This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/hhftechtips on 2025-07-30 08:01:27+00:00.

---

Many of us here rely on Traefik for our setups. It's a powerful and flexible reverse proxy that has simplified how we manage and expose our services. Whether you are a seasoned homelabber or just starting, you have likely appreciated its dynamic configuration and seamless integration with containerized environments.

However, as our setups grow, so does the volume of traffic and the complexity of our logs. While Traefik's built-in dashboard provides an excellent overview of your routers and services, it doesn't offer a real-time, granular view of the access logs themselves. For many of us, this means resorting to docker logs -f traefik and trying to decipher a stream of text, which can be less than ideal when you're trying to troubleshoot an issue or get a quick pulse on what's happening.

This is where a dedicated lightweight log dashboard can make a world of difference. Today, I want to introduce a tool that i believe it can benefit many us: the Traefik Log Dashboard.

What is the Traefik Log Dashboard?

The Traefik Log Dashboard is a simple yet effective tool that provides a clean, web-based interface for your Traefik access logs. It's designed to do one thing and do it well: give you a real-time, easy-to-read view of your traffic. It consists of a backend that tails your Traefik access log file and a frontend that displays the data in a user-friendly format.

Here's what it offers:

• Real-time Log Streaming: See requests as they happen, without needing to refresh or tail logs in your terminal.
• Clear and Organized Interface: The dashboard presents logs in a structured table, making it easy to see key information like status codes, request methods, paths, and response times.
• Geographical Information: It can display the country of origin for each request, which can be useful for identifying traffic patterns or potential security concerns.
• Filtering and Searching: You can filter logs by status code, method, or search for specific requests, which is incredibly helpful for debugging.
• Minimal Resource Footprint: It's a lightweight application that won't bog down your server.

Why is this particularly useful for Pangolin users?

For those of you who have adopted the Pangolin stack, you're already leveraging a setup that combines the Traefik with WireGuard tunnels. Pangolin is a fantastic self-hosted alternative to services like Cloudflare Tunnels.

Given that Pangolin uses Traefik as its reverse proxy, reading logs was a mess. While Pangolin provides excellent authentication and tunneling capabilities, having a dedicated log dashboard can provide an insight into the traffic that's passing through your tunnels. It can help you:

• Monitor the health of your services: Quickly see if any of your applications are throwing a high number of 5xx errors.
• Identify unusual traffic patterns: A sudden spike in 404 errors or requests from a specific region can be an early indicator of a problem or a security probe. (
• Debug access issues: If a user is reporting problems accessing a service, you can easily filter for their IP address and see the full request/response cycle.

How to get started

Integrating the Traefik Log Dashboard into your setup is straightforward, especially if you're already using Docker Compose. Here’s a general overview of the steps involved:

1. Enable JSON Logging in Traefik:

The dashboard's backend requires Traefik's access logs to be in JSON format. This is a simple change to your traefik.yml or your static configuration:

accessLog:
  filePath: "/var/log/traefik/access.log"
  format: json

This tells Traefik to write its access logs to a specific file in a structured format that the dashboard can easily parse.

2. Add the Dashboard Services to your docker-compose.yml**:**

Next, you'll add two new services to your existing docker-compose.yml file: one for the backend and one for the frontend. Here’s a snippet of what that might look like:

  backend:
    image: ghcr.io/hhftechnology/traefik-log-dashboard-backend:1.0.2
    container_name: log-dashboard-backend
    restart: unless-stopped
    volumes:
      - ./config/traefik/logs:/logs:ro
    environment:
      - NODE_ENV=production
      - TRAEFIK_LOG_FILE=/logs/access.log

  frontend:
    image: ghcr.io/hhftechnology/traefik-log-dashboard-frontend:1.0.2
    container_name: log-dashboard-frontend
    restart: unless-stopped
    ports:
      - "3000:80"
    depends_on:
      - backend

A few things to note here:

• The backend service mounts the directory where your Traefik access logs are stored. It's mounted as read-only (:ro) because the backend only needs to read the logs.
• The TRAEFIK_LOG_FILE environment variable tells the backend where to find the log file inside the container.
• The frontend service exposes the dashboard on port 3000 of your host machine.

Once you've added these services, a simple docker compose up -d will bring the dashboard online.

