Skip Navigation

User banner
Lanie Carmelo
Lanie Carmelo @ RareBird15 @caneandable.social
Posts
7
Comments
25
Joined
9 mo. ago

🌟 Self-Hosting Journey Update! 🌟

Jump

  • @Xanza You were right. I got Caddy working with no more Cloudflare tunnel. It's working directly now, only using Cloudflare for DNS.

    • 🌟 Self-Hosting Journey Update! 🌟

    Jump

  • @someguy Everything is very responsive. I haven't had any trouble with responsiveness at all. Lol right now the only trouble I'm having is that I removed Monica CRM and BookStack and BookStack because of Monica accessibility needs and BookStack not really being that useful, and I'm trying to install Pleroma to play with that, but Docker's having some weird DNS issues where it keeps trying to use IPv6, which my ISP doesn't support, even though I've disabled it in my daemon.json.

    • 🌟 Self-Hosting Journey Update! 🌟

    Jump

  • @Xanza Not sure what you mean. I wanted to use my services with my domain. I tried a reverse proxy by itself and it wouldn't work because my ISP blocks ports, so I set up Cloudflare instead. Then I found out my services would work better with Caddy, so I set that up. I also originally wasn't using Unbound, but then I realized my services were having trouble communicating, and I thought it would help to have more control over DNS rules, which it has.

    • 🌟 Self-Hosting Journey Update! 🌟

    Jump

  • @toastal My ISP blocks ports. Cloudflare was the only way I could get reverse proxying to work.

    • 🌟 Self-Hosting Journey Update! 🌟

    Jump

  • @tofuwabohu Yes, I'm running Docker directly on the Raspberry Pi. IDrive automatically backs up the folders you specify at a time you choose. I think it uses Cron or something.

    • Self Hosted - Self-hosting your services. @lemmy.ml
    Lanie Carmelo @caneandable.social

    🌟 Self-Hosting Journey Update! 🌟

    Help Needed: Homepage Configuration – Missing Widgets & API Errors

    Jump

  • @NegativeLookBehind I updated the gist with some log files. There are a lot of 401 errors in the homepage logs. I know my API keys are correct so I'm not sure how to fix them.

    • Selfhosted @lemmy.world
    Lanie Carmelo @caneandable.social

    Help Needed: Homepage Configuration – Missing Widgets & API Errors

    I'm new to self-hosting and struggling to get my services accessible externally. I'm using Traefik as a reverse proxy on a Raspberry Pi 500 running Stormux (Arch Linux ARM-based). My public IP

    Jump

  • @MaggiWuerze I thought 443 might have been blocked by my ISP at first because I tried it and had the same issues with it.

    • I'm new to self-hosting and struggling to get my services accessible externally. I'm using Traefik as a reverse proxy on a Raspberry Pi 500 running Stormux (Arch Linux ARM-based). My public IP

    Jump

    • I'm new to self-hosting and struggling to get my services accessible externally. I'm using Traefik as a reverse proxy on a Raspberry Pi 500 running Stormux (Arch Linux ARM-based). My public IP

    Jump

  • @bravemonkey The plan was to set it to low temporarily. The choices were high, medium, low, or off. One of the ports Traefik listens on is 80. I used portchecktool.com and it told me the connection was timing out.

    • I'm new to self-hosting and struggling to get my services accessible externally. I'm using Traefik as a reverse proxy on a Raspberry Pi 500 running Stormux (Arch Linux ARM-based). My public IP

    Jump

  • @geillescas @selfhost @selfhosting @selfhosted @linux I'll have to see about this. I'm not the account holder and the one who is, my stepdad, isn't exactly tech-savvy. My router did have a firewall blocking traffic, but I changed its security level and looked at the rules, so that shouldn't be an issue anymore.

