Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
I keep all my services in one docker-compose yml, and run it from a normal user account added to the docker group.
I am really conscious of what I expose to the internet though, since I already almost had a security incident.
I used to run non-standard ssh port to my machine with password authentication enabled.
Turns out I didn't know the sonarr/radarr containers came with default users, and a bruteforce attack managed to login to one of them (or something like that anyway,it's been awhile). Fortunately they have a default home of /sbin/nologin so crisis averted there, but it definitely was a big lesson for me.
Years later, the current setup is only plex, tautulli, and ombi open to the internet, and to reach everything else I use tailscale. And of course,only key-based authentication.
Oh and for updates, I run apt upgrade once in a while on the box (Ubuntu server 18.04 LTS) and for the containers, I use watchtower.