Github-Repo

RoadMap- Tie Routes with resources in pangolin to have a better insight. (done v1.0.2)

A note on security:

As with any tool that provides insight into your infrastructure, it's a good practice to secure access to the dashboard. You can easily do this by putting it behind your Traefik instance and adding an authentication middleware, such as Authelia, TinyAuth, or even just basic auth. This is a standard practice, and it's a great way to ensure that only you can see your traffic logs. Use Middleware manager

In conclusion

For both general Traefik users and those who have embraced the Pangolin stack, the Traefik Log Dashboard is a valuable addition to your observability toolkit. It provides a simple, clean, and effective way to visualize your access logs in real-time, making it easier to monitor your services, troubleshoot issues, and gain a better understanding of your traffic.

If you've been looking for a more user-friendly way to keep an eye on your Traefik logs, I highly recommend giving this a try. It's a small change to your setup that can provide a big improvement in your day-to-day operations.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Deep-Dragonfly-3342 on 2025-07-30 01:41:58+00:00.

---

I have a small web server that I would like to host for free (because I wont be making any money off of it, its a coding project for the resume) and I tried hosting on oracle cloud but realized that although they claim we can get 4 OCPU on arm and 24 gb of ram, I tried provisioning a machine but I was constantly met with "no available resources".

This is why I must make the switch to other services that might offer less resources but could offer more reliability. I was wondering whether aws or any other "always free" hosting service might be better in terms of actually provisioning a machine and having it work reliably.

The thing with AWS though, is that I will probably need a dedicated db service because the allotted memory and storage is probably not enough for my spring boot server, so if anyone has experience with always free instances on aws db service as well be sure to let me know!

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/FckngModest on 2025-07-29 19:37:35+00:00.

---

Context

• I have a few Google calendars: work, private, and family.
• Due to the security policy on my work Google account, I can see only "busy" timeslots when I subscribe to it via my personal Google account.
• If I go on vacation and set "Out of office" in my work calendar, it screws up my personal calendar since it shows just plain "busy" for a day/week/etc. I had to turn off my work account during a vacation, and don't forget to turn it on again after.
• Sometimes I have a duplicating event in multiply accounts.

Question

Are there any existing solutions to generate a calendar (even read-only is fine) that I can connect to my Google Calendar and it not just merges all events from all the accounts but allows me to set rules for merging and discarding events?

For example, I could have just discarded all "Out of office" events since this is only information for my colleagues. I don't need to see it in my Unified calendar.

Self-hosted, of course. :)

Clarification

• I don't want to replace Google Calendar. I want to a service that gives me a link like https://mydomain.org/calendar/<random ID>/ics which I can then import into my Google account
• Just a mobile app and separate WebUI aren't enough because they won't allow me to see my events via my Galaxy Watch, for example. And also will ignore all other integrations that I use via my Google account.

P.S.: Please avoid work-life balance advice. I have my own reason to keep these accounts joined, and I have my own agreements with my manager. Don't worry, I don't work overtime. ;)

P.P.S: Please don't suggest workarounds. I live with a compromise already and I seek for a better and more flexible solution now. :)

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/remvze on 2025-07-29 20:22:00+00:00.

---

TL;DR: Live Version // Repo

Hello everyone! The creator of Moodist here.

Before getting to Haus, I want to thank you all for your tremendous support for Moodist and my other projects, it means the world to me!

Moodist started as a very simple ambient sound player. Over time, it has grown into a suite of productivity tools: from a notepad to a to-do list to a Pomodoro timer. But it has always maintained its focus on ambience, even keeping the other tools tucked away in the menu.

I've always wondered what it would look and feel like if the focus wasn't on ambient sounds. What if it were built from the ground up as an online workstation? That’s why I built Haus. It includes all the tools Moodist has, along with an ambient sound player featuring all of Moodist’s sounds.

You can open and close tools/apps, move and resize them. Everything is stored locally in your browser, nothing ever leaves it. It's designed with simplicity and privacy in mind, very much similar to Moodist.

You can try the live version at haus.mvze.net or check out the source code on the GitHub repo.

You can also self-host it if you’d like.

