This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Genie-AJ on 2025-02-09 16:01:19+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/uscne on 2025-02-09 11:51:12+00:00.

Original Title: i'm building an up-to-date list of recommended European projects, curated by the community to support and strengthen the European tech ecosystem, specifically for users interested in privacy and sustainability. can you suggest me projects to add in self-hosted section, please?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Competitive-Pen-5196 on 2025-02-09 08:16:09+00:00.

---

I am planning to build open source subscription platform in public..

Right now most sdk, have a vendor lock-in and they make it impossible to export your data..

Here to ask for advice and for volunteers..

-NextJs

-Redis

-Swift

-Kotlin

-Flutter

-React Native

-Docker

-Monorepo (NX)

To keep myself accountable,

HERE is the GitHub- 

Community lives on discord..

The sdk will be launched with MIT license..

It will be 100% cursor compatible..

One-click deployment via Coolify

All contributions are welcome!!! we need help with documentation too..

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/cat_chutiya on 2025-02-09 08:07:49+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/fab_space on 2025-02-09 07:23:24+00:00.

---

Hello dear self-hosters!

Over the past 18 months, I've been busy crafting some (hopefully useful, possibly time-wasting 😉) tools for your self-hosting weekends. Here's a rundown of the projects:

(1) Blacklists: Hourly updated domain blacklists for various services (Pi-hole, AdGuard Home, Squid, Unbound). Keep your network clean!

• Link: Blacklists on GitHub

(2) UglyFeed: A powerful RSS feed aggregator and processor leveraging Large Language Models (LLMs). Retrieve, filter, rewrite, and analyze feeds for fun, research, and learning.

• Link: UglyFeed on GitHub

(3) Proxmox LXC Autoscale: Dynamically scale resources for your LXC containers on Proxmox hosts. Optimize resource utilization!

• Link: Proxmox LXC Autoscale on GitHub

(4) Proxmox VM Autoscale: Similar to the LXC autoscaler, but for virtual machines on Proxmox. Efficiently manage VM resources.

• Link: Proxmox VM Autoscale on GitHub

(5) Patterns: Automated, daily-delivered OWASP rules for popular web servers (Nginx, Apache, Traefik, HAProxy). Enhance your web server security.

• Link: Patterns on GitHub

(6) Caddy-WAF: A Web Application Firewall (WAF) module for Caddy. Features include IP/DNS blacklisting, rate limiting, GeoIP/Tor blocking, and anomaly detection.

• Link: Caddy-WAF on GitHub

(7) CF-Box: A collection of Python tools to simplify management of Cloudflare (including multiple accounts).

• Link: CF-Box on GitHub

(8) CSV Anonymizer: A static, local tool for anonymizing CSV data. Protect sensitive information.

• Link: CSV Anonymizer on GitHub

(9) Website Monitor: Automate website monitoring using GitHub Actions. Get notified of downtime and performance issues.

• Link: Website Monitor on GitHub

(10) lws: A unified command-line interface (CLI) to manage Proxmox, LXC, and Docker applications. Simplify your workflow.

• Link: lws on GitHub

(11) Caddy-MIB: Automatically track and ban IP addresses causing repetitive 4xx or 5xx errors on your Caddy server. Mitigate potential attacks.

• Link: Caddy-MIB on GitHub

(12) Limits: Automated rate limiting implementation for various web servers. Protect against abuse and overload.

• Link: Limits on GitHub

(13) DevGPT: Quickly prototype and develop code projects using GPT. Experiment and accelerate your coding.

• Link: DevGPT on GitHub

Enjoy and contribute! I welcome feedback, bug reports, and contributions from the community. No paywalls, no pro plans, no traps, just pure OSS ☕️

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/fuukuyo on 2025-02-09 06:54:44+00:00.

---

I'm keen on hosting my own Git repositories and I've stumbled upon Gitea and GitLab.

I've heard of GitLab being the "enterprise" solution for Git management, while Gitea seems to be the more lightweight version for indie groups with GitHub Actions workflow compatibility.

