self' pokeapi.co;
	            frame-ancestors 'self';
	            report-uri {$CSP_REPORT_URI}
	        "
	}
	reverse_proxy 127.0.0.1:8093
	#reverse_proxy localhost:8093
}

# Nextcloud:
myserver.now-dns.net:65001 {
	root * /usr/share/webapps/nextcloud
	file_server
	#        log {
	#                output file     /var/log/caddy/myserver.now-dns.net.log
	#                format single_field common_log
	#        }

	#php_fastcgi 127.0.0.1:9000
	#php_fastcgi unix//run/php-fpm/php-fpm.sock # veranderd naar correcte adres uit /etc/php/php-fpm.d/www.conf
	php_fastcgi unix//run/nextcloud/nextcloud.sock # veranderd naar nieuwe correcte adres uit /etc/php/php-fpm.d/nextcloud.conf

	header {
		# enable HSTS
		Strict-Transport-Security max-age=31536000;
	}

	redir /.well-known/carddav /remote.php/dav 301
	redir /.well-known/caldav /remote.php/dav 301

	# .htaccess / data / config / ... shouldn't be accessible from outside
	@forbidden {
		path /.htaccess
		path /data/*
		path /config/*
		path /db_structure
		path /.xml
		path /README
		path /3rdparty/*
		path /lib/*
		path /templates/*
		path /occ
		path /console.php
	}

	respond @forbidden 404
}

Figuring out how to open the necessary ports took some doing on my router, but now when I test with an IPv6 port scanner (like this one) it shows me that ports 80 and 443 are open, as well as ports 65001 and 26347. It works both when I fill in my public IPv6 address as well as the address I get from now-dns. I still cannot connect to the server with a browser, though.

I have been whittling away at this issue on and off since April and haven't really made any big breakthroughs. What would be your first steps in troubleshooting this issue?

journalctl -f -u caddy gives the following:

Jul 18 16:28:13 baspi2 caddy[422]: {"level":"debug","ts":1689690493.3595114,"logger":"http.stdlib","msg":"http: TLS handshake error from 198.199.97.61:43266: no certificate available for '192.168.1.96'"}
Jul 18 16:28:16 baspi2 caddy[422]: {"level":"debug","ts":1689690496.401284,"logger":"http.stdlib","msg":"http: TLS handshake error from [2604:a880:400:d0::20e2:c001]:46636: EOF"}
Jul 18 16:28:45 baspi2 caddy[422]: {"level":"debug","ts":1689690525.159631,"logger":"http.stdlib","msg":"http: TLS handshake error from [2607:5300:201:3100::7911]:42978: read tcp [2a02:a465:1b91:1:dea6:32ff:fe54:67fb]:65001->[2607:5300:201:3100::7911]:42978: read: connection reset by peer"}
Jul 18 16:35:44 baspi2 caddy[422]: {"level":"debug","ts":1689690944.3032691,"logger":"http.stdlib","msg":"http: TLS handshake error from [2a01:4f8:1c1c:2d4e::1]:31497: EOF"}
Jul 18 16:41:15 baspi2 caddy[422]: {"level":"debug","ts":1689691275.666184,"logger":"http.stdlib","msg":"http: TLS handshake error from 45.227.254.49:65421: tls: first record does not look like a TLS handshake"}
Jul 18 16:48:14 baspi2 caddy[422]: {"level":"debug","ts":1689691694.1229563,"logger":"events","msg":"event","name":"tls_get_certificate","id":"f6540cc3-dce9-4f75-995a-9d313ad6a9a8","origin":"tls","data":{"client_hello":{"CipherSuites":[49199,49195,49169,49159,49171,49161,49172,49162,5,47,53,49170,10],"ServerName":"","SupportedCurves":[23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1025,1027,513,515,1025,1281,1537],"SupportedProtos":null,"SupportedVersions":[771,770,769],"Conn":{}}}}
Jul 18 16:48:14 baspi2 caddy[422]: {"level":"debug","ts":1689691694.1232002,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"192.168.1.96"}
Jul 18 16:48:14 baspi2 caddy[422]: {"level":"debug","ts":1689691694.1232479,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"192.241.226.31","remote_port":"60480","sni":""}
Jul 18 16:48:14 baspi2 caddy[422]: {"level":"debug","ts":1689691694.1233048,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","remote_ip":"192.241.226.31","remote_port":"60480","server_name":"","remote":"192.241.226.31:60480","identifier":"192.168.1.96","cipher_suites":[49199,49195,49169,49159,49171,49161,49172,49162,5,47,53,49170,10],"cert_cache_fill":0.0003,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Jul 18 16:48:14 baspi2 caddy[422]: {"level":"debug","ts":1689691694.1235263,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.241.226.31:60480: no certificate available for '192.168.1.96'"}

(Those handshake errors show up when I scan the ports with an online tool.)

I used to have this working, but I haven't used it in a while and had to rebuild the server in between, and now it doesn't. How do you set up the PAT in the URL in order to access private repos when building using docker compose?

build: 'https://PAT@github.com/username/repo.git#branch' is what I'm trying to use, but I get:

failed to solve: failed to read downloaded context: failed to load cache key: invalid response status 404

EDIT: See comment for (silly) resolution. The above works.

I have a vps where I host a few things and I tried adding jellyfin. It worked and while scanning media railed the CPU/ram, once it was done everything was smooth. However, despite having all dependencies a bunch of videos didn't play. I also don't need the music and ebooks side of jellyfin as I'll be using other things for those (funkwhale for music, still looking into the books and comics ) So, which self hosted alternatives do I have for videos and books/comic books? I need things that only do that but don't well. The video one needs to have a client I can install on a android device I have plugged ony tv

I'm excited about this MPL licensed tool and wanted to share; it's aiming to be a replacement to Notion, but self-hosted. It's not as feature rich (still in Beta) but it's a modern KMS/Collaboration tool that's looks to be on par with other proprietary options in the market. They seem to have some sort of capital backing because they have a team working on development.

My concern is how the pricing model will work and what features they will lock. They say that it will be free to self-host, but I feel like they will lock some features (most definitely their cloud service.) But if they only lock cloud hosting but allow self-hosting it will be pretty amazing for the self-hosting community.