I got tired of relying on clunky SaaS tools for meeting transcriptions that didn’t respect my privacy or workflow. Everyone I tried had issues:

• Bots awkwardly join meetings and announce themselves.
• Poor transcription quality.
• No flexibility to tweak things to fit my setup.

So I built Amurex, a self-hosted solution that actually works:

• Records meetings quietly, with no bots interrupting.
• Delivers clean, accurate transcripts right after the meeting.
• Automatically drafts follow-up emails I can edit and send.
• Keeps a memory of past meetings for easy context retrieval.

But most importantly, it has it is the only chrome extension in the world that can give

• Real-time suggestions to stay engaged in boring meetings.

It’s completely open source and designed for self-hosting, so you control your data and your workflow. No subscriptions, and no vendor lock-in.

I would love to know what you all think of it. It only works on Google Meet for now but I will be scaling it to all the famous meeting providers.

Github - https://github.com/thepersonalaicompany/amurex
Website - https://www.amurex.ai/

Edit:

I've created 3 issues for Microsoft Teams, Webex, and Zoom. Do subscribe to those issues if you'd like to follow the progress.

Hey, r/selfhosted!

selfh.st/icons is a collection of various icons and logos (self-hosted and non-self-hosted) to be easily referenced when populating dashboards, documentation, etc. It features a browsable interface with quick links for copying and pasting various image formats (SVG, PNG, and WebP).

Since launching earlier this year, the collection has hit a few milestones I thought might be worth sharing with the community:

• 900+ icons! After starting at ~600, the collection has quickly grown based on community requests and as I've added new software to the selfh.st/apps directory.
• The collection now has built-in support with Homepage, XPipe, What's Up Docker?, and Homarr in its upcoming v2 release
• Additional light icon support: I've been slowly adding alternative light versions to new and existing icons when possible, which are ideal for displaying in dashboards with dark backgrounds.

As usual, feel free to reach out with feedback or drop a request in the project's GitHub discussions if I'm missing anything!

I have been a member of this subreddit for a while now, lurked for a good while before more recently starting to engage a bit. I have gotten enough value out of it that I feel I want to give back, now I am not a developer, I won’t be making a fancy new app. However, what I am is a Cyber Threat Researcher and Educator, so maybe I can offer some value in the form of education, dispel some myths that seem to persist and offer some good advice to make people more comfortable/confident going forward.

This post is going to be long, and it’s going to be done in three parts:

• First I will talk a bit about the reality of IT security, establish some basic assumptions that you need to start with to even begin talking about security
• Next I want to address a very common myth in this space that I see perpetuated a lot.
• Finally I will offer some of my own advice

IT/Network Security Basic Assumptions

The industry has evolved considerably since its inception, from the days of just assuming you wouldn’t be found, to the late 90s thinking of “all you need is a good firewall”, to the layered defenses and sensors of today, and I am sure it will continue to evolve and change going forward. 

However best practices are based on the paradigm of today and some healthy caution for what will come tomorrow, and to start with we make a few assumptions/establish some core tenants of it security:

1. The only perfectly secure system is a perfectly unusable one: The most important one, you can never “fully secure” anything, if it is able to be used at all then there is some way it can be used by a bad actor. Our goal is not to “perfectly” secure our systems, it is to make sure we arent the low hanging fruit, the easy target and thus hopefully make it so the juice isn’t worth the squeeze.
2. Detection over Prevention: This falls out of (1) if we assume every system can be compromised, we must then assume that given enough time every system WILL be compromised. Now before you accuse me of saying that yes your home server will 100% be hacked someday, that is not the point, the point is to assume that it will be to inform our security posture.
3. Visibility is everything: In order to secure something you need visibility, this means sensors, more is better but IDS/IPS setups, Netflow aggregators/analyzers, host-based sensors, and so on. From (2) we are assuming we will be compromised someday, well how can you know you are compromised and remediate the issue without visibility into your network, hosts etc.
4. Resilience: Be ready and able to recover from catastrophe, have a recovery plan in place for possible scenarios and make sure it’s tested.

I will circle back to these assumptions and talk a bit about realistically applying them to the non-enterprise home setups, and how this ties into actual best practices at the end.

So those are our assumptions for now, I could offer more but this gives us a good basis to go forward and move into dispelling a few myths…

Security Myth vs Reality - Obfuscation is not Security

Ok bear with me here, because this one goes against a lot of intuition, and I expect it will be the most controversial point in this post based on the advice I often see. So just hear me out…

Obfuscation in this case means things like running applications on non-standard ports, using cloudflare tunnels or a VPN to a VPS to “hide” your IP, using a reverse proxy to hide the amount of services you are running (not each getting its own open port). All these things SOUND useful, and in some cases they are just for different reasons, and none of these things will hurt you of course.

However here’s the thing, obfuscation only helps if you can actually do it well, many obfuscation steps that are suggested are such a small hurdle that most bad actors won’t even notice, sure it may trip up the 15 year olds running metasploit in their parent’s basement, but if you even give half a thought to best practices they should not represent a risk for you regardless.

Let’s look at the non-standard port thing: 

This used to be good advice however there are now open-source tools that can scan the entire IPv4 internet in 3-6 minutes (now thats just a ping scan, but once you have a much smaller list of active hosts it can also rip through all the ports doing banner grabs very quickly assuming the user has a robust internet pipe. Additionally you have services like Shodan and Censys that constantly scan the entire IPv4 address space, all ports, and banner grab on all those ports so a client can go look at their data and get a list of every open service on the internet.

Ok so what about hiding my IP with Cloudflare: 

This is super common, and advice is given constantly to the point I’ve even seen people say it’s foolish to not do it and you are “leaving yourself open”. 

