Hacker News new | past | comments | ask | show | jobs | submit login
What are your most used self-hosted applications? (noted.lol)
736 points by geeked on May 4, 2022 | hide | past | favorite | 446 comments



My main goal is to replace cloud services so I can be Google-free. I've also got LineageOS + MicroG on my phone. This is all running in docker containers on NixOS (other than OPNSense), with automated restic backups to a NAS as well as Backblaze. One of my goals is to be able to deploy all this again from scratch with minimal effort, and I think I succeeded, though haven't had to test it yet.

Nextcloud - for caldav and carddav calendar, contacts, and tasks

Xbrowsersync - sync bookmarks across device

Synchthing - backup data from my phone. I use Neo Backup to take a snapshot of all apps, so the phone should theoretically be restorable from scratch.

Jellyfin - Spotify replacement. The Finamp app is fantastic.

Home Assistant - automate my media center, as well as control outdoor lights and door locks, and check if any doors or windows are open or unlocked when I'm away.

OPNSense on a protectli box - amazing open source gateway software that does everything.

AdGuard Home (on OPNSense) - DNS based ad blocking

Wireguard (on OPNSense) - allows me to have an always on partial tunnel VPN on my phone and laptops that allows access to home services while remote, and also allows me to use my Ad Guard DNS.

HAProxy + LetsEncrypt (on OPNSense) - setup to provide subdomains for each of the services at home. Only a couple are public (contacts and calendar), but the rest become available when the VPN is on.

Smokeping - use it to collect data to rub into Spectrums face when they go down.

Pintry - Pinterest clone


How much time do you spend maintaining this stuff every month? Like upgrading versions, etc.? Do you subscribe to any security channels? Do you care what language it's built in, try to keep it all on a few languages to minimize maintenance burden, etc.? I've been considering self-hosting, but put off thus far by the above concerns.


Initially I spent a lot of time as I used it as an opportunity to learn Nix/NixOS. I used Nix intentionally as it's a rolling release and also it's declarative and intended for reproducible deployments, so I don't need to deal with an OS like Ubuntu that slowly gets crufty and out of date and needs a clean-up or upgrade or complete re-install. And if I do need to re-install, it should be mostly a one-liner.

For security there are these scanners:

https://github.com/flyingcircusio/vulnix

https://github.com/andir/nix-vulnerability-scanner

I also run all services in docker and my network uses VLANs behind an OPNSense firewall. I use Wireguard as a pinch point into my network to access most services. So I'm not too worried about the security aspect.

Upgrading on Nix is pretty easy - just bump your lock file and it will get the latest packages, assuming you are on the unstable channel. But unstable does break on occasion. You an also use the latest stable release of Nix and selectively choose unstable packages, which is probably the way to go. I rarely need to fix anything - it's been pretty reliable - I feel like with each patch I make to my config (which is all checked into git), the system gets more reliable and reproducible - 2 steps forward, no steps back. It only starts eating time when I want to add or upgrade some element to the system, but I always make sure to never do any action that isn't captured in Nix config and backed up, so that I don't have to come back and figure out what exactly I did or how something works again. It's been fine. Nix has a pretty steep learning curve, but considering its power, I think it's absolutely worth it.


That's awesome, would you mind sharing your nix config. I have never used nix and would love to see an example


I'd prefer not to share my personal git repo as it would reveal my identity, but I based it on these:

https://github.com/MatthewCroughan/nixcfg

https://github.com/hlissner/dotfiles

https://github.com/georgewhewell/nixos-host

https://github.com/ipetkov/dotfiles

There's also the DevOS project, which is an attempt to create a base of boilerplate than anyone can use as a start to build a system:

https://devos.divnix.com/

Recommendations:

* Definitely use flakes

* Use Agenix to store secrets out in the open (encrypted with your SSH key)

* Use home-manager

* Keep config modular so you can selectively include it in various hosts and domains (e.g. desktop vs server).

Think of it as building software when you figure out how to organize your config. The bulletpoints above can all be a bit difficult to figure out so don't feel bad if you don't get them installed right away. Try to start with a machine that isn't your daily driver and blocking your workflow.


Champion! thanks


Any thoughts on Guix as compared with Nix? I've tinkered a bit with Nix, including running NixOS for a bit on my laptop, but quite like the lispy languages in comparison.


I found out about guix after already investing in nix. Looks great, and better in many ways, but I'm more familiar with Haskell syntax than lisp, and my understanding is that the nix ecosystem is far more developed.


Good to know, thanks! It does seem to have more packages and such for sure, and more traction among Haskell crowd I think from the bit I've seen.

Either way, I am more inclined currently to use packages on top of a base Linux distro, so suspect I can mess around more without committing to either for now.


How do you handle partition management? I've got all the mount points set up in my configs but the initial creation of partitions was still a manual process that I'd need to go back to my notes for if I ever have to redeploy things.


I wrote a script that I have in GitHub that I curl down to a new system I need to prep. It takes four or five params, e.g. UEFI vs legacy, SSD vs disk, etc, then does all the prep programmatically. This really should be part of the nix ecosystem though.


What setup did you use when you were learning NixOS? Server in the cloud or a desktop rig?


Started by getting it working on my new work laptop (Thinkpad), then putting it on my personal laptop (Dell XPS) to figure out how to split config into multiple hosts, then finally onto an HP proliant server I've got hosted at home.


Most interesting. Did you feel confident you wouldn't mess up your work laptop too catastrophically?


100%. I did already have another laptop that I used until this one became stable. Now I feel it's more stable and useful than my previous one though. It actually helps rather than hinders when it comes to avoiding messups and catastrophic mistakes. Each time you deploy, it creates a snapshot, so you can always roll back if you mess something up. And as you update your config, your system gets progressively more stable and to your liking. And it's forever, since it's just text files stored in a repo. I feel like it achieves the same thing as Chromebooks do, except without the involvement of a centralized corp. My laptop is my data rather than the hardware itself. You do need to backup anything stateful though, but I don't have much stateful data on my machine other than some code in my home folder which is already backed up in git.


You can run this stuff using docker & then just have a cron script to `docker-compose pull && docker-compose up -d`. I run this once a week and it keeps all my software up-to-date.


Not OP but I was running a number of services with docker.

This was a major pain. Docker is fine for local development, but unless you have a full time department dedicated to babysit it, it’s not scalable for self hosting. Observing services becomes complicated and requires a whole tool chain, ditto keeping on top of new versions, etc.

What I did instead is install proxmox on my server, and run the former server (that was running all the docker stuff) as a virtual machine within proxmox.

I was then able to gradually move everything away from docker and into VMs or LXC containers (which are basically lightweight VMs, but you can use all existing tooling and treat it like a VM). I’m using ansible roles and playbooks, I can ssh into the containers, and unattended upgrades for updating, and tarsnap or borg for backups.

It’s much saner this way ad I don’t end up running versions that are several years old because of the complexity/inertia of docker.


Not OP, but I'm self-hosting for similar reasons. I don't spend very much time on maintenance - if a service is troublesome, it's not worth my time and gets the cut. I don't subscribe to any security newsletters or have any automated new version monitoring in place (yet), but I'm planning to do that at some point so that the home lab can run itself with minimal intervention beyond changing a few version numbers in docker-compose files and rerunning my "redeploy everything" script.

As for languages, it's a very marginal factor. If I have a large number of possible services in a given space, I usually gravitate towards Go, because most Go applications are closer to 12-Factor compliance and generally stability than, say, most Python applications. If I have no options or the best service in a given space is written in COBOL or something equally bad, I'll still take that. I'm quite pragmatic.

IMO, if you want to get into this, keep a few things in mind:

- Docker (Compose) will save you a lot of work

- if you want to expose stuff to the internet, you'll need to stay reasonably current with updates

- have a good system for backing up your data. Experimenting is far easier if you can back up what you've got, and start over from scratch to try a different approach. Doing this "live" is riskier.


Funny, I used smokeping to run regular speedtests on top of pings to establish the cable connection in my neighbourhood was oversubscribed (daily slowdown to a crawl during work hours in WFH mandate, order of magnitude increased ping during the day time vs e.g 3 a.m.). Changed connection/provider and would consistently get max speeds and more consistent ping.


Who was your provider, and who is your new provider?

I was having both bad connectivity to Spectrum as well as buffer bloat, which I think was upstream. Had to get Spectrum in three times, after which the spent several days up on the pole and in the field doing major work, and the problem resolved.


This was in Germany, using Vodafone (Kabel Deutschland), moved to "supervectoring" DSL and life was better (it's not fiber, but it's second best) - wrote it up at the time here: https://arahayrabedian.github.io/cable-to-dsl/

My neighbors still have problems with the cable connection.


> Xbrowsersync - sync bookmarks across device

Thank you, this is exactly something I was looking for!


Hi! I have been wondering about whether investing into home assistant would be worth it to control my media center as well. Do you happen to have handy links to any resources you found helpful?


I just used the standard integration documentation on HA's website.


What functionality do you get out of the media center? Is it just for local media, or do you use integrations for other services?


Not OP but it makes the whole setup easier to use.

For instance, when I turn on the PS4, HA turns on the receiver and the TV, switches to the correct inout, adjusts the lights in the room.

When I turn off the ps4, it switches off the tv and the avr, unless I switched the receiver to the music or media player input (in which case it turns the tv off or not)

It also lets me use these cheapo ikea zigbee volume buttons to adjust the sound on the receiver, pause and skip songs or video (via libreelec). And the “light switch” aqara button to turn off all lights at bedtime from my bed and keep the music running (if I double tap) or switch it off otherwise.

The above wouldn’t be possible otherwise: ikea’s volume switch only works with these ikea/Sonos lamp things otherwise.


Not OP, but various automations that fire off commands based on whatever your TV, receiver, Apple TV box, etc are doing are how I find it most useful.

Example: I have some cheap Govee LED strip lights behind my TV for ambient lighting. HomeAssistant can detect when my Apple TV (or Samsung smart TV) is on and automatically turn on the lights for me. I don't have to reach around the back of the TV to try and find the little button to turn the lights on (or remember to turn them off).

I can also control both my TV and Apple TV through HomeAssistant. It's not exactly the most polished/straightforward, but you could definitely string together some automations - something like a "movie night" button that dims the lights, turns on the TV, switches to the appropriate input, and cues up a file. For me that's more hassle than it's worth.


I described it in another comment:

> I've got an msi desktop gaming PC, an LG CX OLED TV, and a Yamaha RX-A2A receiver and they never played well together. The kids always had a hard time getting them all on at once and set to the right inputs and launching steam.

> So I created a Home Assistant automation that does all that, bought a Zwave button that sits on the coffee table, and now they just turn it all on with one button like it's a video game console.

I also plan to add "scenes" where I can just tap the button and the lights dim, and the media center gets put into movie mode, as well as a "music" scene for when I have parties, which would join the two zones my receiver supports an then start playing a playlist from spotify.


Love this. My TV setup is super straightforward these days, but I had a nice home theater setup in my previous house and used a rather disappointing Logitech Harmony remote.

If you want to get creative, you could create a custom dashboard and put an old iPod touch/Android device in kiosk mode and use it as a remote touch panel control for your home theater (or anything else in HomeAssistant).

I have two Lenovo M8 tablets ($100/each) that I'm using as home control panels - super convenient and rock solid. https://imgur.com/a/f0aNTRq


Nice tip on the tablets


Yeah they're solid - come with a little dock so it looks like a high-end automation system panel. You can configure the power settings to hold the battery charge around 50% to prevent any issues with the battery swelling.

If you go this route, definitely buy the Android app FullyKiosk. It will let you lock the tablet to the HomeAssistant dashboard, automatically recover if something crashes, etc. I have it set up to use the built-in camera & motion sensor to automatically turn on the display if someone walks up to it or touches the tablet, and automatically turns the screen off after a few minutes of no motion.


Just bought a tablet, will try out FullyKiosk when it arrives. Thanks!


Would defianately test it, i tried my backupstack and there was an issue i couldnt have reverted, so it might look fine on the surface but actually doing it is the only way to make sure!


Good advice!


As a happy Jellyfin user, thanks for putting me on to Finamp.


Hey, super interested in your OPNSense install. I also have a ProtectCLI box. However it currently runs PFSense.

Whenever I try to install OPNSense it fails to load once installed. Maybe there are some initial configuration steps that I am missing? Last time I tried this, about a month ago, internal DHCP addresses were not getting assigned to clients. Troubleshooted for an hour, no results. So back to PFSense I went.

Do you have a guide for installing and configuring the basics? Or something you would recommend?


Hmm, I installed it a long while ago, and don't recall what guide I used. One of the benefits though of buying a Protectli box rather than the original Qotom version is the is support. Protectli should be able to get you up and running - check their website and get in touch with them.


Could you link to Pintry? I couldn't find it from a quick Google search.

I finally found a use case for Pinterest after creating an account years ago and their landing page refreshed and acted weird so much in Firefox that they decided it was a phishing attempt and locked my account for some arbitrary amount of time. I'd rather not even start using it if there's a viable alternative



Looks sweet. Is your nixos configuration public? I've been looking for a good example setup for running a bunch of containers like this.



Sweet, thanks much


Where can I find pintry the pinterest clone?

I've searched for 5 minutes now.


Sorry, it's a typo, it's Pinry.


I'm late to the party but here's my list

- cadvisor - simple graphs of resource consumption, insights per docker stack

- cyberchef - a LOT of handy operations packed into one small app. Encode/decode any secrets you need and don't bother about privacy

- dozzle - logs browser from all docker stacks

- gogs - git mirror

- heimdall - all apps main panel

- minio - private S3 for my side projects

- nextcloud - private google drive / dropbox

- photoprism - photo management

- pypiserver - private pypi

- registry - docker registry (with UI)

- traefik - reverse proxy of all these services

- portainer - easily manage all of the above.

The coolest thing is that I don't even need to ssh into the instance (Synology NAS) to update / add / remove something. Literally everything can be achieved via portainer.example.com in this setup.

I just recently made my setup public so here's the repo if you're interested. https://github.com/tomwojcik/homeserver-traefik-portainer


How is your minio setup working for you? I'd heard some bad reviews early on and stayed away from it. Do you run it in any high-availability mode? Have you tested backups/restores? Would like to hear anything you'd like to share about it.


Not the OP but I run a Minio instance in my homelab. It's not in HA-mode but is on a VM that is replicated across my 3 proxmox nodes. I just use a simple docker-compose file (17 lines) and haven't run into any issues yet.


Very neat! If you lose a node, are you guaranteed to be able to recover from the other two? Are those VMs running on the same host?


I have three physical nodes (Dell micro-PCs) and the VM will automatically failover if one node is lost. It's not quite instant but meets my requirements fine.


It's not HA. It's part of my pre-production env where my app works normally without inflicting any additional costs. I never heard of any MinIO production stories. I don't use backups/restores.


Thanks for the info about photoprism. How does it handle videos, I have tonnes of home videos that I have no idea how to organise or manage.


