For self hosting I’d recommend either one of the Meshify 2 or Define 7, depending on local price and your specific needs. I personally went with the Meshify 2 XL and was blown away by the quality of the case. It’s built well and allows for a variety of configurations. It also makes maintenance very easy as the filters and side panels can all be removed without any tool to handle dust build up.
Just because it’s a bit different to what you asked, and no one else has said it, I’ve found great results with the Terramaster D5-300 and D4-300. Make sure you get the USB 3.1 type Cs, but I’ve been fine with the plain rather than ones loaded with RAID.
For every USB 3.1 socket on the back I get 5 drives, I can increase capacity incrementally, and for spinning rust they are faster than they could transfer anyway.
I’ve replaced my machine with a Dell USFF box now and it all works great.
Completely understand if it’s not your thing but you can add a drive box to your existing system without replacing anything. I’m currently up to 16 drives.
My NAS is an mATX mobo with an i5, 64G RAM, 8 disk drives, 3 nvme drives, and an ARC GPU for video transcoding.
Disk drives are all mirrored. One nvme runs NixOS which is easy enough to redeploy if the drive dies. One nvme is cache on top of the disk drives. Last nvme I use for temp fast storage like Jellyfin transcoding.
Its more of a combo NAS/server as I run most self hosted apps on it (tor node, monero node, jellyfin, *arr stack, etc).
Absolutely anything can be turned into a NAS, as long as you’re aware of your own needs and the hardware’s capabilities. A NAS is just a computer with some specific requirements.
When I first built my NAS, it only used parts that I got for free. A cheap micro ATX board with only two RAM slots, an i3-4160 CPU, 2x2G RAM, a worn-out SSD, and a 1T HDD. It couldn’t run something like TrueNAS, but it was enough for Proxmox and some Alpine containers running services like Samba, Transmission, Wireguard, and a small Debian VM for me to fuck around with. The single storage disk means there is no redundancy, so I only store replaceable data on it, like TV shows and installers.
There are many hardware-focused channels on video platforms that offer guides for budget home servers. Wolfgang’s Channel is good, and Hardware Haven and Raid Owl just finished a competition of building a sub-$200 home lab.
Very interested in this as Gmail is one of my last Google cords to cut. But it doesn’t solve the issue of trying to host it from a non-commercial Internet connection. Last I remember most ISPs won’t let you open the ports required to run an email service on a home connection. Anyone have modern experience with that?
Then deal with your email going to spam most of the time because you’re domain/IP is so new and not “warmed up” that email systems think it’s all spam.
Yeah, it seems like the latter option is the obvious answer. It’s an awful lot of work you still have to pay for. I’d rather just pay someone to offer me secure email and not harvest my information.
In my experience, this is nothing more than an urban legend at this point. There are great standards, like DMARC, DKIM, SPF, proper reverse DNS and more, that are much more reliable and are actually used by major mail servers. Pick a free service that scans the publicly visible parts of your email server and one that accepts an email that you send to them and generates a report. Make sure all checks are green. After an initial day of two of getting it right, I’ve never had trouble with any provider accepting mail and the ongoing maintenance is very low.
Milage may vary with an unknown domain and large email volumes or suspicious contents, though.
There are literally RBLs in use by many major mail providers that just contain all dynamic IPs. There are others that block entire subnets used by VPSs at certain hosters. In neither of those you can remove your IP yourself (unlike the ones that list individual IPs because of that IP’s reputation).
It’s not a shame because of the amount of people we know, or how many people there are in total, that want to self-host email. It’s about the fact that it’s so difficult to set up, and hard to secure. I just wish it were simpler and more secure by default so that more people could roll their own and break free from ad-ridden and privacy-invading email services. 👍
Gmail to MXroute when Google threatened to pull the grandfathered free Gmail custom domain thing. Got their lifetime plan, easy enough to configure so outgoing mails don’t get marked as spam. However, the major downside is it’s still using Spam Assassin as spam filter.
I moved from Gmail to ProtonMail, then to Mailbox.org. Ypu can set up a mailserver on your home server, but you would need a VPS that would forward the traffic to and from your home server without you needing to open any ports. This guide can help you with TLS passthrough.
But setting up your own mailserver is a big hassle. Just pay a trusted provider and keep your inbox, and preferably all emails, encrypted with GPG.
I was paying $7/m for their mail, VPN and drive services. One of my major reasons to switch was their lack of linux support. They claim that it is hard to find Linux developers. Second reason was their drive’s download and upload speeds were terrible, from where I am sitting. Their VPN service is great. I always got great speeds, but their linux apps have always been terrible. Their mail service is also great, but I would like more control over it, like Mailbox.org. on Mailbox, I can encrypt my inbox using a different key, while also having the SMTP submission feature. I really ned that to integrate emails with my websites and services. Mailbox can also encrypt their cloud drive with our key, while also providing WebDAV support (how cool is that). Their mail app on android is open-source but is not available on f-droid. And the apk they provide on their website neither has a notification functionality, nor does it auto-update. Another reason was that I was limited to 3 custom domains, unless I buy their business plan. Mailbox has no such limit.