So what are the security implications? Lets focus on their tunnels for now instead of the dns proxy option, so how that works is either a single host acting as a gateway or ideally each host that you want to be accessible from the internet connects out to Cloudflare’s infrastructure and establishes a tunnel. Cloudflare then proxies requests to given domains or subdomains through the appropriate tunnels, result is the services in your network are accessible without needing port forwarding, visitors have no realistic way of determining your actual public IP. 

This sounds great on paper, and it is kinda cool, but for reasons other than security for most people. So why doesn’t it inherently help with security very much? Well thing is the internet can still reach those services (because that’s the point), so if you are hosting a service with a vulnerability of some kind this does nothing to help you, the bad actor can still reach the service and do bad things. 

But Wirts what about getting to hide my IP? Well, the thing is, unless you pay for a static IP (which why would you when dynamic DNS is so easy), your IP is not a personal identifier, not really. If you really want to change it just reboot your modem odds are you will get a different one. Even if it is static there isn’t much a bad actor can do with it unless you are exposing vulnerable services…but we just talked about how those services via cloudflare are still vulnerable.Ok but if i don’t have to port forward then scanners won’t find me: This is true! However there are other ways to find you, you have DNS entries pointing at your tunnels, and a LOT of actors are shifting from just scanning IPs to enumerating domains, fact is while there are “a lot” you can fit the entire worlds DNS entries into under a TB (quick google and you can get a list of all domains, this doesn’t include the actual DNS entries for those registered domains but its a great starting point for enumeration). So while this yes does provide some minimal protection from scanning it doesn’t protect you from DNS enumeration and IP scanning these days is really mostly looking for common services that you shouldn’t be forwarding from the internet at all anyway (talk about this more when we get to best practices etc)

Ok next topic on obfuscation, reverse proxies:

Reverse proxies are often pitched as a obfuscation tool, idea being that only having ports 80/443 forwarded to that one host a bad actor just sees a single service and they would then have to guess domain/subdomain/paths to get anywhere. Sorta true, but remember what we just said about DNS enumeration ;)Thing is reverse proxies can be a great security tool as well as a great convenience tool (no more memorizing ports and IPs etc), but just not for the obfuscation reason. What a reverse proxy can give you that really matters is fundamentally 2 things:

1. Common path for all inbound web traffic: this means you can setup a WAF (Web Application Firewall) on only the one host (many proxies have one built in) and it protects ALL of your services. This also means you can focus heavily on that link for other sensor types (netflow/IDS etc), this also makes it easier to setup firewall rules between different zones of your network, if only 1 host receives external 80/443 traffic and then it is the only one allowed to talk to internal services (along with maybe a secondary internal proxy or w/e)
2. Access control: You can limit certain services to require authentication before the visitors requests touch the service they are browsing to at all

Obfuscation wrapup:

Ok now that we’ve gone over all that I am going to backpedal a little bit….

Obfuscation can be useful, yup after ranting about it being useless here it is, it’s just that in most cases it doesn’t offer much added security. Not only that but if you overdo it it can actually harm you, if you go so overboard you have trouble monitoring your own infra your security posture is degraded, not improved. 

So I am not suggesting that you don’t use cloudflare, etc. I just want to dispel this idea that taking these obfuscation steps coupled with maybe a good password makes you secure when really it is a marginal at best improvement that should only come along with actual best practices for security. There is a reason no “top IT security actions” or “it security best practices” documents/guides etc out there bother mentioning obfuscation.

Final note, of course if you obfuscate effectively it can be more impactful, but we’re talking measures well beyond anything mentioned above, and that generally reduces usability to a point where many would not tolerate it. I also need to give a small nod to ipv6, using ipv6 only is actually one of the best obfuscation methods available to you that wont impact your usability simply because scanning the entire ipv6 space isn't feasible and even major providers haven't solved the ipv6 enumeration problem.

Actual good security measures

Ok so given all this what can you actually do to avoid being that “low hanging fruit” and be confident in your security. What’s reasonable to expect in a home setup?

For this I will split the discussion into two categories

1. People hosting services just for themselves/their immediate family or other small trusted group
2. People hosting services for a wider or mixed audience that may include actual public services for anyone to use.

For the first group:

Forget cloudflare or similar services entirely, setup a VPN server (wg-easy is great but lots of other options as well), or use something like tailscale or nebula, install/configure a client on every device that needs public access and bob’s your uncle. 

This way only your devices have access and your threat model is way simpler, basically the only real risk is now your own users, eg if the component between chair and keyboard goes and gets their device with access to your services infected. 

For the second group:

You can start by reading up on general best practices, theres a nice top 10 list here

But really there is no 1 guaranteed perfect for everyone answer however some general guidelines might help, and this list is not exhaustive, nor is it prescriptive, it is up to you to determine your threat model and decide how much effort is worth it for your system/services

1. Have a plan: this one is general but actually plan out your setup, think about it a bit before starting to implement and backing yourself into a corner where you are stuck making shortcuts
2. What to expose at all: Think about what actually needs to be exposed to the internet at all, things like SSH and RDP in most cases should not be, and instead you should access them through a proxy web tool like Guacamole that is behind proper auth, or ideally VPN access only (VPN server in your environment that you connect to remotely).
3. Segment segment segment: got public services accessible without auth thats fine, but stick them in a DMZ and limit that networks ability to access anything else. Ideally also have your local users in their own network, IOT crap in another, your internal services in another etc and think about what needs to talk to what and use that to inform robust inter-network (vlan) firewall rules and access policies
4. Reverse proxy with WAF: Web services should be behind a reverse proxy running a WAF and ideally with log and traffic visibility in some way (lots of ways to skin this cat but look at free IDS solutions like suricata and any number of ways to collect host logs). Note if you use cloudflare tunnels (one per service) then cloudflare is your reverse proxy, make sure you look into how you have things configured for their WAF etc
5. Regular backups: keep more than 1 backup really keep as many as you can (follow 3,2,1 ideally as well) because if you are compromised, restoring to a backup taken after the compromise happened wont help you much. Test your backups.
6. Keep Updated: Generally keep OSes up to date, for services you should apply any security related updates asap, you can hold off on non-security updates if you have reason to suspect stability issues or breaking changes with the update
7. SSO/IDP: If you have more than a few services, consider deploying a IDP like Authelia, Authentik, Keycloak etc and using that to auth for your services, you can often use tools like OAuth2-Proxy to bolt OIDC onto the front of apps without native support, 
8. Host Segregation: If you use cloudflare tunnels setup host segregation, this way if a service is compromised that host/service that was compromised ideally cant talk to ANYTHING else in your network, this way you actually get some real security benefit from cloudflare tunnels
9. Actually check logs: forwarding host logs, collecting netflow and using a IDS isn’t useful if you don’t check it, especially alerts from IDS solutions.
10. Documentation: if you have a small setup this is less important, but as things balloon you are going to want some reliable info on how things are setup (where is the config file for this service again?) including perhaps copies of important configs, copies of ansible playbooks if you want to be able to easily set things up again, and so on