PhotoPrism is something everyone recommends. TBH I haven't had a chance to try it with my entire library yet (I'm moving from Moments to NextCloud with PhotoPrism). I probably won't be using it with videos either, so sadly I can't answer your question.


It doesn't do well with them, basically it'll transcode everything so it's quicker to serve up, that's about it. Anybody use anything good to organize home videos?


It depends on what you mean by "organize home videos."

I'm building PhotoStructure, which is (yet another) photo and video organizing app. It only transcodes videos that won't render properly on popular desktop and mobile browsers (what it does and doesn't transcode is configurable, and _how_ it transcodes is also configurable--I use ffmpeg or vlc under the hood).

The biggest issue with videos is probably their common lack of metadata: they never include timezones (but sometimes include GPS, so PhotoStructure uses that to infer TZ), so I had to build a "metadata inference" engine to glean metadata from relevant "sibling" files.

I also pull in any metadata from sidecars (XMP, MIE, EXIV2, and Google Takeout JSON), so that can help flesh out more browsable aspects: PhotoStructure browsing is all hierarchical tag based, including date hierarchies, keyword hierarchies, filesystem hierarchies, and file type hierarchies.

Note that PhotoStructure is freemium commercial software: if you want to give it a spin, here's a 15% off coupon: "HN15". Details about pricing are on https://photostructure.com/about/pricing/


PhotoPrism only transcodes videos that are not natively supported by most modern browsers, see

https://docs.photoprism.app/user-guide/organize/video/

Metadata is extracted from videos and potential sidecar files.

Transcoding can be turned off in settings:

https://docs.photoprism.app/user-guide/settings/advanced/#di...

More finetuning of ffmpeg parameters can be done using config options:

https://docs.photoprism.app/getting-started/config-options/#...


Why self host cyberchef? It runs completely in the browser, and you can load it from github pages.


Not OP and I've never seen CyberChef before, but personally I'm very uncomfortable pasting secrets into any web application, even an open-source one.

Self-hosting would at least give me the guarantee that the code I'm running is the same code I ran last week: If nothing left my browser then, it probably isn't leaving my browser today.

I don't get that guarantee with someone else's hosted version.


Exactly what @lolinder says. If I pin the version of cyberchef, I don't need to worry about leaking secrets _ever_. And I'm very anxious about pasting something to the first "decode base64" search engine result.


Any reason why you chose photoprism instead of Synology offers (Synology Photo)?


what docker registry UI do you use? (afaik the official registry image doesn't have a web ui?)


That's correct, the registry is just a registry and you can make it work with any frontend. I use konradkleine/docker-registry-frontend:v2. See here https://github.com/tomwojcik/homeserver-traefik-portainer/bl...


Listing the docker images. All this is hosted on a 45 Drives unraid server.

adguard/adguardhome - Blocks ads on devices that don't support ad block extensions

charlocharlie/epicgames-freegames - Bot that will automatically "purchase" free games from the epic game store. I have it setup to telegram me a link to enter the captcha.

chuckmacdev/adrfinder - Checks for Disney dining reservations and emails a link to reserve

fusengine/apaxy - Decent web file browser

linuxserver/*arr - ya'll know why :)

linuxserver/smokeping - Really useful to troubleshoot network issues

plexinc/pms-docker - I want to switch to jellyfin but I have so much data in Plex now it'll probably be a huge pain

jlesage/nginx-proxy-manager - I'm lazy and hate setting up reverse proxies

jlesage/qdirstat - Pretty useful when dealing with a server that has as much data as mine does

adolfintel/speedtest - Good for troubleshooting networks that might preferentially give speedtest.net better speeds, also good for internal network testing

linuxserver/sabnzbd - Obvious

haugene/transmission-openvpn - I don't feel comfortable downloading any torrent unless it goes through a vpn


> a 45 Drives unraid server

You run this at home? How’s your power bill? And why so many drives?


45 Drives is a brand ;). Modern servers are reasonably power efficient, and solar helps a lot.

I've got a high density 42RU rack at home, it's a fun hobby.


Could you share some details on your solar setup?


It's not set up yet, but I've been planning it with a sparkie mate.

My rack - despite being high density - is relatively low draw. I'm currently pulling around 500w/h and expect to only burst to about 800w/h.

As such, I'm looking at a 25-30kwh system, depending on what I can efficiantly squeeze in. I'd also like to chain together 2-3 Powerwalls or similar battery systems for a storage capacity of 2 days or so of total draw. I also have an electric car and a family, so 2 days is probably about 40kwh.

The expectation is it'll save around $300-350 a month, so it'll take a few years for ROI, but that's ok - as long as it allows me to feed my hobby!


Ha, that makes more sense!


Actually not bad. I’m Not sure of the actual power draw but it can’t be too bad. Has just a single Corsair 650 watt psu. But the server also has two xeons so I’m probably at least 400 watts.


Oowhee that’s a lot of power. My “server” idles at 50W and it’s already costing me about 10$/month in electricity.


What's your 'server' setup? I like hacky solutions


Nothing fancy, just an i5 4790k


I am out of the loop.

What is “*arr”?


I was curious about this too, and looked into it. It's referring to a suite of piracy apps, for automatically building libraries from trackers.

Wiki (linked from one of the githubs, has links to all apps and more info than the githubs): https://wiki.servarr.com/

Lidarr (Music): https://github.com/Lidarr/Lidarr

Radarr (Movies): https://github.com/radarr/radarr

Readarr (Books): https://github.com/readarr/readarr

Sonarr (TV): https://github.com/sonarr/sonarr


Need to note that you don’t have to use them for piracy. They also work great if you rip your own media and throw it into an import directory. As long as it’s named close enough the apps will pick it up, organize and apply and meta it needs. I use a dedicated instance just for hand ripped UHD.


A collection of tools to help you get the media you probably paid too much for anyway but didn't get since Netflix and the rest never got the message that the reason why Spotify works even if it costs more than a CD a month is because everything is there.

Netflix today is just mockery, at least in Europe.

That said, I don't pirate, mostly because I believe in law and order.

But I certainly won't report anyone else for doing it. And if I have a chance I will vote for the guys who will crush copyright in its current form.


I do use these apps and we basically download Netflix and (especially) Prime series that we already have subscriptions for because their apps are horrendous.


> mostly because I believe in law and order.

Everyone believes in law and order. There are pirates who believe in law and order more than you, inevitably. It's not a justification to not pirate.


> I believe in law and order.

Where do you live? Seriously, I'd love to emigrate somewhere that gives me this comfort.


They’re media download managers where you can subscribe to your preferred media, often combined with plex or jellyfin (media servers). There’s Radarr (movies), Sonarr (tv shows), and Prowlarr (torrent/nzb search indexers). There’s also a ‘music’-arr but it’s name is lost on me.


Lidarr


Most likely Sonarr, Radarr they are library management and fetch apps.


Sonarr+Radarr most likely


And bazarr and jackett to rule them all.


And Prowlarr, and Overseerr


oh, thanks for mentioning prowlarr! I did not know it and it seems to be the expected replacement for jackett.


radarr/sonarr


A few of these look pretty good, thanks.


Why Disney dinner reservations specifically?


Over time I've tried to whittle down my homelab and move more of it to Microsoft 365/Google Suite/iTunes Store with mixed results.

Currently my must haves are:

* Router - pfSense - https://www.pfsense.org/

* Movies/TV/Home Videos - Plex

* Minecraft Server - AMP - https://cubecoders.com/AMPInstall

* Music - Roon - https://roonlabs.com/

* Automation - HomeAssistant - https://www.home-assistant.io/

* Unifi Controller

* Email - Zimbra - https://www.zimbra.com/downloads/

* Files - Synology

My experience:

* I can't recommend AMP enough for gamers

* Roon is £££ but if you like music it's such a unique piece of software

* Zimbra isn't what it used to be alas and I've been moving this to Microsoft 365

* HomeAssistant is fantastic and allows me to use pretty much any IoT device whether it has HomeBridge capability or not

* Synology - again expensive but after years of using Debian with my own custom setup, then OMV, then Unraid (briefly) then FreeNAS - Synology's DSM offers a level of capability and zero touch that none of the home rolled solutions match

* Plex - I really hope they never mess with this product, I find it super good although I need to check out Jellyfin

* pfSense - again, a top quality product - I'd love to use Unifi's offering but nothing I've seen (apart from OPNSense) competes feature wise


Something to be aware of w/r/t pfSense: https://opnsense.org/opnsense-com/


I only just migrated to OPNSense from pfSense. I feel cleaner. It was a relatively smooth and painless migration.


I used Plex a number of years ago. In comparison with (whenever it was) they messed it up trying to monetize it.

Unfortunately it's the better option in that space.

Jellyfin is ok. Plex several years ago was much better.


I'm also on self-hosted Zimbra and looking to move away from it, but I just can't bring myself to go to google or microsoft for something like that.

I'll probably end up with Roundcube or something similar.


Have a look at mailcow (https://github.com/mailcow/mailcow-dockerized). Basically Docker images for Sogo and everything else (postfix, dspam, dovecot, etc).

I'm also stuck on Zimbra, but planning a move for me and my dozen users. I really like Zimbra's calendar sharing features, but Sogo seems to have a good implementation too.


I really really loved Plex, then suddenly my networks internet connection went down, no biggie I thought, I have my collection on Plex. Plex no longer worked offline at all. Not sure if that’s fixed, but I always saw it as a file server with a UI and webplayer.

Plex also doesn’t let me pay for one premium subscription for the server so my family can watch old family guy episodes longer than 30 seconds on a phone. They each have to buy a subscription.

I still use Plex because so much infrastructure investment to get my parents to use it but honesty I’m not sure I’d recommend it anymore.

It seems someone at Plex decided they wanted the project to finally make some serious cash and started removing functions and moved them behind a paywall (like basic analytics of if someone is currently using it or what they have watched) while shoehorning in bizarre not even B-Movies.


For offline access, you just need to configure that once with the CIDR of your local network(s), and then the next time you're offline the server will allow auth-less use: you'll still be you, but the server itself won't attempt to authenticate you through the internet.

Settings -> <server name> -> Network -> Show Advanced -> List of IP addresses and networks that are allowed without auth

You can also toggle off some of the extra crap they are pushing:

Settings -> <your username> -> Online Media Sources


> Plex no longer worked offline at all.

In Plex settings you need to the IP addresses of devices you will allow to connect to your server without authentication. The setting is listed as "List of IP addresses and networks that are allowed without auth". That way, if Plex or your internet is down, those devices will bypass a check for credentials and have access.

>Plex also doesn’t let me pay for one premium subscription for the server so my family can watch old family guy episodes

Set them up as managed accounts. You can have 15 users on one Plex pass subscription.


You can share the Plex Pass benefit of the mobile apps by adding those users to your Plex Home. The apps also have a one-time purchase option that's like $5, they don't need the full Plex Pass subscription.

https://support.plex.tv/articles/203815766-what-is-plex-home...


I had a somewhat similar experience.

I moved to a new server, installed plex, tried to set everything up under my existing account. It was impossible to move my account to a new server, it seemed to just expect my old one to still be there.

After creating new accounts, removing the old server, etcetc. I just gave up and moved to Jellyfin. It’s been mostly equally good. Better in the sense that it stutters less on my TV (Could be TV app too). Worse in the sense that my parent cannot figure it out.


I hit that the first time I moved servers. Turns out you need to backup and restore the configs on disk for there to be continuation. Doesn't make much sense honestly but whatever.


Well nevermind! The HN community just literally solved my complaints!

I’ll set up my users as managed and pay for them, that’s really perfect. Since all users are accessing via a vps I control I can just whitelist that and my home networks CIDR and might be back in business!

Thanks for the help folks!


I have a plex server with plexpass and not a single person user my server has ever seen ads streaming my content.


I’ve never seen ads thank god, I sincerely hope they never take that step.


Plex free + Tailscale is a surprisingly good solid solution.


I have tails ale with jellyfin only problem I have is I can't cast to Chromecast caus of no https (no domain other then name resolving by tailscale) tailscale recently came out with auto https on reverse proxy with caddy but haven't been able to get it running


I second the recommendation for Synology DSM. The setup process is remarkably painless.


It's the only proprietary equipment I've got in my homelab, and I concur, it's great.


Is Amp closed source and/or require a license or payment?


AFAIK it's closed source, it's a perpetual license for $10. You can run it on 5 servers and it offers unlimited updates. I was wary initially but it's a solid, very well made and reliable product.

Surprising how much functionality and configurability it offers via a Web UI and it's all written by one person. They did a Q&A last year to discuss the product:

https://www.youtube.com/watch?v=ThigYganx1Y


They also used to be called McMyAdmin for anyone who remembers them from the older days. Was a pretty popular admin panel for Minecraft servers and is where they started. Then they eventually expanded into other server types as well and basically put McMyAdmin under the AMP umbrella. AMP is definitely a good option for a Minecraft server, but is also a good option for many types of servers out there. It's still actively developed and they add support for new types of servers all the time!

Personally I've always been happy with the McMyAdmin license I had, and ended up also getting an AMP license later.


Wow, the headline makes me feel kind of stupid and out of touch. When I think of the applications I run regularly, they're not "hosted" anywhere. They are native desktop applications that I run on my home computer. I do have a single server running 24/7 on my network, but I don't consider a home media NAS to be an "application" that is "self-hosted". It's just a linux box with a bunch of disks running NFS. Is NFS an "application"?

I guess I technically self-host things like E-mail, web, dnsmasq-based spam blocking, and so on, but I don't consider them applications either, so much as they're basic out-of-the-box Linux services.

Clicking through to the article, I have never heard of any of those applications, so I guess I don't self-host anything. Such an odd question, really.


A student asked Master Foo: "What applications do you self-host"?

Master Foo said: "All of them and none"

Upon hearing this, the student was enlightened.


I didn't get the joke exactly or dunno if it is a reference.

But it seems like the right response to this thread lol


It's an old programming "meme", going back to 80s if not further.

see: https://jcarpizo.github.io/tao-of-programming.html


Well this is more master foo's unix koans than the tao of programming, but they're for sure cut from the same cloth.

http://catb.org/~esr/writings/unix-koans/



What they're referring to is something like an Unraid NAS where you can host pretty much any docker image you'd like. You can see examples of the "apps" here - https://unraid.net/community/apps


A native application is just a web application without the extra steps.

If I had fewer devices, I'd definitely just run everything locally and forget about a lot of this cloud stuff. But I need access to certain things from 3 different devices with different OSes, so a hard drive full of data and Portable apps won't be enough.


The thing is desktop apps are Dead, for multiple reasons:

- People don't trust anymore to install softwares on their computer, using them in the browser is safer

- There is no good cross-platform UI, so nearly everything is now a web app

- There is tons of good open-source softwares that you can self-host and use from anywhere instead of just one computer, also there is more expectations around sharing access to friends, coworkers, ...

