I'm in the UK and looking to switch over to a UK host provider. Can anyone recommend IONOS for the uk? I'm considering a fairly low-spec VPS. Even with VAT, their prices will be about 3/4 of what I'm currently paying.

It's been a while since I noticed that but I can't find the reason. I selfhost :

• a linkding with docker
• a writefreely
• a bludit blog
• a CalDav (radicale)

There is a syncthing running for backups done with borg at night (automated with a crontab).

When I htop, I don't see anything to hint me to what is causing the heating.

Any ideas of what I could do to investigate that?

Thanks a lot.

cross-posted from: https://lemmy.dbzer0.com/post/39598489

Looking for privacy-focused web analytics? My new blog post breaks down Plausible Analytics - comparing cloud vs self-hosting options, with practical setup tips from my own experience. Learn how to bypass Google Analytics without sacrificing insights! #WebAnalytics #PrivacyFirst

https://lnk.clifmo.com/MB4oX

I’m trying to find an iOS client that lets me point to my self hosted LocalAI instance. Thanks!

A self-hosted URL shortener: Shlink - Keep control over all your shortened URLs, by serving them under your own domains, using this simple yet powerful tool. https://shlink.io/

I was very surprised to find this mature, full-featured URL shortener. It's written in PHP and includes Geoblocking so your shortener isn't abused.

A Docker quick-start guide: https://lnk.clifmo.com/ljk13

Hi all. Hoping someone in the #SelfHosting community can help. I'm trying to set up #Linkwarden in #Docker behind #Caddy. The service is running, but I'm unable to create a user account. This is what I see in my browser console when I try:

register:1 [Intervention] Images loaded lazily and replaced with placeholders. Load events are deferred. See https://go.microsoft.com/fwlink/?linkid=2048113register%3A1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms) <input data-testid=​"password-input" type=​"password" placeholder=​"••••••••••••••" class=​"w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:​border-primary duration-100 bg-base-100" value=​"tyq5ghp!QVH-mva1agc">register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms) <input data-testid=​"password-confirm-input" type=​"password" placeholder=​"••••••••••••••" class=​"w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:​border-primary duration-100 bg-base-100" value=​"tyq5ghp!QVH-mva1agc">Errorapi/v1/users:1 Request unavailable in the network panel, try reloading the inspected page Failed to load resource: the server responded with a status of 400 () Failed to load resource: the server responded with a status of 400 ()

compose file:

services:  postgres:    image: postgres:16-alpine    container_name: linkwarden_postgres    env_file: .env    restart: always    volumes:      - ./pgdata:/var/lib/postgresql/data    networks:      - linkwarden_net  linkwarden:    env_file: .env    environment:      - DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@linkwarden_postgres:5432/postgres    restart: always    # build: . # uncomment this line to build from source    image: ghcr.io/linkwarden/linkwarden:latest # comment this line to build from source    container_name: linkwarden    ports:      - 3009:3000    volumes:      - ./data:/data/data    networks:      - linkwarden_net    depends_on:      - postgresnetworks:  linkwarden_net:    driver: bridge

Relevant part of .env file:

NEXTAUTH_URL=https://bookmarks.laniecarmelo.tech/api/v1/authNEXTAUTH_SECRET=x8az9q9w8ofAxnrVcer2vsPHeMmKSPbf Manual installation database settings# Example: DATABASE_URL=postgresql://user:password@localhost:5432/linkwardenDATABASE_URL= Docker installation database settingsPOSTGRES_PASSWORD=redacted# Additional Optional SettingsPAGINATION_TAKE_COUNT=STORAGE_FOLDER=AUTOSCROLL_TIMEOUT=NEXT_PUBLIC_DISABLE_REGISTRATION=falseNEXT_PUBLIC_CREDENTIALS_ENABLED=true

Caddyfile snippet

*.laniecarmelo.tech {    tls redacted {        dns cloudflare redacted    }    header {        Content-Security-Policy "default-src 'self' https: 'unsafe-inline' 'unsafe-eval';             img-src https: data:;             font-src 'self' https: data:;             frame-src 'self' https:;             object-src 'none'"        Referrer-Policy "strict-origin-when-cross-origin"        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"        X-Content-Type-Options "nosniff"        X-Xss-Protection "1; mode=block"    }    encode br gzip    # Bookmarks    @bookmarks host bookmarks.laniecarmelo.tech    handle @bookmarks {        reverse_proxy 127.0.0.1:3009    }}

Can anyone help? I have no idea how to fix this.
#SelfHosted #CaddyServer #Linux #Tech #Technology
@selfhost @selfhosted @selfhosting

cross-posted from: https://lemmy.selfhostcat.com/post/232194

I found cryptpad, it seems nice. I already use NC but not for editing.

I have a VPS that I use to host a Nextcloud instance for my family. I host it there because my internet can be unreliable at times due to my rural location. I have an Unraid server at home that I use to host several services, but most file storage, for my family on our local network.

Previously I've been using https://github.com/juanitomint/nextcloud-client-docker to sync my files hosted on my VPS with my local Unraid server for each of my users. It has worked well for a few years, up until last week when I upgraded my Nextcloud on the VPS to 31.0.0.

I don't use the Nextcloud Client because I can't find it in a docker and I have multiple users I'm syncing to their appropriate file shares.

I've tried a few other Webdav related dockers to sync and I'm not having much luck. Most of them only seem to sync the main folder, so maybe I'm missing some argument or something?

Any advice or help is appreciated!

The official docker image is still at v0.11 and was last updated in 2016. It looks like maybe trunk is at 0.12, but, as far as I can tell, that a rolling release. My prosody install is too important to go with a rolling release.

Both the alternatives that they point to are similarly old;

• v0.11.13

https://github.com/OpusVL/prosody-docker/

• v0.11.x (?)

https://github.com/unclev/prosody-docker-extended

My server is langishing on the unclev image. I'd like to migrate to something with 0.12 and have a bit more confidence in its resiliance.

On my truenas scale machine, I have a container for gluetun and one for qbittorrent (among others). Maybe a couple times a week, I notice that the VPN connection gets flakey. Qbittorrent speeds go down into the kb/s range. This promps me to carry out an annoying, manual process:

1. I pause all torrents in qbittorrent webui
2. I stop both the qbit and gluetun containers
3. I start the gluetun container
4. I give the gluetun container adequate time to connect (since the qbit container depends on the gluetun network, attempting to start both at the same time yields an error on the qbit side)
5. I start the qbit container
6. I resume all torrents in the qbittorrent webui

Is there any easy way to automate this process? Preferably one that doesn't require me to learn ansible? I'm hoping the solution could all be done via portainer - which I use.

Thank you in advance.

Hi everyone,

I'm encountering an issue with my self-hosted setup using Caddy 2.9.1 and Authelia 4.38.19. All domains except auth.laniecarmelo.tech return a 401 Unauthorized error. Journald logs suggest issues with insecure schemes ('') instead of https or wss.

Details:

• Setup: Caddy as reverse proxy, Authelia for authentication
• Domains: AdGuard Home, Forgejo, LinkAce, MiniFlux, TheLounge, Homepage, Beszel, Glances, Uptime Kuma, Tandoor Recipes, BookStack, Watchtower, Portainer
• Logs:
  Authelia:
  Feb 24 21:01:47 stormux authelia[2932]: level=error msg="Target URL '/' has an insecure scheme '', only 'https' and 'wss' are supported"Caddy:
  Feb 24 21:19:41 stormux caddy[48845]: {"msg":"handled request","method":"GET","host":"adguard.laniecarmelo.tech","status":200}

Configurations:

• Full Caddyfile and Authelia config: GitHub Gist

Curl Output:

HTTP Request:

$ curl home.laniecarmelo.tech -v< HTTP/1.1 308 Permanent Redirect< Location: https://home.laniecarmelo.tech/

HTTPS Request:

$ curl https://home.laniecarmelo.tech/ -v< HTTP/2 401 < content-type: text/plain; charset=utf-8< server: Caddy401 Unauthorized

Does anyone know what might be causing this? I suspect it could be related to forward_auth or trusted proxies.

Thanks in advance! 🙏

#SelfHosting #CaddyServer #Authelia #ReverseProxy #TechHelp #Linux #HomeLab
@selfhost @selfhosting @selfhosted

Need help with #Caddy configuration. Getting error:
"Error: adapting config using caddyfile: /etc/caddy/Caddyfile:20: parsed 'header' as a site address, but it is a known directive; directives must appear in a site block"

Running #LinkAce behind Caddy. Config has global options block, site blocks for subdomains, and snippets for common configs. Error persists despite:

• Proper indentation
• Blank lines between blocks
• Snippets after global block
• Valid header directives

Full config: https://privatebin.io/?e2b50660d40b8463#Awoq9mqdg5nyNB25xvd1zB8L7mX5m9e9sZJDguegJL2G
Password: bka@zhj@btc4FPR!emr

#SelfHosted #Docker #ReverseProxy #WebDev #Linux #HomeLab
@selfhost @selfhosted @selfhosting

#SelfHosted #LinkAce Bookmark Manager Running, but Unable to Check for Updates or Generate a Cron Token

Hi all. Hoping someone in the #SelfHosting community can help here. I'm running LinkAce in #Docker behind non-Dockerized #Caddy and #Authelia, and most things are working, but I'm seeing "Could not check for updates" at the bottom of each page, and when I tried to generate a cron token, nothing happened except for the generate button graying out. I am seeing one or two 404 errors in my logs, but I don't know if that's causing the problem or not. I don't know much about #PHP applications.

Logs

2025-02-22 23:25:26,460 INFO supervisord started with pid 12025-02-22 23:25:27,465 INFO spawned: 'php-fpm' with pid 82025-02-22 23:25:27,467 INFO spawned: 'caddy' with pid 9[22-Feb-2025 23:25:27] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root[22-Feb-2025 23:25:27] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root[22-Feb-2025 23:25:27] NOTICE: fpm is running, pid 8[22-Feb-2025 23:25:27] NOTICE: ready to handle connections{"level":"info","ts":1740266727.5264525,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}{"level":"info","ts":1740266727.5280282,"msg":"adapted config to JSON","adapter":"caddyfile"}{"level":"warn","ts":1740266727.5280406,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}{"level":"info","ts":1740266727.529092,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}{"level":"warn","ts":1740266727.529331,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}{"level":"info","ts":1740266727.5294206,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40000bab00"}{"level":"warn","ts":1740266727.530186,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}{"level":"warn","ts":1740266727.530195,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}{"level":"info","ts":1740266727.530198,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}{"level":"info","ts":1740266727.5412574,"msg":"autosaved config (load with --resume flag)","file":"/home/www-data/.config/caddy/autosave.json"}{"level":"info","ts":1740266727.541271,"msg":"serving initial configuration"}{"level":"info","ts":1740266727.5477707,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/home/www-data/.local/share/caddy"}{"level":"info","ts":1740266727.5541356,"logger":"tls","msg":"finished cleaning storage units"}2025-02-22 23:25:28,555 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)2025-02-22 23:25:28,555 INFO success: caddy entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)::1 -  22/Feb/2025:23:25:34 +0000 "GET /index.php" 200::1 -  22/Feb/2025:23:25:34 +0000 "GET /index.php" 404

Docker Compose file

services:  #
***
LinkAce  linkace:    image: docker.io/linkace/linkace:latest    container_name: linkace    restart: unless-stopped    depends_on:      - linkace_db    ports:      - "0.0.0.0:3009:80"    volumes:      - ./.env:/app/.env      - ./backups:/app/storage/app/backups  #
***
Database  linkace_db:    image: docker.io/library/mariadb:11.5    container_name: linkace_db    restart: unless-stopped    command: mariadbd --character-set-server=utf8mb4 --collation-server=utf8mb4_bin    environment:      - MYSQL_ROOT_PASSWORD=${DB_PASSWORD}      - MYSQL_USER=${DB_USERNAME}      - MYSQL_PASSWORD=${DB_PASSWORD}      - MYSQL_DATABASE=${DB_DATABASE}    volumes:      - db:/var/lib/mysql  #
***
Cache  linkace_redis:    image: docker.io/bitnami/redis:7.4    container_name: linkace_redis    restart: unless-stopped    environment:      - REDIS_PASSWORD=${REDIS_PASSWORD}volumes:  db:

.env (secrets redacted)