I'm primarily going to use it for collaboration with PRs and comments, GitHub Actions or workflows, and backing up forks of useful repositories I encounter. I'd also like to mirror the content to my actual GitHub account, for redundancy.

Does anyone have experiences self-hosting both and know the pitfalls of either service? Or, do you know any alternative solutions that can cater to my needs?

Many thanks.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/kalintush on 2025-02-09 04:23:12+00:00.

---

Hi everyone,

After months of development, we're excited to announce that WorkLenz 2.0 will be released to the public in the coming weeks!

Over the past few months, we’ve been hard at work overhauling the platform to introduce new features and better support our users and the self-hosted community. As a result, we temporarily paused major releases on our public repository (WorkLenz 1.0) to focus on building WorkLenz 2.0. Now, we’re wrapping up development and gearing up for release.

A huge thank you to this community for your feedback and support—it has played a crucial role in shaping WorkLenz!

🚀 What’s New in WorkLenz 2.0?

• Custom Fields – Tailor tasks and workflows to fit your needs
• Recurring Tasks – Automate task creation for repeated work
• Improved Resource Scheduler – Better team and workload management
• Enhanced Kanban Board – Smoother and more customizable workflows
• Mobile App (iOS & Android) – Manage tasks on the go
• Dark Mode – A sleek and eye-friendly UI

...and much more!

If you’re interested, follow our GitHub repo for updates and the official release:

Github:Worklenz

We’d love to hear your thoughts, suggestions, and feedback. Let us know what features you'd like to see next!

Cheers,

The WorkLenz Team 🚀

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/esiy0676 on 2025-02-09 00:45:02+00:00.

---

I would like to share the following "blogpost" of mine on use of SSH certificates, which for some reason evade popularity. It was originally written for Proxmox VE users, but only the last paragraph adds context to the case, the rest is all applicable to everyone deploying lots of systems.

The target behind the link contains no tracking, no ads and if you do not mind the limited formatting of Reddit, the same content follows inline in full as well.

---

Public Key Infrastructure with Secure Shell

TL;DR Secure your SSH infrastructure from the very first boot. Rotate keys and never trust a previously unknown machine. Never pass through a key-not-known prompt and do not get used to the identification-changed warning with a remote host.

---

ORIGINAL POST Public Key Infrastructure with Secure Shell

---

Lots of administration tasks are based on SSH, the ubiquitous protocol used to securely connect to remote hosts. But quite a minority of those is set up in a systematic way which would amount to a secure-by-design infrastructure approach. Perhaps it appears to be a hassle, but ease of manageability of a system is a good indication of its soundness in terms of security as well, so security should be made seamlessly easy. As environments grow, the question of trust across systems, real and especially virtual - all the way to the last containeraised workload - goes often unaddressed.

Investigate later

Trust everything from the get go. That sounds terrifying - at least to a security conscious administrator. But for some reason - not always, not with SSH, anyways:

The authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.
ED25519 key fingerprint is SHA256:k95pBxp+arqCAfTTYDHhD63o6O0Sff7zgyzcglxbGaE.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?

And everyone is about to studiously paste in the fingerprint from another source - of course not. They would investigate after encountering an issue, but not before.

Even more relatable would be the pesky warning relating to the same:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:uQEwXegch2seMpndUTxkH9cv6qDqD+25Q2+uyZHldLA.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ED25519 key in /root/.ssh/known_hosts:1
  remove with:
  ssh-keygen -f "/root/.ssh/known_hosts" -R "10.10.10.10"
Host key for 10.10.10.10 has changed and you have requested strict checking.
Host key verification failed.

Naturally, we will do as just been told - this is how most of us got intimate with ssh-keygen^ in the first place, unfortunately often only with its -R switch. The warning, while explicit, is also convoluted. After all, it is only "POSSIBLE" that there is some shenanigans going on, not likely. We are just re-using an IP address or hostname. And it cannot happen to us, anyways - everything else around is secure, so this does not matter, or does it?