    • I'm new to self-hosting and struggling to get my services accessible externally. I'm using Traefik as a reverse proxy on a Raspberry Pi 500 running Stormux (Arch Linux ARM-based). My public IP

    Jump
    • Self Hosted - Self-hosting your services. @lemmy.ml
    Lanie Carmelo @caneandable.social

    I'm new to self-hosting and struggling to get my services accessible externally. I'm using Traefik as a reverse proxy on a Raspberry Pi 500 running Stormux (Arch Linux ARM-based). My public IP

    Hi #SelfHosted community. I've figured out a lot of my setup. I now have a new domain, laniesplace.us, just for #HomeServer stuff. It's set up through Porkbun with Dynu for #DDNS. I've now got

    Jump

  • @selfhost @selfhosting @selfhosted @linux Authelia configuration.yml:

       
        
theme: light

server:  
 address: 0.0.0.0:9091

log:  
 level: debug  
 format: text  
 file\_path: /var/log/authelia/authelia.log

totp:  
 issuer: laniesplace.us  
 period: 30  
 skew: 1

authentication\_backend:  
 file:  
 path: /config/users\_database.yml  
 password:  
 algorithm: argon2id  
 iterations: 3  
 memory: 65536  
 parallelism: 4  
 salt\_length: 16  
 key\_length: 32

access\_control:  
 default\_policy: deny  
 rules:  
 \# Public Access  
 \- domain:   
 \- "pihole.laniesplace.us"  
 \- "homer.laniesplace.us"  
 policy: bypass

 \# High Security (Two Factor)  
 \- domain:   
 \- "portainer.laniesplace.us"  
 \- "netdata.laniesplace.us"  
 \- "cockpit.laniesplace.us"  
 \- "glances.laniesplace.us"  
 \- "code.laniesplace.us"  
 policy: two\_factor  
 subject:  
 \- "group:admins"

 \# Medium Security (One Factor Admin)  
 \- domain:  
 \- "forgejo.laniesplace.us"  
 \- "files.laniesplace.us"  
 \- "uptime.laniesplace.us"  
 policy: one\_factor  
 subject:  
 \- "group:admins"

 \# Standard Auth (One Factor)  
 \- domain:  
 \- "thelounge.laniesplace.us"  
 \- "miniflux.laniesplace.us"  
 \- "linkding.laniesplace.us"  
 \- "wiki.laniesplace.us"  
 policy: one\_factor

 \# Catch-all rule  
 \- domain: "\*.laniesplace.us"  
 policy: one\_factor

session:  
 name: authelia\_session  
 domain: laniesplace.us  
 same\_site: lax  
 expiration: 3600  
 inactivity: 300  
 remember\_me: 1M

regulation:  
 max\_retries: 3  
 find\_time: 120  
 ban\_time: 300

storage:  
 local:  
 path: /config/db.sqlite3

notifier:  
 disable\_startup\_check: false  
 smtp:  
 address: submission://smtp.gmail.com:587  
 username: laniegcarmelo@gmail.com  
 password: rcig lqpk cbsg aqcm  
 sender: "Authelia \<laniegcarmelo@gmail.com\>"  
 identifier: auth.laniesplace.us  
 subject: "[Authelia] {title}"  
 startup\_check\_address: laniegcarmelo@gmail.com  
 timeout: 5s

identity\_validation:  
 reset\_password:  
 jwt\_secret: ${AUTHELIA\_JWT\_SECRET\_FILE}

    • Hi #SelfHosted community. I've figured out a lot of my setup. I now have a new domain, laniesplace.us, just for #HomeServer stuff. It's set up through Porkbun with Dynu for #DDNS. I've now got

    Jump

  • @selfhost @selfhosting @selfhosted @linux Authelia docker-compose.yml:

       
        
services:  
 authelia:  
 image: authelia/authelia:latest  
 container\_name: authelia  
 volumes:  
 \- ./config:/config  
 \- ./logs:/var/log/authelia  
 networks:  
 \- web  
 \- authelia\_internal  
 environment:  
 \- TZ=America/Chicago  
 \- AUTHELIA\_JWT\_SECRET\_FILE=/config/secrets/jwt\_secret  
 \- AUTHELIA\_SESSION\_SECRET\_FILE=/config/secrets/session\_secret  
 \- AUTHELIA\_STORAGE\_ENCRYPTION\_KEY\_FILE=/config/secrets/storage\_encryption\_key  
 labels:  
 \- "traefik.enable=true"  
 \- "traefik.http.routers.authelia.rule=Host(`auth.laniesplace.us`)"  
 \- "traefik.http.routers.authelia.entrypoints=websecure"  
 \- "traefik.http.routers.authelia.tls.certresolver=le"  
 \- "traefik.http.middlewares.authelia.forwardauth.authRequestHeaders=X-Forwarded-Proto,X-Forwarded-Host"  
 \- "traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User,Remote-Name,Remote-Email"  
 \- "traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true"  
 \- "traefik.http.services.authelia.loadbalancer.server.port=9091"  
 \- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=%5Bhttps%3A%2F%2Fauth.laniesplace.us%5D%28https%3A%2F%2Fauth.laniesplace.us%29"  
 \- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"  
 \- "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"

 restart: unless-stopped  
 security\_opt:  
 \- no-new-privileges:true  
 depends\_on:  
 \- redis  
 healthcheck:  
 test: ["CMD", "wget", "--no-check-certificate", "--quiet", "--tries=1", "--spider", "http://localhost:9091/api/health"]  
 interval: 30s  
 timeout: 10s  
 retries: 3  
 start\_period: 60s

 redis:  
 image: redis:alpine  
 container\_name: authelia\_redis  
 networks:  
 \- authelia\_internal  
 restart: unless-stopped  
 volumes:  
 \- ./redis:/data  
 command: redis-server --save 60 1 --loglevel warning  
 healthcheck:  
 test: ["CMD", "redis-cli", "ping"]  
 interval: 30s  
 timeout: 10s  
 retries: 3  
 security\_opt:  
 \- no-new-privileges:true

networks:  
 web:  
 external: true  
 authelia\_internal:  
 internal: true

    • Hi #SelfHosted community. I've figured out a lot of my setup. I now have a new domain, laniesplace.us, just for #HomeServer stuff. It's set up through Porkbun with Dynu for #DDNS. I've now got

    Jump

    • Hi #SelfHosted community. I've figured out a lot of my setup. I now have a new domain, laniesplace.us, just for #HomeServer stuff. It's set up through Porkbun with Dynu for #DDNS. I've now got

    Jump

  • @selfhost @selfhosting @selfhosted @linux traefik services.yml:

       
        
http:  
 services:  
 \# Docker Services  
 homer:  
 loadBalancer:  
 servers:  
 \- url: "http://homer:8080/"

 glances:  
 loadBalancer:  
 servers:  
 \- url: "http://glances:61208/"

 uptime-kuma:  
 loadBalancer:  
 servers:  
 \- url: "http://uptime-kuma:3001/"

 miniflux:  
 loadBalancer:  
 servers:  
 \- url: "http://miniflux:8080/"

 pihole:  
 loadBalancer:  
 servers:  
 \- url: "http://pihole:8088/"

 portainer:  
 loadBalancer:  
 servers:  
 \- url: "http://portainer:9000/"

 linkding:  
 loadBalancer:  
 servers:  
 \- url: "http://linkding:9090/"

 \# Non-Docker Services  
 filebrowser:  
 loadBalancer:  
 servers:  
 \- url: "http://127.0.0.1:8085/"

 netdata:  
 loadBalancer:  
 servers:  
 \- url: "http://127.0.0.1:19999/"

 forgejo:  
 loadBalancer:  
 servers:  
 \- url: "http://127.0.0.1:3000/"

 dokuwiki:  
 loadBalancer:  
 servers:  
 \- url: "http://127.0.0.1:81/"

 cockpit:  
 loadBalancer:  
 servers:  
 \- url: "http://127.0.0.1:9090/"

    • Hi #SelfHosted community. I've figured out a lot of my setup. I now have a new domain, laniesplace.us, just for #HomeServer stuff. It's set up through Porkbun with Dynu for #DDNS. I've now got