Most of the softwares described in the article are for personal usage, I'm pretty sure you know a lot of the "self-hosted" apps from this list: https://elest.io/fully-managed-services


> People don't trust anymore to install softwares on their computer, using them in the browser is safer

I doubt users know the difference. We got here because OS vendors don't trust users to install software on their computer. What we really need are simple, solid sandboxing APIs to empower developers to ship secure software.

> There is no good cross-platform UI, so nearly everything is now a web app

Yep. I spent the last few days surveying the cross-platform GUI landscape. It really is pretty sad. Qt and wxWidgets seem super bloated, and the Qt company appears to be actively attempting to escape from their open source obligations[0].

I think there's hope on the horizon though. Flutter is pretty dang good, and the licensing story is much better than Qt. Also, there are several toolkits for Rust and Golang that are shaping up to be awesome. I think we might have a native GUI renaissance in 5 years or so.

[0]: https://mail.kde.org/pipermail/kde-community/2020q2/006098.h...


> Yep. I spent the last few days surveying the cross-platform GUI landscape. It really is pretty sad. Qt and wxWidgets seem super bloated, and the Qt company appears to be actively attempting to escape from their open source obligations

If you're looking for a C++ solution -- judging from the mention of Qt and WxWidgets -- have you tried Ultimate++ (https://www.ultimatepp.org)? To me it seems much more compact than either of the two.


I doubt there will be a native GUI renaissance, look at the mac app store, it's not making a dent in the global direction and it's available since years. Ok it's only for a single platform, it's even worse on the windows app store! I think there is no way back for desktop apps. Browser is the best sandbox available.


VM hypervisors are even better sandboxes. I don't imagine any browser will be more secure than for example a VirtualBox or VMWare VM, unless the browser itself literally is a VM hypervisor.


Oh yeah everyone have an hypervisor including your grandma right?

Browser is maybe not so common compared to hypervisors on end users computers?


Obviously it would need to be made much more transparent to the end user, and integrated as a background technology. I am not suggesting that non-technical people should be trained to operate VMs, that's ridiculous.


Those 2 places aren't not the only places one gets software for either of those platforms, and are not really solid indicators of the popularity of desktop apps.

The Windows store especially isn't, because (as far as I understand) until somewhat recently, you were locked to only publishing UWP apps to it.


I completely disagree with the first two points. As to the last point, why do you need to follow anyone's expectations? Your data and personal servers are there to serve you first and foremost. If you want give people access, that's fine. I just don't see why you would feel obliged to do so.


Since you asked; My most used is ntfy [1] - It provides push notifications for pretty much anything and everything and can be easily integrated. It's used by a ton of selfhosters already, and I'm trying to make it better every day.

(Disclaimer: I wrote it.)

[1] https://github.com/binwiederhier/ntfy


Also posted yesterday: https://news.ycombinator.com/item?id=31252441

No discussion as of yet, but I favorited it because I plan to try it out in the near future.

Thank you binwiderhier for doing all this hard work, your drive is impressive!


This looks awesome.


  Plex
  Audiobookshelf  - Kind of like plex, but for audiobooks
  n8n  -  automation tool
  Heimdall -  browser start page with shortcuts to all of these apps
  Nginx Proxy Manager - Reverse proxy and wildcard cert hosting.
  Bookstack - note taking app.
  Pihole - ad blocker and local DNS.
  YoutubeDL-material - archiving youtube videos.
  FileRun - gdrive replacement.
  iCloudPd - sync's pics and videos from iphone to local server
  Gitea  - git server
  Code-Server - webbased IDE/VS code in browser.
  Shiori - like pocket or wallaby or read-it-later bookmarking.


Unlike others here, my goal isn't to be "google free" or "apple free" but instead to have backups so that I'm not reliant on a cloud platform going away.

To that end, my main server (self built around an Asrock Rack mITX motherboard with a low power Core i3 9100T which supports ECC RAM and 6 4TB IronWolf NAS drives in ZRaid2) has:

- Urbackup - backup client and server for all desktops and laptops in the house

- Seafile - much more performant than NextCloud as it's just file sync for the mobile devices

- Portainer to manage Docker

- Plex

- Wireguard for tunneling into the network

- Minecraft server for the kids

- Homeassistant

- InfluxDB for recording a heap of metrics

All of this is then backed up with Restic to JottaCloud (Norwegian cloud hosting provider)


Urbackup looks interesting for backup of my kids Windows laptops. Does it take an "opportunistic" approach rather than a rigid schedule? I.e.: If the laptop and backup server notice they're on the same network, and there hasn't been a backup for a while, then initiate an incremental backup?


Not precisely. If you configure the Backup Window to always (1-7/0-24) then they'd get backed up whenever they're available and their backup interval has been exceeded. The backup window can be adjusted per client or group.


Pihole. DNS-level ad-blocking for my network.

Jellyfin. Movies/TV/Music server with a variety of clients, including a built-in web client, but also AndroidTV/Shield, Roku, Kodi, and more. It's like having a personal Netflix.

Minecraft. The old Java kind. May be leaving for something open-source soon because MS has fucked up the account transitions so badly, and also make buying new copies bizarrely painful, error-prone, and time-consuming—like, I don't know how someone who's not a computer nerd can actually manage to buy and use it, now. It's really bad.

All in Docker on a used workstation, running... IDK, Debian, I think? It hardly matters, because Docker. I don't even mess with Systemd or whatever, I just let Docker figure out what should be started when based on what I set each container to do (restart-unless-stopped, I think? It seems to start them at boot and if they crash, which is all I need).

I hosted PHPNuke and PHPBB on Apache2 out of my basement for years so they'd be contenders for some kind of lifetime total-hours-running-the-service, but that was a long time ago.


110% agree on microsoft's straight fucking of the minecraft experience. Being the designated household minecraft sysadmin is an intensely miserable experience. Just for example, we decided to pay for their bedrock edition realms hosting thing. Getting that account nonsense sorted was a saga on all its own, but at least they reliably ding our checking account. Oh but wait, every now and then it just loses license auth or something and throws prompts at my kids about "buy this now!" when we've already bought the fucking thing, leading to confused whining that I can do nothing about. Whoever wrote this fucking system should be slapped.


I'd just assumed they've decided to make the experience of using and/or buying the Java edition suck on purpose to drive people toward their subscription-based hosting solutions with the Bedrock version, but if that also sucks more than it should, maybe whoever's in charge of it just doesn't know WTF they're doing in general. Seems weird that they'd so badly screw up something that was a cash cow and practically on auto-pilot when they got it.


Chiming in here to concur with your points about MS screwing up how to buy Minecraft. It's an absolute mess.


Everything in Minecraft Java and Bedrock worked fine until we logged into Microsoft's account thing. Now everything is always screwed up. MS cloud stuff is just awful on every level.


Screwed up in what way? I haven't noticed any difference since the account migration.


Buying the game now requires navigating a couple sites, back and forth, in the correct order, and getting past MS attempts to block seemingly any new account for non-existent "suspicious activity". If you're buying for a kid and make the mistake of not lying about their age, you'll also experience the hell of MS' family account management interface, including having to track down an obscure and not-obviously-related setting to let the new copy connect to any multiplayer server, including local ones. There are, of course, multiple game-related settings screens, because why would it make sense? And only one of them has what you need. Plus you need to visit it in the correct fashion to have it apply to the child account, or else it won't work.

And you'll need to juggle logins to both accounts—the parent account, and the child account—and bounce between them a couple times to get it all working. There's no way normal users are managing to do it successfully.

As for the account transitions, it took me a couple tries to get mine working, and my wife's tried several times and they keep telling her on her MS account(s) that she doesn't own Minecraft and needs to buy it. I haven't looked into it, but I imagine she's missing some non-obvious step. Her experience is likely pretty common.

[EDIT] Oh, another thing I haven't looked into yet: as of a few days ago its started telling my kid they don't own it, and we need to buy it. They fucking definitely do own a copy. No idea what's up with that, and I'm dreading having to figure it out.


@MSFT employees: how do you feel about the rest of the company sabotaging every effort you do to try to get rid of your old reputation and build a new one as a reliable, sane alternative to Google?

Seriously! Between hamfistedly pushing Edge to us Firefox users, raising Office 365 cost a double digit percentage the other year (yes, we moved to GSuite a couple of months later) and all the other stuff, how do you find motivation?


I found it difficult to buy a license for my son and I, and yes the child account blocking multiplayer took me far too long to research and hunt down.

We haven't had any issues since then.


Jellyfin, I must try that for the family, great! We use Minetest instead of Minecraft here. It runs ok on Raspberry Pi 400 and Android as well.


I should probably just stand up a Minetest server alongside Minecraft and try it out. I've been on Minecraft since the really early days, so I hate to move away from it, but it's becoming such a damn chore, entirely due to how they've handled the account transition and how purchasing works.


AdGuard Home is great too.


Yup, I switched from PiHole to AdGuard Home because it can be installed directly on an OPNSense box.


Minetest might be that thing for you -- the whole game is a collection of mods, meaning that it's essentially designed to be as easily extensible as possible through its Lua interface.


Just make sure your host workstation has automatic security updates turned on, but otherwise yeah letting docker manage all the services is totally fine.


Yeah, I'd probably do something else "in production" but since it hasn't caused a problem in ~3 years of use, and the cost of it breaking is effectively zero because it's only for our own use, I'm just letting Docker figure it out. If it ever breaks I'll write some Systemd unit files or whatever they call them, but until then, one less thing to worry about, to back up and reconfigure on restoration, et c.

My main operation pain is ZFS. Every time I have to touch it, I'm terrified I'll destroy all my data. It's like Git. "I want to do [extremely common thing], how can I do that?" "Great, just do [list of arcane commands, zero of which obviously relate to the thing you want to do] but don't mess up the order or typo anything or your system is hosed". Yeah, super cool. Love the features, hate the UI (again, much like git)


docker is very bad for security due to its large attack surface.


Using container features to limit access of a program to the broader machine (disk, network, other processes) seems like it would tend to be more secure than... not doing that. Right? It's not as if I'm exposing any docker remote-control-related stuff to the network.


No. What you are thinking about is sandboxing, which is not docker's main objective and can be done with many better tools like firejail.

docker adds its own daemon that creates additional attack surface that you would not have otherwise.


I’ve been considering setting up plex so my mom and brother could access media. Would jellyfin be better for this?


I'd try jellyfin first to see if it fits your needs.

I went with plex years ago, because they had good app support on the various devices in my house. (Mostly roku now)

The problem with Plex is:

1. during a recent half day internet outage (during prime-time) I was unable to use plex because the app didn't have access to the internet. The network was all up and running, devices could see each other, but plex decided that even though the media was on the local network it wasn't good enough and refused to finish playing the video we were watching. (The internet went out 20 minutes in)

2. Plex the company has gone fully into adding all kinds of streaming services in order to make a buck. While you can remove these things from your menu, it is just annoying.

3. Plex doesn't always fix known issues. Over the years I've run across several issues in plex that after trying to troubleshoot find that it is a known issue Plex refuses to address. For example, I've recently had some issues with some videos dropping half or more of the frames while the audio is fine. Turns out, plex doesn't like something in the files metadata and this is the result. Plex is the only one that has the issue with the file. It plays fine locally with VLC and streams fine with other programs.


Plex is not open source, really tries to force you to login, some clients cost money, and the software spies on you.


I keep hearing Plex requires a plex.com account to log into your own personal self-hosted server. Jellyfin definitely does not.


I was reluctant to switch from Emby to Plex for this same reason but it turns out you can run plex self-hosted without any account. I have Plex running on a server and streaming from the Plex app on an LG TV without requiring an account.

https://support.plex.tv/articles/207538527-do-i-need-a-plex-... has more detail


I'll warn you that Plex will do everything possible to get you to add an account. One update (several years back) locked me out of making any changes to my server until I created an account.


I've not used Plex, so I'm not sure. You'd need to find a way to expose it to the Internet (mine's only on my local network) but that shouldn't be too hard. Just forward the correct ports on your router.

It does have an account system, including the ability to restrict which "libraries" an account can access, which is great if you have kids. For adults, it lets you track your viewing progress/status separately, just like having multiple Netflix profiles.

One thing to account for is that it has to transcode and/or remux videos for clients that can't handle a file's native codecs, audio or video, which can put a pretty heavy load on the server. A Raspberry Pi or weaker x86 machine won't be able to do this without frequent pauses and frame-dropping, for any but very low-resolution media. Solutions to this include: 1) ensuring that your clients can all handle a huge range of codecs, so it never has to transcode (IME audio is, these days, trickier than video, especially ensuring things like Dolby Atmos are supported), 2) getting a really powerful server, in particular with a video card that Jellyfin can use for transcoding, and 3) falling back on just downloading the file and throwing it in VLC (the web interface makes it really easy to download the raw video files in a pinch, though if you have big high-quality 4K rips they'll come down at full size, which can be inconvenient on devices with limited storage, like, say, iPads).

However, I think Plex or anything else will have similar limitations, since they all have to do something like that to accommodate players & devices with limited codec support.

Jellyfin's been very stable for me, which is part of why I'm still on it. I also find the UI in most of their clients much, much more to my liking than something like Kodi. But IDK about Plex.

[EDIT] Oh, I guess you could also batch-job transcode all the files to something very widely-supported, outside of JellyFin, though likely at some cost in quality and maybe also file size. Plus it'd probably take at least an hour or two to hack together a script to do it, for a wide range of input codecs.


I have primarily used Plex and pretty much everything you said is accurate for Plex as well. Limited transcoding based on the machine it is running on. As disc has become cheaper, I have pretty much stopped doing batch transcodes, which is great for the most part. But there are definitely negatives when you want to watch something offline, or remotely. Biggest pain point is subtitles though. Since they aren't ripped as text and then sent to a client, they have to be burned in to the video itself and transcoded on the fly. Which means losing out on 'forced' ones if it can't transcode fast enough.

Plex has definitely started to try and commercialize itself more and offer other stuff, when all I want is access to my own media. So I may look into Jellyfin more soon.

As for batch transcode jobs, I had a system that I was able to set up as essentially a black box. Drop a rip into a folder and out the other side comes a smaller one at a reasonable quality. With forced subs burned right into the actual video. Mostly based on https://github.com/donmelton/video_transcoding


> You'd need to find a way to expose it to the Internet

This can be tricky if you're stuck behind a CGNAT, which is becoming more common. I maintain a list of solutions to this problem here:

https://github.com/anderspitman/awesome-tunneling


I currently use and host both, plex while non free is more friendly to less advanced users and has native iOS and apple tv apps (which jellyfin does not (the jellyfin ios app is a webview and dosen't always behave well for me))

There are 3rd party apps for jellyfin on apple tv, but it's just not as smooth of an experience as plex.

I'm hoping that jellyfin will push plex to get better, as some of the most requested features for plex have gone unanswered for years, which is quite frustrating for software that is paid.


Have a look at Infuse, it works with Plex, Emby/Jellyfin, and possibly SMB. It’s one of the best and high quality apps I’ve encountered on the Apple TV, and one of the best video players period. For me it completely eliminates the need for transcoding, it plays everything.

