this post was submitted on 23 Jan 2025
24 points (96.2% liked)

Selfhosted

41674 readers
640 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
24
Migrate from YunoHost to Docker? (slrpnk.net)
submitted 1 week ago* (last edited 1 week ago) by compostgoblin@slrpnk.net to c/selfhosted@lemmy.world
22 comments fedilink hide all child comments
 

I’m still a newcomer to self hosting, and I could use some guidance on how to best accomplish what I’m trying to do.

Right now, I’ve got AdGuard, Jellyfin, and Nextcloud running on a Raspberry Pi 4 with a 500 GB external hard drive, using YunoHost. Those services are all available at my free domain name provided by YunoHost.

I’d like to run all of those services on the same Pi they’re on now, but using Docker, so I have more control and access to more applications. I would also like to configure a reverse proxy so I can access them at, for example, nextcloud.mydomain.com. (YunoHost doesn’t support custom domains from Porkbun, which is the registrar I’m using.)

What would be the least painful way to go about this? I understand how Docker works conceptually, but I admittedly don’t really know how to use it in practice. Are there any resources available that would get me up to speed quickly?

Appreciate the help - thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] compostgoblin@slrpnk.net 1 points 1 week ago (1 children)

Why is that? I’m switching away regardless, so I’m just curious. I started using it because it made everything simple

[–] ikidd@lemmy.world 5 points 1 week ago (1 children)

Every application you expose to the internet, even via a reverse proxy, increases the chances you'll get popped. Set up Tailscale or another VPN for every device that accesses these applications. If you absolutely need real SSL certs because you can't just use private certs, you can turn on forwarding to a proxy like Nginx Proxy Manager for long enough to pull a cert, but otherwise you should just reference the internal address of that proxy from devices over the VPN or locally in the network. Tailscale has very good documents on how to set up a secure network using VPN. You can also use DNS-only certs instead of opening the firewall.

If you have to, set up a local DNS like Technitium or even Pihole with custom entries to give you internal name resolution for your registered domain/host names.

If you absolutely, positively need to expose an application, at least use Basic Auth on that hostname. It drastically reduces the attack surface before it gets to the application.

[–] sugar_in_your_tea@sh.itjust.works 3 points 1 week ago

To add to this, you should practice good security elsewhere as well:

  • host everything in containers, and only let them access what they need
  • manage TLS behind your firewall, so a vulnerability doesn't expose packets for other services
  • run your containers with minimal privileges (look into podman, for example), so they'll be limited if they escape the container
  • use a strong root password (or no root), and put passwords on any SSH keys you use there (e.g. for git repos, accessing other servers, etc)

Once you expose something inside your network, you need to ramp up security.