Second thought: If it is a secure environment, why are we using encrypted communications within in the first place?

Trust is blind

The concept of trust on first use (TOFU) suddenly becomes familiar. It is, after all, the model of connections non-professionals use all of the time without giving it a second thought. They know this one time, it is just the new target machine being set up, or they are accessing it from this new client machine. But it's really bad, especially in terms of forming habits - since who knows which case is which and when. Every time this question is answered yes, our repertoire of known host keys grows by one more dubious entry - a host, that became trusted, just like that. A sophisticated attacker knows this as well.

Strict checking

It is so common, one might even make use of an option that SSH provides - StrictHostKeyChecking^ - and simply set it to no (perhaps counterintuitively, this causes the always assumed answer be yes - to continue connecting; the default for the option is to ask). But bad habits should not be reinforced, instead they need tackling in the opposite way and that is what the option invites us to do - set it to yes, which means our answer will always be no to the unknown unknowns - we do NOT want to connect to hosts we had not encountered so far. We can set this for the local user by appending a single configuration line file entry:

cat >> ~/.ssh/config <<< "StrictHostKeyChecking yes"

Now all these connections to unknown hosts will be failing, as they should - with a resounding relief of the security officer. Well, that's not too helpful. How do we go about connecting to all these new machines?

Cheating consciously

We will create an exception. Make a shell alias, an explicit invocation of which, will ignore the defaults, by overriding them through its command line.

alias blind-ssh='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'

NOTE Aliases defined on a command line like this do NOT survive through the end of the current shell session, but we do not worry about it in this demonstrative case. We are going to backtrack on it all, anyways.

This will accept blindly whatever key is being presented. If it has not been previously known, it will not affect the record of known hosts - unlike typing away yes did. Then a connection like this will "just work":

blind-ssh dubious@den.internal

NOTE The way this works is setting StrictHostKeyChecking to no, which means a yes presumed for every "sure you want to continue connecting?" prompt. That, however, also appends the newly approved key into the list of known host keys of the user. By redefining its location via UserKnownHostsFile^ directive, it will be added there, which in this case, means nowhere.

But what kind of piece of advice is this? First forbid it, then bypass it. Exactly. But it actually IS better than the previous state in that it:

• forces one to only use such alias sporadically;
• no host keys' list is polluted;
• best of it all, such alias is undefined on a new system.

Because - one should NEVER need it after reading through the end. How so?

SSH - simple and secure

At its face value, SSH as a standard^ remains dependable and secure (not only) for the reason that it is conceptually simple. Clients connect to hosts. Clients authenticate (their users) to hosts. And what is less paid attention to - but equally true - hosts authenticate to clients. This is why there are the above-kind-of prompts in the first place.

So there's a key on each end, a public key cryptography kind of key - where the knowledge of public key of the one's counterpart (client/user or host) helps the system authenticate (both ends). The distribution of the public keys - so that the endpoints know each other - is left out of scope. And so TOFU became a habit.

IMPORTANT The scenario above assumes that keys (not passwords) are used to authenticate users - the primary side benefit that SSH provides. Some users opt to keep using passwords for the user authentication instead, which of course has its own implications, but even then the "distribution" problem remains out of scope - somehow the password had to be set on the target system prior to SSH connection is about to be established. That said, keys are always at play to authenticate hosts.

TIP Another interesting aspect of using client/user keys for SSH authentication instead of passwords is that such user does not even need to have ANY password set on the target system. What a better way to solve the issue of worrying about secure passwords than by having none in the first place.

Public Key Infrastructure

Current OpenSSH^ - implementation we will be mostly focused on - does NOT support Public Key Infrastructure (PKI) as established by the standard of X.509^ and employed with better known SSL/TLS setups. But that said, it DOES support PKI as such - it is just much simpler.

Public keys can be signed by (other, private) keys resulting in certificates, where additional information may be added. The signing party is equally known as certification authority - a familiar term, but these are not the kind of certificates you need to go obtain from the likes of Let's encrypt. You just issue them, distribute and manage them within your full control and they do not go through third-party (and their obscure validation), thus preserve confidentiality of the infrastructure setup as a whole.