There’s also a bare bones native Jellyfin app for tv/iOS called SwiftFin, but it’s currently only (publicly) available in TestFlight.


Plex is garbage and has been circling the drain for years now.


The lack of a WebOS app for Jellyfin is sad, until we get one I have to stick to plex.


I had the same issue. Just bought a HDMI thumb drive Roku (powered by USB port) and install the Jellyfin app. Another benefit is Roku supports more apps like the NBA app.

Previously tried rooting my LG TV which worked but too many random issues like full restart of your TV puts the root in a bad state.


We're dong lists? Okay then, here's mine, in order of guesstimated value/effort: PiHole, Jellyfin, Matrix Synapse, Vaultwarden, several Matrix bridges (Telegram and WhatsApp mostly), Mailcow (postfix+dovecot+sogo+rspamd+…), Home Assistant, Gitlab, Keycloak, Selfoss (RSS), Sonarr+Radarr+Jackett, Nitter, Nextcloud, Seafile.

I've also got a bunch of smaller services that I don't really use as often. I used to run Grocy and Firefly III quite intensively for a while, but Grocy's UI started annoying me too much and tracking finances became too annoying to do every day. I should look into updates on those or alternatives, because they served quite a useful purpose.


What do you use Keycloak for in this setup?


I'm using a very lazy hack for authenticating web services by letting Apache check the OpenID auth state in the browser and redirecting to Keycloak's login page if the session expired.

It's like HTTP Basic Auth but with extra steps. It's basically these rules:

    OIDCCryptoPassphrase secretsecretsecret
    OIDCProviderMetadataURL https://keycloak.example.com/auth/realms/realmnamehere/.well-known/openid-configuration
    OIDCClientID my-web-server
    OIDCClientSecret secretsecretsecret
    OIDCRedirectURI https://example.com/authenticated/
    OIDCRemoteUserClaim preferred_username

    <Location /authenticated/>
        AuthType openid-connect
        Require valid-user
    </Location>
    
    <Location /sonarr/>
        AuthType openid-connect
        Require valid-user
    </Location>
    
    # Sonarr
    ProxyPass /sonarr http://localhost:8989/sonarr
    ProxyPassReverse /sonarr http://localhost:8989/sonarr
This basically ensures that if you try to visit https://example.com/sonarr you'll get redirected to Keycloak and asked to log in. It's the main reason I'm still running Apache instead of nginx because I haven't figured out an easy way to do this with nginx. I think you can do it with some custom LUA and an extension?


Looks like a Plus Feature, or in deed much config: https://developers.redhat.com/blog/2018/10/08/configuring-ng...


Yes, I believe the way to do it with the free version is to use this: https://github.com/zmartzone/lua-resty-openidc

You'd have to be careful with custom code like this, though, because it's very easy to try to get the server to send a redirect but end up sending actual content that just has its HTTP status code changed to 301. The example seems to fail with 500 instead of redirecting, that's one way to do it.


Top two are definitely Syncthing and Navidrome. I really couldn't live without either of these.

Organizing music is always a pain. But I use MusicBrainz picard on a desktop or laptop over an sshfs mount to my server. It works quite nicely.

I use Calibre-Web, but the whole Calibre system is just plain awful. It's straight out of the 1990s in terms of UI and work flow. I'd like to replace it one day, but I haven't found anything better.

I also self-host an instance of Cyberchef[1] which is an incredibly cool web app that does a variety of data conversions and other things. No real point to hosting it I guess, but nice if you're working with private data.

[1] https://gchq.github.io/CyberChef/


Calibre is pretty good imho. Nothing compares to organize ebooks, remove drm so that I can read kindle ebooks on kobo, and convert files to kepub so I still get the kobo specific enhancements on non-native kobo epubs.


I setup https://paperless-ngx.readthedocs.io/en/latest/ with a Brother ads2800w scanner and I no longer have a pile of paper mail sitting by my desk. I just scan it, tag it in Paperless-ngx, and then shred it. I just pushed up my script here if anyone wants to give this a try:

https://github.com/jdoss/ppngx

I will most likely move this to a Hashicorp Nomad job on my home server once I find the time.


I use mayanedms with a 2008 HP business scanner (with double sided ADF) I bought used for very cheap.

Can concur, it’s very convenient and satisfying to have hundreds of documents over the years archived, OCRed, and fully searchable. Reduced clutter drastically and I’ve never lost a paper again.


That’s really neat setup. Thank you for posting.


People really should give Caddy a try. It's a nice breath of fresh air and make you figure nginx config is such a bloat.

  my.domain {
    reverse_proxy 10.0.0.2
  }
is all you need to get https://my.domain running with automatic Let's Encrypt.


Caddy is great but there sadly isn't anything like nginx-proxy-manager for it. The proxy manager is actually a full little identity provider and authenticating proxy--it's very slick and perfect for simple home self-hosting scenarios with a handful of users.


If you need auth, we (Caddy maintainers) are working on making it easier to integrate with external auth gateways, like Authelia. Today, we got it all working, so it's coming in the next release.


Could you please go into more detail regarding "a full little identity provider and authenticating proxy"? Does nginx-proxy-manager do something like SSO?


It does, there's a whole user management and permission model. Check the screenshots, there isn't much written in the docs: https://nginxproxymanager.com/screenshots/

It doesn't do SSO with SAML, OIDC, etc. like more heavyweight solutions. It's basically just a database of users (not even LDAP, it's all internal) who you grant access to proxied apps. Internally it just uses nginx's forward auth proxy support to do all this, it's not using anything complex or fancy. You'll have to configure proxied apps to read the logged in user from a header that nginx sets on redirect (most apps can do this, but not all).

edit: Spin up a docker container of it to kick the tires, it's very easy to get going and see what it can do: https://nginxproxymanager.com/guide/#quick-setup


Thanks!

I already have it running, I just had no idea it could do that. Guess I know what I'll do on the weekend :)


Yeah I can't find anything on the site about that. Could be a killer app if it also had some Fail2Ban mechanism + auth gateway. Then I could host apps that may have questionably robust auth and feel a bit better about it exposed to the internet.


For auth and identity stuff, try this plugin: https://github.com/greenpau/caddy-security


I use caddy for the oidc/oauth letsencrypt combo. Does nginx-proxy-manager support oidc? Reading the docs, I see only http basic auth.


Nope it just has its own login system, user management, and authenticating forward proxy all wrapped up into a nice looking low resource nodejs server. If you want full OIDC, etc. you probably want keycloak or some similar heavyweight IDP.


The one thing keeping me from moving to Caddy, and maybe it's a user error, is that I can't figure out how to request a wildcard cert once and use it in multiple places. I have several subdomains that are not exposed to the internet and so without a wildcard I wouldn't be able to get an SSL certificate for them.


We have a section for exactly this in our docs: https://caddyserver.com/docs/caddyfile/patterns#wildcard-cer...

Hope that helps!


That sure does, I'll give it a try soon. Thank you!


Totally. Or here, without a config file:

    $ caddy reverse-proxy --from my.domain --to 10.0.0.2


Home assistant. Incredibly versatile and complete home automation software.


Home assistant is fantastic. The number of integrations available is unbelievable (and also somewhat scary, security wise):

What I have right now:

- integration with Tuya lights/electrical outlets

- integration with AirThings air quality sensor

- integration with EcoBee thermostat/presence sensors

- integration with an LG Oven (status only as far as I can tell)

- integration with Garmin ecosystem

- integration with presence detection via the iPhone app

- integration with the sound system/spotify

So far my favourite feature is the ability to tap an NFC tag by my bed and execute the "bed time" workflow:

- ensure the lights are off

- dim the lights in the hallway, for kids

- reduce the speed of the bathroom fans

- sunset the lights in the bedroom for 10 minutes, so that when they finally turn off it's bed time.


I've got an msi desktop gaming PC, an LG CX OLED TV, and a Yamaha RX-A2A receiver and they never played well together. The kids always had a hard time getting them all on at once and set to the right inputs and launching steam.

So I created a Home Assistant automation that does all that, bought a Zwave button that sits on the coffee table, and now they just turn it all on with one button like it's a video game console.


For my bedtime routine I have it fire when I start charging my phone. There’s an iOS shortcut that fires an HA event when I plug or unplug my phone, and if we’re all home and it’s after bedtime it turns everything off and sets the alarm


Huh, that's a pretty great idea/workflow! I'm still figuring out HA's scripting. I find the JSON based DSL to be pretty awkward so far, so I haven't experimented with it much.


I felt that way too and didn’t like the point and click interface of nodered. Instead, I’m using appdaemon which lets me write all automations using actual code (python) along with the VSCode plugin for HASSOS (not my editor of choice but it’s the only available one)


That's awesome thanks, I didn't know about this:

> Out of the box, AppDaemon has support for the following automation products:

> Home Assistant home automation software. > MQTT event broker.


Thank you for this wonderful idea


I wanted sleep tracking without a fitness band or watch, so I got a sleep mat from Withings. It works as intended and is also great for bedtime triggers.


What is the modern/idiomatic platform to do IoT? Specifically the rudimentary stuff like light bulbs, electrical outlets, etc. Is zigbee the way to go?


I’d say so. It’s interoperable so you’re not vendor locked and is very well supported by HA.


I think you may have changed my disposition on smart home automation. A lot of these integrations seem really useful. Thank you for this comment.


For the bedtime workflow, why NFC tapping and not a button? I use the latter and seems more practical, so wondering why you chose NFC.


Never got around to getting a physical button, but I got a few dozen NFC tags from amazon a while back. They are quite unobtrusive so it's no bother to just quickly tap the phone.


Nice. Though about adding blinds? I got some from IKEA about a year a go and have been super happy with them. Have them set to open 45min after sunrise, and close 30min before. Love em.


Do IKEA blinds come with motors built in? How did you hook 'em up?


With the Ikea blinds, the motor is built into the tube the shade rolls around (for roller shades) or in the top of the blind (for the cellular blinds). There is a rechargeable battery pack that slots in at the top and a remote to control the shades. Nothing to hard wire. Search "Ikea TREDANSEN motorized blind" and you'll find the product page.

The only issue with the Ikea shades is that they can't be cut - so they'll only work for you if your window is the size of shades they carry. None of the Ikea sizes worked for me, I ended up taking the measurements and just ordering custom cut shades from a company called Select Blinds. A little more expensive than Ikea, but the quality does seem a bit better.


Gotcha. I was asking because we just got a new set of blinds that are decidedly not motorized. I think I've seen some third party motors you can add though.


I'll second this one. It's also very good at self-updates for being a self-hosted application.


Can you flesh out the whole “share usb devices over the network”? What are you using to do that? Thanks!


Do you have a link ? There are many smart home software so I am wondering if it is a specific one.


- Emails (Postfix, Dovecot and their friends)

- Nextcloud (files, contacts, agendas, picture sharing),

- Invidious

- WordPress I guess for the few websites I maintain.

- PeerTube (to host videos for my choir)

- Trivabble [1], a network Scrabble game I started, which is used quite a bit, so I guess it counts, but not by me (because I don't enjoy playing Scrabble).

I probably forget something but those are the most used.

[1] https://trivabble.org/demo/ | https://gitlab.com/raphj/trivabble


There’s some cool applications here. I’ll have to give Linkding a try. My favorite that I use regularly is miniflux [0] rss reader.

[0]: https://miniflux.app/


use miniflux too and like it, am annoyed a bit by postgres cluster updates however every 2 years or so.


Linkding is awesome. What really makes it shine is the browser addon and bookmarklet.


Perhaps only barely fitting the definition, my most used application is ESXi on a intel Mac Mini which runs VMs for Ubuntu & Windows.

I lost the ability to use Windows software that interfaced with devices over USB when I got my M1 MBP - or so I thought - until I learned that you can share USB devices over the network to a VM running on ESXi.

So now I have my windows ham radio programming software (uses a USB-Serial interface), my Toyota diagnostic software (uses a specialized USB-OBD2 cable) running on a VM. I can VPN into my home network and attach the devices connected to my M1 Mac to the Windows VM from anywhere.


Can you flesh out the whole “share usb devices over the network”? What are you using to do that? Thanks!


It's been awhile since I used ESXi but for awhile I was running an ESXi6 server and I'd connect to a VM on the server from my linux desktop with VMware Player (I believe you officially needed workstation to do this but there was a command line backdoor). Then in the client there was a redirect USB device option.

I do the same thing now with qemu/kvm server. I just fire up virt-manager, open the VM I want to use and pick redirect USB device from the menu. Then I can select a local USB device and send it through. I haven't used it for much besides flash drives though. It requires a couple tweaks to the VM settings and I think it needs spice tools but that's expected, VMware needed VMware tools for this as well.


For what it's worth, you could also use USB over IP (http://usbip.sourceforge.net/) even if your virrualisation host doesn't support it. Watch out for authentication though, because the protocol doesn't care a whole lot about security. Might be worth the effort of setting up a wireguard/ipsec tunnel to secure the traffic.


Just running VMWare Fusion Pro on my M1 MBP. Choose connect to server -> enter IP address /login/password for your ESXi host. Launch virtual machine. Then you can simply tell Fusion to connect any USB devices to the remote VM, the same way you would if it were a local VM.


Not the OP, but it's a feature of the vSphere client ("Client Connected"). https://kb.vmware.com/s/article/1022290


Rather than exhaustively list mine, I'll just list the ones I don't see mentioned in other comments.

- Swag - Nginx reverse proxy for my other services. Similar to other reverse proxies people have mentioned, but it plays nice with other linuxserver containers I run so it's what I've stuck with. Has decent letsencrypt integration.

- Authelia - Integrated with Swag to handle single sign-on for most of my services

- Mylar3 - Helps keep track of comic series and, if you choose, can be used to search and download them as well

- Komga - For organizing/reading comics. I use Klutter as a companion app for reading comics from my Android devices

- readarr - Newer member of the *arr family. Still a bit clunky compared to its siblings, but it's a relatively useful way to organize ebooks and audiobooks. It doesn't do well with mixed book types, though, so I run one instance for ebooks and one for audiobooks.

- Ombi - For managing media requests


I'm a little biased because I made these but.....

1. HRConvert2 - File Conversion Server. https://github.com/zelon88/HRConvert2

2. HRCloud2 - Self hosted Cloud Platform & App Launcher. https://github.com/zelon88/HRCloud2


When I got a new PC last year I tried to sell my old one but couldn't find any buyers for a reasonable price, so I just made it my "home server" (much better than the Pi I had running before).

It has a 1080Ti GPU so I'm just mining Ethereum on it (T-Rex miner) which pays for the electricity and actually makes 2-3 extra coffees a month :)

Of course, mining uses only the GPU (and a little bit of RAM) which leaves the CPU completely free to run a bunch of other services. I'm running an Ark Xbox server and Jellyfin on bare metal, with everything else in Docker (on a Windows 11 base install): AdGuard, OpenVpn client + socks5 proxy, Portainer, Watchtower, Speedtest, Grafana, Prometheus, Awair and Ecobee exporters, CloudFlare DDNS plus a couple of other this-and-thats :)


Anyone running Postfix should integrate Postal in front of it.