Please let me know what you think! If you enjoyed it, I'd greatly appreciate your support, especially if you could give it a star on GitHub.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Gqsmoothster on 2025-07-28 19:32:40+00:00.

---

Basically, my honey-do list around the homestead is too large to manage with my usual task manager. So I'd like to also put "job postings" up for my kids to be able to do as well. I'd like to be able to post a small chore into a pool, and let them assign themselves to do it, and then get a reward later. I have a used a million tools like Trello, Omnifocus, etc.... but I don't want to get bogged down by logins... this will be local only. It has to be lightweight and fast enough to use as I'm walking to get the mail and notice some weeds need to be pulled around the rose bushes. Or the chicken food is getting low and needs someone to run out and refill. Being able to snap a pic would be ideal as well.

Obviously not a comprehensive list of requirements here... I'm just thinking out loud and wondering if someone has a system in place already.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/anonymous-69 on 2025-07-29 10:42:10+00:00.

---

Both UK and Australia are imposing age restrictions for websites like Google. Will this affect SearXNG in any way?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/WorldTraveller101 on 2025-07-29 19:06:12+00:00.

---

Hey self-hosters and book lovers! 👋

Since the last update, BookLore, the self-hosted library manager for PDFs, EPUBs, CBZs, and metadata nerds, has gained major new powers across organization, automation, and usability.

• GitHub: BookLore GitHub
• Discord: Join our community
• Docs: booklore-docs
• Live Demo: demo-booklore.elfhosted.com
• ⭐ If you like it, give it a star, it really helps!

New Highlights:

• 🔮 Magic Shelves: Create dynamic shelves using smart, rule-based filters, auto-updates as your library changes. 📘 Learn more
• 📥 Bookdrop: Drop files into a folder, and BookLore handles import, metadata, and notifications automatically. 📘 Guide
• 🧠 Metadata Review: Review, edit, and approve metadata updates before applying, no more blind overwrites.
• 📱 Mobile UI Improvements: Refined layouts for phones and tablets for smoother navigation and better accessibility.
• 🗂️ Smarter File Handling: Move files using metadata-based patterns, with rebuilt file monitoring for accurate detection.
• 📚 New Documentation Site: BookLore now has an official docs site for setup, features, and guides. 👉 Visit Docs
• 💖 Now BookLore is on Open Collective: Early funds will go toward a Kobo device for sync support, server costs, and hosting the official website.

Got feedback, questions, or feature ideas?

Jump into the Discord or leave a comment, this community drives BookLore forward.

Happy reading & self-hosting! 📖

Screenshots: https://imgur.com/a/qsY86q2

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/VizeKarma on 2025-07-29 13:55:33+00:00.

---

Repo: https://github.com/LukeGus/Termix

Install Guide: https://docs.termix.site/docs

Hello! Today, I am pleased to announce the release of version 1.0 of Termix, which combines several of my tools into one. Termix is a clientless web-based server management platform with SSH terminal, tunneling, and file editing capabilities.

Features:

• SSH Terminal Access - Full-featured terminal with split-screen support (up to 4 panels) and tab system
• SSH Tunnel Management - Create and manage SSH tunnels with automatic reconnection and health monitoring
• Remote Config Editor - Edit files directly on remote servers with syntax highlighting and file management
• SSH Host Manager - Save, organize, and manage your SSH connections with tags and folders
• User Authentication - Secure user management with admin controls
• Modern UI - Clean interface built with React, Tailwind CSS, and the amazing Shadcn

Thanks for checking it out, and stay tuned for more updates!

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/sharipova on 2025-07-29 12:23:42+00:00.

---

Hey everyone!

Founder of anytype here - i want to share that we delivered on our long-time promise of an API.

TLDR what’s new: 

• local API (desktop for now) to connect to external services and build your own workflows
• MCP server that allows to connect to LLMs
• Also shipped raycast extension as an example
• Additionally, we improved export/import to markdown - it now supports types and properties, so you can be assured your data is yours forever.

Video:

https://www.youtube.com/watch?v=_IpW-iPtbXw&t=1s

About anytype: a wiki tool to collaborate on docs, databases and files - all local and private. Everything stays on your device—end-to-end encrypted, synced peer-to-peer, with support of collaboration in groups. It’s also possible to self-host for those who can set it up properly. 