NOTE There is a standard of X.509v3 Certificates for Secure Shell Authentication^ and alternative implementations which do go that route. This is entirely out of scope here.

OpenSSH

There is two sides to each authenticated SSH connection. The host tha...

---

Content cut off. Read original on https://old.reddit.com/r/selfhosted/comments/1il2fjx/public_key_infrastructure_with_secure_shell/

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Hakunin_Fallout on 2025-02-08 20:00:33+00:00.

---

Hey all,

Looking to secure my setup, so I just wanted to gather some opinions to better understand your choices.

My current setup has, well, no security, but thanks to the previous thread I've posted here I've gathered some great recommendations. I'm now looking into getting Pangolin+Crowdsec up and running.

The questions that I have are these:

1. I travel a lot. What is the 'easiest' method for me to enable access to all the self-hosted goodies? Is it Tailscale or Pangolin or something else? Right now, the only thing I have against Tailscale is that I'm essentially outsourcing my security. If their servers go down - my access is down too, as I understand it. With self-hosted Pangolin - that doesn't seem to be an issue.
2. I have a family - I want them to be able to access all the stuff in our network easily without any specific tech knowledge. E.g., I set up it once for them - and they have normal access to Hoarder/Vaultwarden/Plex/Immich/Audiobookshelf/etc.
3. Do I understand this correctly that Pangolin will route all my traffic through my VPS, so, if I'm going to watch 4k movies from abroad - I can probably hit my monthly quota with the VPS provider? Does VPS performance play any role here at all?
4. Do I need anything else other than closing ports and running Cowdsec/Fail2ban? Any 'honeypots' you're running on any ports, or some other solution that makes sure somebody not careful enough gets immediately blacklisted?
5. Do I need any auth solutions on top of the above?

Thanks!

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/HrBingR on 2025-02-08 14:29:22+00:00.

---

Hi everyone.

I'm excited to announce BookHaven - a web app for managing your ePub library, with built in reader and download support (and more).

BookHaven was developed as a minimal alternative to web apps like Kavita and calibre-web due to some minor gripes I had with each of them at the time I started working on it:

• Kavita not having support for editing metadata (main gripe)
• Kavita not allowing you to download your ebooks locally
• Calibre-Web requiring an actual Calibre database to work from (main gripe)
• Calibre-Web modifying metadata through modifying the ePub file itself

While these are minor complaints, I wanted something that would suit my own needs, and while I am a bit nervous posting this, I decided to open source and share it in the hopes that it would suit someone else's needs as well.

Link to the repo:

Link to DockerHub:

A short summary of some of the features:

• Read eBooks directly in your browser, on mobile or desktop.
• Download eBooks to any of your devices.
• Non-destructive metadata editing, leaving original ePub files unmodified.
• Manual and, optionally, automatic library scanning at a user-defined interval.
• Search functionality that allows you to filter your library by author, title, or series.
• Basic filters to allow filtering for books marked as favorite, as finished, or as unfinished.
• Has a config option to bypass the normal login flow when making use of Cloudflare Access.
• Allows you to configure OIDC to authenticate with your favorite (self-hosted or otherwise) provider.

Please feel free to log any issues you might experience on GitHub, and feel free to submit pull requests.

Note: Currently BookHaven only supports eBooks in the ePub format.

Side note: I'm quite new to the development space, and BookHaven is the first major development project I've worked on; my prior experience was mostly in scripting (shell). I've learned an absolute ton, but please don't judge my coding practices (and commit messages) too harshly. That having been said, I am always open to improvements or suggestions.

Thank you for taking the time to read, and to check out BookHaven!

EDIT: Excuse the wordy title.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/undernightcore on 2025-02-08 16:52:58+00:00.

---

Hello redditors! I recently built Dockerizalo! A deployment platform that does not tell you to install it in a "clean server" but actually made to coexist with the rest of your deployments. No shell scripts, only a docker-compose.yml file.

