from Imaginary_Stand4909@lemmy.blahaj.zone to selfhosted@lemmy.world on 30 Nov 03:59
https://lemmy.blahaj.zone/post/35059045
TL;DR: Unsure if I should just run Syncthing, or do a Nextcloud. Tailscale seems at risk of enshittification, so do I find alternatives or just use it for ease? Is Immich easy enough to set up without Tailscale? Stick with docker or podman for ease? Are externsl drives easy to work with? Should my RAID1 be NTFS or Ext4?
Starting My Selfhosting Journey I recently got my drive bay and Optiplex and have already flashed Proxmox onto it so I could eagerly spin up some local services to see what I wanna stick with. Or at least I tried anyway š
Jellyfin in a debian container was quick, painless and seems to work fine. But I was trying to set up Nextcloud and I felt lost, with the many different ways people go about it. When I tried to set up Nextcloud AIO in a Debian VM with docker it forces you to set a domain for your instance, but I only want to do local for now (ease and security until I get the hang of things). Which then runs into the hosting a domain via Tailscale problem. 90% of guides, videos, scripts, etc. seem to only focus/support Tailscale, but they force you to use third-party accounts for logins, and I started this whole thing to distance myself from Big Tech. Is Headscale or NetBird a better idea (when I do decide to remotely access)? Whoās more beginner friendly? Similarly, docker or podman?
I do know the difference between Syncthing and Nextcloud, but I wonder which I should stick with. I want to start being better about backing up my phone and laptop, and I know I could use syncthing to share these backups with each other, but I thought itād be nice to try to replace my minimal Google Drive and Onedrive usage with Nextcloud and just put everything there. Iād still have to backup that data to an external location though if I want to follow the 3-2-1. So should I just do encrypted backups and put them in a cheap providerās cloud, and drop the idea of a selfhosted cloud?
Similarly related to the Nextcloud issue, is Immich another heavily Tailscale dependant service?
Side note: How easy is it to use external drives with these services Iāve mentioned? I plan to use my drive bay that currently has 2TB (4 drives running in RAID1), so I can only connect to it via cable. Can I have most of my media stored on the drives, or will that not work? Also, I swear I had to keep verifying my login every few mins when accessing my drives on ext4 format? I switched it to NTFS recently but Windows canāt read/see the drives at all (does it not like Linux formatting it?)
Future Ideas: Once I get these first few down, any suggestions? Iām feeling the power rush and craze from being free and able to run my own stuff, and I want to prove to my mom how useful itāll be. I want to move away from YT Music, and Iāve heard Jellyfin + Jellyamp works good, but is there another I should run (Navidrome)? Should I get into the arr services and torrenting (I do have ProtonVPN)?
I tried looking at previous posts but I just wanted a little more personalized advice. Iām extremely greatful for any help and I will make sure to post my beautiful setup later once I get it going after yāalls input. Itās really exciting thinking about the possibilities!
threaded - newest
Tailscale is great. You should use it. Most of their code is open-source. Their coordination server is closed-source, however thereās a self-hostable open-source reimplemention called Headscale if you want a fully-open-source Tailscale stack.
Tailscale is a peer to peer VPN, meaning thereās no central server like with OpenVPN. Systems on the VPN connect directly to each other. You can also use Wireguard in this way if you configure it as a mesh (every device on the VPN has every other device configured as a peer, and for each pair, at least one of them has the port open and forwarded). Tailscale is more reliable for that as it uses several NAT traversal techniques, so you donāt need to open the port and it works even if both ends are behind NAT.
Immich doesnāt rely on Tailscale; you can use any VPN.
They donāt recommend exposing it to the public internet at the moment though, which is why youād use a VPN(edit: as per a reply, this is not the case any more). In general, never expose anything publicly unless it absolutely has to be (like a website that anyone can access). For giving access to friends, you can share a device with them via Tailscale and configure an ACL so they can only access particular services on it.For the drives, Iād recommend ZFS instead of Ext4 or NTFS. ZFS can detect bitrot and corruption using checksums, which neither Ext4 nor NTFS can do. NTFS isnāt recommended unless youāre running Windows Server, but you already said youāre using Proxmox.
IMO, use Syncthing instead of Nextcloud, unless youāll be using all the other apps that come with Nextcloud (calendar, office tools, chat, etc). Syncthing does one thing and it does it well, which is almost always better than using software that tries doing a large number of things. Consider Seafile too.
For backups, Iād recommend Borgbackup and Borgmatic. Get a cheap storage VPS to store it. You should be able to get a deal for less than $2/TB/month during the current Black Friday sales. Check LowEndTalk for deals. A Hetzner storage box would work great too.
Dumb question: my bitwarden browser plugin doesnāt work properly of my Vaultwarden doesnāt run https. Right now Iām exposing it under subdomain with self-cert in nginx proxy manager. Could I switch over to using my Headscale with ātailscale serveā? Does this work and can I use it https in that way?