One final reason was that I did not want to keep all my apples in one basket. So, for mail, I am using mailbox, for storage, I am using a personal nextcloud and a Hetzner managed nextcloud, for VPN, I started using mullvad, but their speeds are terrible and connections are unreliable. For passwords I am using self-hosted vaultwarden.
There are a few more reasons that I do not remember, now. Proton is great, I still trust them. But these small things really go a long way.
That’s pretty much exactly my story except I went with fastmail.com, mullvad for vpn (you really need to test with some script to find your best exit nodes I forget which one I used ages ago but it found me a couple of nodes about 1000 kms away from my location and in a different country that I can do nearly a gig through routinely… Maybe it was this script? github.com/bastiandoetsch/mullvad-best-server) . I went with pcloud for a bit but tailscale and now currently netbird make it kind of irrelevant since its’ so easy to get all my devices able to communicate back to my house file server. I want to like hetzner so bad but every time I try it the latency to north america just kills me and the north american offering was really far away and undeveloped last time Itried it
For me the issue with Mullvad is like this… I connect to a server, I get good speeds, but after an hour or two, I get stuck at 2-3mbps. This issue gets resolved when I reconnect, even to the same server. Also, I like using OpenVPN over TCP, but their speeds, in Mullvad’s case, are terrible for all exit nodes.
It also may be the case that my ISP is deliberately ruining the IPv4 routes because I am connecting to a VPN for privacy.
That’s what I was thinking, but less… Fire hazard? I’ve seen some of those that are just crazy. Idk mostly need a board that can handle it. Idk just dreaming of a new project with spare stuff hanging around.
I would guess they’re a fire hazard because of the overclocking they do. They’re either a long term (heh) project and they’re immaculate, or they know they need to squeeze every bit of value and abuse the fuck out of those GPUs. I think you can tell if a rig is dangerous so you should be ok
What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.
I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
Mainly I want to expose it so I can access my stuff remotely. What would you recommend otherwise? Traefik looks alot more difficult to me from the get go but I haven’t tried it out yet (because I dont know where to start) Issue is just that I have a basic understanding about docker/ubuntu stuff now (or I know how to manipulate stuff like I want) but basically everything with Web and https is a big black hole for me which I can’t seem to grasp yet.
Yeah, it’s a lot. It’s a very large field, and you’re playing in two or three areas here.
Look at a couple of overlay options. ZeroTier is the one I remember off top of my head. There are others, Google alternatives. These use a coordination server. Some are a hosted service, but there’s some that you host yourself. These are supposed to be pretty easy. You watch a couple of videos on these, I bet you’re be fine.
Wire guard offers more traditional VPN. You can tunnel your device back to your network. Some routers offer a VPN option. There’s open sense, ddwrt, etc. Again, lots of videos.
Since you said you mostly wanted remote access, I strongly suggest not opening services to public and use VPN.
You can still learn reverse proxy too, but just do it internally, even though it wouldn’t technically be needed. This will be much safer and learner friendly.
I have ridiculous amounts of services running, but I use gateway router VPN to access most of them.
using a vpn or similar is not really an option as I have famiy members accessing it and I dont want to always connect using a vpn just for example to open my garage or accessing my shopping list. Security wise I just use 2FA so I dont think thats the issue.
Will check it out. Setting up postfix + dovecot with dmarc and postgres was a funny experience but it’s starting to slip out of my memory how I did it and I don’t want to be through it again.
I looked at this, it looks pretty rudimentary compared to something like Mailcow-dockerized which has a full docker stack with clamAV, sieve, etc that you can add Roundcube on to, and has worked very well for me for years. There are precious few jmap clients out there so that’s not much of a consideration really. I’d rather have rspamd itself rather than their fork of it because then I can depend on the original’s documentation, because their documentation doesn’t seem very comprehensive comparatively.
Plus, I’d rather have a stack of separate docker containers rather than a single container that munges it all together, but maybe that’s not a big deal. I like to let Postgres manage the postgres container image and not put another layer in there.
I don’t think it’s you, it generally is a bad practice to have multiple processes inside a container. It usually defeats most of the isolation, introduces problems with handling zombie processes (therefore you need an init) and restarting tools when they crash (then you need something like supervisord, which I guess this image might use - I didn’t check). Each software adds dependencies, which can conflict (again defeating the idea of containers), and of course CVEs. Then you have a problem with users etc.
So yeah, containers are generally not meant to be used this way. The project might be cool but I would be very uncomfortable running it like this, especially if that’s going to be my primary email, with all the password resetting capabilities etc.
Reading the Dockerfile in their repo, it’s simply a clean debian:slim with four compiled rust binaries placed into it. There’s no services, no supervisord, nothing except the mail server binaries themselves.
You’re using network_mode: “host” which makes the container use the host’s networking directly. When you use host mode, the port mappings are ignored because the container doesn’t have its own IP address, it’s sharing the host’s IP. Remove or change the network mode to see if that fixes it.
selfhosted
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.