Try it: https://download.anytype.io/

More: https://zhanna.any.org/anytype-api-and-mcp (published with anytype)

Just as a reminder how anytype works: 

• Local-first: all data is stored and encrypted on-device 

• CRDT-based sync: collaboration with eventual consistency 

• Accounts & auth via user-owned keys (device-only) 

• Open source core (part MIT licensed, part source-available): github.com/anyproto

it's also possible to self-host anytype, and we have 800+ self-hosted networks, but it's for experienced self-hosters.

Features:

• Docs, notes, tasks, tables, media – linked and structured 

• Real-time collaboration (across users & devices) - 

• Web publishing (from desktop)

• Native iOS and android apps (desktop has full experience)

We open the API as the first step to enable anyone to build on top. If you have questions, feedback, ideas, I am all ears.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Big_Stingman on 2025-07-29 08:14:04+00:00.

---

I have been a paying customer of UptimeRobot for years. I have been paying $8 a month for about 30-35 monitors and it has worked great to monitor all my home lab services. I also use some other features like notifications and status pages. I got an email yesterday that my legacy plan is being "upgraded" (rather - forced migration) and I would need to pay for their new "Team" plan to have the same level of service, for $34. That's a 425% price increase.

They do have a "Solo" plan that would be $19, but that is actually less capable than my current legacy plan for $8. So I would be paying 237.5% more for worse service.

Now I have no problem paying for a service that is providing value, but these price increases are a bit ridiculous. This is for a homelab, not a company.

Anyway, I am looking at alternatives and here's what I came up with so far. If anyone has additional ideas please share!

Uptime Kuma

• My main question is how and where to deploy this?
• Another issue is I want to deploy version 2 (even though it's beta) because it has quite a few more features that I want. Version 1 hasn't been updated in 6 months, so I don't want to have to migrate.
• Right now my plan is to deploy on a digital ocean droplet for $4 (or maybe $6 depending on memory usage). This would require me to also deploy something like Caddy/Traefik/Nginx + certbot.
• This seems like the cheapest option that allows me to deploy version 2 beta of Uptime Kuma
• Other deployment options like pikapods don't currently support version 2.

It's unfortunate I have to leave UptimeRobot, but I'm not going to pay $34 for the same service I've been getting for $8. I probably would have been ok paying even $10-12, but this really just left a bad taste in my mouth. What do you guys think?

If anyone has an easier way to deploy Uptime Kuma without having to manage the underlying infrastructure, I'd be very interested in that. I want to deploy the beta though, which seems to not be available for managed services from what I can tell. Also, if there is a comparable service to Uptime Robot that doesn't charge $34, I'd also be interested in that. Thanks all!

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/makeshift_gray on 2025-07-28 13:41:02+00:00.

---

Recently I set up Karakeep to monitor an RSS feed of my reddit saved items, so whenever I save something in reddit, it's imported automatically to Karakeep.

This is a great solution I'd like to implement elsewhere, starting with FreshRSS. I'd like to be able to star something in FreshRSS and have it imported automatically to Karakeep.

My question is, can FreshRSS itself generate an RSS feed of its favorites? Or is there another approach to achieve the same thing?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/IT-BAER on 2025-07-28 08:12:08+00:00.

---

Hey r/grafana & r/selfhosted !

Since my last post about the Unbound DNS dashboard a while ago, I've been busy expanding the collection with some pretty cool additions. Thought you'd appreciate the updates!

🆕 What's New:

Glancy Dashboard

This one's my personal "Glance" replacement. It's a comprehensive "at-a-glance" or "Home" Dashboard that aggregates content from:

• Reddit Posts from specified Subreddits
• Twitch Channels incl. Thumbnail Preview and Top Games
• YouTube Feeds from selected Channels
• GitHub Release from chosen Repositories
• Custom Bookmarks with Icons
• Calendar
• Custom Search Engine

Everythings configureable within the Dashboard at the bottom!

https://preview.redd.it/t5it1yddokff1.jpg?width=1920&format=pjpg&auto=webp&s=c28b48282f77cb813d579c27045ca2d490ae03aa

Glancy-Navbar

A sleek sticky navigation panel that makes dashboard switching buttery smooth. Once you try it, you can't go back to the default Grafana navigation.

https://i.redd.it/ml2ow3ijokff1.gif

Enhanced Unbound DNS Dashboard:

https://preview.redd.it/sqmc9aepokff1.jpg?width=936&format=pjpg&auto=webp&s=c499126beddaeeb01cee15168f9415adef9bafff

GitHub: https://github.com/IT-BAER/grafana

What's Next:

This Repo is constantly growing with my Ideas and personal Usage Dashboards and Panels.