Ok final category for those looking at the pile of work i suggested and getting intimidatedThere is 1 more category that is perfectly valid to fall in, that being people that just don’t care that much, have the attitude of meh i can blow it away and start over if need be.

If you have no critical data you want to ensure you can recover and don’t mind rebuilding whatever services you run then that’s fine, but I do suggest still taking some basic measures

1. Reverse proxy with WAF: Even if just for convenience you will want a reverse proxy for your webapps
2. Segmentation: keep this stuff separate from the rest of the network and make sure it cant reach into the other networks/vlans etc
3. Check on things: once in a while give things a proper look to see if they are still running properly, don’t go full hands off, give logs a look etc.
4. Documentation: still keep as much as you need to facilitate that rebuild
5. Regular Rebuild: Since you have minimal visibility and likely won’t know if you are compromised unless something breaks consider rebuilding from scratch on a schedule

Finally, regardless of who you are, don't forget the principle of least privilege, in everything you setup. Be it user accounts, auth policies, firewall rules, file permissions, etc. ALWAYS set things up so that each entity can ONLY access hosts, services, resources, files whatever that they actually have a reason to access

Final thoughts:

If you are still with me, well thanks for reading. I tried to write this at a level that informs but really just targets the self hosted use-case and doesn’t assume you all are running corporate data-centers. 

The opinions and advice above are the result of a lot of years in the industry but I also am not going to pretend it is perfect gospel, and it certainly isn't exhaustive. I would be happy to chat about other ideas in the comments. I would also be happy to field questions or go into more detail on specific topics in the comments

Anyway hopefully this helps even one of you! And good luck everyone with the money-pit addiction that is self-hosting ;)

Edit: Some good discussion going on, love to see it, I want to quickly just generally reiterate that I am not trying to say that obfuscation harms you (except in extremes), but trying to illustrate how obfuscation alone provides minimal to no security benefit. If you want to take steps to obfuscate go for it, just do it as a final step on top of following actual best practices for security, not as alternative for that.

Also again not an exhaustive post about all things you can do, I did want to limit the length somewhat. However yes tools like Fail2Ban,rate limits, and so on can benefit you, suggest for anything exposed (especially your reverse proxy) you look into hardening those apps specifically, as best steps to harden them will vary app by app.

And how has it improved your life?

Nothing has quite worked out for me this year so looking forward to success stories.

After trying almost every possible home dashboard solution, I realized none of them really fit my needs. My priorities were simple:

• Good-looking and feature-packed
• Manage all my links in different folders
• A to-do list to organize my tasks
• A snippet manager for developer essentials
• TOTP integration (so I don’t need to grab my phone every time for an OTP)
• Quick notifications from apps
• A way to check devices on my home network

Unfortunately, most solutions I found either lacked features or were too rigid. But hey, one of the perks of being a developer is that when you can't find what you need, you can build it yourself!

So I built my own home dashboard, and here’s what it does:

Features:

1. Built on the MERN stack
2. Deploys as a single Docker stack
3. Multi-user support (different dashboards for work and home setups)
4. Multiple themes (light and dark options)
5. Wake-on-LAN for devices on my network
6. Stream IP cameras (RTSP, HLS)
7. Weather display
8. Categorized links manager for organizing bookmarks
9. TOTP integration for seamless two-factor authentication
10. A to-do list to keep me on track
11. A snippet manager to store those handy code snippets
12. Real-time device monitoring on my home network

And there’s more I’m planning to add as I keep iterating.

Here are some screenshots of the dashboard. I’d love to hear your thoughts!

What do you think? If you’ve tried something similar or have ideas for improvements, I’d love to hear them. Building this has been super fun and rewarding—especially since it now perfectly fits my workflow.

Would you want a detailed walkthrough or even a public repo? 👀

Home page with links and integrations for NGINX proxy manager, proxmox and portainer in action

Links arranged im folders. Folders can be placed in sidebar or inside other folders

Youtube links with Youtube integration

Todos...

Ah! Snippet manager allows me to access my snippets on any machine on my network

I can keep an eye around me 👀

All devices on network are listed with IP and MAC.

I can even wake other devices on LAN

And... No need to pick the phone up for TOTPs

https://preview.redd.it/rb3qi5f2bl3e1.png?width=1006&format=png&auto=webp&s=d8e91c812f3aadf01c5070a5e4b0d8a749a84d5d

https://preview.redd.it/gqb5x5f2bl3e1.png?width=1058&format=png&auto=webp&s=094564ce69dec010d0a97c8dbea8618dfb6c6f6f

Nobody in my life cares about this hobby, so it would just seem like I’m just yapping. With nowhere else to share my excitement, here I am.

