this post was submitted on 16 Mar 2025
140 points (97.9% liked)

Selfhosted

44362 readers
1087 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
140
What's up, selfhosters? It's selfhosting Sunday! (lemmy.nocturnal.garden)
submitted 20 hours ago by tofu@lemmy.nocturnal.garden to c/selfhosted@lemmy.world
111 comments fedilink hide all child comments
 

I know for many of us every day is selfhosting day, but I liked the alliteration. Or do you have fixed dates for maintenance and tinkering?

Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.

This post is proudly sent from my very own Lemmy instance that runs at my homeserver since about ten days. So far, it's been a very nice endeavor.

you are viewing a single comment's thread
view the rest of the comments
[–] bananoidandroid@feddit.nu 2 points 3 hours ago (1 children)

I've set up a reverse proxy to try out hosting a few APIs but i'm curious about best practice and haven't found any good way to do it. Anyway, i have them running dotnet 9 on debian, and hosting them on http ports and then reverse proxying to apache that serves them externally with certbot on 443 to some real hostnames. I would really want to host them on https internally as well, but is there a neat way to "cert" them without an internal CA-service? My experience with self-signed certs are mostly that they always force me to trust the server cert in my connection strings, which is also unsafe so i just don't bother. Is it worth working on and which is the best approach here?

[–] rumba@lemmy.zip 3 points 2 hours ago (1 children)

Non SSL behind your ingress proxy is acceptable professionally in most circumstances, assuming your network is properly segmented it's not really a big deal.

Self-signing and adding the CA is a bit of a pain in the ass and adds another unnecessary layer for failure in a home network.

If it really grinds your gears you could issue yourself a real wild card cert from lets encrypt then at DNS names with that wild card on your local DNS server with internal IPs, but to auto renew it you're going to have to do some pretty decent DNS work.

To be honest I've scrapped most of my reverse proxies for a nice tailscale network. Less moving parts, encrypted end-to-end.

[–] bananoidandroid@feddit.nu 1 points 1 hour ago

Thanks! I initially considered going the wildcard route until i saw the workload involved for my host! There does seem to exist autorenewal programs for the largest hosts out there but i'm trying to support my local businesses so it's unfortunately out of of my scope at the moment, but i'll checkout your suggestion and see what tailscale has to offer!