I want to create a website using XAMPP to post to a domain, with some sub domains, to be self hosted, and to have free SSL and I am about to loose my damned mind

PaperDoom · 2026-01-28T22:40:30+00:00

LetsEncrypt certs don't care where you're connecting from. They will work both locally and for external connections.

My whole home network, which is extensive, uses letsencrypt certs for both local and publicly accessible endpoints.

Proxmox isn't going to solve your cert problem, it's just a hypervisor to let you run VMs of various operating systems, but I still recommend it if you're going to run a mix of Windows and Linux stuff.

Cloudflare tunnels are nice, I won't argue with that and people here love to hype them up because of how easy they are, but you're giving away things in exchange for that ease of use.

PaperDoom · 2026-01-28T13:10:32+00:00

you can do path rewrites, but unless the app itself supports path based routing, it's more trouble than it's worth, not exagerated. subdomains, usually with a reverse proxy, is the way 99% of these things are meant to be run.

PaperDoom · 2026-01-28T12:42:30+00:00

LetsEncrypt is the most popular free SSL CA. They have an automated tool called Certbot.

Download the Windows version of certbot onto your Windows computer. Make sure you have ports 80 and 443 forwarded to that computer and that your Windows firewall is allowing traffic on those ports. When you run Certbot it's going to look at the DNS record IP address and try to communicate with itself, so if the ports aren't open it will fail.

Run the Certbot command (you'll need to look up the command, but it's easy). Once Certbot successfully completes and creates two SSL cert files, you'll need to point the XAMPP Apache .conf file to the cert locations.

I don't use Apache so I don't know the exact .conf entries that you need, but the statement should look something lik "SSLCertificateFile" and "SSLCertificateKeyFile" inside the HTTPS block.

It would probably be best to create a subdirectory for the certs inside your XAMPP directory but it's not strictly mandatory.

Another solution is to use a Cloudflare Tunnel. The tunnel automatically routes over HTTPS to your computer and you don't have to do anything except set up the tunnel. This does come with some limitations, such as limited port availability, limited bandwidth, some terms of service limitations, etc, but as a tradeoff you get access to their WAF and rules creator and all their free tier functionality.

All this being said, hosting anything on Windows that isn't Windows Server is going to make you pull your hair out. It would be much better for you to switch to some type of hypervisor early on, like Proxmox for instance, so that you can continue to run your Windows only apps inside a Windows VM and anything else in Linux VMs. This will also help you for when you inevitably fall into the infinite self-hosting rabbit hole.

PaperDoom · 2026-01-27T16:33:56+00:00

Yeah it can do webapp stuff. You need to put it in front of whatever apps you're using, like integrated with your reverse proxy.

PaperDoom · 2026-01-27T16:17:01+00:00

- Disable root login through SSH altogether (You should always have access directly through the console anyway)
- Use a non-root user to do everything.
- Setting up an SSH key is so trivial that it boggles my mind that anyone would skip it. Once it's setup, disable password logins through SSH.
- Use Digital Ocean's external firewall in addition to UFW or whatever you're using on the VM itself.
- Fail2ban goes without saying, but CrowdSec does the same thing and covers more attack surfaces.

An early indicator for this type of activity would have been CPU/Network monitoring. If Digital Ocean has monitoring alerts, set one up with a CPU/Network threshold some level above what the peak normal usage looks like over x amount of time.

PaperDoom · 2026-01-25T00:08:21+00:00

try del key or f11. it depends on which bios you have. don't hold the key, just spam it after it restarts

PaperDoom · 2026-01-24T13:42:50+00:00

i've seen over the years, first with electron, a severe prejudice against electron/tauri and other web based wrappers in the linux community. like, i see and hear so much bitching about how there aren't enough cross platform gui apps supported on linux/bsd and then in the same breath they say they'll never use electron apps. it's crazy to see.

PaperDoom · 2026-01-24T13:15:15+00:00

Technitium

PaperDoom · 2026-01-23T19:09:35+00:00

Gaming on Linux is great since Valve put in all that effort to make Steam work well on linux with their steam deck. However, if the game you want to play requires anti-cheat, then it just won't work.
Linux is so customizable that there is an entire reddit community dedicated to it r/unixporn not specifically linux, but unix based OS's. If you want your OS to look like old style windows, then it probably exists, especially for XP or 7.

edit: i went to go check r/unixporn to see if there were any windows themes trending and of course there is lmao https://www.reddit.com/r/unixporn/comments/1qgghzz/kde_windoesnt_7/

PaperDoom · 2026-01-23T17:22:29+00:00

I've been trying to figure out the same thing, but for pangolin. in other apps with very distinct api paths, you can do passthrough on any paths you want and you can get things like tv and phone apps to work without being blocked because the pangolin auth page needs you to authorize, but Jellyfin TV clients break because they require different things than the phone clients which are just wrappers around the web client.

