Wondering if I should switch my #RaspberryPi OS from #Stormux, based on #ArchLinuxARM, to #HomeAssistantOS. I mostly work with it over SSH anyway and this might allow me to do more with it. What do others who #SelfHost think?
#SelfHosting #SelfHosted #Linux
@selfhost @selfhosting @selfhosted

I'm curious to hear what others are #SelfHosting! Here's my current setup:

Hardware & OS

• Hardware: #RaspberryPi500 (8 GB RAM, 512 GB SD card) #RPi #RPi500 #SingleBoardComputers #HomeLab
• OS: #Stormux, an accessible #Linux distro based on #ArchLinuxARM #LinuxAccessibility #AccessibleTech

Infrastructure & Networking

• Dashboard: #Glance (#Docker) #DockerApps
• Reverse Proxy: #Caddy
• DNS: #Cloudflare
• Domain Registrar: #Porkbun
• Networking & Remote Access: #Tailscale (non-Docker), love its SSH agent and magic DNS features. #NetworkSecurity

Security & Monitoring

• Ad Blocking: #AdGuardHome (non-Docker). Previously used PiHole but find AdGuardHome slightly faster. #PrivacyTools
• Server Monitoring: #Beszel (non-Docker). Tried Grafana/Prometheus/Alertmanager (accessible but overkill) and Netdata (poor screen reader accessibility). Beszel isn't perfect but best compromise so far. #ServerMonitoring
• Server Overview: #Cockpit (non-Docker)
• Security Tools: #Fail2ban, #FirewallD, #ClamAV, and #Rkhunter (non-Docker). Tried CrowdSec but couldn't get it working on Stormux. #CyberSecurity
• Service Uptime Monitoring: #UptimeKuma (Docker), accessible and easy to use. #MonitoringTools

Authentication & Identity Management

• Authelia (Docker): Just set this up for two-factor authentication and single sign-on. Seems to be working well so far!

• LLDAP (Docker): Lightweight LDAP server for managing authentication. Also seems to be working pretty well!
  #AuthenticationTools #IdentityManagement

Productivity & Personal Tools

• Docker Management: #Dockge (Docker). More accessible than Portainer; main issue is built-in terminal isn't readable with screen readers. #DockerCompose
• Docker Logs Viewer: #Dozzle (Docker), great web interface and easy searching.
• Git Hosting: #Forgejo (non-Docker), my personal Git server. #GitServer
• Backups: #IDrive (non-Docker), backs up all my devices easily. #BackupSolutions
• Notes: #Joplin server (Docker). Accessibility improving; love the VSCode extension. #NoteTakingApps
• Bookmarks: #Linkding (Docker). Accessible bookmark manager with good browser extension support. #BookmarkManager
• Recipes: #Mealie (Docker), starting to learn cooking! 🍳📖 #CookingApps
• RSS Feeds: #Miniflux (non-Docker), excellent accessibility. Originally wanted better podcast support but other options had major accessibility issues. #RSSReader
• Automation & Workflows: #N8N (Docker). Haven't explored deeply yet—open to ideas! #AutomationTools #WorkflowAutomation
• Pastebin Service: #PrivateBin (non-Docker). Considering alternatives or CLI tool for easier console access. #PastebinAlternative
• File Sharing & Editing: #Samba (non-Docker), easy file management from my Windows 11 mini PC. #FileSharing #Windows11
• Search Engine: #SearXNG (non-Docker), accessible and searches multiple engines at once. #PrivacySearchEngine
• IRC Client: #TheLounge (non-Docker). Some accessibility issues but best I've found so far for always-connected IRC. #IRCClient
• Read Later Service: #Wallabag (Docker). Biggest issue is Wallabagger Chrome extension doesn't work for me yet. #ReadItLater

Notifications & Development Workflow

• Notifications via: #Ntfy (Docker) and Zoho's ZeptoMail (#Zoho)
• Development Environment: Mostly using VSCode connected to my server via Remote-SSH extension. #VSCodeRemote

Accessibility Focus ♿️🖥️

Accessibility heavily influences my choices—I use a screen reader full-time (#ScreenReader), so I prioritize services usable without sight (#InclusiveDesign, #DigitalAccessibility). Always open to discussing accessibility experiences or recommendations!

I've also experimented with:

• Ollama (#Ollama): Not enough RAM on my Pi.
• Habit trackers like Beaver Habit Tracker (#HabitTracking): Accessibility issues made it unusable for me.

I don't really have a media collection, so no Plex or Jellyfin here (#MediaServer)—but I'm always open to suggestions! I've gotten a bit addicted to exploring new self-hosted services! 😄

What's your setup like? Any cool services you'd recommend I try?

#SelfHosted #LinuxSelfHost #OpenSource #TechCommunity #FOSS #TechDIY

@selfhost @selfhosted @selfhosting

Hi all. Hoping someone in the #SelfHosting community can help. I'm trying to set up #Linkwarden in #Docker behind #Caddy. The service is running, but I'm unable to create a user account. This is what I see in my browser console when I try:

register:1 [Intervention] Images loaded lazily and replaced with placeholders. Load events are deferred. See https://go.microsoft.com/fwlink/?linkid=2048113register%3A1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms) <input data-testid=​"password-input" type=​"password" placeholder=​"••••••••••••••" class=​"w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:​border-primary duration-100 bg-base-100" value=​"tyq5ghp!QVH-mva1agc">register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms) <input data-testid=​"password-confirm-input" type=​"password" placeholder=​"••••••••••••••" class=​"w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:​border-primary duration-100 bg-base-100" value=​"tyq5ghp!QVH-mva1agc">Errorapi/v1/users:1 Request unavailable in the network panel, try reloading the inspected page Failed to load resource: the server responded with a status of 400 () Failed to load resource: the server responded with a status of 400 ()

compose file:

services:  postgres:    image: postgres:16-alpine    container_name: linkwarden_postgres    env_file: .env    restart: always    volumes:      - ./pgdata:/var/lib/postgresql/data    networks:      - linkwarden_net  linkwarden:    env_file: .env    environment:      - DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@linkwarden_postgres:5432/postgres    restart: always    # build: . # uncomment this line to build from source    image: ghcr.io/linkwarden/linkwarden:latest # comment this line to build from source    container_name: linkwarden    ports:      - 3009:3000    volumes:      - ./data:/data/data    networks:      - linkwarden_net    depends_on:      - postgresnetworks:  linkwarden_net:    driver: bridge

Relevant part of .env file:

NEXTAUTH_URL=https://bookmarks.laniecarmelo.tech/api/v1/authNEXTAUTH_SECRET=x8az9q9w8ofAxnrVcer2vsPHeMmKSPbf Manual installation database settings# Example: DATABASE_URL=postgresql://user:password@localhost:5432/linkwardenDATABASE_URL= Docker installation database settingsPOSTGRES_PASSWORD=redacted# Additional Optional SettingsPAGINATION_TAKE_COUNT=STORAGE_FOLDER=AUTOSCROLL_TIMEOUT=NEXT_PUBLIC_DISABLE_REGISTRATION=falseNEXT_PUBLIC_CREDENTIALS_ENABLED=true

Caddyfile snippet

*.laniecarmelo.tech {    tls redacted {        dns cloudflare redacted    }    header {        Content-Security-Policy "default-src 'self' https: 'unsafe-inline' 'unsafe-eval';             img-src https: data:;             font-src 'self' https: data:;             frame-src 'self' https:;             object-src 'none'"        Referrer-Policy "strict-origin-when-cross-origin"        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"        X-Content-Type-Options "nosniff"        X-Xss-Protection "1; mode=block"    }    encode br gzip    # Bookmarks    @bookmarks host bookmarks.laniecarmelo.tech    handle @bookmarks {        reverse_proxy 127.0.0.1:3009    }}

Can anyone help? I have no idea how to fix this.
#SelfHosted #CaddyServer #Linux #Tech #Technology
@selfhost @selfhosted @selfhosting

Hi everyone,

I'm encountering an issue with my self-hosted setup using Caddy 2.9.1 and Authelia 4.38.19. All domains except auth.laniecarmelo.tech return a 401 Unauthorized error. Journald logs suggest issues with insecure schemes ('') instead of https or wss.

Details:

• Setup: Caddy as reverse proxy, Authelia for authentication
• Domains: AdGuard Home, Forgejo, LinkAce, MiniFlux, TheLounge, Homepage, Beszel, Glances, Uptime Kuma, Tandoor Recipes, BookStack, Watchtower, Portainer
• Logs:
  Authelia:
  Feb 24 21:01:47 stormux authelia[2932]: level=error msg="Target URL '/' has an insecure scheme '', only 'https' and 'wss' are supported"Caddy:
  Feb 24 21:19:41 stormux caddy[48845]: {"msg":"handled request","method":"GET","host":"adguard.laniecarmelo.tech","status":200}

Configurations:

• Full Caddyfile and Authelia config: GitHub Gist

Curl Output:

HTTP Request:

$ curl home.laniecarmelo.tech -v< HTTP/1.1 308 Permanent Redirect< Location: https://home.laniecarmelo.tech/

HTTPS Request:

$ curl https://home.laniecarmelo.tech/ -v< HTTP/2 401 < content-type: text/plain; charset=utf-8< server: Caddy401 Unauthorized

Does anyone know what might be causing this? I suspect it could be related to forward_auth or trusted proxies.

Thanks in advance! 🙏

#SelfHosting #CaddyServer #Authelia #ReverseProxy #TechHelp #Linux #HomeLab
@selfhost @selfhosting @selfhosted

Need help with #Caddy configuration. Getting error:
"Error: adapting config using caddyfile: /etc/caddy/Caddyfile:20: parsed 'header' as a site address, but it is a known directive; directives must appear in a site block"

Running #LinkAce behind Caddy. Config has global options block, site blocks for subdomains, and snippets for common configs. Error persists despite:

• Proper indentation
• Blank lines between blocks
• Snippets after global block
• Valid header directives

Full config: https://privatebin.io/?e2b50660d40b8463#Awoq9mqdg5nyNB25xvd1zB8L7mX5m9e9sZJDguegJL2G
Password: bka@zhj@btc4FPR!emr

#SelfHosted #Docker #ReverseProxy #WebDev #Linux #HomeLab
@selfhost @selfhosted @selfhosting

#SelfHosted #LinkAce Bookmark Manager Running, but Unable to Check for Updates or Generate a Cron Token

Hi all. Hoping someone in the #SelfHosting community can help here. I'm running LinkAce in #Docker behind non-Dockerized #Caddy and #Authelia, and most things are working, but I'm seeing "Could not check for updates" at the bottom of each page, and when I tried to generate a cron token, nothing happened except for the generate button graying out. I am seeing one or two 404 errors in my logs, but I don't know if that's causing the problem or not. I don't know much about #PHP applications.

Logs

2025-02-22 23:25:26,460 INFO supervisord started with pid 12025-02-22 23:25:27,465 INFO spawned: 'php-fpm' with pid 82025-02-22 23:25:27,467 INFO spawned: 'caddy' with pid 9[22-Feb-2025 23:25:27] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root[22-Feb-2025 23:25:27] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root[22-Feb-2025 23:25:27] NOTICE: fpm is running, pid 8[22-Feb-2025 23:25:27] NOTICE: ready to handle connections{"level":"info","ts":1740266727.5264525,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}{"level":"info","ts":1740266727.5280282,"msg":"adapted config to JSON","adapter":"caddyfile"}{"level":"warn","ts":1740266727.5280406,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}{"level":"info","ts":1740266727.529092,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}{"level":"warn","ts":1740266727.529331,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}{"level":"info","ts":1740266727.5294206,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40000bab00"}{"level":"warn","ts":1740266727.530186,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}{"level":"warn","ts":1740266727.530195,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}{"level":"info","ts":1740266727.530198,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}{"level":"info","ts":1740266727.5412574,"msg":"autosaved config (load with --resume flag)","file":"/home/www-data/.config/caddy/autosave.json"}{"level":"info","ts":1740266727.541271,"msg":"serving initial configuration"}{"level":"info","ts":1740266727.5477707,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/home/www-data/.local/share/caddy"}{"level":"info","ts":1740266727.5541356,"logger":"tls","msg":"finished cleaning storage units"}2025-02-22 23:25:28,555 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)2025-02-22 23:25:28,555 INFO success: caddy entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)::1 -  22/Feb/2025:23:25:34 +0000 "GET /index.php" 200::1 -  22/Feb/2025:23:25:34 +0000 "GET /index.php" 404

Docker Compose file

services:  #
***
LinkAce  linkace:    image: docker.io/linkace/linkace:latest    container_name: linkace    restart: unless-stopped    depends_on:      - linkace_db    ports:      - "0.0.0.0:3009:80"    volumes:      - ./.env:/app/.env      - ./backups:/app/storage/app/backups  #
***
Database  linkace_db:    image: docker.io/library/mariadb:11.5    container_name: linkace_db    restart: unless-stopped    command: mariadbd --character-set-server=utf8mb4 --collation-server=utf8mb4_bin    environment:      - MYSQL_ROOT_PASSWORD=${DB_PASSWORD}      - MYSQL_USER=${DB_USERNAME}      - MYSQL_PASSWORD=${DB_PASSWORD}      - MYSQL_DATABASE=${DB_DATABASE}    volumes:      - db:/var/lib/mysql  #
***
Cache  linkace_redis:    image: docker.io/bitnami/redis:7.4    container_name: linkace_redis    restart: unless-stopped    environment:      - REDIS_PASSWORD=${REDIS_PASSWORD}volumes:  db:

.env (secrets redacted)

## LINKACE CONFIGURATION# The app key is generated later, please leave it like thatAPP_KEY=redactedAPP_ENV=development## Configuration of the database connection## Attention: Those settings are configured during the web setup, please do not modify them now.# Set the database driver (mysql, pgsql, sqlsrv, sqlite)DB_CONNECTION=mysql# Set the host of your database hereDB_HOST=linkace_db# Set the port of your database hereDB_PORT=3306# Set the database name hereDB_DATABASE=linkace# Set both username and password of the user accessing the databaseDB_USERNAME=linkace# Wrap your password into quotes (") if it contains special charactersDB_PASSWORD=redacted## Redis cache configuration# Set the Redis connection here if you want to use itREDIS_HOST=linkace_redisREDIS_PASSWORD=redactedREDIS_PORT=6379APP_DEBUG=true# SSO configurationSSO_ENABLED=trueSSO_OIDC_ENABLED=trueSSO_REGISTRATION_ENABLED=trueREGULAR_LOGIN_DISABLED=trueSSO_OIDC_BASE_URL=https://auth.laniecarmelo.tech/  # Your Authelia base URLSSO_OIDC_CLIENT_ID=linkaceSSO_OIDC_CLIENT_SECRET='redacted'SSO_OIDC_SCOPES=openid,profile,email

Caddyfile snippet

{    email laniecarmelo@gmail.com    debug    acme_dns cloudflare redacted    http_port 80    https_port 443    admin :2019 {        origins 127.0.0.1:2019 0.0.0.0:2019 stormux:2019 caddy.laniecarmelo.tech    }}(logconfig) {    log {        output stdout        format json    }}(auth_headers) {    header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"}(proxy_config) {    header_up Host {http.request.host}    header_up X-Real-IP {http.request.remote}    header_up X-Forwarded-User {http.auth.user.id} # Pass user ID    header_up X-Forwarded-Email {http.auth.user.email} # Pass email}(authelia_middleware) {    forward_auth localhost:9091 {        uri /api/verify?rd=https://auth.laniecarmelo.tech/        copy_headers Remote-User Remote-Email Remote-Groups Authorization    }}bookmarks.laniecarmelo.tech {    route {        import authelia_middleware        reverse_proxy localhost:3009 {  # Directly proxy to LinkAce's web server            import proxy_config        }    }    import logconfig    import auth_headers}

Authelia config snippet

    - domain: "*.laniecarmelo.tech"      policy: bypass      networks:        - 192.168.1.0/24    # Local network        - 172.17.0.0/16     # Docker bridge network        - 100.64.0.0/10     # Tailscale network    - domain: "bookmarks.laniecarmelo.tech"      resources: ["^/api.*"]      policy: bypass    - domain: "*.laniecarmelo.tech"      policy: one_factor            - client_id: linkace        client_name: LinkAce bookmarking app        client_secret: redacted         public: false        authorization_policy: one_factor        scopes: [openid, groups, profile, email, offline_access]        redirect_uris:          - https://bookmarks.laniecarmelo.tech/auth/oidc/callback        grant_types: [authorization_code]        response_types: [code]        response_modes: [form_post, query]        userinfo_signed_response_alg: none        consent_mode: explicit        pre_configured_consent_duration: "1y"

Does anyone know what might be causing this and how I can fix it?
#Linux #ArchLinuxARM #Stormux #RaspberryPi #RaspberryPi500 #RPi #RPi500 #tech #technology
@selfhost @selfhosted @selfhosting

#MiniFlux users, can anyone help?

Hi all. I'm having some issues with MiniFlux, a #SelfHosted #RSSReader, and hoping someone can help. MiniFlux was working fine until I tried to deploy ReactFlux on the same domain as it, rss.laniecarmelo.tech, on a subpath, /reactflux. This didn't work so I removed ReactFlux. I also migrated MiniFlux from #Docker to #Pacman package, thinking it would be easier on my system. This problem, or a similar one, was occurring before I did that though.

Now, rss.laniecarmelo.tech loads the MiniFlux login page, but when I login, it redirects to a blank page at rss.laniecarmelo.tech/login. I've added trusted proxies and cookie configuration to my miniflux.conf and headers to my Caddyfile, but I still have the issue.

I'm using #Caddy for #ReverseProxy and #Cloudflare for #SSO. Has anyone seen anything like this before? This is on a #RaspberryPi500 running #ArchLinuxARM.

I've checked MiniFlux logs, and it's getting the login requests and creating sessions. I'm not sure what's happening after that. Cloudflared and Caddy seem to be working normally.

#SelFhosting #Linux #RSS #RaspberryPi #RPi #tech #technology
@selfhost @selfhosted @selfhosting