Don’t do this, this is a seriously bad idea on multiple fronts. Buy a domain that’s reasonably priced and you will be much better off. (gen.xyz is cheap)
What I have in my setup is a VPS that routes traffic into a separate network that has all my services in it. This way I don’t need to expose my home to the public Internet
I self host Outline with storage connected to a Minio instance that I use as S3 storage for several applications.
I loved the ability of writing in markdown form, but a simple and intuitive design, with the ability to share a whole collection, a subset of pages, or a single page publicly without dealing with a bunch of overhead.
So…it’s working now? I haven’t touched anything yet, but I just checked my instance again and it works perfectly fine on desktop now. It always worked through Voyager, so I was able to let people know there was an issue. If it comes back I’ll try some of these suggestions to find a more permanent fix.
I’m a network guy, so everything in my labs use SNMP because it works with everything. Things that don’t support SNMP are usually replaced and yeeted off the nearest bridge.
For that I use librenms. Simple, open source, and I find it easy to use, for the most part. I put it on a different system than what I’m monitoring because if it shares fate with everything else, it’s not going to be very useful or give me any alerts if there’s a full outage of my main homelab cluster.
Of course, access from the internet to it, is forbidden, and any SNMP is filtered by my firewall. Nothing really gets through for it, so I’m unconcerned about it becoming a target. For the rest of my systems security is mostly reliant on a small set of reverse proxies and firewall rules to keep everything secure.
I use a couple of VPN systems to access the servers remotely, all running on odd ports (if they need port forwards at all). I have multiple to provide redundancy to my remote access, so if one VPN isn’t working due to a crash or something, I have others that should get me some measure of access.
Docker is a messy and not ideal but it was born out of a necessity, getting multiple services to coexist together outside of a container can be a nightmare, updating and moving configuration is a nightmare and removing things can leave stuff behind which gets messier and messier over time. Docker just standardises most of the configuration whilst requiring minimal effort from the developer
It depends what I’m backing up and where it’s backing up to.
I do local/lan backups at a much higher rate because there’s more bandwidth to spare and effectively free storage. So for those as often as every 10 mins if there are changes to back up.
For less critical things and/or cloud backups I have a less frequent schedule as losing more time on those is less critical and it costs more to store on the cloud.
I use Kopia for backups on all my servers and desktop/laptop.
I’ve been very happy with it, it’s FOSS and it saved my ass when Windows Update corrupted my bitlocker disk and I lost everything. That was also the last straw that put me on Linux full-time.
Because if you use relative bind mounts you can move a whole docker compose set of contaibera to a new host with docker compose stop then rsync it over then docker compose up -d.
I’ve dabbled with some monitoring tools in the past, but never really stuck with anything proper for very long. I usually notice issues myself. I self-host my own custom new-tab page that I use across all my devices and between that, Nextcloud clients, and my home-assistant reverse proxy on the same vps, when I do have unexpected downtime, I usually notice within a few minutes.
Other than that I run fail2ban, and have my vps configured to send me a text message/notification whenever someone successfully logs in to a shell via ssh, just in case.
Based on the logs over the years, most bots that try to login try with usernames like admin or root, I have root login disabled for ssh, and the one account that can be used over ssh has a non-obvious username that would also have to be guessed before an attacker could even try passwords, and fail2ban does a good job of blocking ips that fail after a few tries.
If I used containers, I would probably want a way to monitor them, but I personally dislike containers (for myself, I’m not here to “yuck” anyone’s “yum”) and deliberately avoid them.
Well docker tends to be more secure if you configure it right. As far as images go it really is just a matter of getting your images from official sources. If there isn’t a image already available you can make one.
The big advantage to containers is that they are highly reproducible. You no longer need to worry about issues that arise when running on the host directly.
Also if you are looking for a container runtime that runs as a local user you should check out podman. Podman works very similarly to docker and can even run your containers as a systemd user service.
selfhosted
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.