For the longest time, I’ve been trying to configure CrowdSec with a reverse proxy. I first tried Nginx Proxy Manager, but I could never get it to work. So, I finally decided to use the Thanksgiving break to figure out Traefik, and man, the learning curve was something else. But I did it! I set up all my middleware, etc.

My setup is Traefik with Cloudflare as my DNS proxy. I’m not sure if it’s overkill, but it was a fun project, and I find myself actually preferring Traefik over Nginx Proxy Manager.

I used nikto.pl to simulate HTTP probing.

EDIT

https://preview.redd.it/8wcv0x0gdp3e1.png?width=597&format=png&auto=webp&s=c6f2a70feaa9fe4163f6d53ef8ac6127c38b8876

I even went as far as to set up discord notifications for when bans happen

also for those who mentioned that cloudflare IP ranges change i simply created a script that would update the ranges whenever there was a change and if a change is detected then it would docker compose down and docker compose up

and for those who might mention to use a middleware to get real IPs from cloduflare I've tried them and in my traefik logs the real ip shows however crowdsec for whatever reason was not issuing bans once i added the ranges to my entrypoint everything worked as intended.

Hello there, good people of r/selfhosted! Another month came to an end, and I'm here again to bring you the most recent news about Dawarich, your favorite Google Location History alternative, self-hostable.

November turned out to be pretty good for Dawarich since I had a lot more free time on my hands, being laid off in mid-October. So, let's get to the update!

The Immich Photos

What? Yes! Dawarich now can not only get geodata from the photos hosted by Immich, it will also show them on the map if you enable the "Photos" layer! This is the case of "show, don't tell", so here is a short demo video: https://www.youtube.com/watch?v=iElDmu0iQUY

I forgot this subreddit doesn't allow videos so here is a screenshot

This feature will work nicely if you have configured Immich instance URL and API key in the settings. If you already did so to get geodata from Immich, you're all set!

Trips

Next big one, trips! I have to confess, I was really hyped when I was working on this feature, it just felt like all the puzzle pieces were falling in the right spots: the data, the API I wrote earlier, the Immich integration... Just love this feature. Basic principle: You provide name, dates of your trip, optional notes, and Dawarich will render it beautifully for you showing your route, distance and, if you have Immich integrated, even you photos! Not a full-blown gallery though, but you'll have a link to specific timeframe to have a look at your photos in Immich. Again, give this short video a look: https://www.youtube.com/watch?v=XLE0X2NEPEE

A couple of screenshots for those not liking youtube:

Trips index

A trip page

What else? Ah,

The Scratch Map

Yeah, you can now enable the "Scratch Map" layer on the map. Have a look:

The Scratch Map on Dawarich map

The feature depends on reverse geocoding though, so make sure you have it enabled and your points are reverse-geocoded.

Websockets

This one is more about QoL, making your UI more alive. Notifications, new points on the map, imports now won't require page reloading to see an update, they will just be on your page dynamically. The live mode can be enabled or disabled in the map settings, top left corner.

More detailed changelog can be found in the November blog post, give it a look if you're interested, but these are most notable and interesting changes to Dawarich this month.

Hope you find this useful, especially in the light of Google basically killing their Timeline.

Happy weekend! ✨

Homebox V0.16.0 released!

Homebox is proud to announce the release of version 0.16.0 !

But first, what is Homebox?

Homebox is the inventory and organization system built for the Home User! With a focus on simplicity and ease of use. Homebox is the perfect solution for your home inventory, organization, and management needs.

About the update

We have officially released v0.16.0 and at the same time are making progress towards v1 (stable). This release is mostly bug fixes, more translation support, and some general improvements. As always, we continue to accept new languages and translations on our weblate instance if you're interested in contributing.

On the v1 side you can keep up to date on Github via the vnext branch (we added PostgreSQL support, and are currently working on supporting S3, GCP and Azure storage).

Breaking Change

If you are currently using an ARM container installation, you will need to change your tag to latest-arm. This is a change we had to make as the ARM builds consistently were breaking the container builds as a whole due to time out issues.

Read more

You can find the full release notes at https://github.com/sysadminsmedia/homebox/releases/tag/v0.16.0

Follow the Homebox journey

• On Discord: https://discord.homebox.software
• On the web: https://homebox.software
• On Github: https://git.homebox.software

Hey!

I just realesed a new version of Movie Roulette! Here the last post:

https://www.reddit.com/r/selfhosted/comments/1g1tyyd/movie_roulette_v21_released/

Github: https://github.com/sahara101/Movie-Roulette

What is Movie Roulette?

At its core it is a docker container which chooses a random movie from your Plex and/or Jellyfin movie libraries.

What is new in v3.0?

• Added a settings page and Cinema Poster link
• Expanded Directors, Writers and Actors to show all persons
• Added person filmography
• Each movie is clickable, open movie details
• Trakt integration to filter watched movies in filmography
• Overseerr integration to request new movies. Jelyseerr coming soon!
• Existing movies can be filtered. Posters have a badge to show you have the movie already.
• Reworked PWA styling
• Bug fixes

Some screenshots:

Main View

Movie Poster - Now Playing

Cast View

Filmography View

Biography View

PWA View

I hope you will enjoy it!

Thanks!

Hi again selfhosters!

I'm back again with another update to PeaNUT! I'm excited to share that I've finally implemented the most requested feature: multi-server support! In addition, I've also made other notable changes:

• Added a new settings UI for easier configuration
• Added support for influxDBv2 ingestion
• Added ability to see other useful information by clicking the dashboard tiles
• ... and much more

This project has been a major labor of love for the community, and I hope you find it as useful as I do! Try it out and let me know what you think.