    Jump

  • @selfhost @selfhosting @selfhosted @linux traefik routers.yml:

       
        
http:  
 routers:  
 dashboard:  
 rule: "Host(`traefik.laniesplace.us`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"  
 service: api@internal  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- dashboard-auth

 homer:  
 rule: "Host(`laniesplace.us`)"  
 service: homer  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"

 glances:  
 rule: "Host(`glances.laniesplace.us`)"  
 service: glances  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "glances.laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"

 uptime-kuma:  
 rule: "Host(`uptime.laniesplace.us`)"  
 service: uptime-kuma  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "uptime.laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"

 miniflux:  
 rule: "Host(`rss.laniesplace.us`)"  
 service: miniflux  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "rss.laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"

 pihole:  
 rule: "Host(`pihole.laniesplace.us`)"  
 service: pihole  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 \- pihole-redirect  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "pihole.laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"

 portainer:  
 rule: "Host(`portainer.laniesplace.us`)"  
 service: portainer  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "portainer.laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"

 linkding:  
 rule: "Host(`bookmarks.laniesplace.us`)"  
 service: linkding  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "bookmarks.laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"  
 Remote-User: "{{ .Request.Headers.Remote-User }}"

 filebrowser:  
 rule: "Host(`files.laniesplace.us`)"  
 service: filebrowser  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "files.laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"

 netdata:  
 rule: "Host(`netdata.laniesplace.us`)"  
 service: netdata  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "netdata.laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"

 forgejo:  
 rule: "Host(`git.laniesplace.us`)"  
 service: forgejo  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "git.laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"

 dokuwiki:  
 rule: "Host(`wiki.laniesplace.us`)"  
 service: dokuwiki  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "wiki.laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"

 cockpit:  
 rule: "Host(`cockpit.laniesplace.us`)"  
 service: cockpit  
 entryPoints:  
 \- websecure  
 tls:  
 certResolver: le  
 middlewares:  
 \- authelia@docker  
 headers:  
 customRequestHeaders:  
 X-Forwarded-Proto: "https"  
 X-Forwarded-Host: "cockpit.laniesplace.us"  
 X-Forwarded-Uri: "/"  
 X-Forwarded-For: "true"

    • Hi #SelfHosted community. I've figured out a lot of my setup. I now have a new domain, laniesplace.us, just for #HomeServer stuff. It's set up through Porkbun with Dynu for #DDNS. I've now got

    Jump

  • @selfhost @selfhosting @selfhosted @linux traefik docker-compose.yml:
    networks:
    web:
    external: true

    services:
    traefik:
    image: traefik:v3.2.5
    containername: traefik
    securityopt:
    no-new-privileges:true
    ports:
    "80:80"
    "443:443"
    "8080:8080"
    volumes:
    /var/run/docker.sock:/var/run/docker.sock:ro
    ./traefik.yml:/etc/traefik/traefik.yml:ro
    ./acme.json:/acme.json
    ./dynamic:/etc/traefik/dynamic:ro
    ./logs:/etc/traefik/logs
    networks:
    web
    restart: unless-stopped
    labels:
    "traefik.enable=true"
    "traefik.http.routers.dashboard.rule=Host(traefik.laniesplace.us)"
    "traefik.http.routers.dashboard.service=api@internal"
    "traefik.http.routers.dashboard.entrypoints=websecure"
    "traefik.http.routers.dashboard.tls.certresolver=le"
    "traefik.http.routers.dashboard.middlewares=dashboard-auth"

    • Hi #SelfHosted community. I've figured out a lot of my setup. I now have a new domain, laniesplace.us, just for #HomeServer stuff. It's set up through Porkbun with Dynu for #DDNS. I've now got

    Jump

  • @selfhost @selfhosting @selfhosted @linux traefik.yml:

       
        
global:  
 checkNewVersion: true  
 sendAnonymousUsage: false

log:  
 level: DEBUG  
 filePath: /etc/traefik/logs/traefik.log

accessLog:  
 filePath: /etc/traefik/logs/access.log

entryPoints:  
 web:  
 address: :80  
 http:  
 redirections:  
 entryPoint:  
 to: websecure  
 scheme: https  
 websecure:  
 address: :443  
 http:  
 tls:  
 certResolver: le

api:  
 dashboard: true  
 insecure: false

providers:  
 file:  
 directory: /etc/traefik/dynamic  
 watch: true  
 docker:  
 endpoint: unix:///var/run/docker.sock  
 watch: true  
 exposedByDefault: false  
 network: web

certificatesResolvers:  
 le:  
 acme:  
 email: laniegcarmelo@gmail.com  
 storage: /etc/traefik/acme.json  
 tlsChallenge: {}

    • Hi #SelfHosted community. I've figured out a lot of my setup. I now have a new domain, laniesplace.us, just for #HomeServer stuff. It's set up through Porkbun with Dynu for #DDNS. I've now got

    Jump

  • @selfhost @selfhosting @selfhosted @linux Web services docker-compose.yml, includes Linkding:

       
        
services:  
 linkding:  
 image: sissbruecker/linkding:latest-plus  
 container\_name: linkding  
 environment:  
 LD\_ENABLE\_AUTH\_PROXY: "true"  
 LD\_AUTH\_PROXY\_HEADER: "Remote-User"  
 LD\_AUTH\_PROXY\_AUTO\_LOGIN: "true"  
 LD\_AUTH\_PROXY\_LOGOUT\_URL: "[https://auth.laniesplace.us/logout](https://auth.laniesplace.us/logout)"  
 volumes:  
 \- linkding\_data:/etc/linkding/data  
 healthcheck:  
 test: ["CMD", "node", "-e", "const http = require('http'); const options = {host: 'localhost', port: 9090, path: '/', timeout: 2000}; const request = http.request(options, (res) =\> { process.exit([200, 302].includes(res.statusCode) ? 0 : 1)}); request.on('error', () =\> process.exit(1)); request.end()"]  
 interval: 30s  
 timeout: 10s  
 retries: 3  
 networks:  
 \- web  
 labels:  
 \- "traefik.enable=true"  
 \- "traefik.http.routers.linkding.rule=Host(`bookmarks.laniesplace.us`)"  
 \- "traefik.http.routers.linkding.entrypoints=websecure"  
 \- "traefik.http.routers.linkding.tls.certresolver=le"  
 \- "traefik.http.services.linkding.loadbalancer.server.port=9090"  
 \- "traefik.http.routers.linkding.middlewares=authelia@docker"

volumes:  
 linkding\_data:

networks:  
 web:  
 external: true
    • Self Hosted - Self-hosting your services. @lemmy.ml
    Lanie Carmelo @caneandable.social

    Hi #SelfHosted community. I've figured out a lot of my setup. I now have a new domain, laniesplace.us, just for #HomeServer stuff. It's set up through Porkbun with Dynu for #DDNS. I've now got

    Hi everyone! How are you all doing tonight? I just had a frustrating experience trying to set up a free #domain or #subdomain for my #SelfHosted services. Unfortunately, I can't use my

    Jump

  • @fmstrat Ah yeah just noticed you're on Lemmy. Yeah I'm posting from Mastodon.

    • Self Hosted - Self-hosting your services. @lemmy.ml
    Lanie Carmelo @caneandable.social

    Would anyone who knows #Traefik and #YAML or #TOML be willing to help me out? I'm trying to get Traefik set up with my new domain but running into trouble, and I'm not sure what I'm doing wrong. I can
    Self Hosted - Self-hosting your services. @lemmy.ml
    Lanie Carmelo @caneandable.social

    Hi everyone! How are you all doing tonight? I just had a frustrating experience trying to set up a free #domain or #subdomain for my #SelfHosted services. Unfortunately, I can't use my
    Self Hosted - Self-hosting your services. @lemmy.ml
    Lanie Carmelo @caneandable.social

    #SelfHosting community, how do you get notifications about your projects?