It's been a pain in the ass to even view what emails came and went with what volume, it will let you run event hooks as well and can integrate with rspamd as well and view each email's score as well.

Interface is very clean too.

https://github.com/postalserver/postal


To not make my list exhaustive and list my most used applications.

- Vaultwarden. I see this in a shockingly small amount of lists. Selfhosted password manager. It’s been absolutely amazing and works with the Bitwarden apps.

- Proxmox. Specifically LXC. For courses/sideprojects/whatever, I just spin up a clean Alpine/Arch LXC and use it for remote development through CLion/IDEA/PHPStorm or VSC. It’s been great and saves me from installing a bunch of stuff and weird dependency management on my laptop. Which is also an M1 Air, so doing it on a linux server is much nicer.

- Nginx Proxy Manager. Quick and easy reverse proxies to all my containers/services. Both local and internet facing.


Started trying Vaultwarden last night and so far I'm really impressed. I have it integrated into my desktop, laptops and browsers. I just need to automate my backups. For self-hosting passwords and similar files it seems rock solid so far.


Pi-Hole

Tracks (GTD style ToDo webapp, wrote an Android app for it)

HappyAPI: I use it to maintain a chat accessible villager trade inventory for our Minecraft server (HappyAPI allows players to associate an IP with there Minecraft name on that server, so you can send "/h RedNifre Mending" and get a response with all villagers that sell Mending)


Have you published the Android app? I used Tracks for years, until eventually switching due to lack of mobile support.


No, it only had the features I needed and I'm also considering moving away from Tracks, maybe to Todoist. Which app did you switch to?


I host most of my stuff on ESXi VMs, mostly Fedora.

Local Video/Music: mythtv with fanless minipc for front end.

email: (sendmail/spamassassin/dovecot with Thunderbird front end)

sharing/collaboration: Nextcloud

Chat: Matrix/Synapse with Element web for the past year or so, Openfire (XMPP) for at least a decade.

Ad block: pi-hole

DNS: local recursive resolver (BIND)

spell/usage check: langtool (minimal usage, but interesting)

torrents: deluge/deluge web

proxy (forward): squid (mostly to cache fedora updates)

Podcasts: podgrab (just installed this based on an HN story a few weeks ago. I like it!)

Firewall: Netfilter/IPTables on fanless minipc

I was also running a Diaspora pod for a while, but got rid of it. I may go back to it at some point.

Streaming: Currently I use a Roku stick for this, but have been playing around with kodi and jellyfin. I hate kodi. jellyfin is pretty cool, but can't handle large music collections (jellyfin server crashes when trying to load my 20,000+ music tracks).

I won't use them for video, since both seem to think that I should organize my video files (10,000+) according to their strictures (TV vs. Movies, etc.) rather than allowing me to maintain the organization I've used for decades (genre). What's more, using their clients, I'd likely need to transcode many videos, whereas my mythtv front end (via ffmpeg) handles just about any format I throw at it.

Now that I think about it, I self-host everything and eschew any "cloud" (read: someone else's servers) services, as my data is mine and how/when I use it is my business, not anyone else's.

I just wish that more developers would focus on ease of installation[0] instead of docker containers or rafts of non-standard dependencies, which would allow less technical folks to self host this stuff -- incentivizing a broader ecosystem for FOSS and self-hosted stuff.

[0] https://news.ycombinator.com/item?id=30783477

Edit: Fixed list formatting.


I personally use fb2k with the dlna add-on for music streaming, with bubbleupnp server in the middle (mostly out of laziness; I used to stream to a Google cast device, though now I just have my stereo plugged directly into my PC). Bubbleupnp on Android is honestly one of the best music players I can ask for; it does nothing for audio quality, unfortunately, but everything for storing music wherever you want and casting it to wherever you want.

If you don't care for windows, airsonic is also pretty good; it supports both dlna and subsonic protocols. The only reason I use fb2k more often is that airsonic doesn't support multiple genres (I frequently shuffle a genre instead of using playlists). It's pretty heavy with memory compared to fb2k, though.

While you can't cast _to_ Roku using a dlna controller, Roku media player will allow you to browse and play content from a dlna server. There's also multiple channels available that provide other methods to stream music to Roku.


>If you don't care for windows, airsonic is also pretty good; it supports both dlna and subsonic protocols. The only reason I use fb2k more often is that airsonic doesn't support multiple genres (I frequently shuffle a genre instead of using playlists). It's pretty heavy with memory compared to fb2k, though.

Truth be told, mythtv works okay for my usual use case: shuffle all my music tracks (~22,000). But it has crappy playlist support.

I've been testing out a variety of music servers and am currently playing around with Navidrome[0], which seems to have better playlist support. And it's FOSS that runs on Linux.

BTW, Navidrome supports the Subsonic API and, as such, supports airsonic/subsonic clients.

I'm not so interested in using my phone to "cast" anything and I have plenty of storage and can fit the bulk of my music collection on the phone itself. I play that music with VLC[1] on the device -- no streaming.

>While you can't cast _to_ Roku using a dlna controller, Roku media player will allow you to browse and play content from a dlna server. There's also multiple channels available that provide other methods to stream music to Roku.

I tried that with jellyfin and mythtv (both are dlna servers too), but Roku Media Player can't handle anywhere near that many songs. It just hangs until I quit the app. And jellyfin can't handle such large playlists either -- it crashes the jellyfin server when I try to play a lot of songs.

I'm not in a huge rush to move the music off mythtv, but I do want to host my own streaming platform (I wish I didn't hate Kodi so much, Emby and Plex want to spy on me, and jellyfin's UI and Kodi-like strictures on folder structure (separating TV from Movies, rather than just dealing with the Genre --> Title --> Seasons[TV] --> Episodes[TV] structure I've been using for decades. As such, those are really non-starters for me.

Mythtv's plugin ecosystem is weak and streaming plugins are pretty much non-existent.

Eventually, I'll find (Navidrome?) a new music server and a media manager with decent streaming plugins. Then I'll add another fanless PC to plug into my receiver and run with it.

Until then, while what I have isn't awesome, between Mythtv, Roku and TiVo, most of my home media needs are met. I don't care about watching videos on my phone or "casting" them. And if I did, can access my video library and stream via Nextcloud.

Thanks for the suggestions. While they don't currently fit my use cases, I appreciate the information and discussion!

[0] https://www.navidrome.org/

[1] https://www.videolan.org/vlc/


I've been wanting to self-host a podcast service. This might be a really stupid question, but how do you download the podcasts to your server? I'm guessing it's like an RSS thing, but how do you the feeds?


>I've been wanting to self-host a podcast service. This might be a really stupid question, but how do you download the podcasts to your server? I'm guessing it's like an RSS thing, but how do you the feeds?

Great question!

Yes, with podgrab[0] you can add RSS urls or OPML files or use the "search" feature which, using your search term, will query the podcasts in either Apple podcasts or podcastindex.com.

As an aside, the software developer seems to have a preference for Docker. I do not. As such, I downloaded the sources (Go) and installed on an existing VM. I even packaged up the binary with the rest of the package and it runs just fine, using very little (~150MB) RAM and only 33MB disk space, not including the podcasts, of course.

I encourage you to check it out. It works nicely so far (a couple weeks).

[0] https://github.com/akhilrex/podgrab


Nextcloud, I don’t want to be dependent on a third party for storage anymore. I don’t want to fear them going out of business, raising their prices or banning me because I store a file they don’t like.

Of course I also like messing with that kind of thing and being in control but those are not the main reason.

edit oh and I’m 100% through someone else hosting and messing with my calendar and contacts, which Nextcloud does fine for me.


I'm a little late to this party (I've been heads-down getting the next release of PhotoStructure out the door).

I've got Resilio Sync running on both my NASes to get photos and videos backed up and importable. It's like SyncThing, but also has an iOS app.

I've used both nginx proxy manager and Caddy as an authenticating reverse proxy. Caddy's simplicity in setup, speed in use, and docs are wonderful.

I've also used cloudflared to proxy my home server: it's a bit more involved to set up auth, but it's (currently) free.

And, of course, I run PhotoStructure: I'm the author.

PhotoStructure is a web-based digital asset manager, but I've focused on really robust de-duplication, library portability (so I can plug my library drive or mount the same NAS directory on macOS, Windows, or Linux, and everything "just works"), as well as support for very large libraries with sub-100ms page load latencies on cheap hardware (because slow browsing is maddening). I have many users with libraries that track 1mm+ asset files, but it's also relevant for smaller libraries, given how simple it is to set up (one-click install, answer 4 questions, and you're done with setup).

PhotoStructure is freemium commercial software, as it's currently paying for me to work on it full time. A bunch of my user base harks from Hacker News: if you want to give the paid plan a spin, use coupon code "HN15" for 15% off (forever!). Details about plans and pricing are on https://photostructure.com/about/pricing/ (and visit us on Discord and the PhotoStructure Forum: I'm lucky to have really friendly and helpful users!)


On an old Dell Optiplex Micro:

- AdGuard for DNS blocking.

- HomeAssistant for all of my smart home stuff.

- Confluence for my wiki (back when you could get a $10 license, and yes I know it's overkill/unnecessary pain).

- Postgres (for Confluence)

- Nginx for reverse proxy.

I also have a Synology NAS (DS1618+) with a bunch of 10TB drives. The stock Synology apps are pretty decent and the entire package is polished compared to using something like FreeNAS. I use the built-in Photos app to manage my photo collection, ActiveBackup handles backups across all my PCs, and the Synology Drive software replaces Dropbox for me (complete with the ability to share a file via a password protected link). I run a dockerized version of SabNZBd/Sonarr/Radarr as well right on the NAS. Synology's CloudSync utility copies my most important files to a Backblaze B2 bucket.

I have the NAS connected via a 10 gig NIC for the NAS and a cheap Mikrotik 10 gig switch (with a gigabit uplink to the rest of my network). Combined with a QNAP Thunderbolt to SFP adapter for my MacBook, it's more than fast enough to use like local storage, including running VMs.


tt-rss. Web-based RSS reader with mobile client.

searx. Self-hosted meta-search engine.

Navidrome. Music streaming solution (paired with DSub).

Wallabag. Self-hosted Pocket. Scrapes and offlines content.

Paperless. Document management system. Paired with Genius Scan on my phone. Particularly handy at tax time.

Huginn. Self-hosted IFTTT-like solution.

Gotify. Mobile push notification infrastructure that is integrated with a ton of other stuff here.

deluged/deluge-web - Bittorrent client.

pi-hole. Nothing much to say here.

I also use syncthing all over the place (e.g. transferring scanned documents from my phone to Paperless), but I don't think of that as a self-hosted service per se.



Curious: I found grocy very impractical to use day to day. So you manually enter each item you stock in your pantry and manually decrease it by the gram after cooking/baking?


A Matrix server for me, plus a bunch of bots. Owning all my family's chats is fantastic, and making stupid bots keeps me endlessly entertained.

https://www.youtube.com/watch?v=pmTVerYNvs0


My own timeline thing.

It hosts all of my data plus my personal diary. I update it at least once a day. My photos, backups and geolocation are automatically uploaded to it.

https://github.com/nicbou/timeline

My home server gets a lot of use too. It's mostly my own code, plus Transmission.

https://github.com/nicbou/homeserver

I also have a few lines of code that take my browser's search queries and routes them according to keywords. Browsers do this natively now, but old habits die hard. Every search query goes through it.


Mattermost: for in-family conversations; i don't want my personal life mined for ad revenue, thank you.

Gitea: because gitlab is too heavy for a cheap cloud server, and projects like microsoft/github's copilot project sort of ticks me off, frankly.


Euphemistically, arr containers. But my use case was to find an amusing way to learn Docker Compose and eventually kubernetes (which I have yet to try). A great bunch of container apps that let you find public domain media.


I don't self host anything. Does that make me weird?

Also I dislike sites that require JavaScript to display text and images.


same. I did in the past, but work has basically made me hate computers, so I've done everything I can to remove computers from my life outside work hours.


Syncthing. Amazing tool. I keep media and documents syncted between two computers and a Pi home server. I want to add an "untrusted" VPS to the mix, but haven't done it yet. The only weak link is my iPhone. Luckily, one of the computer's in the mix is a Mac, and it keeps things synced via iCloud.

icloudpd. Pulls photos from iCloud onto the Pi and Syncthing takes care of it from there.

Prometheus/Grafana. Monitor indoor air quality with nice dashboards. I have other ideas I'd like to dashboard, but never get around to doing it.

Pi-hole.


I'm late to the party, but I do have a question.

For me, reliability and data backups/recovery play an important role in setting up systems like this. I find that if I think about setting up a self-host solution, my mind goes to, "But what if it fails and you lose all your effort in a theft, fire, flood, or just hardware/data failure?"

And that side of my brain would be right: what if that happened?

So I guess I'd ask the author: how do you handle this niggling feeling in your brain, if you get it like I do.


Same thoughts as you. Anything I run also takes care of backing itself up using tarsnap or borg to rsync.net (depending on when I originally setup that particular application)

Some things you can just copy the files on a regular schedule (with tarsnapper or borgmatic), others you also have to stop the DB and take a dump of it before restarting it. And everything I can set up again with a collection of custom ansible playbooks and roles.

But yes I wouldn’t self host without a reliable backup strategy and auto updates (with unattended-upgrades).


I can't answer for the author, but I can answer for myself.

First of all, I have a little bit of fault tolerance with using ZFS and ZRaid 2 with 6 disks - so I'm good until 2 disks have failed.

But more than that, everything is backed up offsite using Restic and the JottaCloud RClone backend - the data I don't want to lose is around 4TB (backups from all computers in the house, and SeaFile sync of all mobile devices) so whilst the initial upload wasn't super fast (although not too bad as I've got a 70Mbps upload speed) periodic sync each day is super quick.


Plex and an internal network clipboard sharing tool I wrote called Pasteboard. Pasteboard bridges the “over the air” copy/paste gap between my phone and non-Apple devices.


Asking for advice:(to HN of all places but eh...)

I know nothing about docker. I have a handful of VMs(Jitsi, pfsense,VPN). Want to be able to set up useful self-hosted services at home without killing my family downtime.

My current plan: yunohost https://yunohost.org/ and a RPi4 to see the possibilities. Then if I see a rock solid requirement maybe go for something more specific. (NixOS config seems interesting...)

Seem fair?


Consider a "TinyMiniMicro" type slim PC instead of a RPi4. You'll get a lot more bang for your buck. https://www.servethehome.com/introducing-project-tinyminimic...


A fair point actually. A RPi4 8GB isn't that expensive, which is why it was desirable. But then a case, a cooling solution, a powersupply all adds up..

And in the end it isn't a formfactor standardised and stackable solution.

You've sold me on this one. Thank you!


