I see now, that makes sense why you are building the image since it was set up that way. I don’t know why projects set up the compose file to build the image when they already have a publicly available image to use; it just creates unnecessary friction for people who just want to test out the software. Anyway, using that image should work for you, but feel free to ask if you run into any issues.
Why are you building the image yourself? Not that there’s a problem with that necessarily, but it seems a bit wasteful of your resources unless you have a specific reason to do so. There’s a docker image (quay.io/invidious/invidious:latest) built by the developers that gets updated pretty frequently. I’ve been using it for years now and it’s been working perfectly fine for me the whole time.
If you’re ok with just file storage sftpgo has been solid for me for years now. Does sftp ftp and WebDAV (like nextcloud). Webui isn’t as pretty but it’s fast. Mobile apps will be various sync apps with sftp or WebDAV support. On Android folder sync pro is pretty good for keeping documents and pictures backed up
Just another option. If you know already or are willing to learn how to write documents in markdown format (like how lemmy supports), and learn some of infrastructure set-up and it can be between free and very cheap to have a blog on something like netlify.app, github pages or others. There are plenty of static site generators out there that can be both relatively easy and very powerful.
I currently have a private blog set up on a cloud provider that just takes markdown documents and builds those along with some templates and webpage code to create a site like this. Although I have mine hosted on a VPS with my own domain, it’s completely possible to use something like github pages, netlify.app, etc. for that. They’re both free afaik to host on, but if you want to pay for a dedicated service they are usually between 2 and 5 USD per month.
Edit: The option above isn’t activitypub software, sorry for not realizing that immediately, but it is federated in a way I suppose.
Well that’s disappointing. I’ll have to investigate further I guess. I was really hoping to set it up (at least initially) without any type of media storage.
Oh I see, I definitely misunderstood what you were asking. How is your caddy server set up? Is it serving one site per subdomain (site.your.domain) or is it one site per path (your.domain/site/)? I am running traefik so I probably won’t be able to help with specifics, but it’s worth a shot.
The way I have my monitoring set up is to poll the containers from behind the proxy layer. Ex. if I’m trying to poll Portainer for example:
---
services:
portainer:
...
with the service name portainer
from uptime-kuma within the same docker network it would look like this:
Can confirm this is working correctly to monitor that the service is reachable. This doesn’t however ensure that you can reach it from your computer, because that depends on if your reverse proxy is configured correctly and isn’t down, but that’s what I wanted in my case.
Edit: If you’re wanting to poll the http endpoint you would add it before like http://whatever_service:whatever_port
I believe the Pictrs is a hard dependency and Lemmy just won’t work without it, and there is no way to disable the caching
I’ll have to double check this but I’m almost certain pictrs isn’t a hard dependency. Saw either the author or one of the contributors mention a few days ago that pictrs could be discarded by editing the config.hjson to remove the pictrs block. Was playing around with deploying a test instance a few days ago and found it to be true, at least prior to finalizing the server setup. I didn’t spin up the pictrs container at all, so I know that it will at least start and let me configure the server.
The one thing I’m not sure of however is if any caching data is written to the container layer in lieu of being sent to pictrs, as I didn’t get that far (yet). I haven’t seen any mention that the backend even does local storage, so I’m assuming that no caching is taking place when pictrs is dot being used.
Edit: Clarifications
Thanks for sharing! I’ll definitely be looking into adding this to my infra alerting stack. Should pair well with webhooks using ntfy for notifications. Currently just have bash scripts push to uptime-kuma for disk usage monitoring as a dead man trigger, but this should be better as a first-line method. Not to mention all the other functionalities it has baked in.
Edit: Would also be great if there was an already compiled binary in each release so I can use bare-metal, but the container on ghcr.io is most-likely what I’ll be using anyway. Thanks for not only uploading to docker hub.
I have reservations about running either the agent or portainer itself on something external to my lan.
I don’t feel like it’s safe enough personally either, so I just have portainer edge-agent nodes connected to the primary on my intranet through through vpn tunnels. I really, really would prefer not to ever open ports on my local firewall, but being able to monitor and control remote docker hosts is also pretty convenient, so my solution has been decent for me.
Agree completely. In the grand scheme of things the damage that appears to have happened here is small potatoes, but it brought attention to the vulnerability so it was patched quickly. Going forward now, the authors and contributors to the project might be a bit more focused on hardening the software against these types of vulnerabilities. Pen testing is invaluable on wide user-base internet accessible platforms like this because it makes better, more secure software. Unfortunately this breech wasn’t under the “ethical pen testing” umbrella but it sure as hell brought the vulnerability to the mindshare of everyone with a stake in it, so I view it as a net win.
Holy crap that’s awesome! I’d be lucky to get 1 minute out of my trash Cyberpower UPS once the power goes out. Thanks for the informative post OP! And for the inspiration!
I think ejabberd or another other xmpp server would have been my first choice for a service like this by a long shot. If only we had some good iOS clients to go to. While I’m on android, most of the family and some of the friends use iOS, so it was kind of a non-starter from that alone.
Edit: log -> long
It’s an older Panasonic ToughBook CF-C2 with an ExpressCard34 slot I’d say circa 2013. I have a gigabit Ethernet adapter jammed in there for WAN. I’ve been using the setup for maybe 8 years and it’s been ultra reliable for me.
Hmmm. I don’t have a network/infrastructure diagram or anything yet, but I’ve been meaning to create one. I’ll probably put one together and post more about my setup if there’s any interest. I’ll be sure to tag you when I do. Thanks for the interest!
My long and mostly complete list:
These services are the result of years of development and administrating my lab and while there is still some cruft, it’s mostly services that I think have real utility.
As far as hardware:
Running pfsense on a toughbook laptop as a router-firewall.
A SuperMicro 24 bay disk-shelf with Proxmox and ZFS for NAS duties and a couple services.
Lenovo Tiny boxes with a Proxmox cluster for the majority of my local services.
Dell managed switch
A few Raspberry-pi’s with Raspbian for various things.
Linksys AP for wifi
Edit: Spelling is hard.
I had this long post typed out on Jeroba about why I wouldn’t recommend it, but maybe I hit the character limit? IDK. Anyway, the point I wanted to get across is that I’ve been down that road, and up until February it was going ok, but one should absolutely not trust the Oracle free tier for any service that should be reliable long term, they can and will take the VM down and take back that generous free tier allotment, and IIRC sometimes without any notice. In my case it was literally because my VM was under utilized. No option to downscale my instance, just a notification that they’re taking my allotment back and deleting the VM a few weeks before it happened.
I think of it like selfhosted@lemmy.world instead of just selfhosted. Sure there may be duplicate communities on different instances but over time I think there will be more people gravitating to a particular community and people will just sub there from then on and the others will become more dormant. When I refer to a community I’ll just use the full name (selfhosted@lemmy.world) and not just the community name (selfhosted)
It’s because the original image macro that this is based on was about piracy, saying something along the lines of “I bring a certain ‘just torrent it’ vibe to the conversion that the riaa just doesn’t like.”
Their reuse of the macro is indirectly an answer or a continuation of it that can be seen as acknowledging the original message.