Happy holidays everyone!

https://github.com/Brandawg93/PeaNUT

Original Post

Update 1

For those not following the progress on GitHub or DockerHub, WeddingShare v1.0.8 now includes the following features:

• Basic admin area to view a list of all galleries.
• Review process to allow approving and rejecting images before appearing in a gallery.
• Single gallery mode for those that want to display a gallery on a display with auto refreshing intervals.
• Improved configuration options to enable/disable most options to get it looking as you want.
• Gallery specific secret keys so each gallery can have their own "password".

There are many more improvements planned so please follow the project for the latest updates and features and thanks to all who have shown support so far.

If you have any features you would like me to add in the future I highly encourage you to submit a ticket over on the GitHub page!

GitHub - https://github.com/Cirx08/WeddingShare
DockerHub - https://hub.docker.com/r/cirx08/wedding_share

Original Post - https://www.reddit.com/r/selfhosted/comments/1gugnku/weddingshare_a_basic_selfhosted_drop_box_and/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

Happy Friday, r/selfhosted! Linked below is the latest edition of This Week in Self-Hosted, a weekly newsletter recap of the latest activity in self-hosted software.

This week's content includes new Raspberry Pi hardware, .io domain speculation, notable software updates and launches, and a spotlight on Readeck - a self-hosted read later and bookmarking app.

I'm also joined by guest co-host Daniel Brendel, the developer of HortusFox, in this week's YouTube and podcast recap.

Thanks, and as usual, feel free to reach out with feedback!

---

Newsletter | Watch on YouTube | Listen via Podcast

Today, I was reviewing resumes for a job posting at my job. On a specific resume, they listed their home lab environment under a Projects section. Nice! What do we got here?. The first bullet point talked about the hardware. Excellent. The second bullet point mentioned Plex, Sonarr, and Radarr. Oh boy.

Folks, I’m rocking several of the arr suite apps, but I would *absolutely never ever** put that on my resume. I’m sure there are 100% legal use cases for Sonarr/Radarr, but I have yet to meet a person who uses them that way.

EDIT: Archived

Just use uptime-kuma

Hey everyone!

I created an app, Heartbeatrr, a lightweight app designed to monitor the health of your online services. Whether you’re managing websites, APIs, or any online systems, Heartbeatrr checks their status and sends real-time alerts to your Discord channel if anything goes down.

Key Features:

• Service Health Checks: Regularly pings your services to make sure they’re up and running.
• Instant Discord Alerts: If a service goes down, you’ll get notified in your Discord server—no more manual checking.
• Customizable Intervals: Set how often Heartbeatrr should check your services (e.g., every 30 minutes).
• Retries Before Alerting: Avoid false alarms with retry attempts before sending out a notification.
• Easy Setup: Just provide the URLs of the services you want to monitor, and Heartbeatrr does the rest.

Heartbeatrr is great for anyone managing multiple online services and wants peace of mind with automated monitoring and quick alerts.

If you’re tired of manually checking service statuses or missing out on critical downtime, give Heartbeatrr a try!

You can find the docker image here: https://hub.docker.com/repository/docker/moonscape1840/heartbeatrr/general

And here is the docker-compose.yml

https://github.com/JesusMiramontes/Heartbeatrr/blob/main/docker-compose.yml

This is how it looks:

https://preview.redd.it/qfayjwmyu8wd1.png?width=539&format=png&auto=webp&s=6b380bc12964e23a07f8a30d1c485efccfd4852d

Just download the docker-compose file, update HEARTBEATRR_SERVICES_URLS and HEARTBEATRR_DISCORD_SERVICE_WEBHOOK and that's it to start, you can configure more using the other environment variables.

Would love to hear your feedback! 😊

I'm starting with my list:

Monitoring	Medias	Management	Automation
Beszel	Sonarr/Radarr/Prowlarr/Tdarr	LubeLogger	Drone
Portainer	Deluge/PyLoad-ng	Homebox - Fork continuation	Watchtower
Scrutiny	Overseerr	Firefly III (with data-importer)	zigbee2mqtt - mosquitto
Uptime Kuma	Plex	Nginx Proxy Manager	Home Assistant
Tautulli	Kavita		ContainerNursery
Hetrix Tools (not selfhosted but check if my server is unreachable)	Nextcloud		Plex Auto Languages

What's yours ?

Well, "soon" in Valve time.

.io is not a gTLD, but a ccTLD belonging to a “country” known as British Indian Ocean Territory, consisting mainly of Chagos Archipelago.
Due to a recent deal to transfer the sovereignty of Chagos Archipelago back to Mauritius in an effort to begin to right a historic wrong, it is quite likely that the entity known as British Indian Ocean Territory will cease to exist, and with it, if Internet Assigned Numbers Authority (IANA) is to be believed, the .io ccTLD itself.

Now, will IANA simply turn off the tap on all the .io domains? Who knows. They're supposed to. There will be a transition period and all.
.io is, as we all know, quite popular TLD, and the vast majority of its uses are unrelated to the Indian Ocean territories. It'd be silly to just shut it down like the much less popular .yu and .su, but unless something changes, this is what the rules say is supposed to happen.

So, there is no reason to panic. It'll be years until there is any real impact, if ever.
But, if you're buying a new domain today, maybe steer clear from an .io domain for now.
Or if you've got a 15-year-old mail server that never gets blocked by the Big Tech because it has an impeccable reputation, it might be the time to consider what your off-ramp will be in 5 years time should worse come to worst.

If you've not had your fill of the exciting world of ccTLD news, you may peruse either the official IANA ccTLD retirement policy or have a gander at the Every Newsletter article which, as far as I can tell, blew the lid on this story.

https://github.com/jellyfin/jellyfin/releases/tag/v10.10.0

https://github.com/jellyfin/jellyfin-web/releases/tag/v10.10.0

https://github.com/jellyfin/jellyfin-ffmpeg/releases/tag/v7.0.2-5

Hello, I owner a software developing agency with 5 employers. We're located in Brazil and our currency (Real) is almost 6:1 to US Dollar, because of that I started search for self hosted alternatives to avoid unnecessary costs with SaaS products made for US dollar companies.

