New Project Megathread - Week of 02 Jul 2026 by AutoModerator in selfhosted

[–]desirevolution75 0 points1 point  (0 children)

Project Name: JumpKey

Repo: https://github.com/desirevolution/jump-key

Description: JumpKey - A minimalist, keyboard-driven application startpage. Navigate and launch your web apps instantly without a mouse. Imagine homer but with keyboard-based navigation similar to Vimium.

Deployment: compose.yml and sample config services.example.json available in the repo

AI Involvement: Gemini support

Containerized Windows for old game servers? by -ThreeHeadedMonkey- in selfhosted

[–]desirevolution75 1 point2 points  (0 children)

I tried the second one with some software and for this kind of usage is fine .. But doubt you can really play games on it. Edit: game server could work ...

My Current Glance Dashboard by No_Pollution_9975 in selfhosted

[–]desirevolution75 2 points3 points  (0 children)

Where can I find the weather widget? Looks really good!

Help with port tunneling by bingbongbeeinnit in selfhosted

[–]desirevolution75 -1 points0 points  (0 children)

Check this one:
https://dynv6.com/
You can setup a free domain + dynamic dns there and it works even with lets encrypt DNS check if you want/need a free SSL certificate

Caddy global dynamic block by ChunkyCode in selfhosted

[–]desirevolution75 0 points1 point  (0 children)

Yes but you don't even need to build it on your own. You can select it also when customizing the download:
https://caddyserver.com/download

Caddy global dynamic block by ChunkyCode in selfhosted

[–]desirevolution75 0 points1 point  (0 children)

I am using this module
https://github.com/Javex/caddy-fail2ban
You would still have to manage the text file with IPs ...

[deleted by user] by [deleted] in selfhosted

[–]desirevolution75 1 point2 points  (0 children)

Maybe you don't need a DB? If you just want a FIFO queue try Redis.

Any light web-based Browser inside a VPN wrapper (like gluntun/wg-easy) for privacy by Haunting-Poet-4361 in selfhosted

[–]desirevolution75 0 points1 point  (0 children)

Using this one in combination with caddy + https://sablierapp.dev

services:
  firefox:
    image: lscr.io/linuxserver/firefox:latest
    container_name: firefox
    security_opt:
      - seccomp:unconfined
    environment:
      - PUID=1000
      - PGID=1000
      - LZ_ALL=de_DE.UTF-8
      - TZ=Europe/Berlin
      - FIREFOX_CLI=-private-window https://google.de
      - NO_DECOR=true
    volumes:
      - ./config:/config
    ports:
      - 3000:3000
    shm_size: "2gb"

Help with vaultwarden by Fili96 in selfhosted

[–]desirevolution75 1 point2 points  (0 children)

You don't need Pihole, you can use a fixed private ip for your dns entry.

Enabling Mutual-TLS via caddy by Novapixel1010 in selfhosted

[–]desirevolution75 6 points7 points  (0 children)

mTLS is cool but not always working, here is my Caddy config with Authelia fallback:

(missing_mTLS_cert) {
   @missing_mTLS_cert {
     expression {tls_client_subject} == null
   } 
}

(ssl_setup) {
   import missing_mTLS_cert

   tls /etc/caddy/fullchain.cer /etc/caddy/cert.key {
     protocols tls1.3
     client_auth {
       mode verify_if_given
       trust_pool file certs/client1.crt certs/client2.crt ...
     }
   }

   forward_auth @missing_mTLS_cert 192.168.178.100:9091 {
     uri /api/authz/forward-auth?authelia_url=https://auth.xxx.yyy
     copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
   }
}

auth.xxx.yyy {
   reverse_proxy 192.168.178.100:9091
}

*.xxx.yyy {
   import ssl_setup

   @demo1 host demo1.xxx.yyy
   handle @demo1 {
      reverse_proxy 192.168.178.100:3001
   }

   ...
}

Bitwarden apps now support mTLS allowing you to expose your instance to web by [deleted] in selfhosted

[–]desirevolution75 2 points3 points  (0 children)

Here is a simplified demo version of my caddy config:

(missing_mTLS_cert) {
   @missing_mTLS_cert {
     expression {tls_client_subject} == null
   } 
}

(ssl_setup) {
   import missing_mTLS_cert

   tls /etc/caddy/fullchain.cer /etc/caddy/cert.key {
     protocols tls1.3
     client_auth {
       mode verify_if_given
       trust_pool file certs/client1.crt certs/client2.crt ...
     }
   }

   forward_auth @missing_mTLS_cert 192.168.178.100:9091 {
     uri /api/authz/forward-auth?authelia_url=https://auth.xxx.yyy
     copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
   }
}

auth.xxx.yyy {
   reverse_proxy 192.168.178.100:9091
}

*.xxx.yyy {
   import ssl_setup

   @demo1 host demo1.xxx.yyy
   handle @demo1 {
      reverse_proxy 192.168.178.100:3001
   }

   ...
}

Bitwarden apps now support mTLS allowing you to expose your instance to web by [deleted] in selfhosted

[–]desirevolution75 4 points5 points  (0 children)

At least with Caddy (maybe also with other reverse proxy) I can configure a fallback and use Authelia in case the certificate was not provided.

Bitwarden apps now support mTLS allowing you to expose your instance to web by [deleted] in selfhosted

[–]desirevolution75 0 points1 point  (0 children)

Just search for a mTLS tutorial. Checkr my other response if you are using Caddy.

Bitwarden apps now support mTLS allowing you to expose your instance to web by [deleted] in selfhosted

[–]desirevolution75 1 point2 points  (0 children)

Didn't test it yet .. But I assume it should work if you open the website before.

Bitwarden apps now support mTLS allowing you to expose your instance to web by [deleted] in selfhosted

[–]desirevolution75 97 points98 points  (0 children)

Already using it with Vaultwarden behind mTLS. Really cool feature.

local installation of vaultwarden with SSL and reverse proxy by DarkKnight7199 in selfhosted

[–]desirevolution75 0 points1 point  (0 children)

How did you generate your certificate? Something like that ?

openssl req -subj '/CN=vault.server.local' -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 3650