Personal opinion. If you successfully booted Debian, stick with it. No need to try out a bunch of distros. Debian is well known, well supported, tons of resources AND everything works out of the box with your POS systems. Sold!

Lemme fix the headline for you.

HashiCorp joins the list of companies and software killed by IBM.

In my opinion it really comes down to support, price (first year and renewal) and ethics.

For the ethics piece, if you think Google is an evil company then avoid Google Domains, as an example.

OnlyOffice has fantastic support for Microsoft originated documents. I typically use the Flatpak version. The look and feel is very similar to the office suite so you should be “right at home”.

This right here

I avoid McAfee like the plague!

Great suggestion. Not sure why I didn’t think of it. It’s one of my first stops for this kind of stuff. I did check out this site which is how I found Akaunting.

Honestly, if you have never used containers before I would suggest starting with docker as it has more readily accessible beginner walk through and tutorials. From there, you will have a good idea as to switching to podman is the right move for you or not.

Personally, I started with docker and haven’t moved from there since I don’t see a need (yet). I have dozens of services running on docker. I don’t know how heavy of a lift it would be to learn podman but like I said, I don’t feel the need to do so.

Maybe try out both and see which one you like more?

When you created your containers, did you create a “frontend” and “backend” docker network? Typically I create those two networks (or whatever name you want) and connect all my services (gitlab, Wordpress, etc) to the “backend” network then connect nginx to that same “backend” network (so it can talk to the service containers) but I also add nginx to the “frontend” network (typically of host type).

What this does is it allows you to map docker ports to host ports to that nginx container ONLY and since you have added nginx to the network that can talk to the other containers you don’t have to forward or expose any ports that are not required (3000 for gitlab) to talk from the outside world into your services. Your containers will still talk to each other through native ports but only within that “backend” network (which does not have forwarded/mapped ports).

You would want to setup your proxy hosts exactly like you have them in your post except that in your Forward Hostname you would use the container name (gitlab for example) instead of IP.

So basically it goes like this

Internet > gitlab.domain.com > DNS points to your VPS > Nginx receives requests (frontend network with mapped ports like 443:443 or 80:80) > Nginx checks proxy hosts list > forwards request to gitlab container on port 3000 (because nginx and gitlab are both in the same “backend” network) > Log in to Gitlab > Code until your fingers smoke! > Drink coffee

Hope this help!

Edit: Fix typos

Honestly, haven’t even though about it. Better make this my weekend project.

Someone mentioned having a static page with instructions (home.example.com/emergency or something similar) not a bad idea at all. Actually this might the route I take too. Thank you for talking about something I didn’t even know I needed!

OnlyOffice is the only one that I’ve used that has a good looking UI, works out of the box and very good compatibility (across Microsoft and other document standards). Install is just one flatpak away. Highly recommend.

How are you taking the snapshot automatically?

Ah okay well I appreciate the response anyways. I’m also struggling to figure how to snapshot my /home since I put it in a different partition during install. Timeshift is “unable to see it”.

Love that username tho!! Yeah might just do RSS. I already run FreshRSS and it’s ability to filter stuff would probably come in handy too

Lots of answers in the comment about this particular storage type/vendor. Regardless, to answer your original question, rclone. Hands down. If you spend 30-60 minutes actually reading their documentation, you are set and understand so much more of what’s going on under the hood.

This sounds like the simplest and most effective solution. Thanks!

I’ve mostly stayed away from duplicati because of the “horror stories” around restore operations. Quotes because sometimes people exaggerate but other times they are legitimate concerns/bad experiences.

Thank for the dup vs up tip. I found it odd having to do both.

So I like the idea. The main “problem” I see is that it/you assume that I have access to the code and can modify at will. lol to leverage this. If I have a database container but I don’t want to hard code the secret in a .env, how do I leverage your code/app/library? Another thing is, most of the time these type of secret managers require a password... to retrieve … a password. What’s the benefit in that? What other authentication methods can you provide to authenticate and retrieve the secret I want (without running into the chicken or egg problem). Two example that comes to mind right now are certificate based authentication and IP restrictions.

I do understand that the scenarios I’m describing above may not be the goal of your code. I self host a lot of stuff (10-15 services) that all requires credential but only one app is custom written (so I have access to the source code and can make use of your code) BUT I still need to centrally manage credentials for it all.

I do like the idea of having a single file with the creds. Especially for a small environment, databases are just overkill for this use case (in most cases) and it makes it really easy to backup your creds since it’s just one file.

Perhaps writing up some documentation on ideas and examples for backing up the credentials (rsync, simple copy/paste, etc) would help new comers.

P.S. Bonus points if you can make your code rotate said credentials on a schedule so they are never static.

When I was looking for a DMS I ran across MayanEDMS. I never got a chance to stand up any DMS but it may be worth checking out their site in case it meets your needs.

Not exactly DMS but I have a WikiJS instance running with MFA enabled and access control. For example, my wife and I can access a set of documents we deem sensitive but other users can’t. I use WikiJS for all my documentation needs.

Honestly I had trouble understanding the inner workings of wine and how I may need to use to install windows software so I just watched a few videos on YouTube, downloaded a sample exe (I think I used notepad++) and try it out. 10 minutes later I was running software through wine no problem. Wrote myself a quick documentation guide for my future self and gtg.

Try through the browser first as suggested by someone else. If you are running the Docker container, check you port mappings.

As I started thinking about how to lay out this “emergency page” I started thinking “well in order for this page to be accessible, I have to assume that my servers are up and running for my family to even get to said page. If the servers are offline for any reason, this page would be useless.” So yea probably something physical or non “techy” is best for this

I went with the OpenSSL CA as cryptography has been a weakness of mine and I needed to tackle it. Glad I did, learned a lot throughout the process.