I prefer use VPS alternatives instead of manager my own server because I managed my client's applications 24/7, and VPS can provide a lot of infrastructure that I don't want managed myself, like redundancy, energy e restore. I changed Heroku to Digital Ocean (VPS) + Coolify, and this is our stack base.

Right now we have three servers in Digital Ocean, one for our internal tools and manage other servers, and two server for each client that we manage they infrastructure.

We use:

Uptime Kuma to monitoring healthy of client's application and create a status page for every client and share with them.

We changing YouTrack to Odoo for project management because we have a expectation that grow our client base and grow our team. Youtrack is awesome but we share kanban board with ours clients because of that we quickly achieve free limit.

We use Grafana for observability tool (we use otel on code), its great but I'm open to suggestions with new tools.

Documentation we are open, I trying some tools like DocMost, It's a very promise tool and they are Brazilian, but at the moment they don't have some features that we need, like create open documents. Right now we use Outline cloud because self hosted plan does not have guest users and cloud good to us now but I'm searching for alternative in case we grow our employer base.

We have a lot of services in AWS, GCP and Azure, some services like Database and Storage I don't have planes to use in self hosted, I think the risk and effort does not worthy. And some clients prefer maintain their own infrastructure as well.

That its, I hope my "review" help some users.

Ps.: If some of creators of DocMost read this call me cause I would like contribute with my code skills in project. :)

I've been a long time YNAB user and it has truly helped me get my finances in order. It has become a daily part of my life and tracking my expenses has become a pleasure. However, their price increases and lack of new features have not been a pleasure.

Some people suggested that I look at Actual Budget. I gave it a quick shot a few months back and was not particularly convinced, so I dropped it without a second thought.

However, this week, I decided to actually take it for a spin and see how it could work with my daily life. There's a few things to get used to (like their templating system which is vastly different from YNAB's targets system) but holy hell, this app is really good.

If there are any YNAB users here, I heavily recommend that you give Actual Budget a shot, even if it feels very different at first. It's worth it.

Actual Budget is easily up there in my favorite self hosted apps now. Man, I really need to contribute at some point.

I'm not sure if this really fits here and I`d be fine with this post getting deleted, but I just finished setting up my new server a few days ago, and I am still in awe of the progress file-sharing has made.

Twenty years ago, it took me 20 hours to download a movie that some guy recorded on a camcorder in the cinema, only to find out it was actually a gay porn movie some kid renamed to "Matrix 2 HIGH QUALITY screener 1337 super nice quality DVD RIP."

Of course, file-sharing was less of a gamble when Netflix finally came along but still. Netflix was really good, convenient, and cheap at that time, so I stopped leeching and I was totally okay with paying for a great service like that. Now, you need five different streaming services to get 70% of the content you want to watch, so I made the journey back into the high seas...

... and wow... just wow...

Now I host my own website that lists every movie and TV show there is [Jellyseer]. I just tell it what movie I want to add to my personal Netflix [Jellyfin], and a whole host of services springs into action without any further input from my side. Another service I host [sonarr/radarr] checks all available sources for the quality criteria I set up once, and after finding the perfect match, it automatically starts a download on another service [sabnzbd] I host. Oh, and of course, there is no file clutter on my NAS because every download automatically gets neatly renamed and stored in its own folder. The next time I check my own personal Netflix, it already has the movie I requested earlier in perfect 4K quality.

I still can't believe how smoothly all of these services work together to provide a user experience that is so much better than any streaming service out there!

Now I just need to figure out how much to donate to each of the services I am using.

In a past life I worked a little with NGINGX, not a sysadmin but I checked configs periodically and if i remember correctly it was a pretty standard Json file format. Not hard, but a little bit of a learning curve.

Today i took the plunge to setup Caddy to finally have ssl setup for all my internally hosted services. Caddy is like "Yo, just tell me what you want and I'll do it." Then it did it. Now I have every service with its own cert on my Synology NAS.

Thanks everyone who told people to use a reverse proxy for every service that they wanted to enable https. You guided me to finally do this.

Syncthing dev will discontinue the official app in December:

• https://forum.syncthing.net/t/discontinuing-syncthing-android/23002

This is due to the fact the app doesn't use the Android storage API and the developer does not want to rewrite the whole daemon just for Android.

Also note that Catfriend will close their Google Play account and Syncthing-fork will only be available on F-Droid:

• https://github.com/Catfriend1/syncthing-android

"Planning to close my Google Play Developer Account"

After self-hosting around 15 services (like Plex, Sonarr, etc.) with Docker Compose for 4 years, I recently made the switch to uCore OS (Fedora Core OS with "batteries included"). Since Fedora natively supports rootless Podman, I figured it was the perfect time to ditch Docker rootful for better security.

Podman with Quadlet has been an awesome alternative to Docker Compose, but I found it tough to get info for personal self-hosted services. So, I decided to share my setup and code for the services I converted. You can check them out on my GitHub:

• Old docker Compose configs: https://github.com/fpatrick/compose
• Podman + Quadlet configs: https://github.com/fpatrick/podman-quadlet

Hope this helps anyone looking to make the switch! Everything’s running great rootless (except one service I ran root for backups).

"This question has been keeping me up at night. Instead of just taking advice about using VPN protocols or Cloudflare solutions, I decided to dive into the research myself. So, what did I do? I took a risk and set up a simple SSH honeypot (with some precautions). But seriously, don’t try this at home—I did it so you don’t have to, unless you really know what you’re doing ;). It’s been running for around six days now, and here are the results:

Connection attempts: 2,625
Countries list top 10:

Country	Number of Attempts	Percent
China	774	29%
India	286	11%
United Kingdom	282	11%
United States	259	10%
Russia	105	4%
France	100	4%
Hong Kong	96	4%
Singapore	67	3%

Of course, there are more countries, but that list would be quite long.

