If you don’t have much time, I would keep it as simple as possible. Just put Fedora on it, administer it through Cockpit if you like a web-gui and run the software via Podman self-updating containers. Storage on btrfs raid1.
Thanks! I have heard of Cockpit and Podman but never used it. I do use Fedora Workstation on my main laptop and find it quite reliable. Can you share a few pros or cons?
Cockpit is not the most advanced in regards to monitoring but it keeps it simple and manageable.
Podman runs all Docker containers (at least in rootful mode), but you are better off turning the usual docker-compose scripts into systemd service files via the built in Quadlet system. A bit more work initially, but then all the containers are nicely managed like any other service via systemd.
Other people have said lots of useful things so I wanna just add on: nginx proxy manager is really useful for this. It's a webui that automates reverse proxying with Nginx (so that you can host multiple pages on the same machine/port) and also centralizes managing SSL certificates, including automatically obtaining them from Let's Encrypt.
I tried it couple of times when i was less knowledgeable, and failed... i do need to give it another try, but I really struggle focusing on this steps...
It almost makes javascript seem quick and easy hahahah
Yeah setting up a reverse proxy can be confusing, I still struggle with it sometimes. You can get away without it, but when you have your basic setup working then it's great to have.
well...i failed yet again... xD
i was up until 2 am trying tweaking porkbun, cloudflare and nginx proxy manager...
Everything says it's up and running, but i keep getting
" Web server is down Error code 521 "
or
"Hmm. We’re having trouble finding that site."
Now am also late for work and only slept like 5 hours...
and what bugs me the most is that this is just the "testing " setup... when i'll finally get it working i'd have to do it all over again for the main services and private stuff :(
Maybe an OS like Unraid might help. Been using it for a few years now to spin up dev servers and run some containers for personal use and have no complaints. It’s not free but it’s well worth the price. What’s nice about it is how much support you can find and that it’s pretty straightforward to get it up and running.
I may have express myself poorly, sorry, was in a rush.
I got the services running fine, am still learning and testing few things but the things I need or build are available and running on local.
My issue is about publishing them online, like linking them to a domain name I bough, and pointing that to my static home IP address, and the routing for each of them
like "cloud.myhomelab.net" to point to my home IP, and then reverse proxy that to the nextcloud instance at 192.168.1.127:8080 that is a proxmox container running docker containers
I followed some of dbtech's tutorials, and tried via Porkbun and cloudflare tunnels, and just after posting this I saw that it finally propagated (after a looot of days) but can only reach one of the services I set up.
Another way i kinda heard about was not using cloudflare tunnels and redirecting the traffic to my static IP to an nginx container that then redirects the traffic inside my home lan but I really don't know how to handle security with that, and also my ISP is blocking traffic on port 80 and 443 ( "it's for our router firmware's updates..." that were like 4 years ago last update )
All the idea of how to connect my local machines to the outside world and different method and secure proofing is soo difficult to understand for my, i really can't wrap my head around on what does what
I know I like tech stuff and I know i can get passionate and raise my skills on my own, but I could not find any good "beginner level" resource that didn't step from a simple nice to get drawing of how things should be, to a complex mixmatch of services and settings that leaves me in doubt of what do i have to do in my instance....
Thanks for the link, i'll check it out as i get back home...
Since you are on the same journey and know about any group chat or communities that are noob approachable, i'm all ears
reddit's r/homelab and r/selfhost were my go-tos, but Spez decided to kill the golden goose, so I left. I've been trying to help the Kbin and Lemmy communities grow, but we'll see how it goes…
Oh! Also Tildes! It's been established for a while but the user base isn't huge since it's still in beta. LMK if you'd like an invite.
DNS includes wildcard support, so I can easily use anything.mydomain.net
After briefly trying out a couple of somewhat ingrated Caddy projects others have done, I decided they were too specific to their set-ups and did not make my life easier. I tossed them out and went simple. I wanted something super easy to understand, and thus easy to troubleshoot.
First I set it up in Docker. I created a really, really simple docker compose file:
version: "3.7"
services:
caddy:
image: caddy:alpine
restart: unless-stopped
ports:
- "1080:80" # Because Synology DSM reserves 80 for itself
- "10443:443" # Because Synology DSM reserves 443 for itself
- "10443:443/udp" # Because Synology DSM reserves 443 for itself
volumes:
# next four lines are default
# - $PWD/Caddyfile:/etc/caddy/Caddyfile
# - $PWD/site:/srv
# - caddy_data:/data
# - caddy_config:/config
- /var/docker/caddy/config/Caddyfile:/etc/caddy/Caddyfile
- /var/web:/srv # serve this by default?
- /var/docker/caddy/data:/data
- /var/docker/caddy/config:/config
volumes:
data:
external: true
config:
external: true
(If the machine you are running Caddy on doesn't reserve ports 80 and 443 for itself like Synology DSM does, you don't need the ridiculous high ports I mapped. Just do 80:80 and 443:443.)
Then I created a simple Caddyfile.
web.fakeme.net, www.fakeme.net {
# This connects to the default Synology web service
reverse_proxy 192.168.2.15:80
}
This tells Caddy: When you get a request for web or www, send it to the machine at 192.168.2.15 using port 80.
Then I added to it, one service at a time to make sure things worked at each step
wow, thanks for all the help!! Man, i misssed this kind of community feel for the last like...4 years.
I just woke up and saw this comment, as i get back from work i'll test it.