Would love to hear your thoughts or see your own dashboard creations!

Feedback always welcome! ☕

Drop a ⭐ on the repo if you find it useful!

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/see_sharp_zeik on 2025-07-28 19:45:04+00:00.

---

Hey everyone! First time poster in this sub so please go easy on me!

I have been self hosting services for a very very long time... my first "Self-hosted" application was SharePoint 2010. I have slowly been extracting myself from Microsoft stuff and have embraced FOSS. To get some of my services out of my network I started searching around and discovered NGINX Proxy Manager; and it has been great so far.

Recently while searching around about reverse proxy info I discovered Traefik and saw that you could just add labels to your docker containers to configure the reverse proxy and I was floored. It's so easy to setup and add containers to the config and I don't have to go through all my nginx entries and try to remember which ones are still active.

I still had to use NPM to get services externally as my traefik instance is on my docker server and serves those containers internally, so any external requests come in to the NPM server and are forwarded to the right internal URL.

Well, as I was perusing the Traefik docs I discovered that you can also use an http api endpoint to get routing config data from and I can neither confirm nor deny that something happened in my pants when I discovered that.

Over the last couple days I searched for solutions that implemented this and met my needs and I couldn't find any.. so I made one. A small service that reads Traefik labels and it's own configuration through labels and makes it available in a Traefik friendly JSON endpoint.

If it might meet your needs then feel free to check it out, I have published it under the Apachee 2.0 license.

https://github.com/zeiktuvai/ICOM.Docker.Utils

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/bates121 on 2025-07-28 18:27:45+00:00.

---

I have been very jealous of all the post of people getting free stuff, and it finally happened to me. So my father-in-law is a general contractor. He is working for a company that is moving their corp offices and they have a ton of stuff they are just getting rid of. Yesterday he asked if i wanted anything. I said if they have any towers/servers or hard drives i will gladly take them. He just dropped off 6 12 TB seagate ironwolf drives, a box of 10 PCoIP devices (thin clients), a couple of UPS's, an apple keyboard adn mouse, and some random sticks of ram. Now to check them and see if any are useful. https://imgur.com/a/ALUS2Rr

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/SubnetLiz on 2025-07-28 15:26:48+00:00.

---

Ifeel like I know the “big names” (Nextcloud, Vaultwarden, Jellyfin, etc.), but I keep stumbling across smaller, less talked about tools that end up being game changers

Curious what gems the rest of you are running that don’t get as much love as the big projects. (Or more love for big projects -i dont descriminate if it works 😅) Bonus points if it’s lightweight, Docker-friendly, and not just another media app.

What’s on your can’t live without it list that most people maybe haven’t tried?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Inevitable-Brain-629 on 2025-07-28 12:59:22+00:00.

---

Ever wanted to run your own virtual office, but without giving your data to the cloud gods?

Say hi to WorkAdventure — a 100% open-source, self-hostable platform where your team walks around a pixel-art map, talks with proximity video, and stumbles into spontaneous coffee chats ☕️

• 🧱 Stack: Svelte, Node.js, WebRTC, WebSockets, Phaser.js for the 2D map engine
• 📦 Deployment: Docker / Docker Compose
• 🚫 No DB: No backend database required
• 🔓 100% self-hostable and open-source

Use it for:

• A remote team HQ that doesn’t feel like a spreadsheet
• Onboarding journeys with map-based progression
• Hackathons, classrooms, or "let’s pretend we’re in a Game Boy" moments
• You can embed tools (Miro, Google Docs, etc.), run AI NPCs, and even host up to 5,000 users on one map (we’ve tested it, it’s wild).

💡 Fully self-hostable. Bring your own TURN server or use ours.