My conclusion: If you're new to self-hosting, please use a VPN until you fully understand your attack surface. As for how SSH works, I use it at a professional level, and when you expose SSH to the internet, there will be bots attempting to access it, regardless of the port it's on. If you must open SSH, remember to disallow root access and use only SSH keys. And remember: read the fucking manual!

TL;DR: I set up an SSH honeypot to research connection attempts, which received 2,625 attempts in six days. The top countries targeting it were China (29%), India (11%), and the UK (11%). If you're new to self-hosting, use a VPN until you understand your attack surface. Exposing SSH attracts bots, so disallow root access and use SSH keys. And don’t forget to read the fucking manual!

Hey,

I saw another thread talking about Trello alternatives and I was curious what is it that you wish had a self-hosted alternative.

Looking forward to hearing from you

Hey everyone,

it’s me again, one of the two developers behind GameVault, a self-hosted gaming platform similar to how Plex/Jellyfin is for your movies and series, but for your game collection. If you've hoarded a bunch of games over the years, this app is going to be your best friend. Think of it as your own personal Steam, hosted on your own server.

If you haven’t heard of GameVault yet, you can check it out here and get started within 5 minutes—seriously, it’s a game changer.

For those who already know GameVault, or its old name He-Who-Must-Not-Be-Named, we are excited to tell you we just launched a major update. I’m talking a massive overhaul—so much so, that we could’ve rebuilt the whole thing from scratch. Here’s the big news: We’re no longer relying on RAWG or Google Images for game metadata. Instead, we’ve officially partnered with IGDB/Twitch for a more reliable and extended metadata experience!

But it doesn’t stop there. We’ve also rolled out a new plugin system and a metadata framework that allows you to connect to multiple metadata providers at once. It’s never been this cool to run your own Steam-like platform right from your good ol' 19" incher below your desk!

What’s new in this update?

• IGDB/Twitch Integration: Say goodbye to unreliable metadata scrapers. Now you can enjoy game info sourced directly from IGDB.
• Customizable Metadata: Edit and fine-tune game metadata with ease. Your changes are saved separately, so the original data stays intact.
• Plugin System: Build your own plugins for metadata or connect to as many sources as you want—unlimited flexibility!
• Parental Controls: Manage age-appropriate access for the family and children.
• Built-in Media Player: Watch game trailers and gameplay videos directly in GameVault.
• UI Overhaul: A fresh, streamlined look for the app, community, game and admin interface.
• Halloween Theme: For GameVault+ users, we’ve added a spooky Halloween skin just in time for the season!

Things to keep in mind when updating:

• GameVault Client v1.12 is now required for servers running v13 or above.
• Older clients won’t work on servers that have been updated to v13.

For a smooth update and a guide on how to use all these new features, check out the detailed migration instructions in the server changelogs. As always, if you hit any snags, feel free to reach out to us on Discord.

If you run into any issues or need help with the migration, feel free to join and open a ticket in our Discord community—we’re always happy to help!

If you want to support our pet-project and keep most upcoming features of GameVault free for everyone, consider subscribing to GameVault+ or making a one-time donation. Every little bit fuels our passion to keep building and improving!

Thanks for everything! We're more than 800 Members on our discord now and I can’t wait to hear what you think of the latest version.

Hey everyone.

I created a Jellyfin frontend. My aim was to make a clean alternative to the current ones available but also to unify it across different platforms.

Current features

• Play media – Stream or sync content locally to your device.
• Manage your library – Refresh content and edit metadata.
• Multiple profiles – Lock profiles and connect to different servers.
• Direct/Transcode playback
• Sync supported on Mobile/Desktop
• Platforms
  • Android - Web - macOS - Windows

For more information, screenshots, or to try it out, take a look at GitHub: https://github.com/Fladder-App/Fladder

Currently also looking for people willing to join the closed testing for Playstore release. No requirements just have to sign up and try it out. Send me a DM with you e-mail so I can add you to the playstore-testers list.

Does anyone here tried to build or install a porn website open source, similar to Plex? or should I use Plex for this? I'm very frustrated to ads and loading, I can't concentrate on the video.

I have a PiHole, but I want something offline and stores my favorite videos, and plays wherever I want.

It should be suitable for my Raspberry Pi 5.

Recently I announced the work I have been doing on Retrom (github repo) and received some incredible feedback from this community and others. I'm back to report on some of the work that had been done since!

If you missed the previous announcement, take a look at it here to get up to speed on what Retrom is and why it exists.

By far and away the most common request for Retrom at the time of announcement was a loosening of the restriction on the library/filesystem structures it supports. Retrom now supports the two most commonly requested structures and will soon support arbitrary entries so that any potential user can adopt Retrom, no matter how convoluted the library structure is.

There have also been a handful of bug fixes and stabilizations, some of which were from bug reports from users (thank you!).

The next large release is also fast approaching, and the big feature that ships with it is Big Screen Mode. This is intended for users that will want to access their Retrom libraries and play on a couch, with their massive OLED TVs and/or simply want to navigate with their controllers.

Thanks again for the fantastic feedback and general praise for Retrom previously, I hope it continues to serve its users well!

For those who want to follow any updates and/or discussion on Retrom, please feel free to join the newly created discord server. It is barren, for now, but I hope it will grow to become a community proper someday.

EDIT: As per the suggestions of many, I have updated the media below to omit any content from a certain publisher. This was a silly oversight by myself to begin with, and I appreciate the suggestions for taking more care with this. I'll be extra wary moving forward!