Yesterday I've tried making nginx proxy manager and cloudflare work, since I had already tried them couple of times, but still, i get to the same point and can't really figure out why I either get "Hmm. We’re having trouble finding that site." or " Web server is down Error code 521 "
read the documentation you listed
dug around the official docs setting up and getting informed beforehand
I read about testing to the staging letsencrypt api, but then forgot to add that
ran the container, it failed to get ssl certificates, but it blocked me in less than 20 seconds
I then changed some configs, since i was testing different ways of how it might work, but even after switching to the staging api for letsencrypt, i still receive logs saying it is refused and on timeout
ERR ts=1688509895.6641216 logger=tls.obtain msg=will retry error=[nextcloud.mysite.com] Obtain: [nextcloud.mysite.com] solving challenge: nextcloud.mysite.com: [nextcloud.mysite.com] authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for nextcloud.mysite.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for nextcloud.mysite.com - check that a DNS record exists for this domain (ca=https://acme-staging-v02.api.letsencrypt.org/directory) attempt=2 retrying_in=120 elapsed=66.535909489 max_duration=2592000
ERR ts=1688509906.5700405 logger=tls.obtain msg=unable to unlock identifier=sp.mysite.com lock_key=issue_cert_sp.27082019.xyz error=remove /data/caddy/locks/issue_cert_sp.mysite.com.lock: no such file or director
(Provided you really do have a static IP, with DSL or cable connections you get a dynamic IP (either every day or with a reconnect). Then you'd need to look up something called "Dynamic DNS".)
Then you need to forward some ports to your local machine, that is done in your router. Usually you can map any external port to any internal port, so you would just route all traffic that comes in on e.g. port 8000 to your local machine on port 80. (On a sidenote: what ISP blocks ports 80 and 443, lol? I'd switch ISP if possible).
But your choice of internal ports don't really matter, because that's job is better left to the reverse proxy. I'd suggest "Nginx Proxy Manager", which is a nginx proxy with a very nice GUI that comes as a docker. It makes routing ports and especially obtaining SSL certificates a breeze. I find that way more accessible than traefic or caddy or basic nginx. You'll find lots of tutorials for this.
So to recap: connect IP to URL with a DNS record at the domain registrar, forward some ports in your router, which ones doesn't really matter because you can just "bend" them anyway you like with the reverse proxy.
thanks a lot for the easy recap !!
I remember hearing and checking out Nginx Proxy Manager while following tutorials some mention that, but i found the tutorials kinda awkward at the time and didn't fully understand what it was for ( it was kinda of a long time ago tbh ).
As for the ISP, it is Fastweb, in italy, and is kinda a bummer, they rely on Telecom's FTTC network ( meaning the cable and cabinets infrastructure ) for their service, so i can either choose Fastweb ( kinda good pricing since I only have internet and no home phone ) or Telecom's pricing are like and armed robbery, where the fixed price you sign is already higher, and is full of hidden paid service that pop up every now and again and it gets you mad on how many times you have to call their customer service to either remove those service or claim refund.
Other ISPs in my area don't have fiber connection and top to like 5 Mbs downloads on a good day.
pro: much more secure than having a nextcloud directly exposed to the internet! especially if you don't have an intrusion prevention system (e.g. fail2ban).
pro: saves you the hassle of DNS records, routing ports, SSL certificates. You only need to forward one port (usually UDP 51820) from your router to your local machine, and the wireguard client on your remote computer connects directly to your static IP.
pro: once you're connected to the VPN you can access your nexctloud directly at 192.168.1.127:8080
con: a bit less comfortable, since you cannot just open a browser and go to mybeautiful.homeserver.com, you need to connect to the VPN first
con: not as easy for sharing stuff, you cannot just say "here mamma, go to mybeautiful.homeserver.com, log in with user/password and then you can see my holiday pictures".
depends on your use case. if you're all alone on the nextcloud or have technical people accessing it, I would definitely suggest the wireguard VPN
thanks again for the clarification.
I have used a wireguard instance for my father's synology couple years ago following some tutorials since his account was having problems using the synology quickconnect for some reason ( solved by the support )
Anyway, yeah I remember it was kinda of an hassle to setup and explain to him multiple times the process...and to be honest i quite forget most of it myself...
On Android one can't just run one app via vpn right??
like tunneling just the nextcloud app and leavin the rest alone..
Right now i'm following step by step the nginx proxy manager tutorials, reeeaally reeeally slowly so i can take notes for the next time, and undertsanding better
Hope not to screw it up again xD
I really need nextcloud and my data at hand, i'm so tired of having thigns scattered between google drive, keeps, notion, calendars etc...
As mentioned by others, you'll need someone to set it up properly and maintain the software as it will likely become a core part of your business if utilized properly
@iocase If you need something simple (inventory, billing, sales) try Dolibarr. If you need something more complete, try something like Tryton (Odoo 8 fork).
I do not reccommend Odoo, as the community version has limitations and you need a subscription un orden to use all the modules.
@iocase With 20 employees, you'll probably want to look at open source solutions unless you have a significant budget available. To get all your employees on Microsoft Dynamics Nav, for instance, would run about $8000 a month.
The drawback of open source solutions is that you'll likely need a dedicated employee to keep the system running and updated, and there's no higher levels of paid support option if they run into problems.
I saw that Synology Photos is getting some sort of object recognition in an upcoming update. But I love the idea of running your app on a container on my Mac (with lots of cores to run the ML code) while keeping the photos homed on the NAS. Definitely going to play with it :)
selfhosted
Popular
Esta revista es de un servidor federado y podría estar incompleta. Explorar más contenido en la instancia original.