To people who use #HomeAssistant, do you need #NodeRed to get the most out of it? Found this guide to setting up HomeAssistant in #Docker that helped me get both installed, but Node-Red's interface is pretty much unusable with a #ScreenReader, and I'm thinking of uninstalling it.
#SelfHosting #SelfHosted #RaspberryPi #RaspberryPi500 #RPi #RPi500 #Linux #Stormux #ArchLinuxARM
@selfhosting @selfhost @selfhosted
Wondering if I should switch my #RaspberryPi OS from #Stormux, based on #ArchLinuxARM, to #HomeAssistantOS. I mostly work with it over SSH anyway and this might allow me to do more with it. What do others who #SelfHost think?
#SelfHosting #SelfHosted #Linux
@selfhost @selfhosting @selfhosted
I'm curious to hear what others are #SelfHosting! Here's my current setup:
Hardware & OS
Infrastructure & Networking
Security & Monitoring
Authentication & Identity Management
Productivity & Personal Tools
Notifications & Development Workflow
Accessibility Focus ️
Accessibility heavily influences my choices—I use a screen reader full-time (#ScreenReader), so I prioritize services usable without sight (#InclusiveDesign, #DigitalAccessibility). Always open to discussing accessibility experiences or recommendations!
I've also experimented with:
I don't really have a media collection, so no Plex or Jellyfin here (#MediaServer)—but I'm always open to suggestions! I've gotten a bit addicted to exploring new self-hosted services!
What's your setup like? Any cool services you'd recommend I try?
#SelfHosted #LinuxSelfHost #OpenSource #TechCommunity #FOSS #TechDIY
#SelfHosted #LinkAce Bookmark Manager Running, but Unable to Check for Updates or Generate a Cron Token
Hi all. Hoping someone in the #SelfHosting community can help here. I'm running LinkAce in #Docker behind non-Dockerized #Caddy and #Authelia, and most things are working, but I'm seeing "Could not check for updates" at the bottom of each page, and when I tried to generate a cron token, nothing happened except for the generate button graying out. I am seeing one or two 404 errors in my logs, but I don't know if that's causing the problem or not. I don't know much about #PHP applications.
Logs
2025-02-22 23:25:26,460 INFO supervisord started with pid 1
2025-02-22 23:25:27,465 INFO spawned: 'php-fpm' with pid 8
2025-02-22 23:25:27,467 INFO spawned: 'caddy' with pid 9
[22-Feb-2025 23:25:27] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[22-Feb-2025 23:25:27] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[22-Feb-2025 23:25:27] NOTICE: fpm is running, pid 8
[22-Feb-2025 23:25:27] NOTICE: ready to handle connections
{"level":"info","ts":1740266727.5264525,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
{"level":"info","ts":1740266727.5280282,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"warn","ts":1740266727.5280406,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1740266727.529092,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"warn","ts":1740266727.529331,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
{"level":"info","ts":1740266727.5294206,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40000bab00"}
{"level":"warn","ts":1740266727.530186,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}
{"level":"warn","ts":1740266727.530195,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}
{"level":"info","ts":1740266727.530198,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1740266727.5412574,"msg":"autosaved config (load with --resume flag)","file":"/home/www-data/.config/caddy/autosave.json"}
{"level":"info","ts":1740266727.541271,"msg":"serving initial configuration"}
{"level":"info","ts":1740266727.5477707,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/home/www-data/.local/share/caddy"}
{"level":"info","ts":1740266727.5541356,"logger":"tls","msg":"finished cleaning storage units"}
2025-02-22 23:25:28,555 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-02-22 23:25:28,555 INFO success: caddy entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
::1 - 22/Feb/2025:23:25:34 +0000 "GET /index.php" 200
::1 - 22/Feb/2025:23:25:34 +0000 "GET /index.php" 404
Docker Compose file
services:
# --- LinkAce
linkace:
image: docker.io/linkace/linkace:latest
container_name: linkace
restart: unless-stopped
depends_on:
- linkace_db
ports:
- "0.0.0.0:3009:80"
volumes:
- ./.env:/app/.env
- ./backups:/app/storage/app/backups
# --- Database
linkace_db:
image: docker.io/library/mariadb:11.5
container_name: linkace_db
restart: unless-stopped
command: mariadbd --character-set-server=utf8mb4 --collation-server=utf8mb4_bin
environment:
- MYSQL_ROOT_PASSWORD=${DB_PASSWORD}
- MYSQL_USER=${DB_USERNAME}
- MYSQL_PASSWORD=${DB_PASSWORD}
- MYSQL_DATABASE=${DB_DATABASE}
volumes:
- db:/var/lib/mysql
# --- Cache
linkace_redis:
image: docker.io/bitnami/redis:7.4
container_name: linkace_redis
restart: unless-stopped
environment:
- REDIS_PASSWORD=${REDIS_PASSWORD}
volumes:
db:
.env (secrets redacted)
## LINKACE CONFIGURATION
# The app key is generated later, please leave it like that
APP_KEY=redacted
APP_ENV=development
## Configuration of the database connection
## Attention: Those settings are configured during the web setup, please do not modify them now.
# Set the database driver (mysql, pgsql, sqlsrv, sqlite)
DB_CONNECTION=mysql
# Set the host of your database here
DB_HOST=linkace_db
# Set the port of your database here
DB_PORT=3306
# Set the database name here
DB_DATABASE=linkace
# Set both username and password of the user accessing the database
DB_USERNAME=linkace
# Wrap your password into quotes (") if it contains special characters
DB_PASSWORD=redacted
## Redis cache configuration
# Set the Redis connection here if you want to use it
REDIS_HOST=linkace_redis
REDIS_PASSWORD=redacted
REDIS_PORT=6379
APP_DEBUG=true
# SSO configuration
SSO_ENABLED=true
SSO_OIDC_ENABLED=true
SSO_REGISTRATION_ENABLED=true
REGULAR_LOGIN_DISABLED=true
SSO_OIDC_BASE_URL=https://auth.laniecarmelo.tech/ # Your Authelia base URL
SSO_OIDC_CLIENT_ID=linkace
SSO_OIDC_CLIENT_SECRET='redacted'
SSO_OIDC_SCOPES=openid,profile,email
Caddyfile snippet
{
email laniecarmelo@gmail.com
debug
acme_dns cloudflare redacted
http_port 80
https_port 443
admin :2019 {
origins 127.0.0.1:2019 0.0.0.0:2019 stormux:2019 caddy.laniecarmelo.tech
}
}
(logconfig) {
log {
output stdout
format json
}
}
(auth_headers) {
header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
(proxy_config) {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
header_up X-Forwarded-User {http.auth.user.id} # Pass user ID
header_up X-Forwarded-Email {http.auth.user.email} # Pass email
}
(authelia_middleware) {
forward_auth localhost:9091 {
uri /api/verify?rd=https://auth.laniecarmelo.tech
copy_headers Remote-User Remote-Email Remote-Groups Authorization
}
}
bookmarks.laniecarmelo.tech {
route {
import authelia_middleware
reverse_proxy localhost:3009 { # Directly proxy to LinkAce's web server
import proxy_config
}
}
import logconfig
import auth_headers
}
Authelia config snippet
- domain: "*.laniecarmelo.tech"
policy: bypass
networks:
- 192.168.1.0/24 # Local network
- 172.17.0.0/16 # Docker bridge network
- 100.64.0.0/10 # Tailscale network
- domain: "bookmarks.laniecarmelo.tech"
resources: ["^/api.*"]
policy: bypass
- domain: "*.laniecarmelo.tech"
policy: one_factor
- client_id: linkace
client_name: LinkAce bookmarking app
client_secret: redacted
public: false
authorization_policy: one_factor
scopes: [openid, groups, profile, email, offline_access]
redirect_uris:
- https://bookmarks.laniecarmelo.tech/auth/oidc/callback
grant_types: [authorization_code]
response_types: [code]
response_modes: [form_post, query]
userinfo_signed_response_alg: none
consent_mode: explicit
pre_configured_consent_duration: "1y"
Does anyone know what might be causing this and how I can fix it?
#Linux #ArchLinuxARM #Stormux #RaspberryPi #RaspberryPi500 #RPi #RPi500 #tech #technology
@selfhost @selfhosted @selfhosting
Help Needed with Cloudflare Zero Trust, Pages, and Workers for ReactFlux + MiniFlux Setup
Hi everyone,
I'm new to #Cloudflare and have been trying to set up a #SelfHosted project on my #RaspberryPi 500. I'm mostly self-taught, so I apologize if I misunderstand anything or miss important details. Here's my situation:
Current Setup
What I'm Trying to Do
https://rss.laniecarmelo.tech
. However, ReactFlux couldn't log in.Suspected Issue
I believe the issue is caused by Cloudflare Access protection blocking ReactFlux from accessing the MiniFlux API (https://rss.laniecarmelo.tech/v1/*
).
What I've Tried So Far
rss.laniecarmelo.tech/v1/*
) to my tunnel configuration and created a new Cloudflare Access application with a policy set to "Bypass" for everyone. However, this didn't work—when testing the API endpoint in a private browser window, I'm still asked to sign into Cloudflare./v1/*
, but it doesn't seem to be doing anything (or isn't being triggered).What I Need Help With
/v1/*
) while keeping the rest of my MiniFlux instance protected by Cloudflare Access?Thanks in advance for your help!
#SelfHosting #ArchLinux #Linux #RSSReader #tech #technology #RaspberryPi #RPi #RPi500 #RaspberryPi500
@selfhosting @selfhost @selfhosted
#MiniFlux users, can anyone help?
Hi all. I'm having some issues with MiniFlux, a #SelfHosted #RSSReader, and hoping someone can help. MiniFlux was working fine until I tried to deploy ReactFlux on the same domain as it, rss.laniecarmelo.tech, on a subpath, /reactflux. This didn't work so I removed ReactFlux. I also migrated MiniFlux from #Docker to #Pacman package, thinking it would be easier on my system. This problem, or a similar one, was occurring before I did that though.
Now, rss.laniecarmelo.tech loads the MiniFlux login page, but when I login, it redirects to a blank page at rss.laniecarmelo.tech/login. I've added trusted proxies and cookie configuration to my miniflux.conf and headers to my Caddyfile, but I still have the issue.
I'm using #Caddy for #ReverseProxy and #Cloudflare for #SSO. Has anyone seen anything like this before? This is on a #RaspberryPi500 running #ArchLinuxARM.
I've checked MiniFlux logs, and it's getting the login requests and creating sessions. I'm not sure what's happening after that. Cloudflared and Caddy seem to be working normally.
#SelFhosting #Linux #RSS #RaspberryPi #RPi #tech #technology
@selfhost @selfhosted @selfhosting
Help Needed: #CORS and #Cloudflare Access Issues with #Nextflux + #MiniFlux Setup
Hi everyone! I’m struggling with a #SelfHosted setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:
Setup
What’s Working
The Problem
Nextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:
Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Cloudflare Access Redirection:
Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'.
Failed to Fetch:
Failed to fetch: TypeError: Failed to fetch.
What I’ve Tried
Service Token Authentication:
CF-Access-Client-Id
and CF-Access-Client-Secret
headers in Caddy for rss.laniecarmelo.tech
.CORS Configuration:
Access-Control-Allow-Origin: *
) in both Caddy and MiniFlux.Policy Adjustments:
Debugging Logs:
AccessJWTValidator
errors).Current State
Despite these efforts:
Goals
My Environment
CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret>
Relevant Logs
From cloudflared
:
ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request"
From the browser console:
Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy.
Questions
Any help or advice would be greatly appreciated!
Self-Hosting Journey Update!
After weeks of work, I'm excited to share my self-hosted setup! I'm running everything on a Raspberry Pi 500 with Stormux (Arch Linux ARM-based), 8 GB RAM, and a 512 GB SD card (planning to upgrade to SSD or NAS as soon as I can afford it). Here's what I’ve built so far:
Services in Action:
- Development: Forgejo, Code-Server, Woodpecker CI
- Productivity: Joplin Server, Monica CRM, Homepage dashboard
- Monitoring: Prometheus + Alertmanager, Grafana, Netdata, Uptime Kuma
- Networking: AdGuardHome + Unbound, Tailscale VPN
- Tools: MiniFlux, Linkding, TheLounge
- Management: Portainer, Cockpit, Watchtower
Security & Access:
- Caddy + Cloudflare Zero Trust/Access for reverse proxy & SSO
- FirewallD + Fail2ban for extra protection
Emails Powered by Zoho ZeptoMail:
All email-capable services (e.g., Forgejo, Joplin) are configured for reliable notifications.
Backups: Using IDrive's 5 TB plan for peace of mind.
This journey has been challenging yet rewarding! I'd love to hear your thoughts—especially tips on scaling storage or optimizing performance. Let's chat!
#SelfHosting #RaspberryPi #Linux #ArchLinuxARM #Stormux #Tech #OpenSource #DIYTech #HomeLab #CloudComputing #AdGuardHome #Grafana #Prometheus #CodeServer #Portainer
**Help Needed: Homepage Configuration – Missing Widgets & API Errors**
Hi everyone,
I'm running [Homepage](https://github.com/gethomepage/homepage) (v0.10.9) in Docker on Arch Linux ARM (Stormux) and encountering issues with missing widgets and API errors. Some widgets are showing as "Missing" on the dashboard, and I'm seeing repeated HTTP 401 errors for Portainer and Tailscale in the logs.
### **Setup Details**
- **Homepage Version:** v0.10.9
- **Host OS:** Arch Linux ARM (Stormux)
- **Host IP:** `192.168.1.137`
- **Docker Network:** All containers are on `homepage_net` (gateway: `172.23.0.1`)
- **Docker Containers:** Homepage, Portainer, Miniflux, Uptime Kuma, Glances, etc.
### **Issues**
1. Several widgets showing as "Missing":
- AdGuard (running on host, not in Docker)
- Netdata
- Uptime Kuma
- Docker
- Portainer
- Miniflux
- Tailscale
2. Repeated HTTP 401 errors for Portainer and Tailscale in logs.
### **What I've Tried**
1. Separated service definitions (`services.yaml`) and widget configurations (`widgets.yaml`).
2. Updated widget URLs to use appropriate addresses (host IP for AdGuard, container names or Docker network IPs for containerized services).
3. Regenerated API keys for Portainer and Tailscale.
4. Verified all containers are on the same network (`homepage_net`).
5. Enabled debug logging in Homepage.
### **Configuration Files**
I've uploaded my configuration files here: [GitHub Gist](https://gist.github.com/Lanie-Carmelo/e01d973bc3b208e5082011e4b76532f6). API keys and passwords have been redacted.
Any help troubleshooting this would be greatly appreciated! Let me know if you need additional details.
### **Hashtags & Mentions**
#SelfHosting #Linux #ArchLinux #Docker #HomeLab #OpenSource #WebDashboard #ArchLinuxARM
@selfhosted @linux @docker @opensource @selfhosting @selfhost
@RareBird15 @selfhost @selfhosting @selfhosted @linux First, this is a fantastic example of just what #Linux can do. Look at how many apps are running! These are all running on an #ARM based #RaspberryPi . Only 8GB of RAM and 512GB of storage!
Also please note this node is running #ArchLinuxARM #Stormux which supports the idea of Arch running as a server
Help Needed: Traefik + Authelia Setup
I'm trying to set up Traefik with Authelia for my self-hosted services using my domain, but I'm running into issues like Traefik generating invalid domains (`traefik-traefik`). I've posted all the details here: https://community.traefik.io/t/help-needed-traefik-with-authelia-and-domain-setup-traefik-traefik-error/26010
If you're experienced with Traefik, Authelia, or self-hosting, I’d greatly appreciate your insights!
My configuration files are available for download in the post.
#Traefik #Authelia #SelfHosting #ReverseProxy #Docker #YAML #Linux #RaspberryPi #Tech #Technology #ArchLinuxARM #Stormux
Tagging relevant groups for visibility: @selfhosting @linux
Also tagging Lemmy communities: @selfhost @selfhosted
Hi #SelfHosted community. I've figured out a lot of my setup. I now have a new domain, laniesplace.us, just for #HomeServer stuff. It's set up through Porkbun with Dynu for #DDNS. I've now got #Traefik, #TailscaleVPN, #Linkding, #Forgejo, #Dokuwiki, Code-Server, #Portainer, #Netdata, #Watchtower, #Cockpit, #Pihole, #MiniFlux, #TheLounge, #Filebrowser, #UptimeKuma, and the #Homer dashboard service installed. I'm now trying to set up #Authelia so I can have single sign-on to my services. For some, it's working now, but I can't seem to get Linkding to work no matter what I do. This is on a #RaspberryPi 500 with 8 GB RAM and a 512 GB SD card, running #Stormux, which is based on #ArchlinuxARM. Can anyone help? I'll reply to this post with all my relevant config files in separate posts. What's happening is this: Linkding is supposed to be available at bookmarks.laniesplace.us. When I go there, I see a 401 unauthorized error and a link to sign into Authelia. Once I sign in, though, it redirects back to the page with the 401 error. I've been trying to figure this out for hours with no luck. Files will be in replies to this post.
#SelfHosting #Linux #HomeLab #RPi #RaspberryPi500 #RPi500
@selfhost @selfhosting @selfhosted @linux
#ArchLinuxARM for @PINE64 #PinePhone / #PinePhonePro / #PineTab2 (2024/12/23) has released.
Release Notes + Downloads: https://github.com/dreemurrs-embedded/Pine64-Arch/releases/tag/20241223
This will be the last release of 2024. See you next year! :)
regular aarch64 linux pain
So I decided to go ahead and finish my draft post on installing Vivaldi on Arch+Arm64, even though I now know a Flatpak and Snap are available (which makes it a lot simpler).
I figure most people who choose Arch deliberately are less likely to want to run Flatpak or Snap, so this trick of modifying an AUR package meant for x86_64 to to use the aarch64 binary instead will probably be useful to someone.
https://hyperborea.org/tech-tips/vivaldi-arm-arch/
#linux #vivaldi #archlinuxarm
A new section popped up in our wiki - Linux Mobile!
https://wiki.techsaviours.org/en/phone/operating_systems/linux_mobile
It covers @danctnix Arch Linux ARM build script and @postmarketOS pmbootstrap
And here is a bit to read regarding a daily driven PinePhone.
@postmarketOS #dev s especially POCO x3 NFC I can help to test, just need a spare phone, what about the PPP? ;)
#wiki #postmarketos #archlinuxarm #linuxmobile #DanctNIX #guide #tutorial #pinephone @PINE64
@cyberlyra I've tried SFOS a handful of times and just don't find it enjoyable to use. I have a couple Pinephones and have tried basically every flavor of mobile Linux and DE and find #mobian and #phosh to be the best combo. I've got a #pinetab2 as well and currently run #ArchLinuxARM & #GNOME on it.
@Lehmanator
@requiem Are you aware of #Sxmo? https://sxmo.org
(Also, I've found @danctnix #archlinuxarm to be the snappiest Phosh distribution on PinePhone, even when run from microSDXC.)
Generally, the AllWinner A64 is slower than 4x Cortex A53 suggests, due to Mali400 and Lima not being the greatest driver in the world, plagued by low memory bandwith, additionally crippled by PINE64 through slower than necessary eMMC performance (see https://web.archive.org/web/20220521085258/https://izzo.pro/pinephone-vccq-mod/ for details).