Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Yes please unless you want to fiddle with authentication services and their configuration sudoku I would recommend using a vpn or vpn service like tailscale (very user friendly) to access your services when not home.
If you want to continue with this id recommend looking into authelia or authentik to add an additional layer of security :)
That is very true. I've got Tailscale setup and I can get into it through that. Unfortunately I can't put Tailscale on my work machines, so having access via the web would be useful.
Ah I see that is a good point I had not considered!
Oof. That's bad news. I don't have that bit of kit on my setup though. Luckily.
...I thought you just said you're running OwnCloud?
Yeah but the report says the vulnerability is related to graphapi which doesn't seem to be a part of all OwnCloud installations. I can't see it on mine either.
in nginx:
server {
...
location / {
...
proxy_pass https://redacted.......;
proxy_pass_request_headers on;
proxy_pass_header Set-Cookie;
proxy_set_header HOST $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
}
}
I think the was a trusted proxy setting in owncloud itself that needed to be set too, or maybe I'm thinking of another service.
Thanks a lot. Whereabouts do I add it to Nginx? Do I need to do this through the dashboard for the proxy host or is there something in docker that I need to add?
Sounds like you're using nginx proxy Manager, a web based frontend for nginx. If so, you have to edit your existing host, change to custom locations, add one with "/" as the address and the same containername and port. Then click the cogwheel in this entry to open a text box for custom rules. You can paste the following lines into there:
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Thanks a lot. I'm still getting trusted domain errors. Obviously need to have a dig around.
proxy_pass https://
Thanks. I found it, but still borked. Need to do some digging. Strange things are afoot at the Circle K ...
I configure nginx with text condig files.
No clue how or where that is in your setup, but presumably somewhere where you configure the proxypass and server names.
What env vars are you using for the docker and what's in the config.php?
If you’re hosting via docker, I highly recommend deploying a Traefik container as it is a phenomenal reverse proxy to pair with containerized hosting
Thanks for the rec. I've got all my stuff running through NPM and am loath to change it just for this one (annoying) thing!
What are the advantages over Nginx Proxy Manager?
Not familiar with owncloud.
But can't you set something like "http://127.0.0.1" as domain?
You need to forward the real IP from nginx.
I'll upload an example when I get off work
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
HTTP | Hypertext Transfer Protocol, the Web |
IP | Internet Protocol |
nginx | Popular HTTP server |
2 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.
[Thread #312 for this sub, first seen 29th Nov 2023, 21:55] [FAQ] [Full list] [Contact] [Source code]
Ah, thank-you so much!
Yeah see I'm not even sure what the env vars are. I'm running it with docker-compose and the only alterations I've made to anything are to add my IP address to the config file in the trusted domains array. That's definitely where it needs to go because if I take it out then it flops hard.