this post was submitted on 16 Jun 2023
57 points (98.3% liked)

Selfhosted

40041 readers
702 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hey. I really like the idea of the fediverse and Lemmy and would want to know as a beginner/not so experienced regarding selfhosting what would be the best way to get started? I saw there are vps options, but don't know of I'm looking in the right direction.

you are viewing a single comment's thread
view the rest of the comments
[–] fox@lemmy.fakecake.org 4 points 1 year ago* (last edited 1 year ago) (1 children)
  • why use two networks, instead they shouldn't expose any internal ports if using reverse proxy container within compose (I'm using a separate external load balancer/reverse proxy, so I exposed lemmy & lemmy-backend only);
  • stuff like hostname: shouldn't be needed because it matches service name;
  • instead of using generic nginx container image with custom nginx.conf you need to place somewhere manually they should pre-build a container which would work OOTB with the compose setup, this would also solve current situation where nginx.conf and compose file are seemingly maintained separately because they don't match (i had to change one to match the other);
  • a minor thing but i would appreciate environment-based setup instead of needing configuration files (lemmy.hjson) on the filesystem (my ansible-based container deploy system has provisions for this stuff, still its something that i'd rather not have to use...);
  • in general compose setup feels like development environment because of all the debugging that is enabled, i think it also tries to build one of lemmy components instead of using an image by default;

it's all minor stuff, really, but it adds up and people who are not particularly savvy might give up on self-hosting lemmy because of if. so some polish and cleanup might be a good idea.

i know there's an ansible role too but i haven't looked through it. i have to do way too much ansible code review & refactoring at work. :)

[–] ipkpjersi@lemmy.one 1 points 1 year ago (1 children)

I'm planning on self-hosting an instance (and some other web apps) on my local server at home, but over a VPN on a public VPS. I feel like that's gonna make an overcomplicated setup even more overcomplicated lol

[–] fox@lemmy.fakecake.org 1 points 1 year ago (1 children)

i'm hosting lemmy on a vds using an S3 storage hosted at home (over wireguard). :)

i've decided against hosting lemmy at home because there's no way to setup a proxy for outbound connections (or i couldn't find it) so any federation request your lemmy instance makes reveals your home IP to owners of that particular instance.

[–] ipkpjersi@lemmy.one 1 points 1 year ago* (last edited 1 year ago) (1 children)

i’ve decided against hosting lemmy at home because there’s no way to setup a proxy for outbound connections (or i couldn’t find it) so any federation request your lemmy instance makes reveals your home IP to owners of that particular instance.

Wait, how would that work? If I'm using OpenVPN, would it not be using the source and/or destination IP as my OpenVPN client IP, and not my home IP? After all, OpenVPN is completely bypassing my routing and NAT from my home connection, and it just tunnels traffic through the VPN instead.

I believe the source IP would be the IP of any server trying to contact my server, and then the destination IP would be my VPN client IP because of the DNAT rule I have on my VPN server (say 10.0.0.2) so it would not expose my home IP, or is that not correct? If both Lemmy and Nginx are either using a local docker IP (not on my home network) or the OpenVPN client IP from tun0, how would they even be aware of my home IP which would be on a separate network interface?

Are you saying I'd be exposing my IP if I tried my home-based VPN port forwarded setup? I am pretty sure it wouldn't be exposing my home IP, but maybe I am mistaken.

[–] fox@lemmy.fakecake.org 2 points 1 year ago (1 children)

if you pass all outbound connections through vpn you'll be fine.

[–] ipkpjersi@lemmy.one 1 points 1 year ago

Good to know, thanks!

I also asked ChatGPT because I was curious, and ChatGPT said since I am using a VPN, when my home server makes outbound requests, they will first go through the VPN tunnel and emerge from the VPS which means that to external systems (like the servers receiving my federation requests), the source IP will appear to be the public IP of my VPS, not my home IP.

Very cool stuff! It makes sense that VPNs can be used to mask home IPs even in this way, since VPNs are literally designed for security and privacy lol