I saw this post today on Reddit and was curious to see if views are similar here as they are there.

  1. What are the best benefits of self-hosting?
  2. What do you wish you would have known as a beginner starting out?
  3. What resources do you know of to help a non-computer-scientist/engineer get started in self-hosting?
@JustMarkov@lemmy.ml
link
fedilink
English
16
edit-2
3M

2.What do you wish you would have known as a beginner starting out?

Caddy. Once you try Caddy there’s no turning back to Nginx or Apache.

@ahal@lemmy.ca
link
fedilink
English
13M

I’ve been meaning to try Caddy, but I just can’t even imagine something simpler than NginxProxyManager.

poVoq
link
fedilink
English
143M

That’s what everyone thinks for a while, and then they go back to Nginx.

@keyez@lemmy.world
link
fedilink
English
23M

I went from NGinx to HAProxy for 5 years, now on Caddy for 2 and loving it. So much simpler and efficient.

Eh, my main reason for switching is that Caddy builds in LetsEncrypt. My Caddyfile is really simple, it’s just a reverse proxy that handles TLS and proxies regular HTTP to my services. I don’t have it serving any files or really knowing anything about the services. Here’s my setup:

  1. HAProxy - directs subdomains to devices (in VPN) based on SNI
  2. Caddy - manages TLS and LetsEncrypt and communicates w/ services over HTTP
  3. Nginx - serves files for things like NextCloud, if needed (most services have their own HTTP server)

Each of these are separate Docker containers, which makes it really easy to manage and diagnose problems. The syntax for Nginx is more complex for 1&2, and the performance benefit of managing it all in one service just isn’t relevant for a self-hosted system, so I use this layered approach that makes each level as simple as possible.

kadotux
link
fedilink
English
23M

As someone who just learned about Caddy, could you elaborate?

poVoq
link
fedilink
English
5
edit-2
3M

You usually want less integration, not more. Simple self-contained things. Nginx is good at that. That’s also why you don’t want to use Nginx Proxy Manager or Certbot’s Nginx integration etc. It first looks like they make it easier, but there is too much hidden complexity under the hood.

Also, sooner or later you will run into some software that you would really like to try, which is only documented for Nginx and uses some sort of image caching or so, that is hard to replicate with Caddy etc.

Deemo
link
fedilink
English
23M

Certbot’s Nginx integration etc

How do you obtain ssl certs then?

poVoq
link
fedilink
English
1
edit-2
3M

I switched to Dehydrated (with dns-01 challenge), but Certbot itself is fine, the problem is the Nginx integration that tries to automatically change your Nginx config files.

Deemo
link
fedilink
English
23M

Do you manually update the config every 3 months?

poVoq
link
fedilink
English
13M

??? The location and the file name of the certificates don’t change, so why would I have to do that?

On the contrary, before I disabled the certbot’s Nginx integration, every three months certbot would “manage” to break my Nginx and I had to manually repair it.

I think we are not talking about the same thing. I mean the Certbot extension that automatically modifies the Nginx config files. A telltale sign are usually the comments "#managed by certbot” that it likes to leave behind all over your config files.

Deemo
link
fedilink
English
13M

I’ve only really use caddy and my only experience with ngnix is ngnix proxy manager (which isn’t really true ngnix).

I wasn’t sure if hot swapping certs (even with same name was possible, kinda thought you would to reload it upon cert change).

Also regarding cert bot I have only used it in manual mode so it’s managed mode is a bit foreign.

@Zeoic@lemmy.world
link
fedilink
English
13M

Not sure I agree about proxy manager. Anything you need to access is in the gui. You can easily add advanced configs to the entries. Been using it for 5 or so years, and there hasnt been anything I was missing from using straight nginx before that.

The benefit of using config files is easy version management via git.
Makes it easy to rebuild from scratch and easy to rollback a change that breaks something

@Zeoic@lemmy.world
link
fedilink
English
13M

Fair enough. I manage the same by backing up the vm its on.

lemmyvore
link
fedilink
English
13M

I’m currently in the process of separating the certificate renewal service from the reverse proxy completely.

But if you’re just starting out Nginx Proxy Manager makes it so easy.

@ahal@lemmy.ca
link
fedilink
English
23M

Out of curiosity, what’s the benefit of splitting those?

lemmyvore
link
fedilink
English
3
edit-2
3M

It lets you change reverse proxy or run a website with TLS completely independently of the certbot. The certbot deals with obtaining certs and leaves them in a dir, and the proxies or webservers just take them from that dir. If the proxy container breaks the certbot still does its thing etc.

It also makes it easier to do stuff like run different proxies in paralel for different things, chain proxies (for instance if you need to use a VPS because you can’t forward ports) and so on.

But it’s all for advanced setups, for basic stuff I’d still go with NPM.

@ahal@lemmy.ca
link
fedilink
English
23M

Cool makes sense, thanks for the reply! And yeah, I don’t think I’m quite there yet.

Deemo
link
fedilink
English
23M

Silly question how safe are caddy plugins? (especially dns challenge modules like cloudflare, duckdns, etc).

https://github.com/caddy-dns https://github.com/caddy-dns/cloudflare/tree/master

Not sure if those plugins are covered by caddy’s security disclosure policy

https://github.com/caddyserver/caddy/security

@xinayder@infosec.pub
link
fedilink
English
13M

I maintain the DNS plugin for Vultr and I can say that it’s “safe”, but if you’re worried you should check their source code.

I believe it’s easier to have a vulnerability in the external provider’s API (for example, caddy-dns/vultr uses govultr) than Caddy. But I wouldn’t take things for granted if I was skeptical about these plugins.

LOL, as a noob I went with caddy, then traefik before settling on NPM. Ironically, all the “QoL” features people brag about just made base configs harder and lead to shit randomly failing.

NPM has been solid as a rock, even if I have to do slightly more work, it’s more reliable and does what I want quicker and easier than the alternative.

@farcaller@fstab.sh
link
fedilink
English
33M

Apparently traefik might be better if you run docker compose and such, as it does auto-discovery, which reduces the amount of manual configuration required.

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 125 users / day
  • 420 users / week
  • 1.16K users / month
  • 3.85K users / 6 months
  • 1 subscriber
  • 3.68K Posts
  • 74.2K Comments
  • Modlog