I’d go with a tinymicro server instead and use proxmox with VMs and LXC containers. This type of containers is pretty much like a VM (you get a full OS and can hardly tell the difference with a VM, unlike docker). But it’s much lighter (it’s a container) and all your regular tooling like ansible etc works out of the box. Along with tarsnap or borg for backups and unattended-upgrades and it’s near set and forget (unlike, again, docker)

I went the docker route for home and I don’t recommend it. It’s too high maintenance to keep up to date, it’s over engineered for the home. I’ve since switched to proxmox and vms/lxc.


A sibling comment convinced me on tinymicro! Thanks for the seconding this!

I was hoping to keep things simple. To start with. Docker+compose on a linux image seems like only "one" system to learn and there seems to be a whole library of prebuilt docker images for most services I could want to run.

Not sure how well the "image library" translates to proxmox.

Also not sure how the Trust(images from online source) Vs Capability (roll my own secure image) balance works out.

Well, nothing says I have to keep proxmox forever so I will try it out and go from there. Thank you for your time!


I don't think an RPi4 can keep up with Jitsi, but I have never attempted it.

I have not tried yunohost, but the interface looks nice.

docker is not required, but docker + docker compose, on an RPi4, with auto-restart of failed containers has been very solid for me.


RPi4 and Jitsi may not work, but looking into containers is the main point.

Simply using Docker and Docker-compose on RPi linux may indeed be what I am after to start with. A commandline + YAML file is totally fine! Thanks!


Check out the /r/selfhosted subreddit. It's an extremely useful resource.

Docker Compose has worked great for me so far. I'm not sure about Nix.


The "awesome" lists from the Please Read This First post is gold enough to get me going for a while. Thank you!


Self-hosting is still way too hard. Running your own Plex server on an old laptop shouldn't be any more difficult or less secure than installing an app on your phone.

Folks shouldn't have to understand DNS, TLS, HTTP, IP addresses, ports, NAT, CGNAT, port forwarding, etc in order to run a server application on their own hardware.

I think we can build usable abstractions around most of it, while being secure by default.

[0]: please consider open source Jellyfin instead


Docker and Tailscale are all you need. I have all my services in single docker-compose yaml.


Docker and Tailscale are still an order of magnitude more complicated than installing an app on your phone.


Having to use third party repos and trust the uploaders kind of misses the point of self-hosting imo


What's the value of Tailscale in a home network with self-hosted apps?


being able to have a consistent name for your server instead of using an ip address such as "192.168.1.23:4567", which would change often if you didn't set up a static ip.

once you bookmark "devicename:4567" or reference it in some other app, you won't have to change it again.

and of course having outside access to your devices when you are away is a nice plus as well


You could use DHCP for this. It can map your Servernames (their hostnames) to a local domain. eg. devicename.mackrevinack.homstead. But it can also map to just the hostname.


I don't know... most people are too dumb/lazy to install a program using an installer or apk file.

Notice how most of the software listed is free and open source - if the end user can't be arsed to learn a few things, why would the developers go out of their way to accommodate them?

They're just not the intended market.


Plex server has Windows version. If you use Windows, it's just like installing an app on Windows. The only thing is you need to setup port forwarding for remote access.


Mumble - "a free, open source, low latency, high quality voice chat application" that I can manage the logs and certificates for. Kinda the only choice because Discord doesn't have an equivalent setup/mode.

Pi-Hole - DNS caching and adblocking for networked devices that I can't run a normal adblocker on. I also set it up to block Facebook where possible.

Minecraft (Java) - Because gotta have fun, right?


Portainer looks popular but it's actually not easy to use, can't see which container is upgradable and doesn't even care to support mobile.

I found an alternative which is still a very young project but I've replaced Portainer.

https://github.com/SelfhostedPro/Yacht


I use watchtower to update my containers


How do people feel about Prom/Grafana? I can figure out most things, but I've had nothing but problems with these tools for years. I assume I'm the problem, because I never hear anything but high praise from anyone else. But for me it's pure friction every time I touch them and I can't figure out why.


You could try looking into the Influx stack - I have InfluxDB 2.x running, which has it's own built in dashboarding tool which (I find) has a lower learning curve than Grafana.

Then to feed it metrics use Telegraf.


What are the issues you have?


The UI looks great but the UX is terrible


That's like saying "I don't like it".


I'll give you an example of what I mean.

Let's look at the manual on variables, found at this URL: https://grafana.com/docs/grafana/latest/variables/.

Variables are shown at the top of the screen. You would assume that adding a new variable would involve a UI element placed in proximity to the existing variables. However, that's not the case at all. None of the sections in the manual would even tell you where you need to go to do that. The answer: you need to go to the dashboard settings dialog and open the Variables tab.

What about editing the name of an item? Well, that functionality could be anywhere. If it's a variable name, you go back to the "Settings" tab. If it's a query name, you can change it inline. For a panel, you do it from the sidebar. Hurray for consistency.

The UI looks great, but the learning curve is terrible due to inconsistency.


I wouldn't say it's terrible but prometheus & grafana have a learning curve for sure.

It's a question of do you want a pull-based architecture (prometheus) or a push-based one (influxdb). Grafana is just a frontend that supports either, although influx also has its own frontend.


I have a _terrible_ memory and am constantly forgetting things about friends I have known for almost a decade. I host this in a container that I am likely going to move to a RPi: https://github.com/monicahq/monica


Igf in reinstall it; this will be my 3rd try on monica... if only someone else would fill it for me - oh how is the mobile support for it nowadays?


I'll be honest - since I host it in a Docker container on my main desktop PC, I rarely rely on mobile, so I can't really say. I don't fill _everything_ in on Monica, I just try to hit the high-level items (e.g. they mentioned X, I should get them Y, etc.).

Monica really needs some sort of smart insertion system - just a free-form field that can parse a full sentence and handle the logistics.

For example, "Mary and I spoke on the phone last week and said she was going to Italy for a vacation and offered to show me photos" - Monica should be able to parse the conversation, the event and a follow-up somehow.


I never could get this to work and play nicely with my traefik setup. :-/


FreshRSS, Dendrite (Matrix), Keycloak+slapd (auth), TheLounge (IRC), Vaultwarden (Bitwarden implementation in rust)


If you want an alternative to Pi-hole. I highly recommend AdGuard home. https://github.com/AdguardTeam/AdguardHome. Every thing is way more intuitive and list management is a breeze.


Seconding this. I switched from PiHole to AdGuard Home because they have built in DNS over HTTPS support. I run a second instance on my colo server (with only HTTPS exposed) for my mobile devices. AdGuard can even generate the .mobileconfig file for you to automatically set it up!


My entire work life is scripted, and backups, torrents, VPN on-off, dog-watching-cam, streaming-by-sport is scripted at home. Work is literally issue? Fixed. If something new, I automate it.

I guess I use a VPN, and a browser that talks to my Roku, but I tend to think the automation is the thing.

Weird question.


Shameless plug but if you are looking for a homepage to list all the apps you self-host, I made one called Jump that you might get find useful...

https://github.com/daledavies/jump


Most of mine are already listed.

I get a hell of a lot of utility out of ansible scripts to deploy LXCs/VM though. Faster than spinning up something in cloud. Zero cost and locally accesible.

Gitlab CI has also proven to be a neat thing for various digital glue and deployments


- Filestash: the file manager I made for myself

- Dispatch: IRC client

- Grafana: to create graphs for all sort of stuff

- Gogs: for private git repos

- minio: a selfhosted s3 compatible

- Apache: to host some files I want to share and a few api endpoint as a dirty lambda alternative

- Radicale: for caldav cardav with agendav for webclient

- Webmail-lite: for mails


If you're hosting _private_ git repos, why bother with a hosted solution at all? Why not just use ssh remotes?


* The UI is nice to have

* You get features like issues, project wiki, etc

* You can still collaborate/handle PRs easily with other people

I selfhost for the above and just to have a handy backup in case github is down.


- ShaarliGo [0], my own scratch to a maybe more common itch

- lighttpd webserver

- ZeroBin [1] pastebin

- Gogs [2] git hosting

- qr code generator [3] (some lines of bash)

- static ios OTA test deployments [4]

- Minecraft Server Spigot 1.16.5

- dokuwiki

[0] https://demo.mro.name/shaarligo

[1] https://github.com/elrido/ZeroBin

[2] https://gogs.io

[3] https://qr.mro.name

[4] https://codeberg.org/mro/iOS-OTA


miniflux - RSS reader

Plex - Basically all TV's use this now on rokus in my house. With a few other roku Apps like Netflix or PBS. But Plex is 99% used

AtomicToolkit - arrr

Pi-hole - i guess..Most arent aware its inline though.

NGINX+LetsEncrypt box - reverse proxy for internet request and give them https (for things like plex). But again, transparent.

More recently Ive setup HomeAssistant to mostly consolidate the number of APPs. Ie: 1 app now controls both my central and window AC's.

Less "self hosted" but i did buy into an Opnsense AMD epyc SOC appliance. Dang thing is pretty awesome and a pretty big upgrade to the supermicro/Intel Celeron J1900 router opnsense router i was using.


Seeing that this is turning into a comment section with answers to the question in the title of the article, instead of comments on TFA, here goes my list:

* Miniflux as an RSS reader

* Home Assistant for home automation stuff with various door/window/movement sensors, Hue management, workflows like bedtime and welcome home

* AdGuard for DNS adblocking

* An OpenVPN VPN for me to get into my home network, and another to a VPS in another country that my network gets routed over when connecting to geoblocked content ( ip sets are awesome)

* Not really self-hosted per se ( just local) and as a replacement for what some here self-host, Obsidian for note taking and wiki.


Brownie - lets you branch the head off any EVM blockchain so that you have the current state of all smart contracts and accounts locally, and so you can manipulate the states for free, and if you find a state you like then you switch back to the mainnet blockchain and only pay for that transaction to get the desired outcome you want. also the offline version can just be for educational purposes to understand how and why people developed things a certain way.

For many, this is better than simply spinning up a localhost Ethereum network as offered by Ganache, because those lack any data to manipulate.


I use hardhat without brownie now


Been building a service to cloud host (typically self-hosted) applications and make them a bit more accessible: https://www.pikapods.com/

Most popular apps are: WordPress, Filerun, Nextcloud, Uptime Kuma, Umami and PhotoPrism.

This would be for anyone lacking time or sysadmin skill to run this as hobby. I'm also working on a sponsorship or revenue sharing schema to get some financing back to FOSS authors. Since you're already paying for something there is less friction than actively donating to each project.


My main "user-facing" applications are:

* Blue Iris - for video surveillance

* Home Assistant

* Jellyfin

My main backend things are:

* Node-RED - for more complicated home automation than can be reasonably built in Home Assistant

* deCONZ - for my Zigbee lights and sensors

* PostgreSQL

* StrongSwan and Wireguard VPNs - I'm still evaluating Wireguard. I like the simplicity, but there are some things that I can do with StrongSwan that I can't do with WireGuard (specifically, split-DNS).

* Pi-hole

* Kubernetes - I'm just playing with this at the moment, but I'm running Pi-hole in it as it's not a critical service.

* Nginx - reverse proxy and TLS termination.

* TrueNAS Core on a QNAP NAS

I'm sure there's some I missed.


Curious what you need the split DNS for? I've got a wireguard setup and things seem to work fine as is including resolution on services and pihole filtering


Mosquitto MQTT Broker. Its main purpose is to receive published system status (free disk space, memory, load, temperature) messages from other servers. The clients all use mosquitto_pub in a 5-line bash script run by crontab every 5 minutes. It's secure, has a very low overhead all round and I can access the topic from any device that has an MQTT client without needing SSH, VPN etc access.

I also use it for publishing file upload status messages, and recently, the carbon-zero fuel power generation percentage for my neighbourhood.


That sounds like a great use case of MQTT. Do you have any tips or references to copy your approach?

Is it easy to display the last message received on a collection of topics? It would make it easy to watch a custom summary of a large system.


Thanks! You should get a broker set up first and play around on localhost: this makes it easier to get acquainted with what you can and can't do. Experiment with the QOS and 'retain' settings to make sure you don't lose messages.

I did a writeup at https://petergarner.net/notes.php?thisnote=20190811-Lightwei... which should give you some ideas. As regards clients I'd recommend the cross-platform MQTT Explorer https://mqtt-explorer.com/ and for iOS, I've settled on EasyMQTT which also provides some graphing options. I don't use Android but most of the clients are good (and free). Hope this helps!


This is just excellent. Thank you so much. I have a jumble of collectd, statsd into a TICK stack, hooked into PageDuty for alerts, but it’s just all so bulky and weby, whereas your approach is clean and bespoke, especial for monitoring of a custom system/platform. I will be starting on this by end of the day. I like it.


Wow, this sounds great! Did you happen to write up any details on your blog or someplace? I'm greatly interested in learning more about this!


- Home Assistant for controlling variety of IoT devices around the apartment

- Node-red - Node-based GUI to supplement Home Assistant

- Mosquitto MQTT server

- Invidious - Alternate YouTube frontend

- Libreddit - Alternate Reddit frontend

- Jellyfin - TV/Movie/Music streaming server

- Gitea - Private git repositories

- Nginx Proxy Manager - What it says on the tin

- PiHole - Ad blocking

- MakeMKV - GUI frontend to MakeMKV running in Docker on my headless server

- Various Discord bots

- Nginx + PHP for my personal sites

- Wireguard for remote access

- Samba for file management

All of this running on a local Arch Linux server with ZFS for RAID. I also have hosted some game servers in the past (Minecraft and Terraria mostly) but don't at the moment.


Do you have an idea how to redirect all reddit request through libredit?


I use a Firefox extension to do it - https://einaregilsson.com/redirector/. You might be able to do some local DNS with a wildcard shenanigans, but this is much easier to set up.

I actually don't redirect my Reddit requests, since once in a blue moon I will want to comment on something, which libreddit doesn't support. However Invidious does have the option to let you follow certain channels, and since I don't comment on YouTube videos, it covers all of my use cases, so I redirect all Youtube traffic to it.



Portainer - Docker management via web Sonarr/Radarr/ Bazarr/ Jackett - Linux ISO manager qBittorrent- Linux ISOs Overseer - So my family can request Linux ISOs Plex - Streaming content for family Nginx Proxy Manager - Too lazy to configure reverse proxies by hand Homebridge/ Homeassistant - Home automations and HomeKit integrations Hammond - Vehicle expense tracking Octoprint - Mainly used to check on my printer without standing up Heimdall - Launchpad for all sites hosted above


Plex, then maybe Node-red for the lights, then Matrix and Nextcloud.


Do you federate your Matrix server with the main network? Which implementation do you use, if you don't mind me asking, and what has been your experience?


Yes, I do federate (I also use it for IRC and you need federation to access the liberachat IRC-Matrix bridge). Besides that I have just one other active user.

I use synapse as the server and Element as the client. I had tried out a bunch of other clients a few months ago, but found Element to be the most mature.

My experience has been pretty great overall. There were a few early issues (relating largely to a slightly weird network setup) but otherwise it works very well once setup.