## LINKACE CONFIGURATION# The app key is generated later, please leave it like thatAPP_KEY=redactedAPP_ENV=development## Configuration of the database connection## Attention: Those settings are configured during the web setup, please do not modify them now.# Set the database driver (mysql, pgsql, sqlsrv, sqlite)DB_CONNECTION=mysql# Set the host of your database hereDB_HOST=linkace_db# Set the port of your database hereDB_PORT=3306# Set the database name hereDB_DATABASE=linkace# Set both username and password of the user accessing the databaseDB_USERNAME=linkace# Wrap your password into quotes (") if it contains special charactersDB_PASSWORD=redacted## Redis cache configuration# Set the Redis connection here if you want to use itREDIS_HOST=linkace_redisREDIS_PASSWORD=redactedREDIS_PORT=6379APP_DEBUG=true# SSO configurationSSO_ENABLED=trueSSO_OIDC_ENABLED=trueSSO_REGISTRATION_ENABLED=trueREGULAR_LOGIN_DISABLED=trueSSO_OIDC_BASE_URL=https://auth.laniecarmelo.tech/  # Your Authelia base URLSSO_OIDC_CLIENT_ID=linkaceSSO_OIDC_CLIENT_SECRET='redacted'SSO_OIDC_SCOPES=openid,profile,email

Caddyfile snippet

{    email [email protected]    debug    acme_dns cloudflare redacted    http_port 80    https_port 443    admin :2019 {        origins 127.0.0.1:2019 0.0.0.0:2019 stormux:2019 caddy.laniecarmelo.tech    }}(logconfig) {    log {        output stdout        format json    }}(auth_headers) {    header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"}(proxy_config) {    header_up Host {http.request.host}    header_up X-Real-IP {http.request.remote}    header_up X-Forwarded-User {http.auth.user.id} # Pass user ID    header_up X-Forwarded-Email {http.auth.user.email} # Pass email}(authelia_middleware) {    forward_auth localhost:9091 {        uri /api/verify?rd=https://auth.laniecarmelo.tech/        copy_headers Remote-User Remote-Email Remote-Groups Authorization    }}bookmarks.laniecarmelo.tech {    route {        import authelia_middleware        reverse_proxy localhost:3009 {  # Directly proxy to LinkAce's web server            import proxy_config        }    }    import logconfig    import auth_headers}

Authelia config snippet

    - domain: "*.laniecarmelo.tech"      policy: bypass      networks:        - 192.168.1.0/24    # Local network        - 172.17.0.0/16     # Docker bridge network        - 100.64.0.0/10     # Tailscale network    - domain: "bookmarks.laniecarmelo.tech"      resources: ["^/api.*"]      policy: bypass    - domain: "*.laniecarmelo.tech"      policy: one_factor            - client_id: linkace        client_name: LinkAce bookmarking app        client_secret: redacted         public: false        authorization_policy: one_factor        scopes: [openid, groups, profile, email, offline_access]        redirect_uris:          - https://bookmarks.laniecarmelo.tech/auth/oidc/callback        grant_types: [authorization_code]        response_types: [code]        response_modes: [form_post, query]        userinfo_signed_response_alg: none        consent_mode: explicit        pre_configured_consent_duration: "1y"

Does anyone know what might be causing this and how I can fix it?
#Linux #ArchLinuxARM #Stormux #RaspberryPi #RaspberryPi500 #RPi #RPi500 #tech #technology
@selfhost @selfhosted @selfhosting

cross-posted from: https://lemmy.world/post/25939893

"Youlag" is a theme and extension for the feed aggregator FreshRSS. It delivers a video-focused browsing experience for your YouTube RSS feeds, all within FreshRSS, with a sleek theme and extra features.

Supports video feeds from YouTube, Invidious, and Piped.

Why?

The general idea is to subscribe to YouTube channels via RSS, allowing you to follow your favorite creators without an account. With Youlag installed, you can browse and watch videos in a familiar, YouTube-like interface.

More features are planned, including video queuing (with some limitations).