A domain with DNS access costs around 2ā¬ a year. Just buy your own and generate certificates with Acme.
Tailscale serve might work; I havenāt tried it so I donāt know what itās capable of.
Usually Iād recommend getting a real domain name and using Letās Encrypt. .com domains are around $10/year but some TLDs are even cheaper. If you donāt mind which TLD you use, go to tld-list.com and sort by renewal price.
Edit: I forgot to mention - a server does not need to be publicly exposed to use Letās Encrypt. You can use a DNS challenge instead of a HTTP one.
On the public Immich bit, they have docs on how to setup a reverse proxy correctly. No security warnings.
That sounds like a thumbs up to me?
Interesting! They used to have a warning about it. I guess they removed it at some point. Itās referenced in this discussion for example: github.com/immich-app/immich/discussions/13008
That pretty much says: safe when stable. (Which it is now) Makes some sense.
Mine is public, so I hope itās safe (ish)
Iām still learning myself, but am planning to use NetBird instead of Tailscale to access my VMs and apps without exposing them to the web. So far, itās been pretty easy to set up.
I did this about a year ago, and started with tailscale. But for some bizarre reason, tailscale would cause my entire internet connection to drop. I had the internet provider come out 5 times to fix it, i got a new router twice, they even checked for cable problems between my house and the neighbourhood switch. All to no avail. I would lose internet connection several times a day until i would reboot my router. I then found someone on their forum mention that tailscale was causing problems, so i turned it off. The problems stopped. I found no way to mitigate this.
I ended up running wireguard, which works great for me, but does have a bit of a learning curve. I have rented a tiny cloud server which is the central hub, and all of my services run in podman with their own wireguard config. I run my own dns for the lacal domains. It took me a bit of effort, but is now running very stable.
To answer your first bit:
I went owncloud --> nextcloud --> syncthing + radicale.
Not looked back.
I run everything through a proxy in my home-built pfsense box.
Syncthing. You donāt need nextcloud.
I use wireguard directly instead of tailscale. Not sure what router youāre using, but mikrotik support it out of the box. I am sure they are not the only ones. My phone runs on it 24/7 and has access to the rest of my services.
I havenāt setup nextcloud, so canāt give any advice on that. Immich was insanely easy to setup though.
I like navidrome, but I am not using jellyfin, so I have nothing to compare it with.
Id recommend setting up a domain even if just for local use. No-ip.com is at least working for me right now (i have free throwaway domain set up there and my router is keeping my dynamic ip dns records up to date so i can wireguard into my router/lan even if the ip changes).
You dont need to expose your services but if you ever do want to, itās so much easier if youve got a working reverse proxy infront already set up plus you can use https via letās encrypt certifications inside LAN
Setting up (sub)domains in lan forces you to learn to use a reverse proxy like caddy traefik or nginx. Personally to me NPM(nginx proxy manager) was the easiest to use but i use caddy nowadays. For half a year i didnt expose anything but after wanting to share some albums with the extended family i decided to do so via pangolin hardened with crowdsec running on a virtual private server. Pangolin - while not as easy as tailscale is selfhosted and is very well documented and works well. Then internally, i still have my casdy reverse proxy and certs.
All the services work with the same domain names internally (via the routers dns) and externally. Internally the domain simply points to my severs LAN address. Externally the domain points to my VPS where Pangolin relays my internal domains to the users but adds an extra authentication layer/recerseproxy/access control layer infront. For authentication i use Pocket ID. I can reach nextcloud and access and edit all my documents and other files right there in the browser from any computer which is very convinient.
I also had a lot of difficulty setting up NextCloud. Based on the various reviews and comments, it seems like I may have actually dodged a bullet.
In general, as Iāve tried different self-hosting solutions, Iāve found that using a dedicated solution for each purpose has given me better results. I use Radicale for contacts and Calendar, Immich for photos, Jellyfin for media (Navidrome for music is great, but I ended up keeping my music library in Jellyfin because I liked the client apps better).
Iām using OwnCloud for filesync, although Iām also testing CopyParty, which is pretty phenomenal and stupid simple.
Tailscale is GOAT. Some people have speculated that it could be subject to enshitification some day. Itās managed by a for-profit company, but everything they do is open source. There are already well-tested forks like HeadScale if you ever have the need to self-host it in the future.
NextCloud seems great if you can get it working and provides a lot of services in one. Some people have said that causes bloat and slowdown, so there are two sides to the coin.
Syncthing is likely not a good option for a file server. Itās great if you want to have a shared file or folder on multiple devices, especially if you just want to transfer files quickly and seamlessly. Itās fantastic at what it does, but itās not a file server. There are a lot of opportunities for error when using Syncthing.