realitaetsverlust

The “average user” shouldn’t selfhost anything. Might sound mean or like gatekeeping, but it’s the truth. It can be dangerous. There’s a reason why I hire an electrician to do my house installation even tho I theoretically know how to do it myself - because I’m not amazingly well versed in it and might burn down my house, or worse, burn down other peoples houses.

People who are serious about selfhosting need to learn how to do it. Halfassing it will only lead to it getting breached, integrated into a botnet and being a burden on the rest of humanity.

And I kinda don’t want to know if complex passwords and low retries before an account gets locked out are enough.

I’ve created a custom cert that I verify within my nginx proxy using ssl_client_certificate and ssl_verify_client on. I got that cert on every device I use in the browser storage, additionally on a USB stick on my keychain in case I’m on a foreign or new machine. That is so much easier that bothering with passwords and the likes, and it’s infinitely more secure.

People who don’t care about security are the cancer of the selfhosting-world. Billions of devices are part of a botnet because lazy/stupid owners don’t care about even the most basic shit, like changing the stock password. It’s insane.

As long as you don’t directly connect it to the internet, it’s not hard.

When you do, it does become hard.

I’m kinda confused by all of the people here doing that tbh.

The entire point of dockerfiles is to have them produce the same image over and over again. Meaning, I can take the dockerfile, spin it up on any machine on gods green earth and have it run there in the exact same state as anywhere else, minus eventual configs or files that need to be mounted.

Now, if I’m worried about an image disappearing from a remote registry, I just download the dockerfile and have it stored locally somewhere. But backuping the entire image seems seriously weird to me and kinda goes against of the spirit of docker.

I think because there are ways to protect your entire systems with cryptographic keys - there’s no need for individual applications to do that themselves. You can either only make your network accessible via an SSH tunnel (which would then use SSH-Keys), use a VPN or use mTLS which would require you to install a cert into your browsers key storage.

There’s many good solutions to this problem - no need for individual applications to do it themselves.

Congrats to all the execs, you’ve completely ruined the tech industry.

No - I think they made it (involuntary) better by forcing people into looking into self hosting everything and taking control over their own infrastructure.

Terraform and Puppet. Not very simple to get into, but extremely powerful and reliable.

How do you notify yourself about the status of a container?

I usually notice if a container or application is down because that usually results in something in my house not working. Sounds stupid, but I’m not hosting a hyper available cluster at home.

Is there a “quick” way to know if a container has healthcheck as a feature.

Check the documentation

Does healthcheck feature simply depend on the developer of each app, or the person building the container?

If the developer adds a healthcheck feature, you should use that. If there is none, you can always build one yourself. If it’s a web app, a simple HTTP request does the trick, just validate the returned HTML - if the status code is 200 and the output contains a certain string, it seems to be up. If it’s not a web app, like a database, a simple SELECT 1 on the database could tell you if it’s reachable or not.

Is it better to simply monitor the http(s) request to each service? (I believe this in my case would make Caddy a single point of failure for this kind of monitor).

If you only run a bunch of web services that you use on demand, monitoring the HTTP requests to each service is more than enough. Caddy being a single point of failure is not a problem because your caddy being dead still results in the service being unusable. And you will immediately know if caddy died or the service behind it because the error message looks different. If the upstream is dead, caddy returns a 502, if caddy is dead, you’ll get a “Connection timed out”

I can assure you, you will never need them.

I got a USB stick with ventoy installed, got a gparted and an arch linux iso on that thing, I do use those regularly.