this post was submitted on 02 Mar 2025
147 points (96.8% liked)

Selfhosted

59939 readers
608 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
147
What's up, selfhosters? - The Sunday thread (slrpnk.net)
submitted 1 year ago by tofuwabohu@slrpnk.net to c/selfhosted@lemmy.world
105 comments fedilink hide all child comments
 

Almost forgot before going to bed but I feel bi-weekly is a good rhythm for this.

Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.

you are viewing a single comment's thread
view the rest of the comments
[–] kitnaht@lemmy.world 3 points 1 year ago (2 children)

Highly suggest putting Caddy on a machine, forwarding port 443 and 80 to caddy, and then letting it do your reverse-proxy stuff. Register a domain name, give it your IP address, and then tell caddy that 'immich.yourdomain.bleh' goes to port 78789 and plex goes to 'media.yourdomain.bleh' port 89898 -- Caddy handles all of the TLS stuff, handshaking, you name it - so you can have secure sites with proper certs.

Then make sure those things are isolated from your home network through vlans if your router supports it.

You can get fancier with it using a tailscale and getting some datacenter IP to forward into your network

[–] sugar_in_your_tea@sh.itjust.works 2 points 1 year ago (1 children)

I set up DNS challenge with Let's Encrypt with Caddy, and now I don't need to forward anything to it if I don't want to.

[–] azron@lemmy.ml 2 points 1 year ago (1 children)

DNS challenge so you can get a wildcard cert? Or is it still per domain? I haven't looked recently but it seemed difficult but I'd like to avoid transparency log installs where I can.

[–] sugar_in_your_tea@sh.itjust.works 3 points 1 year ago* (last edited 1 year ago)

You can do both (not sure how wildcard works through Caddy though), I did it per domain. I prefer doing TLS trunking per device, hence no wildcard.

[–] FunkFactory@lemmy.world 1 points 1 year ago

Thanks for the advice, I didn't know a reverse proxy was what I was setting up though I've seen that term all over. I think Caddy is likely in my future but I already have basic access to my home network through a Wireguard tunnel for now so I was hoping dnsmasq could solve for my case without getting too fancy or exposing any ports. I think I should probably try to learn about reverse proxies more generally to figure out the next steps forward.