Please I'd like some feedback!

Repo:

Features

• Clones from any GIT compatible source, builds and deploys the image for you.
• Manage secrets, volumes, ports and more through the web UI.
• Check build and container logs in realtime.
• Made to coexist with the rest of your applications in your homelab

Screenshots

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/anultravioletaurora on 2025-02-08 16:28:47+00:00.

---

Hi friends! 👋

I'm Violet, and I've been a lurker of this community for years. I'm a SE by trade, I started hosting on a 2006 Dell desktop running Windows from my university's surplus sales. I've since evolved to a multinode Harvester setup to run a highly available RKE2 cluster for compute tasks, and an Unraid NAS for data storage. Like many selfhosters, I also started with Plex and fell down the rabbit hole instantly

I moved to Jellyfin this year and have fallen in love. I migrated myself and all my users from Plex and could not have been happier - but I do miss one thing: Plexamp.

Don't get me wrong - all of the music apps that exist for Jellyfin are excellent. Manet is gorgeous and if you are on iOS, I highly recommend giving it a shot. The developer is very responsive and it's incredibly svelte. Finamp is also fantastic and is what I've used up until this point.

I just prefer a different music listening experience to what they offer.

My music listening habits have evolved over the years, to the point where I enjoy having no two listening sessions alike. I am one that enjoys the curated radios, recommendations, and mixes that streaming services offer. I really enjoyed Plexamp's ability to do that all while remaining selfhosted. I also really enjoyed having CarPlay support.

So I started building a music app for Jellyfin to accomplish this! It's called Jellify and I would love to get the community's reaction to it as far as features, design, and roadmap are concerned not to mention, eyes on my shitty ass code 🥴. I built it in the React Native ecosystem, so cross platform support is 1000% in scope, I'm just waiting on a fix for one of my dependencies so that my Android builds compile.

Right now I have it as a private TestFlight since it's VERY buggy and still in alpha, but I've been making steady progress on it, with my goal to release the MVP (aka 1.0.0) around the end of May (in time for my dad's birthday). I do have .ipa files associated with each release for you iOS sideloaders that want to try it out. It's far from perfect, but it's come a long way since I started working on it.

If you have React experience and would like to help build Jellify, just let me know! I'm most easily reached on my Discord - anultravioletaurora

TL;DR: I'm building a music app for Jellyfin and I'd love to know what you think! I really want to take on Plexamp

I'm open to feature requests, pull requests, comments, questions, and suggestions!

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/WorldTraveller101 on 2025-02-08 14:33:45+00:00.

---

Demo:

I’m excited to present BookLore, a self-hosted web application designed to streamline the process of managing and reading books. As someone who loves reading but found it challenging to organize and access my books across different devices, I wanted to create a solution that made it easy to store, manage, and read books directly from the browser.

The core idea behind BookLore is simplicity. You just need to add your books to a folder, and BookLore takes care of the rest. It supports popular formats like PDF and EPUB, and once the books are uploaded, the app organizes them, making it easy to find and enjoy them from any device, anywhere, as long as you have a browser.

Currently, the app is in its early stages of development, and I have exciting plans for its future. I aim to release BookLore in the coming months, and it will be fully open-source and hosted on GitHub, so anyone can contribute or deploy it themselves.

I’m looking forward to hearing your thoughts and feedback! If you have suggestions, feature requests, or any feedback on how the app can improve, feel free to let me know. I’m open to all ideas as I work to make BookLore the best book management and reading platform it can be.

Thanks for checking it out, and stay tuned for updates!

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/studioleaks on 2025-02-08 14:04:06+00:00.

---

Everyday i am wasting tons of hours discovering how to make an app work. And then on to the next one. And wait did the one i install is even the best option, is zoraxy better than npm? Perfect ..wtf is npm plus?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/RathdrumRip on 2025-02-08 12:32:58+00:00.

---

When you factor everything in? Like hardware, software and maintenance..

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/-ThatGingerKid- on 2025-02-08 06:53:10+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/tcoysh on 2025-02-08 06:39:56+00:00.

