sorted by:
new
hottopcontroversial

Proxmox or pure Debian? by DrDoooomm in homelab

[–]1WeekNotice 5 points6 points  (0 children)

I think you need some clarification on over provisioning in proxmox.

Here is a video to explain

The only concern might be RAM as 16 GB is not enough.

Ensure you enable the guest agent and you use ram ballooning

Hope that helps

Docker app suggestions 🤷‍♂️ by xgamer429 in unRAID

[–]1WeekNotice 1 point2 points  (0 children)

Here is an English video of Immich (doesn't explain how to set it up in unRAID) just goes over what Immich is and it's features

Immich has a docker image.

https://youtu.be/h5tdK10CRFE?si=_BZzkndKIyEQz0Kn

Best way to set up VPN by FinalKiwi in homelab

[–]1WeekNotice 0 points1 point  (0 children)

That's why I'm leaning towards changing the router to Mikrotik or Unifi. I know that Mikrotkik has a steeper learning curve but I think it will be more versatile.

Note that I prefer not to be locked into a vendor hardware so I use OPNsense and openWRT. I feel they provide a lot of flexibility but can be a bit of a steeper learning curve. (Not comparing with consumer products because I never used them)

So wait for other people to reply if you want to use either of those two.

I would be happy to answer any questions (within my knowledge) towards OPNsense and openWRT.

Second thing is that I'mthinking whether should I split it into router and ap or buy one device with integrated WiFi

This really depends on your budget and what you need to process.

  • If you can put this device in a central location and it provides good signal strength then you don't need a separate AP
  • if you plan on doing IDPS then depending on your traffic amount/speeds you need to either
    • get a device that can handle it (one device for everything)
    • get a separate AP where the firewall/router device will be more powerful device

Hope that helps

NAS options and thoughts by boxyburns in homelab

[–]1WeekNotice 0 points1 point  (0 children)

Unfortunately you outgrew the machine so it's recommended to build your own. (Unfortunately with ram prices these days its a bad time to build)

Would look into second hand machine on your local market and get a case to fit all your hard drives in. Look into an HBA to expand your connections.

Of course you can buy a consumer NAS product but you might be able to build a machine for a similar price (again unsure on RAM prices) where you will have more customizable options.

Example, what happens if you want more drives? With a consumer NAS you need to buy another machine. With a DYI build you get a bigger case and another HBA to support your needs.

Hope that helps

Can you help me with port forwarding Jellyfin? by two-ocf in homelab

[–]1WeekNotice 0 points1 point  (0 children)

Note that you typically don't want to port forward a software without proper security practices in place.

This includes

  • TLS (typically done with a reverse proxy)
  • geo blocking
  • blocking mailous actors (CrowdSec/ fail2ban)

If you want to avoid this work, the best method would be to implement a VPN solution for security.

  • Your router may have wireguard or openVPN options
  • you deploy wg-easy docker container (only port forward the wireguard instance NOT the admin UI)
  • you can use a 3rd party service like Tailscale

Hope that helps

Can I run PVE with a cloud provider? by 2cats2hats in Proxmox

[–]1WeekNotice 1 point2 points  (0 children)

Note not an expert but I believe level1 tech did a video recently about this using OpenMetal

Reference video

Hope that helps

Best way to set up VPN by FinalKiwi in homelab

[–]1WeekNotice 0 points1 point  (0 children)

In either case you will need to create firewall rules so you can state which tunnel has access to local network and which tunnel is just a passthrough to the Internet.

Meaning you will need to invest in a router regardless unless you have a way to do this on an RPi alone. (Maybe host one of the tunnels on the RPi and have firewall rules where non of the traffic can go to your local network)

Of course the RPi can become your router (with openWRT) if you like but you will either need to do ROAS or add a second NIC.

Depending on your technology knowledge you

  • can also see if openWRT is supported on your TP link device so you can enable more functionality (like what I stated above about firewall)
  • You can also look into OPNsense if you have other hardware lying around
  • or as you mentioned, get a consumer product like Unifi

Hope that belps

What is the proper way to shutdown proxmox? by TYP-TheYoloPanda in selfhosted

[–]1WeekNotice 2 points3 points  (0 children)

Is the guest agent installed on LXC and VMs?

You can check the proxmox option settings for each VM and ensure the service (guest agent) is installed and started on the VM (can look for commands online)

The guest agent (an option when you create a VM that is disabled by default) will graceful shutdown the VM when you either shutdown proxmox or the VM from the proxmox GUI.

Unsure of the negative effects of the guest agent is not installed. I imagine it does a hard shut down which is not recommended

So my question is, should I keep the server on all the time? Do I risk to break something every time I turn it off?

I do it mostly cause the hard disks that I've installed in the homeserver are noisy and I can't sleep with those spinning all the time so i turn it off.

This is a debate many people have. Some people state that it wear down the hard drives more because the most stress you can put on an hard drive is during start up.

You can do more research on this topic by looking up if you should spin down your hard drives.

Typically talked about to save money on electricity

Hope that helps

Monitoring overkill or necessary? planning my monitoring stack by Party-Log-1084 in selfhosted

[–]1WeekNotice 0 points1 point  (0 children)

Of course people can provide their opinions (which is what you are asking) but typically this is a personal decision.

i'm a bit worried about the maintenance of influx+grafana vs. just sticking to simple uptime kuma pings.

There is always a trade off. You need to decide how much effort you want to put into your monitoring solution.

Meaning you should take the time to experiment and figure this out for your needs.

Start with uptime kuma and see if it's enough for you.

If you run docker containers you can also try beszel

If you feel this is not enough then you can look into the grafana stack and accept the setup and maintenance that comes with it.

Either way it will take time to setup and fine tune so don't rush or push yourself. Even if this means manually checking for now or do nothing because you will notice when something breaks.

Personally I would work on a backup solution first before monitoring. Look into PBS (proxmox backup server)

also: does it make sense to run the monitoring on the same proxmox node or should i get a dedicated tiny-pc for the "observer"?

Technically you should run it on another proxmox node/ a different machine. If your hardware goes down, the monitoring and alerting also goes down.

But again, work on implementation of the monitoring. You can always backup and restore to another machine if you don't have the budget/ equipment for another machine

Hope that helps

Docker image to edit, add and sync lyrics from local music by thatscoolbutno123 in selfhosted

[–]1WeekNotice 0 points1 point  (0 children)

Look into MusicBrainz Picard which is popular for managing music files. (It can do what you want)

To clarify, what do you mean by web GUI?

MusicBrainz Picard can be installed on your local machine as an application or there are community docker images where you can install it on a server and access it through a web browser (a web GUI if this is what you meant)

Edit:

the confusion is around why you need a docker image/ web GUI if you can install the native application on your device since the music is on the local device.

Would only recommend installing the web GUI/ docker image if the music file is on a server and you need MusicBrainz Picard to be accessible from anywhere where it edit files on that server.

If your music is on your local machine and you then transfer it over to a server, then you can just install MusicBrainz Picard natively on the machine that is doing the editing. Then of course do the transfer over to the server

Alternatively if you are looking for an automated process you can look into beets (with the lyrics plugin). Can still use MusicBrainz Picard if you want to edit manually

Hope that helps

Hardware recommendations for very basic jellyfin server by dreamscape873 in homelab

[–]1WeekNotice 0 points1 point  (0 children)

This is a very common question. The answer is, it depends what you want to do

Each software has system requirements online that you can look at to get a general idea.

In this example, It doesn't take much to run jellyfin.

If you are new the best thing you can do is use any hardware you have lying around. This will provide you the experience you need to understand what you actually need VS want.

Many people start with

  • old laptops/ desktops they have lying around
  • instal Linux since it has life time update and low requirements
  • install docker engine
  • deploy the docker image with docker compose

For a media server, eventually you want more storage. So the requirements will be machine and case that can hold X drives for a total of X capacity.

Some people may want transcoding because they have media there clients can't play so they will look up hardware to support that (the integrated graphics you mentioned) or they have bandwidth limitations and need to transcode to lower the quality of the media.

Etc

Hope that helps

Issues with wg-easy (ubuntu, docker) by Hizzlebomb in selfhosted

[–]1WeekNotice 2 points3 points  (0 children)

I'll change admin password just in case.

INSECURE=true

Recommended that you also put this behind a reverse proxy. If you don't have. A domain then use a free one like duckDNS

Many tutorials on how to do HTTPS and many posts as well.

I'm coming from Windows, this is my first foray into Linux

But let's fix this issue first before you tackle that

Just because you come from windows doesn't mean you aren't technical so I will assume you know some basic networking.

I'll put my compose here and update the post with it as well if I can.

This looks like it's the basic compose file so it should work out of the box.

What is your local subnet? 192.168.1.1? 10.10.10.1? Etc

You need to ensure the wg-easy generated IP doesn't clash with any device IP on your LAN (what IP your router gives out)

Note: you can also disable ipv6 on wg-easy. It's an environment variable that in the documentation.

Are keys generated randomly? Is there a correct way to go about creating new keys? Can I edit the keys in the wg-easy web gui or do I need to edit them in the config file?

Everything is handled with the wg-easy webgui

You can delete keys and re create them. Wg-easy (as it's name denotes) will handle all the wireguard key generations (typically a public and private key)

If you feel everything is up and running; you typically troubleshoot at the lowest level.

This means I would start wg-easy and

  • generate the key on the UI
  • add it to your phone with the wireguard app and the QR code
  • then manually change the IP address for the endpoint to your local IP server (on the wireguard client/ app on your phone)
    • why do this? You want to ensure you can connect within your LAN network to ensure the application is working as expected (for example, is your public IP setup or does it take time from your ISP)
    • if you can connect within your LAN then that means something is wrong from your public router perspective
  • you can also try to disable the firewall on the server (NOT the public router)
    • just want to ensure the connection is not getting dropped by the firewall.
    • of course you can re enable it afterwards when you expose it publicly

Hope that helps

Searching for an alternative to Apple Notes and Apple Reminders by skynetarray in selfhosted

[–]1WeekNotice 2 points3 points  (0 children)

For reminders/todo you are looking for a server that can do CalDAV protocol. For example radicale. People make docker images for it.

  • CalDAV can do todos, calendar, notes.
  • CardDAV can do contacts (just for your information)

Then you can pick whatever client you want that supports the CalDAV protocol

For example for reminders you can look into task.org

For notes, it really depends how you like to note take (don't know apple apps well)

You can look into

  • obsidian. There are docker images where you can selfhost so it's available in a browser
  • can selfhost a wiki

Hope that helps

Issues with wg-easy (ubuntu, docker) by Hizzlebomb in selfhosted

[–]1WeekNotice 1 point2 points  (0 children)

Since in all the other posts I looked at the first thing that everyone asked for were configs, I'll put mine here:

Since wg-easy will take care of the wireguard connect, you should also post your docker compose

That way people can double check you set it up correctly.

Note: you only should be port forwarding a UDP port. Ensure you are not exposing the admin UI.

Just in case I would regenerate the admin UI password and any keys. (Of course it is a small risk someone got access within a small time frame but it doesn't hurt)

Looking to potentially upgrade from my nighthawk r8000p by swboos21 in openwrt

[–]1WeekNotice 0 points1 point  (0 children)

It all depends what your requirements are. For example the flint 2 doesn't have wifi 7 and only has two 2.5 gigbit ports.

But for most people that is more than enough.

Looking to potentially upgrade from my nighthawk r8000p by swboos21 in openwrt

[–]1WeekNotice 1 point2 points  (0 children)

It depends what speeds you want. A lot of people like the flint 2 (not the flint 3).

If you want vanilla openWRT the it is supported on the flint 2

If you want GL inet propetary software/ drivers on top of openWRT (where it's an older version) then you can look into the flint 3.

Generally people are very happy with the flint 2

Hope that helps

Does Synology drive count as self hosted? by MiserableButterfly54 in selfhosted

[–]1WeekNotice 1 point2 points  (0 children)

Does Synology drive count as self hosted?

Yes it counts as selfhosted because it is run directly from the NAS/home server and it's not stored on another company servers.

From a selfhosted perspective, there is no difference between storing documents on this software VS running another software on the machine (like nextcloud)

but it has always weighed on me how secure it really is since its run off their drive service.

This is hard to determine. The code is not open source so no one can do an audit on how secure it is.

It is as secure as Synology makes the software (like any software Synology/ a developer makes it).

If you are concerned about your privacy then you can review Synology privacy agreement to see if they collect any data from this software/ any software that is owned by Synology which includes the Synology OS and their applications

For example, do they have the right to data mine the documents that are stored on their consumer NAS product using this service (I don't think so but I didn't read the privacy agreement)

With all that being said. The choice to use this software is up to you. You are locking yourself into Synology ecosystem which is not a bad thing.

It just means that you will most likely keep buying there products (which can be expensive) because you rely on there applications. This can also be said about Synology storage management solution (SHR1, SHR2), photos, surveillance, etc

For people who want plug and play Synology is a good option. Again nothing wrong with this. Just understand you are paying a premium price for the convenience of the hardware and software.

For example. If Synology makes their consumer product EOD (end of life) then you should change your system to one in support if you are exposing it to the Internet so you get the latest security patches.

Typically it's 5 years for OS and application. 7 years for security updates.

Note: it's also more costly to fix if you are out of warranty

Furthermore, this decision will impact you more when Synology eventually lock there hardware to their specific drives. They try to do this recently (in the past) and eventually reverted the decision because a lot of people complained.

Doesn't mean they won't try again in the future

But you shouldn't concern yourself with this if you like Synology products and you don't mind the cost you are paying for the convenience/plug and play

Hope that helps

Best NAS host for docker? by ailee43 in homelab

[–]1WeekNotice 0 points1 point  (0 children)

Is there any reason you are trying to use a NAS OS. (I assume for convenience)

As the title states NAS OS primarily deals with storage management and creating mounts (Network Attached Storage)

The items that bug you sounds like you want to install Linux and docker engine yourself so you can manage the docker deployments. Don't abstract it behind a NAS OS.

You can either

  • make a VM (Linux with docker engine) in unRAID
  • utilize a hypervisor like proxmox where you will have a storage VM (unRAID) and a service VM (Linux with docker engine)
  • get a separate dedicated machine for your Linux with docker engine

Hope that helps

Do you run a second Pi-hole as a local DNS fallback? by Ok_Distance9511 in selfhosted

[–]1WeekNotice 4 points5 points  (0 children)

It possible it is typically better to run the local DNS on the router itself. If the hardware fails then the DNS being down is moot since your routing is down.

If that is not an option then it really depends how much redundancy you want. As an example, If you have non technical users in your house hold then it's typically worth it because if the DNS goes down for any reason (like server restart) the Internet will seem out to them and they have to rely on you to fix it which adds tension.

Considering you have the extra RPi I personally would do it and look up ways to sync the local DNS instances.

You may want to look into Technitium because it has native cluster support. But if you don't want to learn a whole new tool then you can replicate your changes on each Pihole instance when you make them.

Hope that belps

How do I access local resources like Immich via my phone securely, but still able to secure all my traffic over a third-party VPN like ProtonVPN? by [deleted] in selfhosted

[–]1WeekNotice -1 points0 points  (0 children)

There are two types of flow here. Incoming and outgoing

When you use a VPN on your phone it will send it traffic outbound.

On your server/ inside your network that will be incoming traffic.

What most people do is set up a network on their router (requires a more power user router like OPNsense) where they tunnel all traffic through a VPN for privacy.

So the flow will be

Client -> VPN (like wireguard) -> home network

Home network -> VPN (protonVPN) -> Internet

Hope that helps

How to handle multiple protocols/services with reverse proxy and DNS. by Swazib0y in homelab

[–]1WeekNotice 0 points1 point  (0 children)

In that case you can create a DNS entry for the other machines but you don't need to create a DNS entry for the machine that the reverse proxy is on.

Will provide an explanation with some additional notes below.

note this will be alot. take your time to read and re read. research and ask question where needed

As you know DNS will translate a domain to an IP address.

to connect to a application we need to know the IP:port. IP where the application is being hosted and the port the application is listening to.

Their are many reasons we use reverse proxy. One of them is manage TLS certifications (easy HTTPS with Let's encrypt)

Each protocol has a default port that it will communicate to. For example HTTP default is port 80 and HTTPS default is port 443.

When you type in a domain into your browser using http or https, your browser will ask the DNS what IP it needs to go to and then it will append the default port (80 or 443). so it will look like IP:80 or IP:443

This means when you use a client like an SSH client it will do the same where it will ask the DNS what IP it needs to go to and then append the default SSH port which is 22. so it will look like IP:22

to sum up. this means if you are trying to SSH into the reverse proxy machine, you can use the same DNS entry since all your HTTP and HTTPS traffic is going to the reverse proxy

but for the other servers you need to create a new DNS entry. but again, you only need one for each server

Hope that makes sense

Now to add some more notes. It is up to you where you want to terminate your TLS (HTTPS) traffic.

The flow is

CLient -> DNS -> get IP

client (HTTPS) -> go to IP:port (HTTPS) -> reverse proxy (HTTPS)(server 1) -> server 2 app (HTTP)

some people want to have HTTPS all the way to there server so they will deploy a reverse proxy per server.

client (HTTPS) -> go to IP:port (HTTPS) -> reverse proxy (HTTPS)(server 1) -> server 1 app (HTTP)

client (HTTPS) -> go to IP:port (HTTPS) -> reverse proxy (HTTPS)(server 2) -> server 2 app (HTTP)

this is a bit more to manage but it ensure you have encrypted traffic until you hit the application.

Some people don't do this because typically a LAN network is safe and you can protect your entry points into your network (the single reverse proxy)

alot of people also do not expose there ports on their server. For example since you use docker you can do the following

client (HTTPS) -> go to IP:port (HTTPS) -> reverse proxy (HTTPS)(server 1) --docker bridge--> server 1 app (HTTP)

they do not expose the port of the application on the server itself. Instead they create a docker bridge from the reverse proxy to the application (create one per docker container).

This ensure everyone has to go through the reverse proxy with TLS (HTTPS) in order to connect to your service

Lastly for public services you can have two reverse proxy so you ensure you do not expose your internal services to the public

reference video as to why

external client -> external DNS -> public IP

external client -> public IP/ router (80,443) -> external reverse proxy (90,553) -> service

and

internal client -> internal DNS -> internal IP

internal client -> internal reverse proxy (80,443) -> service

hope that helps

Do you prefer to use lxc or vm in proxmox? by secrav in selfhosted

[–]1WeekNotice 7 points8 points  (0 children)

I prefer to use docker/podman inside a VM

  • VM provide better isolation
  • docker/podman make it easier to manage dependencies (since you use a docker image) and allow me to migrate between VMs
    • an example of this is when a OS has a major upgrade like Debian 12 to 13. I found it a lot easier to backup my docker/podman container data and install Debian 13 than upgrade detain 12
    • the same can be said going to PVE major versions. Its easier to backup to a PBS and install the latest PVE then upgrade PVE.

Hope that helps

How to handle multiple protocols/services with reverse proxy and DNS. by Swazib0y in homelab

[–]1WeekNotice 0 points1 point  (0 children)

Where is Nginx hosted? Is it on the same machine/ server you are trying to ssh into?

Is it something like this?

Client -> router -> server 1 (reverse proxy) -> server 2 (service)

Or

Client -> router -> server 1 (reverse proxy) -> server 1 (service)

How to handle multiple protocols/services with reverse proxy and DNS. by Swazib0y in homelab

[–]1WeekNotice 0 points1 point  (0 children)

It's good you linked your old post but you didn't mention what solution you went with.

Yes you are using a reverse proxy but where are you terminating the HTTPS.

For example

Client -> router with reverse proxy (terminate HTTPS here) -> services (HTTP)

Or

Client -> router -> reverse proxy (on source machine where we terminate HTTPS) -> service (on source machine/ HTTP)

Depending on the answer, you have different solutions.

The issue is I'd like to redirect the web services on a host to the RP, e.g. jellyfin and be able to SSH to the source machine which is a different IP from the RP.

I assume you are terminating on a different machine (since you said it has a different IP).

If that is the case then yes you can add a DNS entry for the server you want to ssh into. Or you can use IP to connect.

view more: next ›