Your router’s IP can be anything. Choose any internal IP address on your subnet.
You can have 2 routers on the same subnet just make sure you disable DHCP on the new one while you perform the setup of everything else.
Then when you want to switch over, toggle on dhcp on the new router and replace the cables and you should be fine. You’ll know it’s working when you plug into it and get a default route of the new router.
Let’s see if I got this… great idea to disable DHCP on the new OPNSense for now. I forgot about that. Just keep the one LAN cable going in, and I will just keep the IP address as it is right now (.79). Not even worry about the WAN port at all. Set up all of the features, including things like reserved IP addresses and whatnot. Then, when I am ready to drop it in, I will turn the old router off, and on the new router set up a static IP on the LAN port (.0.1) and add the WAN port (DHCP). Drop it in place, turn on DHCP and I’ll be good to go.
Sounds about right, just be aware that your LAN and WAN networks need to be different, so you’ll likely need to change your old router’s dhcp subnet. E.g. 192.168.1.1/24 on the WAN and 192.168.0.1/24 on the LAN.
Yep. Keep the WAN port dhcp Client enabled if you can, just one less thing to worry about.
Also take note that when you change the static IP of the new router it would conflict with the old one (and dhcp might fail). So you might need to set your local clients IP. Take note of the configuration it has and the steps to set it manually.
For project ideas, I think most of us start with a problem and learn how to solve it. But without some foundational knowledge, you may struggle to even realize what’s a solvable problem.
You should maybe start with something like Linus Tech Tips “techquickie” content. Look at tutorials for home servers and home labs.
Or just spin around with your eyes closed, and point at a random tech object in your home, then start searching for info on how that works. How you can customize it, fix it, break it, make your own.
Not sure how else to help you jumpstart what many of us have just been naturally doing our whole lives. Like… be curious. That’s the key actually. Curiosity.
Tempo is gorgeous, it’s up there with Auxio in terms of aesthetics. That said, I wish it had the feature set of Musicolet. I love being able to switch between queues and never having my randomised playlists reorder the songs because they drop out of memory.
So add your user to the new docker group made on install of that package and you’ll be able to docker without sudo. You may need to relogin or newgrp docker before it works tho
Make sure your backups are solid and can’t be deleted or altered.
In addition to normal backups, something like zfs snapshots also help and make it easier to restore if needed.
I think I remember seeing a nextcloud plugin that detects mass changes to a lot of files (like ransomware would cause). Maybe something like that would help?
Also enforce good passwords.
Do you have anything exposed to the internet that also has access to either nextcloud or the server it’s running on? If so, lock that down as much as possible too.
Fail2ban or similar would help against brute force attacks.
The VM you’re running nextcloud on should be as isolated as you can comfortably make it. E.g. if you have a camera/iot vlan, don’t let the VM talk to it. Don’t let it initiate outbound connections to any of your devices, etc
You can’t entirely protect against zero day vulnerabilities, but you can do a lot to limit the risk and blast radius.
All the measures you listed amount to nothing against a zero day remote exploit. They bypass the normal authentication process.
If you’re not able to use a VPN then use a IAM layer, which requires you to login through another method. You can use a dedicated app like Authelia/Authentik in front of the reverse proxy, or if you use nginx as reverse proxy you also have to option of using the vouch-proxy plugin.
I won’t update without first creating an image of the server to roll back to. Like others on here, the web updater almost always fails and goes into maintenance mode and I have to ssh in to fix it.
Having said that, functionally, I have no issues. Only when upgrading does the whole thing shit the bed.
I’ve hosted mine for years on my own bare metal Debian/Apache install and 28 is the first update that has been a major pain. I’ve had the occasional need to install a new package to enable a new feature, or needed to add new/missing indices to the database, but the web interface literally tells you how to do those things, so they’re not hard.
28 though broke several of the “featured” apps that I use regularly, like “Retention”. It also introduced some questionable UI changes that they had to fix with the recent .1 update. I’ll get occasional errors when trying to move or delete files in the web interface and everything. 28 really feels like beta software, even though we’re a point release in and I got it from the “stable” update channel.
I’m on my laptop so I thought I would elaborate on my first comment to give you things to watch out for if/when you update. I’ve been hosting mine with the zip file manually installed with my own Apache/PHP/MySQL/MariaDB setup for ages now without issue. It’s been rock solid except for, like I said, the occasional changes required to take advantage of new features such as adding new indices to the database or installing an additional php addon. Here’s the things that I noticed with updating to 28.
The 3 dot/ellipses menu was missing in the web interface and was replaced with dedicated buttons for “Download”, “Add to Favorites” and “Delete”. Shift clicking was also broken. This meant that when I, for example, take a lot of photos for a holiday, I can’t use the web interface to select a large range of multiple files and then move them all from “InstantUpload” into a more permanent album. I either had to use the mobile app, or do them one at a time. The ellipses menu, along with the options to bulk “move/copy” have been added back since then with the *.1 update, but shift clicking in the web interface to select a range of files is still broken.
The “Retention” app, which is listed as a “Featured” app doesn’t function any more. I used it to automatically delete backups of my Signal messenger, files in the “InstantUpload” folder that were over a year old, etc. You can enable it, but it doesn’t actually work and just throws errors in the log file, which is now reported in the “Overview” portion of the “Administration” page with a note of “X number of errors since somedate”, and prevents you getting the green checkmark. It’s probably safe to assume that other apps will also have issues because I had half a dozen get automatically disabled with the update.
Occasionally when I use the web interface to move or copy a file, I’ll get an error message that the operation failed. Sometimes this is true, sometimes it’s not and the operation actually succeeded. If it ends up being true and the move did actually fail, doing it again results in a successful move.
It seems like they’ve made some substantial under-the-hood changes to the user interface that shouldn’t have been shipped to the “stable” channel. It’s not completely broken, it “is” usable, especially after they restored my bulk move/copy button, but I still can’t use the Retention app, at least last time I looked, so I’ve literally got daily cron scripts to check those folders for old files and delete them, then trigger an occ files:scan of the affected directories to keep the Nextcloud database in sync with the changes. This however, bypasses the built-in trash bin so I can’t recover the files in the event of an issue. I actually considered rolling back to 27 for a bit, but decided against it, so if I were you, I would stick with 27 for a while and keep an ear to the ground regarding any issues people are having that are or aren’t getting fixed in 28.
Try MySQL instead of MariaDB. They have some performance tweaks in version 10 that aren’t present in MariaDB.
Also, tune your MySQL (or MariaDB) server. Make sure all tables use InnoDB. Enable the slow query log and analyze slow queries (there may be missing indices). If there’s a lot of unique queries, increase the query cache size.
The easy approach is to run MySQLTuner after the MySQL or MariaDB server has been up for at least a week, and go through its suggestions.
There shouldn’t be a significant difference in performance between PostgreSQL and MySQL/MariaDB if both have been optimized. Out-of-the-box config isn’t ideal for a production system.
selfhosted
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.