Git repository for more details:

https://github.com/civilblur/youlag

Features:

• ⭐ Optimized for Video Viewing
  • Browse your YouTube, Invidious, Piped RSS subscriptions with ease.
  • Clean, familiar video platform layout.
  • Fullscreen viewing for videos and feed items.
  • Quickly exit videos with Esc key.
  • Shortcuts for external viewing: "Invidious", "YouTube", or "YouTube embed view" (for less distraction).
  • Dark mode.
• 🖥️ Desktop & Mobile
  • Reponsive design.
  • Redesigned menus for better one-handed navigation.
  • Improved readability and legibility across devices.

Since v3.0.0, and currently v3.0.2, Youlag has been refactored from a CSS theme to work more like an extension. This has improved stability and allowed me to add more features.

It's still not yet a native FreshRSS extension, but my plan is to convert it to one.

cross-posted from: https://lemmy.ml/post/26304038

from the OpenSSH 9.9p2 release announcement:

This release fixes two security bugs.

Security
========

* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
  (inclusive) contained a logic error that allowed an on-path
  attacker (a.k.a MITM) to impersonate any server when the
  VerifyHostKeyDNS option is enabled. This option is off by default.

* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
  (inclusive) is vulnerable to a memory/CPU denial-of-service related
  to the handling of SSH2_MSG_PING packets. This condition may be
  mitigated using the existing PerSourcePenalties feature.

Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.

Password is right in compose and config. Idk what else to do.

A distributed streaming platform that can run on Raspberry Pi 5.

Last October, at a conference we shared a demo running Fluvio and Stateful DataFlows on a Rasperry Pi 5 running an object recognition pattern.

Fluvio is a distributed streaming runtime for building event driven analytical applications.

Relevant for Builders who are writing applications in Rust. Software & Data Architects who are building intricate data processing workflows to build intelligent applications using Rust, Python, or JavaScript, and of course SQL.

Fluvio currently is version 0.15.2, closing towards version 1 steadily. The past release notes and features are here - https://www.fluvio.io/news/

Documentation updated as of last release - https://www.fluvio.io/

We released a benchmarking utility in v0.15 and a blog showing some basic benchmark runs here : https://infinyon.com/blog/2025/02/kafka-vs-fluvio-bench/

Would love for you awesome people to try it out and share your experience.

#MiniFlux users, can anyone help?

Hi all. I'm having some issues with MiniFlux, a #SelfHosted #RSSReader, and hoping someone can help. MiniFlux was working fine until I tried to deploy ReactFlux on the same domain as it, rss.laniecarmelo.tech, on a subpath, /reactflux. This didn't work so I removed ReactFlux. I also migrated MiniFlux from #Docker to #Pacman package, thinking it would be easier on my system. This problem, or a similar one, was occurring before I did that though.

Now, rss.laniecarmelo.tech loads the MiniFlux login page, but when I login, it redirects to a blank page at rss.laniecarmelo.tech/login. I've added trusted proxies and cookie configuration to my miniflux.conf and headers to my Caddyfile, but I still have the issue.

I'm using #Caddy for #ReverseProxy and #Cloudflare for #SSO. Has anyone seen anything like this before? This is on a #RaspberryPi500 running #ArchLinuxARM.

I've checked MiniFlux logs, and it's getting the login requests and creating sessions. I'm not sure what's happening after that. Cloudflared and Caddy seem to be working normally.

#SelFhosting #Linux #RSS #RaspberryPi #RPi #tech #technology
@selfhost @selfhosted @selfhosting

Within the past couple months, I saw someone's pet-project where they were cobbling together a self-hostable FOSS app/service to allow people to collaborate on travel planning. It included note taking, images, possibly some functionality around dates, and a map to drop pins and see a route (I'm not sure which backend but I would guess OSM).

Now I can't find it. :(

Does anyone use an app like this? Does anyone have any recommendations? My needs are loose - my only requirements are a FOSS license and to be self-hostable.

Thanks for ideas/suggestions.

Would you be able to host instances for stuff like mastodon and peertube on a raspberry pi more specifically the raspberry pi 5

Hello, I have set up a synapse homeserver with email support, but i get one of two errors, depending on what smtp port i'm using:

465:Unable to add email address
MatrixError: [500] An error was encountered when sending the email (https://tanuki.gay/_matrix/client/v3/account/3pid/email/requestToken)

587: fetch failed: NetworkError when attempting to fetch resource

anyone know of a solution to this? can provide configs on request.