🧑‍💻 Github project: https://github.com/workadventure/workadventure

🌐 Live demo: https://play.staging.workadventu.re/@/tcm/workadventure/wa-village

PS: We're a small team in France and super open to feedback, PRs, or feature ideas 😍

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Aretebeliever on 2025-07-28 00:55:46+00:00.

---

I know it didn't work great for a long time but I have a decent library of books/audiobooks right now and was just curious if anyone had found an alternative to Readarr yet?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/f-__-f on 2025-07-28 02:10:34+00:00.

---

And it's crazy good ! It's on LG6, with 4gb of ram and quad-core Qualcomm. Only 0.4W on idle (while running n8n server and ssh session) ! And... The phone isn't rooted ! Just termux, and some debloating with adb. Sadly docker is not supported and had to build lot of things from source, it take some efforts but it's free ! And it work great when correctly done. Stop buying server use your old phones 🫵

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Same_Detective_7433 on 2025-07-28 00:27:47+00:00.

---

Too many people still seem to think it is hard to get incoming IPv4 through a Starlink. And while yes, it is a pain, with almost ANY VPS($5 and cheaper per month) you can get it, complete, invisible, working with DNS and all that magic.

I will post the directions here, including config examples, so it will seem long, BUT IT IS EASY, and the configs are just normal wg0.conf files you probably already have, but with forwarding rules in there. You can apply these in many different ways, but this is how I like to do it, and it works, and it is secure. (Well, as secure as sharing your crap on the internet is on any given day!)

Only three parts, wg0.conf, firewall setup, and maybe telling your home network to let the packets go somewhere, but probably not even that.

I will assume you know how to setup wireguard, this is not to teach you that. There are many guides, or ask questions here if you need, hopefully someone else or I will answer.

You need wireguard on both ends, installed on the server, and SOMEWHERE in your network, a router, a machine. Your choice. I will address the VPS config to bypass CGNAT here, the internals to your network are the same, but depend on your device.

You will put the endpoint on your home network wireguard config to the OPEN PORT you have on your VPS, and have your network connect to it, it is exactly like any other wireguard setup, but you make sure to specify the endpoint of your VPS on the home wireguard, NOT the opther way around - That is the CGNAT transversal magic right there, that's it. Port forwarding just makes it useful. So you home network connects out, but that establishes a tunnel that works both directions, bypassing the CGNAT.

Firewall rules - YOU NEED to open any ports on the VPS that you want forwarded, otherwise, it cannot receive them to forward them - obvious, right? Also the wireguard port needs to be opened. I will give examples below in the Firewall Section.

You need to enable packet forwarding on the linux VPS, which is done INSIDE the config example below.

You need to choose ports to forwards, and where you forward them to, which is also INSIDE the config example below, for 80, 443, etc....

---

Here is the config examples - it is ONLY a normal wg0.conf with forwarding rules added, explained below, nothing special, it is less complex that it looks like, just read it.

wg0.conf on VPS

# local settings for the public server
[Interface]
PrivateKey = <Yeah, get your own>
Address = 192.168.15.10
ListenPort = 51820

# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1

# port forwarding
###################
#HomeServer - Note Ethernet IP based incoming routing(Can use a whole adapter)
###################
PreUp = iptables -t nat -A PREROUTING -d 200.1.1.1 -p tcp --dport 443 -j DNAT --to-destination 192.168.10.20:443
PostDown = iptables -t nat -D PREROUTING -d 200.1.1.1 -p tcp --dport 443 -j DNAT --to-destination 192.168.10.20:443
#
PreUp = iptables -t nat -A PREROUTING -d 200.1.1.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.10.20:80
PostDown = iptables -t nat -D PREROUTING -d 200.1.1.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.10.20:80
#
PreUp = iptables -t nat -A PREROUTING -d 200.1.1.1 -p tcp --dport 10022 -j DNAT --to-destination 192.168.10.20:22
PostDown = iptables -t nat -D PREROUTING -d 200.1.1.1 -p tcp --dport 10022 -j DNAT --to-destination 192.168.10.20:22
#
PreUp = iptables -t nat -A PREROUTING -d 200.1.1.1 -p tcp --dport 10023 -j DNAT --to-destination 192.168.50.30:22
PostDown = iptables -t nat -D PREROUTING -d 200.1.1.1 -p tcp --dport 10023 -j DNAT --to-destination 192.168.50.30:22
#
PreUp = iptables -t nat -A PREROUTING -d 200.1.1.1 -p tcp --dport 10024 -j DNAT --to-destination 192.168.10.1:22
PostDown = iptables -t nat -D PREROUTING -d 200.1.1.1 -p tcp --dport 10024 -j DNAT --to-destination 192.168.10.1:22
#
PreUp = iptables -t nat -A PREROUTING -d 200.1.1.1 -p tcp --dport 5443 -j DNAT --to-destination 192.168.10.1:443
PostDown = iptables -t nat -D PREROUTING -d 200.1.1.1 -p tcp --dport 5443 -j DNAT --to-destination 192.168.10.1:443

