• 0 Posts
  • 17 Comments
Joined 2 years ago
Cake day: February 17th, 2024
  • harsh3466@lemmy.mltoSelfhosted@lemmy.worldYour favourite piece of selfhosting - Part 1 - Operating SystemEnglish
    8·
    3 months ago

    I’ve been using Ubuntu server on my server for close to a decade now and it has been just rock solid.

    I know Ubuntu gets (deserved) hate for things like snaps shenanigans, but the LTS is pretty great. Not having to worry about a full OS upgrade for up to 10 years (5 years standard, 10 years if you go Ubuntu pro (which is free for personal use)) is great.

    A couple times I’ve considered switching my server to another distro, but honestly, I love how little I worry about the state of my server os.

  • harsh3466@lemmy.mltoSelfhosted@lemmy.worldVaultwarden selfhosting, or bitwarden service?English
    8·
    6 months ago

    I self host vaultwarden and its great. Its an easy self host, and in my experience, it has never gone down on me.

    That being said, my experience is anecdotal. If you do go the vaultwarden route, realize that your vault is still accessible on your devices (phone, whatever) even if your server goes down, or if you just lose network connectivity. They hold local (encrypted at rest) copies of your vault that are periodically updated.

    Additionally, regardless of the route you take you should absolutely be practicing a good 3-2-1 backup strategy with your password vault, as with any other data you value.

  • harsh3466@lemmy.mltoSelfhosted@lemmy.worldShould I use a reverse proxy in a homelab?English
    2·
    1 year ago

    So, this took way longer than I thought it would, mostly because I needed the time to sit down and actually type this up.

    Full credit, I followed the instructions in this video from Wolfgang’s Channel

    Prerequisites (this is based on my setup, the api key requirement will vary based on your domain registrar/service):

    • Docker & Docker Compose
    • NGINX Proxy Manager running via Docker
    • A registered domain to use for your lan
    • An API key from your domain registrar/service

    I’m running NGINX Proxy Manager, using this docker-compose.yml, which I got straight from the NGINX Proxy manager website.

    version: '3.8'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

    I’ve got my domain managed by Cloudflare (yes, I know they’re evil, what company isn’t?), so these instructions will show setup using that, but NGINX Proxy Manager supports a whole bunch of domain services for the HTTP-01 challenge.

    With all prerequisites in place, here are the steps:

    • Log in to your NGINX Proxy Mananger (you can access the service and login at port 81 of the machine hosting it)
    • In the top menu, click the SSL Certificates tab
    • Click the Add SSL Certificate button
    • Choose Let’s Encrypt for the certificate type
    • In the Add Let’s Encrypt Certificate dialog, input the following
      • Domain Names: Input the domain root, as well as a wildcard subdomain. You’re entering both domains into the same field. After entering each domain, press the enter/return key on your keyboard to confirm the domain. For example, if you domain is abcde.com, input:
    • Email Address for Let’s Encrypt: Any valid email address you’d like to use
    • Toggle the Use a DNS Challenge option on (when you toggle this on, a new set of options will appear)
      • DNS Provider: Choose yours. I chose Cloudflare
      • Credentials File Content: Delete the prepopulated dummy api key and paste in your actual api key
    • Propagation Seconds: I put in 120 to give it two minutes. You can try leaving it blank, but if the DNS records haven’t propagated, you may get an error (I did when I tried leaving it blank during setup).
    • Toggle on the I Agree to the Let’s Encrypt Terms of Service option - Click Save

    Once you get a success message, you can start creating proxies with NGINX Proxy Manager for your internal domain. To do that you will need the ip address and port you are forwarding the domain to for your lan service. If you are using Docker containers, you’ll need the Docker ip, which you can get from the command line with:

    ip addr show | grep docker0

    You should get an ip address like 172.17.0.1

    Otherwise you’ll just need the ip address of the machine you’re running the service on.

    To set up a proxy redirect:

    • In NGINX Proxy Manager click the Hosts tab/button and then choose Proxy Hosts.
    • Towards the upper right click the Add Proxy Host button
    • In the New Proxy Host dialog box, input the following:
      • Domain Names: input the domain address (subdomain or tld) you wish to use for the service. For example. homepage.abcde.com, then press enter to confirm the domain
      • Scheme: leave set to http
      • Forward Hostname/IP: Input either the host machine ip, or the docker ip
      • Forward Port: Input the appropriate port for the service
      • Cache Assets: Toggle on
      • Block Common Exploits: Toggle on
      • Websockets Support: Toggle on if the service needs websockets
      • Click the SSL tab of the New Proxy Host dialog box to set up the ssl certificate
      • In the SSL tab, input the following:
        • Click the None under SSL Certificate and select your local domain + wildcard subdomain certificate
        • Toggle on the Force SSL, HTTP/2 Support, HSTS Enabled, and HSTS Subdomains options
        • Click Save

    Once the save is complete you should be able to input the new domain for you lan services and get a secure connection.*

    *Bear in mind some services require you to specify a valid domain for the service within the config/settings. Double check any services you may be running for this if you plan to use a reverse proxy with them.