tofuwabohu @ tofuwabohu @slrpnk.net

Posts

5

Comments

133

Joined

2 yr. ago

Yeah, I feel like exposing ports 80 and 443 towards an up to date nginx/whatever is referred to as a super dangerous thing in this community and also the selfhosted subreddit. Recommending cloudflare is almost the default, which I find a bit sad given many people selfhost to escape the reliance on big monopolist companies.

One can add different layers of security of course, but having nginx with monitoring in it's own VM without keys to jump to another VM is enough of risk mitigation for me.

I think the best thing of reddit is them having so many actually active niche subreddits. Many people saying Lemmy doesn't need to grow don't seem to care much about that which surprises me a bit.

Op mentioned pixelfed for several people though, is it possible to reverse proxy through tailscale from a VPS or similar? It's probably not suitable to have a service for several people behind a vpn

Yes! Mostly having a plan on how to make your service reachable in the internet while keeping the rest of your local stuff shutdown.

Many people recommend cloudflare, but I don't think it's necessary. If you get a public IP from your ISP, it's relatively easy with dyndns. Personally, I have a virtual machine running nginx as a reverse proxy and configured the router to forward port 80 and 443 to that machine.

You got quite good answers already, here and in the other thread.

My suggestion is to not start with pixelfed but something else (simple stuff like dokuwiki, you can use it to document your stuff while you're at it) to get an understanding of the whole process (running the service itself, making it available to the internet after hardening your infrastructure a bit etc).

Also, if you're not settled for how to do it exactly, give Docker a try. There's a reason it's popular among selfhosters!

Most important: replace the raspi SD card with an SSD

General hardware: see if I find a better solution than my current Proxmox box (repurposed desktop which consumes 60w idling but is capped to 16GB Ram)

Incoming traffic: currently having a VM that runs nothing but nginx and certbot. Considering switching to another reverse proxy and, more important, get proper monitoring of the logs (e.g. IP detection, 403, etc)

Maybe add some iam like authentik

Finding a solution for selfhosting podcasts client with sync on Android and Linux.. gpodder never really seemed to work, considering audiobookshelf.

Probably setting up calibre web and gethomepage

Keeping what I have and maybe optimize a bit:

• Prometheus stack
• plenty exporters
• Nextcloud
• paperless
• home assistant, mosquitto
• pihole
• vaultwarden
• selfoss

On VPS:

• Mastodon
• Bookwyrm
• some WordPress (want to move this to my homeserver as well)

This should be possible, in nginx you would just have near identical entries that deliver the same content. The service itself sometimes takes a domain to build internal links etc, and those usually only take one.

Interesting approach, good luck! Admittedly I'm not sure if many users want to take their media uploading in their own hands and pay for it but maybe I'm wrong. Where are the images stored? Do you have your own hardware? Backups etc?

Also since you're interested in Fediverse media storage, I recently read about https://jortage.com/ It's a third party storage for your instance with deduplication, pretty interesting idea. Takes away a bit of the federated part though

My company does host an instance, but I've never used it for game streaming. No idea what the fps is

Jitsi or Element call

It seems like the vps stuff is fine, but the company I work at uses them as cloud provider (many VMs plus K8S clusters) and the quality is not so great to say the least. Also the support is sometimes blaming us for their outages and generally not too helpful.

This sounds super cool, I've been looking for something to keep track of my plants! Gonna try this

Wait, how do you know my password?

That's actually better I think. A project with zero open issues/requests is usually dead, not fast in solving issues.

Didn't see it back then, just came across this on mastodon today. Sure they are competitors, given that nextcloud started as am owncloud fork, but they probably monitored ownclouds development closer than everyone else.

The resources required by federating depend on how many people follow each other across those two instances and how much these post. Just existing and theoretically federating doesn't need any resources if there's nobody following, assuming threads isn't doing that different from everyone else.

For each post a user makes on your instance, it sends that post to each instance where someone follows the poster. There's no automatic sending to every known instance of every post on your instance.

I had no idea! Thanks

I wish it had a self hostable sync feature

Every image on the federated timeline. It's a lot if users on your instance follow many other users.