Importing certs is a bit of a pain at first but I just made my public root ca cert valid for 3 years (maybe 5 I can’t remember) and put that public cert in a file share accessible to all my home devices. From each device I go to the file share once, import the public root ca cert and done. It’s a one time per device pain so it’s manageable in my opinion.

Each service gets a 90 day cert signed by root ca and imported to nginx proxy manager to serve up for the service (wikijs.mydomain.io).

Anything externally exposed I use let’s encrypt for cert generation (within NPM) and internally I use the OpenSSL setup.

If you document your process and you’ve done it a few times, it’s gets quicker and easier.

I think for most people it becomes a trade off decision. Do you want to expose ports and potentially open your home to attacks but keep all traffic privately encrypted (if using SSL) and yours? Or do I keep my home unexposed but delegate trust and traffic flow to Cloudflare essentially and potentially allowing them to see my traffic?

For me it depends on the service. Nothing too sensitive or personal or already publicly available? Then Cloudflare tunnel coupled with Nginx Proxy Manager.

Highly sensitive and personal? Then do I really need to expose it to the internet? Most of the time it’s no or a VPN can be used to access those resources.

Something in between? I’d consider forwarding ports and use Nginx Proxy Manager for SSL.

For some people, exposing or forwarding ports isn’t even an option due to ISPs CGNATs, not allowed, etc. In those cases Cloudflare shines and it’s the most feasible solution.

My 0.02 cents

If you are running everything in containers then there’s a very simple and straightforward solution for this. Run your reverse proxy (NPM, Caddy, whatever) on two network (internal and external or whatever you want to call them). In the external network is where you will map your host port to the reverse proxy container. For example, on NPM it’s 81 so you map host 81 to container 81. You should then be able to go to http://localhost:81. The internal network will be where your reverse proxy will talk to your other two web services you want to run so make sure you add your other services to this internal network.

On your DNS (personally I run PiHole) point your service name (as guard) to the IP of the host running your reverse proxy. Do an nslookup on the name to make sure you actually get the right IP for the name you want.

Login to your reverse proxy and configure a proxy host to point to the name of the container and the correct port. Since the reverse proxy is on the same “internal” network, they should be able to talk to each other via names rather than IPs.

Test your connection to the service on your browser.

Another solution (less technical but much faster) would be to runa dashboard service like Heimdall then just add a “link” to the service you want and the port it’s running on. Then you will have a single link to click on that will take you where you want without typing manually. You could even add the dashboard as your browser default page on startup.

There are other ways to skin this cat but these two solutions will get you where you want to go quickly.

After you mentioned it, I looked it up too and stumbled on a similar answer to that link. Thanks!

Fair point. I failed to mentioned features in my previous comment. Things like WHOIS Privacy are essential to me and I imagine it is for most of us (self hosters)

Simple solution. I like it! Although I think it will get lost in the sea of daily emails….

UPDATE: Decide to give rclone a try and try to automate it all through scripts. So far I the rclone script checking for errors, logging to a file and sending discord notifications.

Not to a be a dick but this question (self hosted email) is answered weekly….

You got it! As long as nginx can reach that service container, it will forward the request to it.

service1.example.com is configured in nginx with a proxy host of service1:1234, service2.example.com is proxied to service2:8080 and so on.

Glad you liked it fellow inter webs person!

Just to be clear I just need to track my sales/revenue (even if input is manual) and track expenses (bonus if I could upload a picture of a receipt).

I don’t need to actually send an invoice (I do this straight from my website and it’s a seamless integration so not looking to reinvent this wheel, yet!)

Given the above, is in InvoiceNinja still a good candidate?

This seems pretty vanilla based on what other have suggested but I use regular markdown files in a git repo.

For data flows or diagrams, mermaidJS syntax within the markdown file works wonders and when I need to link one document to another or one section to another, you can use the normal link syntax of markdown.

Easy to use, hardly any setup and easily accessible.

A request for proposal? If that’s what you mean then no. I’m asking for my home setup not for a business/enterprise. If I missed the mark then please elaborate.

I had this same problem but Pihole can act as your DHCP server too. I turned off DHCP on my ISP router, turned it on in Pihole and configured my range (with some buffer for static IPs for servers and others) and off it went. When all my clients (laptops, workstations, phones, etc.) requested an IP (which I saw them trickle in almost immediately), they got their IP from Pihole and also automatically directed all DNS queries to Pihole. No need for complicated setups.

Edit: fix typos.

Mind sharing the script (without the sensitive data)?

I haven’t taken the plunge into rclone because of the scripting part of the equation. Just not great at bash.

My use case is different (B2 for offsite data backups) but I went down the path of rclone and it has been working out very well. A lot better than I expected. I read their official docs (installation, usage, the backblaze setup and crypt) to get started. Played at the command line for a few minutes and realize how quick and easy it was. Wrote a script to automate it and off to the races I went!

Just went searching for something like this as my wife wanted to start a “journal”. The requirements were simple, private, nothing too crazy complicated to use, web interface, easy setup and tear down (in case she didn’t like it). Started up an instance of Ghost, way overkill, was looking at WriteFreely, stood up an instance of Bookstack. She’s trying it out now, nothing bad to report so far. The hierarchy is a bit confusing to grasp but when you put it in the context of something like shelve = My Journal, Book= 2023 Vacation or 2023 or Homeschooling, Chapters = 1st week of Vacation or First year Homeschool, Pages = Todays date. It started clicking with her a bit more. If you find something better, please report back!