Screenshots of updated UI

https://preview.redd.it/fsze8rgfvytd1.png?width=1949&format=png&auto=webp&s=6ab7934eff3b278e3343b0b7d5e42fa7ddfce34f

Big Screen Mode Preview

https://preview.redd.it/g9h6pc7nuytd1.png?width=1949&format=png&auto=webp&s=48d826249d94ad525697e5f9e3e958fc22a49857

https://preview.redd.it/q53c6v1huytd1.png?width=1949&format=png&auto=webp&s=19ee772e0a5298dceecfe3a88369cf6101506a5a

https://preview.redd.it/ez8j612huytd1.png?width=1949&format=png&auto=webp&s=d0d17805a1fd2b0feb79c668abf7b0668fc1a6a2

https://preview.redd.it/sukimu1huytd1.png?width=1949&format=png&auto=webp&s=8f02f87d2cfa5afac43f6f8f6e8ab44519ac0625

My GF is the admin of our common server, that is running a lot of game servers and other stuff in OpenMediaVault. Yesterday there was a weird issue with permissions and most of the services failed, so in a moment of frustration she just did chmod 777 to all appdata. This means that all the permissions for all the services are broken. We cannot just restart from the dockerfiles because the persistent files will remain changed, and it is not practical to fix this because there really are lots of services and the ammount of files to fix is inmense. There is no backup for this. We can't even save the files elsewhere and redo the system because we don't have enough TB to move to.

She was already burned out from managing all of this and is now opting for nihilism. She will stop managing it and let it die.

I understand why she is done with it, but I don't want it to end like this. I suggested buffing my NAS and starting to move things over there but she doesn't even want to talk about it. I know we can recover from this, and this time have propper backups for the system, but without her help I won't be able to do much, and if I do something it will have to be in secret.

We have broken things before, but this is probably the worst one yet, and I would like if you people share some of your bad experiences... How do you recover from the apocalypse?

-- UPDATE

Hi everyone, thanks for your comments! I will add some more info about this. The permissions were already broken when she got home, and we still don't know what caused it. The chmod 777 on appdata had a side effect, as there was some temporal config that made it so ownerships also changed. I do not know the specifics of this, but this is what I know. I got access to the server all by myself like a grown up and got to see the modified files. She is still fed up with the server, but now that she has had time to relax a bit she is giving me instructions of what I could try and hopefully we will fix it? Luckily, there are actually backups with configurations, so it should be possible to fix most things, if not everything! This happened quite late yesterday, so we didn't even realize.

I followed her instructions this morning, when there is not a lot of user activity (now game servers mostly still work) and after some work we have recovered permissions and ownerships!

She doesn't know if she will admin the server or not in the future, so if she chooses not to I will have to learn quite a bit more. My personal setup is similar, but not this big and complex.

I frequently see "Use a reverse proxy" as a suggestion when someone asks how to secure their server. A reverse proxy, on its own, will not increase your security. I think this is potentially harmful as it gives a false sense of security if you think that just by adding a reverse proxy you've increased your security.

Say you have a web app that contains a vulnerability. It makes zero difference whether that web app is exposed directly, or there's a reverse proxy in front of it - the reverse proxy is just going forward any packets it receives on to the application behind it, and will not prevent the application from being exploited.

When someone recommends a reverse proxy as a security solution, they might mean a SaaS such as Cloudflare. Calling a Cloudflare a reverse proxy is like calling Walmart a general store; it's technically correct, but Cloudflare is also a lot more than a reverse proxy. It's also an IPS, IDS, WAF, CDN, and more. Those functions are where the security come from, not from it being a reverse proxy.

A reverse proxy can be part of a security solution, by integrating it with an IPS like Crowdsec which can examine logs from the proxy and instruct the proxy to block malicious traffic.

There are plenty of good reasons to use a reverse proxy, but security alone isn't one of them.

All praise to Cloudflare for making Tunnels free, I am now hosting my two websites behind a CGNAT connection for zero extra cost. And it actually seems a bit faster in throughput, but latency has increased by ~30ms.

Here is how to use cloudflare tunnels:

1. Login -> dashboard -> Zero Trust -> Networks -> Create a tunnel.
2. I am using "Cloudflared" tunnel type so it is outbound only, however there is also WARP for linux only. Not sure which is better.
3. Name it and follow the instructiuons to install the Cloudflared service on your webserver.
4. If you already have A/AAAA/CNAME DNS entries that point to a public IP then you will need to remove them.
5. Once you make it you can edit the settings for Public Hostnames, add the website domains and point them to your localhost & port. In my case I am using 127.0.0.1:80 and port 81 for my other website.
6. You will also have to configure your webserver to listen/bind to the localhost IP & respective ports.

And done! Your website domain now points to a cloudflare tunnel: <UUID>.cfargotunnel.com which points to your webserver's localhost:port.

Cloudflares Terms of Service do not allow that many other services to be hosted through these tunnels so consider reading them if you are to host anything else.

There are other services that you can use to acomplish the same thing like tailscale, wireguard, etc. Some are also free but most are paid. I am using tunnels simply becuase I already use cloudflare for DNS & as a registrar.

I run the IT side of a small 10 people firm mainly working in AutoCAD.

What are your top selfhosted apps you would recommend for a work environment?

Currently running: - Filebrowser - Wireguard

Happy Friday, r/selfhosted! Linked below is the latest edition of This Week in Self-Hosted, a weekly newsletter recap of the latest activity in self-hosted software.

Along with the usual news, content, and update, I'd like to use this space this week to announce This Week in Self-Hosted's debut on YouTube, where Alex Kretzschmar (u/ironicbadger, of Self-Hosted Podcast fame), Stephen Schattin, and myself will be discussing the newsletter's content along with anything else we've found interesting.

The first show will be published later this morning - feel free to bookmark or subscribe to the selfh.st YouTube channel if you're interested in joining us.

We'll also be leveraging YouTube to convert each episode to a podcast for those interested in listening along rather than watching.

Thanks, and as usual, feel free to reach out with feedback!

---

This Week in Self-Hosted (11 October 2024)