So it should be something like sudo -u nextcloud /usr/bin/php /var/www/nextcloud.example.org/occ config:system:set preview_max_x --value="1500" (worked for me, standard PHP install, you will have to adapt it for your snap-based install). Or you can insert preview_max_x directly at the root of your config.php as shown in nextcloud's sample config file above.
it set a string as an array, and triggered a bunch of php errors.
Nobody mentioned the high amount of security issues in Synology products over the years, plus the fact that their OS is closed-source so impossible to audit, plus the fact that they will straight up stop offering OS and security updates for legacy products after some time.
Internet-facing Jellyfin instance is a bit too risky for my taste (https://github.com/jellyfin/jellyfin/issues/5415), especially with those unauthenticated endpoints leaking contents of the server.
If VPN is not an option, I suggest using setting a restrictive <RemoteIPFilter> in /etc/jellyfin/network.xml and/or placing Jellyfin behind HTTP basic auth.
Internet-facing Nextcloud is fine in my experience, provided you harden the web server in the usual ways.
Check out mod_md - this module allows getting certificates from Let's Encrypt (or any other ACME cert provider) automatically. Just set this anywhere in your config, reload apache and you're set. No more fiddling around with certbot.
I’d encrypt all disks.
Nevertheless, it covers my ass when they retire the server after I used it.
Good point. How do you unlock the disk at boot time? dropbear-initramfs and enter the passphrase manually every time it boots? Unencrypted /boot/ and store the decryption key in plaintext there?
Apache, the OG HTTP server.
Fast, well documented, battle-tested, FOSS and community-led (unlike nginx which is corporate-led).
People will tell you that nginx is "faster" but never point to actual benchmarks. Both are ok.
I recommended reading through each role and decide which measures you want to implement (and port them to you own management system if you don't use ansible)
A problem with the .lan TLD (maybe others from this list) is that web browsers do not consider it a TLD when you type it in the address bar, and only show you the option to search for that term in your default search engine. You have to explicitly type https:// before it, to have the option to visit the URL.
E.g type example.com in the address bar -> pressing Enter triggers going to https://example.com. Type example.lan -> pressing Enter triggers a search for example.lan using your default search engine.
The tooltip doesn't help either - both links only have a tooltip that just says link... IMHO it should be Link to this comment on CURRENT_INSTANCE_DOMAIN for the chain icon thing, and Link to this comment on COMMENTER_INSTANCE for the rainbow thing.
What's the point on a rented VPS? The provider can just dump the decryption key from RAM.
bare metal servers (at scale way) rather than VMs. These things die very abruptly
Had this happen to me with two Dedibox (scaleway) servers over a few months (I had backups, no big deal but annoying). wtf do they do with their machines to burn through them at this rate??
Seriously though, I think there needs to be a rule against these kind of "What should I host" posts (nothing against you personally OP). It comes up almost every day, also used to come up everyday on /r/selfhosted... I was talking about this with someone just a few hours ago... https://lemmy.world/comment/780603
Mods, what about a ban on these posts, and redirect people to the "What do (should) I (you) self-host" pinned post where people can go and look for suggestions? Sorry, not trying to be negative - but this is exactly why /r/selfhosted was getting boring (that, and the disguised ads).
OP, sorry to hijack your thread. Here is my recommendation for you: Shaarli
This answer says it all. A reverse proxy dispatches HTTP requests to several "backend" services (your applications), depending on what domain name is requested in the HTTP request headers. For example using Apache as a reverse proxy, a config block such as
will redirect requests made on port 443 with the HTTP header Host: media.example.org (for example a request to https://media.example.org/my/page) to the "backend" service listening on 127.0.0.1 (local machine), port 8096 (which may be a media server, a wiki, ...). This way you only have to expose ports 80/443 to the outside network, and the reverse proxy will take care of dispatching requests to the correct "backend" service.
Most web servers can be used as reverse proxies.
In addition, since all requests go through the proxy, it is a good place to manage centralized logging, SSL/TLS certificates, access control such as IP whitelisting/blacklisting, automatic redirects...
vegetaaaaaaa @ vegetaaaaaaa @lemmy.world Posts 8Comments 253Joined 2 yr. ago