---

I’ve got a decent backup solution in place for my Proxmox LXCs and data - but always avoided backing up my 8TB of media data on my ZFS pool.

I know I could do it - but the price is prohibitive for a backup machine or additional storage.

I’ve got a 1Gbps up/down so in theory could cloud back it up - but again storage.

Or do I just hope my RAIDZ covers major drive failures and restore media.

When I say media - I mean TV/Movies I’ve ripped and personal photos (photos just over 1Tb)

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/ApprehensivePass3726 on 2025-02-07 23:34:52+00:00.

---

Hello, I was wondering how do you usually find new self-hosted software? Are you just scrolling through github and this reddit community or do you use lists like awesome selfhosted, selfhst store or selfhst ?

I'm always on the lookout for interesting projects to self-host, and sometimes I feel like I'm missing out on some hidden gems

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/MCH170 on 2025-02-08 00:59:38+00:00.

---

I am looking to host some more services but I went through the popular ones. Do you host any lesser known services that work really well for you?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/compulsivelycoffeed on 2025-02-07 23:54:33+00:00.

---

Longtime sysadmin here and in light of Broadcom's...ermm... decisions, I decided to boycott ESXi in the homelab. I thought XCP-NG might be a fun way to go so I went all in. There are so many odd limitations and unusual workarounds that it's no longer feasible.

• Max VHD disk size is 2TB. The workaround is that you can make several 2TB volumes and then, inside your guest and then use LVM to group them. I decided that to sidestep the 2TB limit, I'd create a 12TB raw disk.

• I have had zero luck getting passing through USB drives to my VMs

• The networking is inelegant compared to vSphere. Perhaps Proxmox is better but I haven't spent much time with that hypervisor yet.

• Many industry standard appliances won't work in XCP-NG - believe me I tried. I looking at things like Clearpass and other Lab environments such as Eve NG. I'm sure there are others I'm not thinking of.

I think I'll move onto Proxmox, but I only have 1 server, so migrating is going to be.... interesting.

Funny enough, now with wanting to move off, I'm having to come up with interesting ways to migrate that disk to qcow2. It should be possible, but I'm putting a lot of faith in a conversion process that I don't trust yet.

Yes, XCP-NG's platform is improving and the community is growing. I enjoy how vocal the devs are and that they stand behind their product. I think it just needs a bit more exposure to get the support it needs from other industry systems to make it a viable contender.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/daredeviltzr on 2025-02-07 14:20:55+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Lanzo__ on 2025-02-07 20:56:49+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/NeitherAdvertNorAd on 2025-02-07 18:49:15+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/ZetaZebra on 2025-02-07 02:59:58+00:00.

---

I've posted a couple of times here in recent weeks discussing the beginnings of my self-hosting journey. Every time I think I finally get it, I get lost again. I can't figure out how to expose my apps to the outside network, I know apparently need to open docker containers to each other for things to work. It's so complicated. Hope I find the patience to give this more of my time.

Truenas is up and running. Dockge, FileBrowser and some other apps are running. It all works locally. I got a domain on porkbun and have the wildcard A record in porkbun's DNS set to my public IP. That seems to be figured out.

That's where the good ends and the wtf begins. I'm a tech-oriented person but really feeling dumb.

1. Put in my public IP and 443:443 in port forwarding on my router settings and it refuses to save
2. Trying to set up reverse proxy and getting confused what domain name is what domain name and that's different from a nameserver. Where do I put my public IP vs. local. Who knows?
3. DNS is so confusing. Using Technitium. Do I set up an A record for each app. So app.porkbundomain.xxx or does that live only in the reverse proxy? Do I need other type of records?

Seen vidoes on people using Cname to direct one domain to another and I don't think I need that but doesn't seem like something I need.

If anyone still has the patience to try to explain to silly ole me, I'll appreciate the help. I keep thinking I finally get...and then I'm lost again.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/PlannedObsolescence_ on 2025-02-07 13:52:50+00:00.