Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Another tip, please be very careful when exposing ports to the public. With docker you're already mitigating your attack surfaces but an open port allows anyone to make a connection and there are lots of bots out there looking for open ports and vulnerabilities. A good alternative would be to setup wireguard and instead then connect through that or if you like simplicity check out Tailscale.
Especially with music, if any of this is plain HTTP (or any other plaintext, non-encrypted protocol) and you live in a lawsuit happy jurisdiction you might end up with piracy letters in the mail.
It is plain HTTP. There's a username and password needed to log in and access the music, though if that helps?
Plain HTTP means anyone between you and the server can see those credentials and gain access.
It it using HTTP Basic Auth by chance? It would be so easy to put nginx (or some other reverse proxy with TLS) in front and just pass the authentication headers.
I don’t know what kind of authentication it uses, but it dots appear to be susceptible to brute force https://github.com/navidrome/navidrome/issues/242
But if I add a reverse proxy I would need it to just affect that one service/port. I’m running a publicly facing static (amateur/hobby) website - and other services - from there too and I’d prefer it to remain public.
All of my public facing sites are behind a reverse proxy. I use Nginx Proxy Manager it runs from docker and has an easy webgui. It takes care of things like https certificates and stuff to.