Recently when I was trying to setup Mastodon, I realized how much more mature the setup process for synapse was. The setup needed for networking is better documented and they have a tool for testing if federation is working (and if not, attempting to provide an explanation why). This made it relatively easy to set things up correctly for my network compared to Mastodon, where I finally just gave up and setup a digitalocean droplet instead.

Functionality wise, everything works pretty well, E2EE requires a bit of preplanning to maintain across devices (ie. Keeping a backup of the keys or having the key store setup) but that's reasonable. The spaces feature needs a bit of UI polish but otherwise provides a similar hierarchical channel grouping system as Discord and Slack.

I can't really think of any other particular criticisms I have of it except that to administrate a server we still seem to have to lean on a third party application, synapse-admin (or hand write curl requests), it would be nice for it to just be incorporated into the client or into the server. I haven't had to use it much due to not having many users, but I imagine it's pretty relevant for servers with more users.


Thanks for the writeup!

I've tried running Synapse (and was partially successful) a little while ago but didn't try to federate as I never took the basic hosting of it anywhere.

I will try again when I have my new home infra set up.


If we're going to be cheeky, it's almost certainly BIND (behind unbound and nsd, driven by blacklists fed by minemeld), followed by ISC DHCP and other plumbing running in the background like mrtg/sflow/pnp/netdisco. If we're going to just talk about user interactive self-hosting then it would be a toss-up between my private searx instance and kodi via diskless netbooted openelec. Roundcube, sandstorm and invidious get honourable mentions


yep i definitely know some of these words


For work, Vimflowy has been great as a todo list scratchpad. I have Markdown New Tab in the browser as a general scratchpad, but Vimflowy as a pinned tab for todo lists.


All running on a Lenovo ThinkCentre 9000 running unRaid (with just one drive =P):

PiHole, it's the first thing I add to every network I set up. Can't live without it.

The *arr -stack (son-, rad-, baz- etc)

Plex for media at home and on the go (Plex Pass). Maybe I'll look up Jellyfin at some point, but for now Plex is superior.

Home Assistant + zigbee2mqtt + NodeRED + n8n for home automation and other tasks.

Mosquitto + Redis for communication and database use for my own projects.

Tailscale node for accessing my home network as a bastion host.


definitely syncthing, even though it pretty much blends into the background once its set up, but i really couldn't imagine going back to life before i started using it

i have a sync folder called 'drop' that gets added to every device, mainly just so i can quickly drop a file in and take it out on another device.

each OS i use has its own sync folder, linux, android, windows etc.

i have a 'config' folder with a huge alphabetical list of every program i use on any OS. that gets added to most devices

i have separate sync folders for programming stuff, art, music making stuff, books/audiobooks, note taking stuff, openstreetmap. i usually use some ignore patterns on those when syncing to my phone or tablet to reduce the size of the folders

each phone that i take photos on has a send-only sync folder which is synced to my home server, so i don't need to worry if delete a photo by accident or whatever

i still haven't figure out my music folder yet. im currently just syncing the full folder between every device which is not great due to the size. im thinking it might be possible with a quick script that would get a list of tracks from whatever .m3u playlists i choose and then use the inverted ignore pattern so it will only sync those songs and ignore everything else.


PhotoPrism [0] is an excellent way to manage your local photo collection.

[0]: https://photoprism.app/


Synapse (Matrix homeserver), mautrix-telegram (bridge for Telegram to Matrix), Element Web (Matrix client) Mastodon (federated, activitypub Twitter-like) SyncThing (P2P Dropbox) - fantastic for syncing my purchased music & ebooks between devices and sharing with my wife.

These are all on my small NixOS VPS (or individual devices for SyncThing) - I've been meaning to setup an old laptop as a server at home for home automation and media.


I REALLY want to start self-hosting but I can't afford a separate homeserver. I have a personal list of software to self-host and have looked into VPS providers like DO, Vultr, Linode & Hetzner.

While they're cheap, should I really self-host on shared CPUs because that's all I can afford right now.

My basic system would be Pi-Hole, Miniflux, Linkding. Maybe Bitwarden.

What would be a good way to get started? Any suggestions are welcome.


The main limiter to what you can host is RAM. RPI4s currently go for a premium. Additional they have hidden issues like being picky about power supplies. bottlenecked by IO via USB3 if you want an additional NIC and non-SD storage.

You would be better off with a like-new Dell Wyse 5070 off ebay for ~100 (and occasionally less if you're patient). Supports up to 32GB ram and an M.2 SATA slot.

You'll have much better IO, stability, and capacity compared to RPI4 for not much more cost. Power envelope of the system is pretty similar, the 5070 idles around 5W and loaded down it goes up to ~15W and is fanless which is in the neighborhood of the pi.


I don't know your situation, but can't you use an old PC to start your self-hosting journey?

It's what I did. It costs me less in electricity than a VPS but it's way more powerful.

The only thing I eventually bought was an UPS, because for some reason I regularly have micro power cuts at home.


This is exactly my setup. I build a new desktop from scrath every 5-7 years (upgrading incrementally in between) and my last desktop is now my server. Added 5 pairs of 10tb drives using zfs and the thing is so reliable I sometimes forget I'm hosting it at home.

I have it connected to a small UPS due to the occasional random brown-out in my neighborhood. The server only runs on the UPS for about 15 minutes, but during the rare substantial power outage, that's enough for me to power it down gently.

I also have a little desktop Lenovo PC I found cheap (used) at microcenter that I use as my primary zwave hub with a custom MQTT/JS based home automation script. This replaced a Raspberry Pi, which I loved, but after losing the storage a couple times, I no longer rely upon as a primary server


You can look at Oracle Cloud. They have a "free forever" plan that looks quite nice (4 ARM CPUs, 24 GB RAM and 200 GB storage).


TIL! With those specs it might even be possible to run a k8s cluster


Wow, what's the catch?


The "Always Free Tier" stuff will get shut down when the expanded free tier expires unless you have a credit card plugged in. You can turn it back on... They don't always take cards they should. So, navigating their always free tier is somewhat complicated.

Also, there is a LOT of resource congestion for the arm systems. Be prepared to try every day to fire up new instances for a couple of weeks until you can find free capacity.


You're using an Oracle product ;-)


I bought a second hand Acer chromebox with a celeron and 4GB ram for $15 on ebay (plus another $15 for shipping). It's much more powerful than a pi4 and a lot cheaper too. Plus, it's x86, not arm. I'm running docker swarm on it and using Cloudflare's Argo tunnels.


A Raspberry Pi is the perfect playground to get started with self-hosting. It is cheap and barely takes up any physical space.

Pi-Hole and bitwarden are simple enough applications that you can host both of them on a pi. Plus there are plenty of guides available online to guide you thru the process if you do get stuck.

I got started with self-hosting pi-hole on a raspberry pi myself.


Yes but only a Raspberry Pi 4. The improvement compared to 3 is so big, that it's not worth getting a 3.

And it's nearly impossible to get any of them. I've been trying to buy another 4 with 8 GB for over a year now, but am not willing to go beyond 80 € for just the board.


Pi's are so hard to find. A second hand small form factor (SFF) Dell off eBay is cheaper and more powerful/flexible.


I haven't seen them be mentioned, another good option is to buy a thin client or multiple thin clients.

You can get them on eBay for <$100, they will typically have a fair amount of RAM and a quad-core AMD CPU (enough to outperform a raspberry pi pretty easily), and they will typically be on the order of <20W of power usage, meaning that even running 4-5 of them with k8s/Docker-Swarm won't murder your power bill.

Just an example: https://www.ebay.com/itm/154783701325?hash=item2409d3d94d:g:...

You can pretty easily install Ubuntu or something on there and treat it like a normal computer.


My first home server was an old beaten laptop, the CPU was not even 64 bit. Even the current one is assembled of basic office hardware and some HDDs. My suggestion is that you grab the first unused hardware available, and use that.


> What would be a good way to get started?

Rent a Linux server, deploy the Tailscale client, run apps on it.

> should I really self-host on shared CPUs

That shouldn't generally be a problem unless you're a very high value target (or really unlucky), but if you're that worried, rent a bare metal server.


You can pick up an HP MicroServer for around $400 on ebay… this is my plan, as I am also on a tight budget, and burning cash, even a $5/mo Droplet, is just more than I wish to spend.

Bonus, those MicroServers are supported by ESXi, IIRC


I got an ecc-ready used workstation on Ebay. After adding a smallish SSD for the system drive and upgrading the memory to 16GB I think my total cost was in the neighborhood of $200. Cost about as much as two top-end fully-equipped (case, heat sinks, disk) Pi4s, but is much more powerful, and, conveniently, includes space & ports for my SATA spinning-rust bulk storage disks.

It is a (fairly small) desktop tower, so it takes up quite a bit more space than a couple of Pis, though, again, it also encloses some internal hard drives, which is nice. I'm not sure about power use but I'd just gut-instinct guess it's equivalent to four or five Raspberries Pi, even if you take out the power to run the hard drives, so it is (probably) worse on that front.


A Pi will run a lot. Next step up is an Intel Nuc. An old one is fine but the newer the better. The 11th gen is rather powerful, but even the 8th is pretty great.


Why not just use a Raspberry Pi? It's cheap and uses almost no power (=very low electricity cost.)


I feel like this has to be someone who doesn't do this for a job.

I host a VM for my router I host a VM of open media vault I host an arch box for my development.

Any notes or projects I have are edited in vim and committed to GitHub. Any networking stuff that isn't supported by openwrt isn't bothered with and I spend my free time mostly reading books. Actuall paper books and occasionally taking actual paper notes.


I don’t know if this counts, because it’s kind of hybrid, but I use Plex all the time. I like the personal flexibility, and my wife is so constantly annoyed that the music library she spent years curating got crunched by YouTube (Google Music at the time). So we have her library extracted from a backup and dropped into Plex. We got a lifetime subscription to stream from our home NAS.


Here's what I'm using:

Xen-Orchestra, OPNsense, nginx, wireguard: This is the foundation and plumbing to run all my other applications.

Nextcloud: I'd be very unhappy if this broke. It syncs my files, calendars, contacts and also has the rss feeds I'm subscribed to.

Jellyfin: movies, shows and music

Kavita: a more recent (and still wip) addition, books and manga reading

WikiJS: my current wiki. I'm moving to grav for a full CMS though


OH man I love finding new apps like this! Here is my list: Pihole LOVE it. Paperless-ngx minidlna (can't bring myself to use jellyember or whatever) NextCloud synapse/matrix - about 10 active users element-web archivebox vaultwarden duplicati baikal home-assistant navidrome nginx-proxy-manager photoprism syncthing ttrss gitea



Pi-Hole, Prosody (XMPP server), Miniflux (RSS), Pass (password store, although it's only a git repo, so doesn't really count)


This is a cool list, I hadn't heard of most of these.

Here are mine:

- Nextcloud - files, calendar, todo, contacts syncing

- Tiny Tiny RSS - RSS reader

- Wallabag - read it later, also a database of interesting things I've read so I can recall later

- Photoprism - photo organizing/tagging

- CheckMK - monitoring

- The Lounge - IRC client that connects to my ZNC bouncer

- Plex - media streaming

- Airsonic - music streaming (since Plex sucks at that)

- Gitea - git repos/issues

- Code-Server - VSC instance hosted in the browser


The plex native mobile app is pretty awful for music streaming, however "PlexAmp" available on Android and iOS is absolutely fantastic, barring a couple of minor points.

1) Requires PlexPass (iirc), 2) Makes you pick a library rather than searching/playing from all. Switching libraries is extremely quick and simple though.


Photostructure, Actual, Tandoor Recipes, and a load of media stuff. If anyone is interested in home hosting, but not sure where to start, we’re trying to make it easy with custom hardware https://pibox.io ! I maintain a ton of Kubernetes templates for various self hosted apps as well!


I ordered a pibox in February. When are they shipping?


We just packed the first one hundred ourselves and will ship them on Monday! The vast majority of orders ship in July due to Raspberry pi shortages. We’re trying to get as many orders as we can so we can place additional orders - it’s a bit of a chicken and the egg issue. Send us an email at support@kubesail.com and we can get your order number for a better estimate :)


Depending on how pedantic you want to get, my most-used self-hosted application is SSH followed closely by nginx and gophernicus.

To give an answer more in line with what the post author appears to want, I've been playing around with Pleroma lately, so it's my most-used self-hosted application until I find something newer and shinier to distract me.


Home assistant and some related services. For most other things though, I’m very happy to NOT manage anything myself, this includes media, backup, email and so on. I used a NAS in the past but stopped doing that when streaming services appeared. I hate collecting and organizing things so it’s a huge relief to not have media files.


Duplicati for backups, resilio sync for file syncing, freenas for network storage, WireGuard vpn to connect to it all.


Home Assistant. https://www.home-assistant.io/

It removes the unnecessary thinking that I do not want to waste time on. (e.g. is the washer flooding the basement? Light off if I am not around, close and lock garage at night, etc.)


TTRSS, it's the only thing I self-host currently, but I spend way too much time on it every day.


Synapse. I use Matrix chat every day. Also, my website's cactus.chat comments are on Matrix.

Navidrome - nice lightweight self-hosted music server

Miniflux - my RSS reader

PiVPN - An easy to use wireguard manager that I use every day. (Technically I interact with only wireguard, not the manager PiVPN every day)


Seafile. Locally hosted Dropbox alternative which works well for my needs (300GB+ stored).

Emby. Network media streaming.

qBittorrent with the web server enabled. Downloading Linux ISOs.

Airsonic. Music library streaming, though I find myself using Emby for this more often.

All running on Ubuntu 20.04 on an Intel NUC with 16GB RAM.


awesome-selfhosted/awesome-selfhosted lists quite a few: https://github.com/awesome-selfhosted/awesome-selfhosted


For me:

Garage: s3 for backups and Docker images

Loft: for managing a small cluster and providing oauth

Rob’s Magic VPN: custom software for managing a VPN and switching to/from the VPN with some routing magic.

Longhorn by Rancher: for providing volumes on the cluster.

Harbor: personal Docker registry using Garage as a backend.


TinyTinyRSS, RoundCube, and Adminer. RSS client, Email IMAP Client, and Database manager.


I’ve never been one for the managed password apps like onepass or lastpass. Instead for years now I’ve kept everything in keepass shared out through Caldav. There’s an application on every single OS or marketplace that’s compatible.


> ...keepass shared out through Caldav...

I've used keepass for close to a decade, and synched via dropbox originally but utlimately switched to nextcloud for the synching...but, curious how and why you are sharing via *Caldav*? Care to share the "how" and the "why"?


I do the same thing with NextCloud as the host for the password database. Combined with it keeping old versions, I've been able to recover from accidentally corrupted files from bad cell connections (though this hasn't happened in a long time)


Same here, with a self-hosted Nextcloud.


FreeNAS w/ Plex on it. And auto backing up some folders to Backblaze B2.

HomeAssistant w/ AdGuard Home and various other things on it.