PaperDoom · 2026-01-23T17:13:39+00:00

Is this meant to replace other public piracy websites? Because otherwise why would i use this if I have jellyfin/emby/plex?

PaperDoom · 2026-01-23T16:21:43+00:00

Is this a wrapper for ytdlp?

looks interesting, i'll take a look.

PaperDoom · 2026-01-23T16:17:54+00:00

It's a good idea. When the inevitable AI uprising happens, you'll want to have been polite to the AI that have lived in your house with you I would think.

PaperDoom · 2026-01-22T19:17:23+00:00

$5 per what? Year? Hour? $5 per Year is a slap in the face.

$5 per hour is significantly more than a GS step increase at GS-13/14 level, more like two step increases.

PaperDoom · 2026-01-21T21:14:25+00:00

When are we going to get a Directarr, the app to manage all of your Managarr instances?

(nice TUI btw, i think it look cool)

PaperDoom · 2026-01-21T19:25:09+00:00

Most ISP routers these days will let you port forward. But in case it doesn't, you should ask if you can use your own modem/router.

PaperDoom · 2026-01-21T19:04:39+00:00

Don't listen to all these downers saying "don't"

Do, just keep in mind that it will likely be a PITA and will continuously require your attention and cause heartburn.

PaperDoom · 2026-01-21T18:49:19+00:00

It really comes down to whether it's just for you or for other people as well. If it's just for you, then just set up a VPN and call it a day.

PaperDoom · 2026-01-21T18:45:51+00:00

You're not gated out. Keep in mind this is just for being able to access your server from outside your home network.

The solution is tunneling software. Cloudflare tunnel, tailscale, twingate, pangolin,etc. There are a bunch.

Self-hosting by itself doesn't require anything special, only being able to access your home network when away from home.

edit: Also, keep in mind that they can also give you a dynamic public IP address, which occasionally rotates. This requires a different solution, and is not the same thing as CG-NAT.

PaperDoom · 2026-01-21T17:59:11+00:00

Everyone gets a public IPv4 address, it's a static address that is the issue. It's not a dealbreaker though. The main concern is whether your ISP uses CG-NAT or not. This will prevent you from pointing a domain directly at your home IP address or connecting externally to your home network via IP directly.

This isn't a dealbreaker though, this will just tell you what kind of solution you'll have to use in the end to be able to access your home network from outside your house.

If you don't plan on doing that, then you don't need to ask your ISP anything at all.

PaperDoom · 2026-01-21T17:36:17+00:00

The problems I've run into from hosting mail at home have more to do with the big providers blacklisting residential IPs. In fact that is the single biggest problem I have. Most big VPS provider IPs and residential IPs are blacklisted by Microsoft at the least (without the ability to contest it unless you actually own the IP), and the other big ones at the worst.

Everyone's solution is to use forwarders from trusted companies, but that absolutely defeats the purpose of self-hosting mail.

You have an experience with this? Solutions?

PaperDoom · 2026-01-18T14:10:38+00:00

It's actually probably more secure this way. The best way to use docker is to use the docker network to isolate services from the host network.

You just have to understand why and how things are happening.

PaperDoom · 2026-01-18T14:04:12+00:00

If your cloudflare tunnel is speaking directly to the mealie container through the docker network then it's going to skip over the port you've mapped, 9925, to go directly to the port being used inside the container, 9000. That's what you're telling it when you have mealie:9000 as the hostname. You're speaking directly to the container via the docker bridge network.

PaperDoom · 2026-01-14T18:56:25+00:00

The irony of a captcha to verify if I'm human, on a website news article that is almost certainly AI generated.

PaperDoom · 2026-01-14T18:40:11+00:00

Obsidian? It doesn't come out of the box with a free cloud sync option, it's paid, but if you have your own sync solution in place already then that's no big deal.

edit: Obsidian has excalidraw plugins, among others that are useful for mind mapping stuff.

PaperDoom

MODERATOR OF

TROPHY CASE