# packet masquerading
PreUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE

# remote settings for the private server
[Peer]
PublicKey = <Yeah, get your own>
PresharedKey = <Yeah, get your own>
AllowedIPs = 192.168.10.0/24, 192.168.15.0/24

You need to change the IP(in this example 200.1.1.1 to your VPS IP, you can even use more than one if you have more than one)

I explain below what the port forwarding commands do, this config ALSO allows linux to forward packets and masquerade packets, this is needed to have your home network respond properly.

The port forwards are as follows...

443 IN --> 192.168.10.20:443

80 IN --> 192.168.10.20:80

10022 IN --> 192.168.10.20:22

10023 IN --> 192.168.10.30:22

10024 IN --> 192.168.10.1:22

5443 IN --> 192.168.10.1:5443

The line

PreUp = sysctl -w net.ipv4.ip_forward=1

simply allows the linux kernel to forward packets to your network at home,

You STILL NEED to allow forwarding in UFW or whatever firewall you have. This is a different thing. See Firewall below.

---

FIREWALL

Second, you need to setup your firewall to accept these packets, in this example, 22,80,443,10022,10023,5443

You would use(these are from memory, so may need tweaking)

sudo ufw allow 22

sudo ufw allow 80

sudo ufw allow 443

sudo ufw allow 10022

sudo ufw allow 10023

sudo ufw allow 10024

sudo ufw allow 5443

sudo ufw route allow to 192.168.10.0/24

sudo ufw route allow to 192.168.15.0/24

To get the final firewall setting (for my example setup) of....

sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
51820                      ALLOW IN    Anywhere
80                         ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
10022                        ALLOW IN    Anywhere
10023                        ALLOW IN    Anywhere
10024                        ALLOW IN    Anywhere
51821                      ALLOW IN    Anywhere
192.168.10.0/24            ALLOW FWD   Anywhere
192.168.15.0/24           ALLOW FWD   Anywhere

FINALLY - Whatever machine you used in your network to access the VPS to make a tunnel NEEDS to be able to see the machines you want to access, this depends on the machine, and the rules setup on it. Routers often have firewalls that need a RULE letting the packets from to the LAN, although if you setup wireguard on an openwrt router, it is (probably) in the lan firewall zone, so should just work. Ironically this makes it harder and needs a rule to access the actual router sometimes. - Other machines will vary, but should probably work by default.(Maybe)

---

TESTING

Testing access is as simple as pinging or running curl on the VPS to see it is talking to your home network, if you can PING and especially curl your own network like this

curl 192.168.15.1
curl https://192.168.15.1/

or whatever your addresses are from the VPS, it IS WORKING, and any other problems are your firewall or your port forwards.

---

This has been long and rambling, but absolutely bypasses CGNAT on Starlink, I am currently bypassing three seperate ones like this, and login with my domain, like router.mydomain.com, IPv4 only with almost no added lag, and reliable as heck.

Careful, DO NOT forward port 22 from the VPS if you use it to configure your VPS, as then you will not be able to login to your VPS, because is if forwarded to your home network. It is obvious if you think about it.

Good luck, hope this helps someone.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/walterblackkk on 2025-07-27 20:53:17+00:00.

---

Ever been hacked? Or had a service go down right when you needed it most?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/auauo on 2025-07-27 17:19:16+00:00.

---

I am looking to find out if there are any slightly lesser known tools like huntarr or cleanuparr that i might be missing. A complete list would be fantastic.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/bytesfortea on 2025-07-27 09:46:52+00:00.

---

Hello fellow community,

I guess this has been discussed before but I couldn't find the ultimate solution yet.

My # of selfhosted services continues to grow and as backup up the data to a central NAS is one thing, creating a reproducible configuration to quickly rebuild your server when a box dies is another.

How do you Guys do that? I run a number of mini PCs on Debian which basically host docker containers.

What I would like to build is a central configuration repository of my compose files and other configuration data and then turn this farm of mini PCs into something which is easily manageable in case of a hardware fault. Ideally when one system brakes (or I want to replace it for any other reason), I would like to setup the latest debian (based on a predefined configuration), integrate it into my deployment system, push a button and all services should be back up after a while.

Is komodo good for that? Anyone using it for that or anything better?

And then - what happens when the komodo server crashes?

I thought about building a cluster with k8s/k0s but I am afraid of adding to much complexity.

Any thoughts? TIA!

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Chemical_Frosting700 on 2025-07-27 09:05:47+00:00.

---

So my homeserver isn't big and extravagant, but I'm accessing things just using "192.168.1.XXX".

I would like to access things using something like "nas.mydomain.com". I do have my own actual registered domain for a business I have, but my house is behind a CGNAT so I have to use Tailscale to access it outside my house.

What would be the best way to set this up? Changing A records on my real domain to my Tailscale IPs? Setting up PiHole with DNS forwarding? Something like dnsmasq?

Update: I think I'm going to go with PiHole via Docker Compose on my Raspberry Pi (which I also use as a Tailscale gateway). I just tried it out and it seems to be good.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/LeIdrimi on 2025-07-27 08:16:06+00:00.

---

Sunday. 512 mb ram is not enough.

(As selfhosted doesn’t allow pictures anymore I posted them here: https://www.reddit.com/r/beatnikAudio/s/zO2NOcRH7C)

For those who have no idea what i’m talking about : I’m trying to build an open source sonos alternative, mainly software (based on snapcast), currently focusing on hardware (based on pi). I’m summarizing it here: r/beatnikAudio

What I did this week: A. Preparing play store test pipeline (android compiled) B. Started appstore processes (mock service for reviewers, app store scrennshotes, texts, privacy policy etc.) C. New speakers! And LP player. (Ugly folio on it and an intresting story to it) D. Stress test. Found out that a Pi Zero (512 mb ram) as server may not is enough to handle a lot of requests (especially multiple controller apps & streams running at the same time). So I do not recommend using a pi zero as a snapcast /beatnik-pi server. E. Started new case design. I’m happy again. It looks like a pi case now, which makes sense. F. Almost done with the first version of the website. G. Wrote the snapcast dude / maintainer that I exist. Said thank you. Offered to talk. I think this is polite. Main dependency.

So the software side is running smooth. The controller repo is approaching feature completeness for my milestone „Snapacast configuration“. Implented almost all possible jsonRpc requests and websocket notifications from the snapcast API in my snapcast service:https://github.com/byrdsandbytes/beatnik-controller/blob/master/src/app/services/snapcast.service.ts

On the beatnik-pi repo I added instructions on how to setup the new selfhosted version of beantnik-controller using docker compose. (Step 8) https://github.com/byrdsandbytes/beatnik-pi

Also the first contributions, suggestions and improvements on the beatnik-pi repo from other users. 🥳

Hardware. Still struggling but trying a new approach. Disintegrate everything so it’s standalone. A bit like microservice or container architecture for hardware. (Hope i can explain this properly next time)

Pretty cool that people (you) understand what I’m trying to do and even answer questions, of other users. Thank you. 🤝

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Effective-Ad8776 on 2025-07-27 05:35:48+00:00.

---

I've mini PC that runs most of my services, with few external hard drives connected to it for all the media, backups etc. I also have Pi 3, that runs my main Adguard Home instance. Then a VPS with reverse proxy, crowdsec, uptime kuma.

It all works quite well and is good enough for my needs, I only have 2 people using the system.

I have 300€ to spend on something, and trying to think about what would bring good value. Maybe a NAS enclosure to consolidate hard drives, or a newer Raspberry Pi....

I don't want to buy UPS as I don't run anything critical, and power in my area goes out maybe once every couple of years.

Any ideas appreciated...