Used to also do PFSense, but ended up just using Ubiquiti now. Miss a few things, but its one less place to manage things.


"webpad paste" it's a rest-url giant text pad I use to keep notes across devices

I have an actual app too that's also a note taking app (use it everyday) basic React/Electron thing with Express backend

my goal is centralizing my own info


I use noteself for this, which is an extension of tiddlywiki using an in-browser pouchdb back-end. This can then be sync'd to a couchdb instance, which can be self-hosted - which is what I do.

It's perfect for my needs, I need to work out setting up separate databases for separate note purposes (keeping personal and work separate). I find tiddlywiki / noteself's structure perfect for the various streams required for the management of projects.


I have a home server running Plex, but access is local only. I'd love to run some other applications as well, but I need to access these remotely.

Anyone have a simple, straightforward and secure process for remote access to a home server?


I'm not affiliated with either, but I use rathole (https://github.com/rapiz1/rathole) and kamatera (https://www.kamatera.com/) as my own kind of ngrok. But I've also heard good things about tailscale (https://tailscale.com/pricing/) which has a free hobby tier. Gonna give that a try after work today.


WireGuard in Docker - then open a firewall port.

However to get it actually simple, Tailscale. It’s truely ludicrous. I had it running inside 10 mins, but only because I wasted 5 minutes trying to work out what to do next, when it was already running.


I use ZeroTier, which you can host yourself or use a hosted service. I haven't tried tailscale, though, which is what a lot of others seem to be using here.


I started using netmaker recently And it is running great on all of my devices so far.


Tailscale


SimpleCD is a Continuous Delivery system written for the Bash shell.

https://github.com/manuelkiessling/simplecd


- My own document management system Aktenkoffer: https://github.com/svkurowski/aktenkoffer

- Wiki.js

- HomeAssistant


Any demo online for Aktenkoffer?


Dockers:

- lychee - pohotos

- nginx-proxy-manager - proxy/letsencrypt

- jellyfin - movies

- audiobookshelf - audiobooks

- nextcloud - news/talk

- ghost - few blogs

- httpd - many private and commercial web pages

- domistyle/tor-browser - easy access to TOR

- exatorrent - downloading linuxes ;)

- m4yur/mindmaps - mindmap

- portainer - administrating all those dockers



But how would one backup their self hosted apps? I imagine a cron job to create snapshots then upload them to a cloud provider. Isn't there a self hosted app for that as well?


For data I care about, the data is hosted on a NAS that incorporates an encrypted snapshot backup strategy with off-site storage in Google Drive.

Configuration I tend to store in a git repository that I back up.

For the VMs/whatever, I just document the setup and, in the case of a disaster, would just rebuild. It'd be a gigantic PITA, but the data and configuration are the important bits. The rest is just labour.

That said, this is why I don't self-host truly critical infrastructure like email or messaging. Everything I run are things I could live without for a while if I had to.


rsync to external USB HDD in my case. I cycle two 8TB externals between my home and safe deposit box for offsite storage. I swap them and then do a fresh rsync of all my jails/etc.


Do you run your docker containers, inside proxmox containers? if so, is that two layers of containerisation on top of each other? Debian > LXC > Docker > Service


Transmission, Jellyfin, Nextcloud, and DokuWiki (rapidly being supplanted by Nextcloud) are mine. I also still run ZNC but that doesn't get used as often anymore.


  - NextCloud - Dropbox alternative  
  - UXWizz - Website analytics  
  - Percona Monitoring and Management - Database/server monitoring


Everything in Docker ofcourse:

- Caddy, very easy reverse proxy

- Authelia, single-sign on for all my services (I prefer that to VPN)

- PiHole, for blocking ads

- Nextcloud, private Dropbox

- Gitea, private Git

- InfluxDB + Chronograf, for monitoring my home

- Jellyfin, media server

- Sabnzbd, NZB client

- Deluge, Torrent client

- IPSec VPN


pihole stands between me and everything I do on the internet


I also really like AdGuard


AdGuard Home the pihole alternative or their end client options?


I personally got tired of PiHole UI and switched to AdGuard alternative.

I like it much better.




Great suggestions in here, thanks all!

I don't have much to show, I'm running Home Assistant, Ubiquiti Unifi-controller, Pi-Hole, that's it so far.


Mailu - a mail server as a set of Docker images.


jellyfin, plex, gitea, heimdall, vaultwarden, traefik, authelia and some usenet stuff all behind 2FA with authelia on docker


- Email: Mail-in-a-box - Cloud (Calendar/contacts/files/notes/photos): Nextcloud - Matrix: Synapse


Is your mail-in-a-box and Nextcloud totally separate? I know MiaB has an integrated Nextcloud, but their documentation says that they only support contacts / calendaring, so I'm hesitant to use it without fully documented support for all Nextcloud's features.


For row data management (I use it to manage to-do list), SeaTable beats other contenders. It works nice on mobile too.


Things we use in self-hosted form at Fogbeam Labs:

1. MediaWiki (internal wiki)

2. Bugzilla (issue tracker, used internally and externally)

3. SugarCRM CE (internal CRM)


I use desktop applications for everything.


Radicale - a calendar (CalDAV) & contacts (CardDAV) server, with DAVx5 on phones and Thunderbird on desktops.


I host WordPress, Vaultwarden, Emby, Matomo, Bookstack, Adguard, nextcloud to name a few using Cloudron


Tiny Tiny RSS


Pihole - DNS server which blocks ads.

Syncthing - File syncing across my network.

FreeNAS - Storage across the network.

Plex - Media streaming.


Home: Pihole, Minecraft, Synology NAS

Work: Jitsi, Nextcloud, Mattermost, Gitea

Network: ZeroTier (which is our own dogfood)


"self hosted applications" is such a tell-tale phrase in my eyes

(this is not a criticism, btw)


Pihole, PiVPN, RSS aggregator, Syncthing, Jirafeau (not used much but I really like it)


Has to be vaultwarden (BitWarden) password manager. And a home Plex media server.


Miniflux, Funkwhale, Nextcloud


gitea and vaultwarden (and various things I've made for my own use)


Fruition, Plex, and Minecraft haha! (at least the ones I can remember)


I've self-hosted more or less everything from the get-go back when I was working at a telco which provided me with a 4 Mb/s fixed line back in 1996. One of the first things I did was change to a self-hosted mail server with my own domain, the rest quickly followed. Just to name a few, used daily:

- Proxmox to run all mentioned services

- Software router to bind them all together (OpenWRT in a container)

- Database services (Postgresql, Mysql, Redis) used for many of the mentioned services

- Backup services (rsnapshot, custom backup scripts)

- mail services (Exim, Dovecot, Spamassassin, greylistd, dovecot-managesieve)

- web-related things (first Apache, then lighttpd, then nginx) running:

- "Cloud" (first Owncloud, then Nextcloud) with functional equivalents of e.g. Google Docs (Nextcloud Office), Google Reader (Nextcloud News), Google Meet (Nextcloud Talk, Jitsi Meet), Gmail (Rainloop app in Nextcloud, Roundcube), Google Maps (OSM app in Nextcloud), Calendar etc.

- Wiki (first Twiki, then Mediawiki, now Bookstack)

- Media (mpd, Airsonic, Jellyfin, Peertube, Pixelfed)

- version control (first CVS, then Subversion, then Gogs, then Gitea)

- Search (Searx and Recoll)

- big-tech proxies (Invidious, Nitter, libreddit, Spodcast, searx (see Search))

- Video surveillance (Zoneminder)

- Remote application/desktop service (X2go, NoVNC, now experimenting with Kasm)

- P2P services (Transmission, IPFS, MLDonkey (when needed))

- "Chat" services (first Prosody, then ejabberd, then back to Prosody)

- Timelimit service + app on my daughter's phone to keep her screen time in check, I can remotely give her more time when required

- a "stable" and "development" build server (Debian running in containers)

- ...and a lot more

Basic services are divided over a few containers - base, mail, auth. Most services run on a single container - serve. Some get their own container because they are only started irregularly (bookcook, the bookkeeping service) or they should be separated from the rest - p2p, session (remote application/desktop services). I tend to shun docker, preferring to tailor services to my own needs. Currently the only services using docker are Kasm Workspaces [1] and some linuxserver.io instances which I'm experimenting with.

[1] ...with the database (postgresql) and cache (redis) services being redirected to the 'base' container which runs all database services


bookmarking server: espial: https://github.com/jonschoning/espial


Adguard - PiHole alternative

Plex - media panacea

Transmission

Valheim - currently disabled, waiting for more content



Syncthing, Nextcloud, Calibre-web, GitLab, PiHole, Grocy.


TIL Calibre-web is a thing. Cool!

I was creating "htmlz" archives from calibre and then extracting them to a directory my nginx server could see but this is way cleaner/better.


Definitely Gitlab


Pihole, Postgres, Jellyfin, HTTP server, Piku


Wallabag and owncloud, self host on a VPS.


- Raspberry pi controlled kiln

- Retropi

- Openwrt router with dns ad blocking


kiln? I am listening :D


99% of my selfhosted traffic is nextcloud.


Personal email server, web server sites.


I host Prosody for myself and my family.


Gitlab on LXC


Proxmox VE OpenWRT synology K3s


Long, long story, but OpenDoc.


Netbox


- Plex

- Radarr

- Sonarr


GitLab.


Syncthing Plex Gitea Searx


Vaultwarden and Jellyfin


Email. By a long shot.


- postfix/dovecot

- matrix

- nextcloud

everything a family needs.


My goal is with self-hosted is to simplify some tooling, but not necessarily replace Google/MS/etc. More of a quick way to switch things if I have to.

At home:

- Miniflux - rss, much nicer than ttrss, less complicated

- FoundryVTT - Tabletop RPG system to play remote games with some friends around the country - Seafile - mostly use it for an imgur/filesharing solution, but can also double as a dropbox alternative. I dont like nextcloud.

- Portiner - manage my docker stuff easily

- Caddy - simple reverse proxy

- Syncthing - Mostly for sycnthing my local code worksapces, and MMO configs/settings between my computers at home.

- HomeAssistant - handle mostly Zigbee stuff, and some motion sensor lights over the baby changing table at night. Rigged a ESP32 board with ESPHome and it connected it to a string of faerie lights. Turns on when you walk in with the baby in the middle of the night without blinding you. And some other odds and ends. Still use Google Home and Google Nest devices for most things.

- Authentik - Oauth2, OIDC, SAML provider for my domain.

Third party:

- ImprovMX - This hosts my email domain/smtp, which allows me to do mx forwarding for my emails to any provider. I still use Gmail under the hood, but lets me skip out on the Google workplace nonsense (used to have a grandfathered free account, then paid for a while), while still keeping my email nimble. I can switch to any email provider in mins with no downtime if caught fast enough.

- Tailscale - I like the wireguard based solution to have a VPN mesh between my computers. All servers and computers I own have this installed. Makes it easy to keep certain things on a private IP but easy to access remotely.

- Cloudflare - anything publicly exposed runs through cloudflare dns. I also moved a lot of my domains there.

I used to run a k8s cluster with Traefik as an ingress and all sorts of fancy things, but as a DevOps engineer for work, it was annoying to maintain yet another thing I do at work. Also I tried doing a multi-machine k8s with Longhorn and it died miserably. Switched back to Docker containers, Portainer, and a simple Caddy with a caddy config.

I also run everything currently on 2 Raspberry Pi 4 8gb (want to go up to 4 of them). Most are running on 1, but the Caddy and other non-docker stuff run on the other. I also run the HomeAssistant on a dedicated RPi 3 with a Zigbee adapter plugged in.

Going to look into some of these things people posted here that I havent seen on Awesome Self-Hosted or /r/selfhosted

The thing I havent found something for is Raindrop.io, shiori is close, but not quite as good as Raindrop is for my needs.


These are the applications I personally host.

My home server:

- Nextcloud It is my family's main cloud platform, with a 4TB nas HDD. I run it with PHP opcahe enabled and nginx caching to speed it up. And since its local, the upload/download speed is unmatched.

- Nginx proxy manager(NPM) and Portainer For NPM its easy and simple to maintain, and the WebUI makes it easy for someone else to change settings Its mostly the same reason with Portainer, but I prefer to not use it, its very handy capped, quite often in stupid ways like not being able to disable the admin account when enabling sso, just to push you towards the paid version

- Pihole

- qbittorrent

- uptime kuma Easy and simple way to monitor websites I manage. I wish they showed incident history in the status page.

- IPfire Firewall Its easy, simple and gets out of the way, I mainly use it to block outside dns and as a doh resolver. There is also file caching using squid proxy, but its a headache to make devices actually use it.

I don't use its dns directly, devices connect to Pihole which filters queries then forwardes it to ipfire. Pihole is more advanced and has many community integrations.

All of it is running of Proxmox, ipfire as a VM, and all others are running inside a debian LXC with docker, nextcloud is on a separate LXC so I can ZFS snapshot it independently of others.

I also have a personal vps.

I host a matrix server(Synapse) on it, and its been a good experience, its not light, IMO it needs at least 2VCpus with 4gb of ram(on hetzner). I'm still a bit hesitant about installing bridges on it, since bridges decrypt messages, I may install it on the home server but its upload speed is limited to 25mpbs.

I also host headscale[1] Its a reversed engineered open source tailscale server implementation. It supports most of tailscale features. It mostly good enough, I also use the same server as an exit node, so its a full vpn.

I want to use a mesh vpn so I can have a single ip which will have full performance in my home while it still works when I'm out, because I have a separate pihole on the vpn server which has more opinionated ad lists for me and still have DNS filtering on the go. Yes I can just use the homes pihole, but the rest of the family doesn't use my vpn, so the dns override would breaks their connection.

And since tailscale/headscale support an exit node, I don't have to lose my normal VPN.

I'm not sure if I'm going to stick with it long term though, the tailscale app needs to be rebuilt to support a custom server(there is a PR adding support on their repo)[2] And it consumes a lot of bettery, it accounts for more than 30% of my phones battery usage, while the wireguard app doesn't even showup in the top 10 apps.

And the nextcloud app sometimes takes for ever to connect to their server, I'm using another pihole as the dns server for the network and I had setup my domain overrides correctly for both ipv6 and ipv4. The browser loads nextcloud web just fine while the app is still loading

If only there was to setup a standard wireguard server that cab be used wtih the official app with mesh networking.

1- https://github.com/juanfont/headscale

2 - https://github.com/tailscale/tailscale-android/pull/45


I recently tried out netmaker. On mobile it just uses wireguard, but it is not mesh at that point; only Linux/Mac/windows nodes are fully mesh.


* git

* Syncthing


Gitea

Google Colab clone

Jitsi


The Lounge

Plex and Jellyfin (yes, both)

Calibre-web

Vaultwarden

TrueNAS

PiHole

Paperless-ngx

Edit to add: Syncthing


Zulip


freepbx

unifi controller

home assistant

mythtv

mailcow

ntp/chrony with a gps antenna




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: