aucubin

You can add the device you want to use PiHole with to your WireGuard VPN and set the DNS property for the Interface.

Then you need to add the PiHole machine to the VPN, if it is not already reachable (or you use your existing machine in the internal networking with masquerade)

The lemmy instance works fine so far. I had some problems migrating the nginx config file from the lemmy manual migrated to traefik, but it works with this guide here.

I'm not really forwarding ports, but I'm rather using a more complex setup. I have two devices - my router and an external VPS hosted in a datacenter. These devices are connected via WireGuard. On the VM where all my services are installed there is traefik installed which is used as reverse proxy for the services and does TLS. The VPS has HAProxy configured to the internal VM in TCP mode, which makes the services available from outside and is important to get valid Let's Encrypt certificates as I'm not using DNS Verification.

I know it's a bit hard to understand, but it works fine for me and I'm not depending on any third-providers (other than the Hoster of the VPS, which I can easily swap if needed).

I use INWX. Prices are very cheap and their DNS supports most of the record-types available, which I didn‘t have at some of the registrars I was at before.

I used Toot! on iOS. Was the first app I tried after the official one and it works fine, so I stuck with it.

It works fine for my use-case which is basically just tracking my work-time for the employer I'm working at, so I don't really use the freelancing options like invoicing.

Had some problems with the docker container, because they did some breaking changes, but overall it works for me.

It also supports SAML so I can use it with Keycloak and there is an app for the iPhone, which I'm using that works nicely with it.

Getting a better rack. My 60cm deep rack with a bunch of rack shelves and no cable management is not very pretty and moving servers around is pretty hard.

Hardwarewise I'm mostly fine with it, although I would use a platform with IPMI instead of AM4 for my hypervisor.

Pretty much anything I can. Host OS is mostly Debian with Docker, only the Git Server is running on Alpine. Hardware-wise everything is running on Proxmox with an FreeBSD NAS for backup and data storing

• Logging/Monitoring Stack (Grafana, Loki, Prometheus, InfluxDB)
• Step-CA for custom internal CA
• Firefly III as budgeting tool
• Kimai for work-time tracking
• Vikunja for Project Management
• Keycloak as OIDC server
• Grocy for inventory management
• Bookstack as personal Wiki
• The lemmy instance i'm posting from
• Mastodon
• Nextcloud with Collabora Office
• Bitwarden as Password Manager
• Miniflux for RSS Feeds
• Some websites
• Gitea
• Wireguard
• Jellyfin
• Metube
• Mail server running docker-mailserver (only as fallback due to sending problems to Microsoft)
• Uptime-Kuma
• Home-Assistant

I didn't have a guide available, so I created one just now here.

From the Protection side you are right. My setup does not have DDoS protection or the WAF offered by Cloudflare, but as I didn't need that (yet) I'm fine with it. Would be something to look into, should I even get enough traffic on my pages that machine could not handle it.

The nginx config provided in the Docker installation part contains everything needed for nginx. If you are installing lemmy directly on the machine you may need to use different upstreams.

The websocket part is basically the

            # proxy common stuff
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

part in the nginx config on that page.

Ok, just to understand what you did. You got an Digital Ocean droplet with Docker and used the instructions in the link I posted or different ones?

If you are using the instructions from my link nginx will also run in a docker container, which means that your upstream will not be on localhost, but rather the lemmy and lemmy-ui containers.

If you did install it locally then localhost:1235 could be correct.

Ah, so you added another nginx on the host by installing it from the package store of the distro and have that proxy port 80 to the docker nginx?

If you do that then you also need to add the websocket settings I had in the first comment to the host nginx.

What I meant what that the nginx in the docker-compose from lemmy also listens to port 80 and you just need to add

server {
    listen 80;
    server_name my_domain.tld;

    location / {
        proxy_pass http://localhost:LEMMY_PORT;
        proxy_set_header Host $host;
        include proxy_params;
    }
}

to the nginx.conf of the container.

Then you should have it accessable from port 80 without the host nginx (of course you need to stop the host nginx then).

No, you are right. If you are using the nginx container from the docker installation guide then you will also need to add port 80 atleast in order to see anything, as nginx will otherwise not listen on the port 80 of the droplet.

How does your nginx.conf look now?