@deergon@lemmy.world, @shasta@lemm.ee, and @lemmyvore@feddit.nl,

THanks for your help. My main issue ended up being that I was trying to use Let’s Encrypt’s staging mode, but since staging certs are self-signed, Traefik was not accepting the requests. Also, though I had to switch Traefik’s logging level to Info instead of error to see that.

By “server log”, do you mean traefik’s log? If so, this is the only thing I could find (and I don’t know what it means): https://lemmy.d.thewooskeys.com/comment/514711

From traefik’s access.log:

{"ClientAddr":"192.168.1.17:45930","ClientHost":"192.168.1.17","ClientPort":"45930","ClientUsername":"-","DownstreamContentSize":21,"DownstreamStatus":500,"Duration":13526669,"OriginContentSize":21,"OriginDuration":13462593,"OriginStatus":500,"Overhead":64076,"RequestAddr":"whoami.mydomain.com","RequestContentSize":0,"RequestCount":16032,"RequestHost":"whoami.mydomain.com","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"websecure-whoami-vpn@file","ServiceAddr":"10.13.16.1","ServiceName":"whoami-vpn@file","ServiceURL":{"Scheme":"https","Opaque":"","User":null,"Host":"10.13.16.1","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2024-04-30T00:21:51.533176765Z","StartUTC":"2024-04-30T00:21:51.533176765Z","TLSCipher":"TLS_CHACHA20_POLY1305_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2024-04-30T00:21:51Z"}
{"ClientAddr":"192.168.1.17:45930","ClientHost":"192.168.1.17","ClientPort":"45930","ClientUsername":"-","DownstreamContentSize":21,"DownstreamStatus":500,"Duration":13754666,"OriginContentSize":21,"OriginDuration":13696179,"OriginStatus":500,"Overhead":58487,"RequestAddr":"whoami.mydomain.com","RequestContentSize":0,"RequestCount":16033,"RequestHost":"whoami.mydomain.com","RequestMethod":"GET","RequestPath":"/favicon.ico","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"websecure-whoami-vpn@file","ServiceAddr":"10.13.16.1","ServiceName":"whoami-vpn@file","ServiceURL":{"Scheme":"https","Opaque":"","User":null,"Host":"10.13.16.1","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2024-04-30T00:21:51.74274202Z","StartUTC":"2024-04-30T00:21:51.74274202Z","TLSCipher":"TLS_CHACHA20_POLY1305_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2024-04-30T00:21:51Z"}

All I can tell from this is that there is a DownstreatStatus of 500. I don’t know what that means.

Thanks for helping, @deergon@lemmy.world.

Both traefik containers (on the “server” and “client” VMs) and the wireguard server container were built with TRAEFIK_NETWORK_MODE=host. The VMs can ping each other and the Wireguard containers can ping each other.

Both traefik containers were built with TRAEFIK_LOG_LEVEL=warn but I changed them both to TRAEFIK_LOG_LEVEL=info just now. There’s a tad more info in the logs, but nothing that seems pertinent.

Also, just to make sure the app is indeed running, I curled it from it’s own container (I’m using myapp here instead of whoami, because whoami doesn’t have a shell):

$ curl -L -k --header 'Host: myapp.mydomain.com localhost:8080

I can’t seem to display html tags in this comment, but the results are the html tags for the web page for the app - so the app is up and running

Thanks so much for helping me troubleshoot this, @lemmyvore@feddit.nl!

Is the browser also using the LAN router for DNS? Some browsers are set to use DoT or DoH for DNS, which would mean they’d bypass your router DNS.

My browser was using DoH, but I turned it off and still have the same issue.

Do you also get “Internal Server Error” if you make the request with curl on the CLI on the laptop?

Yes, running curl -L -k --header 'Host: whoami.mydomain.com' 192.168.1.51 on the laptop results in “Internal Server Error”.

How did you check that mydomain is being resolved correctly on the laptop?

ping whoami.mydomain.com hits 192.168.1.51.

What do you get with curl from the other VM, or from the router, or from the host machine of the VM?

From the router:

Shell Output - curl -L -k --header 'Host: whoami.mydomain.com' 192.168.1.51
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0-
100    17  100    17    0     0   8200      0 --:--:-- --:--:-- --:--:-- 17000

100    21  100    21    0     0    649      0 --:--:-- --:--:-- --:--:--   649
Internal Server Error

From the wireguard client container on the “client” VM:

curl -L -k --header 'Host: whoami.mydomain.com' 192.168.1.51
Internal Server Error

From the traefik container on the “client” VM:

$ curl -L -k --header 'Host: whoami.mydomain.com' 192.168.1.51
Internal Server Error

From the “client” VM itself:

# curl -L -k --header 'Host: whoami.mydomain.com' 192.168.1.51
Internal Server Error

From the wireguard container on the “server” VM:

# curl -L -k --header 'Host: whoami.mydomain.com' 192.168.1.51
Internal Server Error

From the traefik container on the “server” VM (This is interesting. Why can’t I ping from this traefik installation but a can from the other? But even though it won’t ping, it did resolve to the correct IP):

$ ping whoami.mydomain.com
PING whoami.mydomain.com (192.168.1.51): 56 data bytes
ping: permission denied (are you root?)

From the “server” VM itself:

# curl -L -k --header 'Host: whoami.mydomain.com' 192.168.1.51
Internal Server Error

Thanks for helping, @lemmyvore@feddit.nl.

I’m browsing from my laptop on the same network as promox: 192.168.1.0/24

The tunnel is relevant in that my ultimate goal will be to have “client” in the cloud so I can access my apps from the world while having all traffic into my house be through a VPN.

The VM’s IPs are 192.168.1.50 (“server”) and 192.168.1.51 (“client”). They can see everything on their subnet and everything on their subnet can see them.

Everything is using my router for DNS, and my router points myapp.mydomain.com and whoami.mydomain.com to “client”. And by “everything” I mean all computers on the subnet and all containers in this project.

Both VMs and my laptop resolve myapp.mydomain.com and whoami.mydomain.com to 192.168.1.51, which is “client”, and can ping it.

Thanks for helping, @Lem453@lemmy.ca.

Both wireguard containers are using my router for DNS, and my router points myapp.mydomain.com and whoami.mydomain.com to “client”.

I should add that I’m running Traefik 2.11.2 and wireguard from the Linuxserver image lscr.io/linuxserver/wireguard version v1.0.20210914-ls22.

I don’t know if your problem is the same as mine was, but the symptom sounds the same.

The docker-compose.yaml file shown in the Forgejo documentation for docker installation shows this mount:

    volumes:
      - ./forgejo:/data

For me, Forgejo installed and created new resource files in /data and ignored the resource files gitea alread made.

I changed the volume to:

    volumes:
      - data:/var/lib/gitea

Forgejo then recognized the gitea resources.

Thanks for that info. I did combine an upgrade (1.20 to 1.21) with the migrations, but I guess I lucked into it working. My problem was that the container’s path to the migrated gitea volume was incorrect.

Can you see the data you copied inside the container?

That led me to my problem! I did have the volume mounted, but the container’s path was incorrect: Forgejo was recreating it’s resource files as a new install because where it was looking for them, they didn’t exist.

Thanks!

Both gitea and forgejo are using sqlite3. Gitea 1.20.0, Forgejo 1.21.

Can you share some of them so I might have an idea what to try to do differently?

Unfortunately that didn’t work for me.

That is what I did. And it didn’t work.

Thanks, I’ll try that.

I currently use Photo structure, which is good, but its not open source and the one guy behind it, Matthew, is quite slow with progress. He’s super friendly and helpful, and bug fixes are pretty quick. But feature additions are glacial.

I was considering switching to photoprism but was turned off by the attitude of some of the developers. The product looks prery good, though.

I’m pretty sure I’m going to switch to Immich, which is also really good.

A friend uses Piwigo which is decent and has good features, though I find it’s very ugly regardless which skin you use.

I currently only use proxmox for VMs. Proxmox hosts a TrueNAS VM, TrueNAS controls all but the main (small) drive on the box, proxmox then has access to the other drives through TrueNAS. Kind of neat.

But I think it would indeed be simpler to only have TrueNAS and use it for both nas and VMs. I have no experience with TrueNAS’ VMs.

I recently installed Proxmox and TrueNAS on the same box in kind of an ouroboros styles, following this guide: https://github.com/enigmacurry/d.rymcg.tech

So now I have both. I run VMs in proxmox and use truenas only for nas.

I recently installed TrueNAS on a box with Proxmox, following these instructions. It allows the box to be your NAS and run anything else as a VM (so NextCloud, Grocy/KitchenOwl, etc., even your VPN).

Photostructure is a strong starter, but development is slow and it’s still missing important features like sharing. Also, it’s not ooen source.

Immich seems great but doesn’t (yet) support digikam tags ( and since my 100,000 assets are tagged/organized via digikam, I don’t want to move to immich yet and have to start over).

PhotoPrism seemed pretty good, though it also doesn’t (yet) support digikam tags. Also, their self-hosted version doesn’t have all the features of their paid versions.

I should add that I’m not sold on AntennaPod, Podfetch, and GPodder. I think AntennaPod is a great app and I hope I can use it to do what I want here. Podfetch seems nice, with room to grow in terms of features and Ux. GPodder seems pretty terrible (though I hardly know it) but also seems to be the defacto standard in syncing podcasts and play-states (or perhaps the only game in town?).

But I’d ditch any or all of them if I was able to sync podcasts and play-states between devices. My only caveat is that the solution needs to be FOSS and self-host-able.

FYI, I host my own xbs server. It’s pretty easy on its own, but I use the d.rymcg.tech framework.

I’m curious why you’re not interested in xBrowsersync, if you’re willing to share. It does everything you’re looking for.

Have you looked at Shaarli?

That’s true. You must manually edit the up-to-6 config files to customize Homepage. It’s not difficult, but it’s not a GUI.

d.rymcg.tech is a docker-based self-hosting “platform”, and it includes Homepage and a way to configure it using your own custom homepage-config repo, but that might be a bit much to take on if you just want Homepage or if thisnkind of thing is outside of your skillset.

I love Homepage. It’s pretty, configurable, simple, and versatile.

Maybe btop+ or Prometheus.

At the moment, “Element Call is temporarily not end-to-end encrypted while we test scalability.”

Looks cool! I went to docker hub to see if you already have an image…there’s at least 1 other “snapify” that’s not you, I think. :( i’ve used Loom a few times - it would be nice to self-host this service.