Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
If you're using a third party CA, periodically renewing certificates in my experience. The authority needs to be able to connect to the device it's issuing a cert to, for it to handle a security challenge iirc.
If you set up your own CA, none that I know of.
Then I don't understand the need for neither domain names nor third party signed certs. Can't you use PiHole as a configurable DNS server, just make any domain name go to any of your local devices?
Neat, might have to look more into that the next time I redo my setup.
DNS challenge is the way to go. I just did it couple of weeks ago. Here is youtube video of the process. He uses duckdns but I personally used cloudflares dns
That was my concern too. NGINX would need access to the internet in order to renew the certs.
Yes, that is how it is currently setup, and how I may end up leaving it. Right now, I can go to jellyfin.home, and that request gets routed to my pihole which has custom DNS entries, which then points to NGINX and NGINX forwards it to the correct IP/ port. All works as expected, except it is not https (which is not that big of a deal since all my stuff is restricted from the outside world). Just an OCD itch I'm trying to scratch.
Hey, I advocate https even for LAN only, most people don't think about the Wifi attack vector. That's why I use self signed certs on my LAN stuff, I just don't care about that yellow padlock that disappears when I trust the website. I've only experienced a single app ever that didn't accept self-signed (I'm looking at you wallabag app).
I can understand how it would be different if family members suddenly starts asking if it's true when their devices tell them the webside is potentially dangerous.
People... watching money?