ThorrJo
um… did my bio get deleted?
I use individual Turnkey Linux VMs sometimes … Yunohost is a cool project but I like one VM per service
I consider selfhosting to be both. VPS or homelab. The latter has more ‘cred’ but is also a much bigger investment and not everyone can do it. Granted I’m living in a difficult environment but as somebody using Linux since 1994 it took me 3 years to recently get a homelab to where I could credibly serve the wider internet from it, and I still use a VPS as reverse proxy anyway! Meanwhile, offloading your physical plant to a mom-n-pop platform-as-a-service provider isn’t the worst thing in the world. Some operators started out selfhosting and grew their little VPS provider from that, those guys need business too!
FWIW, I ended up just using a VM when probems like this would inevitably crop up with LXCs running software which goes too far off the garden path so to speak. My knowledge is a lil dated as I set most of my shit up about 2 years ago but at that time I got the distinct impression that LXCs were not fully-baked for running a number of things. Mostly I absorbed that info from reading the Proxmox forum. I’d love to hear if it’s improved since 2021.
Just here to say, I see you lol, even if I don’t have answers.
I just started using Nextcloud once they finally released a credible wiki app. It’s super useful and I’ll likely use it for years into the future. But the UI is definitely a low point.
Just get a used ultra-small form factor PC a la the Tiny, Mini, or Micro series. A higher-end one which is 7 generations old will still absolutely destroy the Pi in terms of performance.
Once I gave up (for now) on doing all this on ARM and switched back to x86, everything got way easier to actually accomplish.
Check out ServeTheHome’s “Project TinyMiniMicro” on Youtube for a great overview of ultra-small form factor (“1 liter”) business PCs.
The big three PC makers each have standardized products in this form factor with (relatively speaking, compared to smaller manufacturers) tons of spare parts available.
Personally I’d go for as big a UPS as I could afford, but I serve some public-facing stuff from my homelab and I live in an area with outdated infrastructure and occasional ice storms. I currently have a small UPS and have been too tired/overwhelmed to set up automated shutdown yet. It’s not too hard though, I’ve done it before. And even without that in place, my small UPS has kept things going thru a bunch of <10 minute outages.
I would never open those types of services to the Internet. Wrap it in a VPN first yeah?
I have this exact model machine as a web app server running Proxmox btw. Works great. I did need to get a genuine power supply for it as it refused to run above 800MHz with a generic!
There isn’t a guide yet that I’ve found. I slowly & painfully assembled all the info and beat my head against the task until I had something working & stable.
I’m currently building a comprehensive one, but due to circumstances beyond my control, it’s taking forever.
I think civilization just hasn’t gotten there yet, but I suspect I’m not the only one working on this, so I bet the reverse proxy tunnel HOWTO situation will be way better in a year or two…
FWIW I use nginx on the front end, and rathole for my tunnels - the latter is a very straightforward way to set up the tunnels.
Currently I have a bastion host running a hardened distro, which establishes a reverse proxy tunnel to its ssh port via my $4/mo VPS using rathole, an excellent reverse proxy utility I switched to from frp.
I also maintain a Tor hidden service pointed at the bastion host’s ssh port and another on a different internal host. These are so that I can still get in if the bastion host, my VPS, or certain aspects of networking are down for some reason.
Eventually I will implement port knocking / single packet authorization by deploying fwknop on some or all of these services to further enhance security.