1·
7 hours ago@MangoPenguin I have the port specified in the docker compose file, but I’ll check.
Lanie Carmelo
#Christian woman. #Aroace. Totally #blind and #autistic with multiple #chronicIllnesses. #UsabilityTester, aspiring #AccessibilityConsultant. #Disability
rights advocate. Interests: #technology, #reading, #gaming, #food, #OpenSource. Human to Squeaker (MinPin). Creating a nonprofit for multiply disabled
people.
#tfr, #Fedi22
- 7 Posts
- 21 Comments
Joined 3 months ago
Cake day: October 29th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
@geillescas @selfhost @selfhosting @selfhosted @linux I’ll have to see about this. I’m not the account holder and the one who is, my stepdad, isn’t exactly tech-savvy. My router did have a firewall blocking traffic, but I changed its security level and looked at the rules, so that shouldn’t be an issue anymore.
@MangoPenguin Nope, public IP starts with 69.58.
@selfhost @selfhosting @selfhosted @linux Authelia configuration.yml:
theme: light server: address: 0.0.0.0:9091 log: level: debug format: text file\_path: /var/log/authelia/authelia.log totp: issuer: laniesplace.us period: 30 skew: 1 authentication\_backend: file: path: /config/users\_database.yml password: algorithm: argon2id iterations: 3 memory: 65536 parallelism: 4 salt\_length: 16 key\_length: 32 access\_control: default\_policy: deny rules: \# Public Access \- domain: \- "pihole.laniesplace.us" \- "homer.laniesplace.us" policy: bypass \# High Security (Two Factor) \- domain: \- "portainer.laniesplace.us" \- "netdata.laniesplace.us" \- "cockpit.laniesplace.us" \- "glances.laniesplace.us" \- "code.laniesplace.us" policy: two\_factor subject: \- "group:admins" \# Medium Security (One Factor Admin) \- domain: \- "forgejo.laniesplace.us" \- "files.laniesplace.us" \- "uptime.laniesplace.us" policy: one\_factor subject: \- "group:admins" \# Standard Auth (One Factor) \- domain: \- "thelounge.laniesplace.us" \- "miniflux.laniesplace.us" \- "linkding.laniesplace.us" \- "wiki.laniesplace.us" policy: one\_factor \# Catch-all rule \- domain: "\*.laniesplace.us" policy: one\_factor session: name: authelia\_session domain: laniesplace.us same\_site: lax expiration: 3600 inactivity: 300 remember\_me: 1M regulation: max\_retries: 3 find\_time: 120 ban\_time: 300 storage: local: path: /config/db.sqlite3 notifier: disable\_startup\_check: false smtp: address: submission://smtp.gmail.com:587 username: laniegcarmelo@gmail.com password: rcig lqpk cbsg aqcm sender: "Authelia \<laniegcarmelo@gmail.com\>" identifier: auth.laniesplace.us subject: "[Authelia] {title}" startup\_check\_address: laniegcarmelo@gmail.com timeout: 5s identity\_validation: reset\_password: jwt\_secret: ${AUTHELIA\_JWT\_SECRET\_FILE}
@selfhost @selfhosting @selfhosted @linux Authelia docker-compose.yml:
services: authelia: image: authelia/authelia:latest container\_name: authelia volumes: \- ./config:/config \- ./logs:/var/log/authelia networks: \- web \- authelia\_internal environment: \- TZ=America/Chicago \- AUTHELIA\_JWT\_SECRET\_FILE=/config/secrets/jwt\_secret \- AUTHELIA\_SESSION\_SECRET\_FILE=/config/secrets/session\_secret \- AUTHELIA\_STORAGE\_ENCRYPTION\_KEY\_FILE=/config/secrets/storage\_encryption\_key labels: \- "traefik.enable=true" \- "traefik.http.routers.authelia.rule=Host(`auth.laniesplace.us`)" \- "traefik.http.routers.authelia.entrypoints=websecure" \- "traefik.http.routers.authelia.tls.certresolver=le" \- "traefik.http.middlewares.authelia.forwardauth.authRequestHeaders=X-Forwarded-Proto,X-Forwarded-Host" \- "traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User,Remote-Name,Remote-Email" \- "traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true" \- "traefik.http.services.authelia.loadbalancer.server.port=9091" \- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=[https://auth.laniesplace.us](https://auth.laniesplace.us)" \- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true" \- "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email" restart: unless-stopped security\_opt: \- no-new-privileges:true depends\_on: \- redis healthcheck: test: ["CMD", "wget", "--no-check-certificate", "--quiet", "--tries=1", "--spider", "http://localhost:9091/api/health"] interval: 30s timeout: 10s retries: 3 start\_period: 60s redis: image: redis:alpine container\_name: authelia\_redis networks: \- authelia\_internal restart: unless-stopped volumes: \- ./redis:/data command: redis-server --save 60 1 --loglevel warning healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 30s timeout: 10s retries: 3 security\_opt: \- no-new-privileges:true networks: web: external: true authelia\_internal: internal: true
@selfhost @selfhosting @selfhosted @linux traefik middlewares.yml:
http: middlewares: dashboard-auth: basicAuth: users: \- "admin:$apr1$t5/O0mIb$M6Mkxlqxmi2RRJHNL007Q1"
@selfhost @selfhosting @selfhosted @linux traefik services.yml:
http: services: \# Docker Services homer: loadBalancer: servers: \- url: "http://homer:8080" glances: loadBalancer: servers: \- url: "http://glances:61208" uptime-kuma: loadBalancer: servers: \- url: "http://uptime-kuma:3001" miniflux: loadBalancer: servers: \- url: "http://miniflux:8080" pihole: loadBalancer: servers: \- url: "http://pihole:8088" portainer: loadBalancer: servers: \- url: "http://portainer:9000" linkding: loadBalancer: servers: \- url: "http://linkding:9090" \# Non-Docker Services filebrowser: loadBalancer: servers: \- url: "http://127.0.0.1:8085" netdata: loadBalancer: servers: \- url: "http://127.0.0.1:19999" forgejo: loadBalancer: servers: \- url: "http://127.0.0.1:3000" dokuwiki: loadBalancer: servers: \- url: "http://127.0.0.1:81" cockpit: loadBalancer: servers: \- url: "http://127.0.0.1:9090"
@selfhost @selfhosting @selfhosted @linux traefik routers.yml:
http: routers: dashboard: rule: "Host(`traefik.laniesplace.us`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" service: api@internal entryPoints: \- websecure tls: certResolver: le middlewares: \- dashboard-auth homer: rule: "Host(`laniesplace.us`)" service: homer entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true" glances: rule: "Host(`glances.laniesplace.us`)" service: glances entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "glances.laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true" uptime-kuma: rule: "Host(`uptime.laniesplace.us`)" service: uptime-kuma entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "uptime.laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true" miniflux: rule: "Host(`rss.laniesplace.us`)" service: miniflux entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "rss.laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true" pihole: rule: "Host(`pihole.laniesplace.us`)" service: pihole entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker \- pihole-redirect headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "pihole.laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true" portainer: rule: "Host(`portainer.laniesplace.us`)" service: portainer entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "portainer.laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true" linkding: rule: "Host(`bookmarks.laniesplace.us`)" service: linkding entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "bookmarks.laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true" Remote-User: "{{ .Request.Headers.Remote-User }}" filebrowser: rule: "Host(`files.laniesplace.us`)" service: filebrowser entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "files.laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true" netdata: rule: "Host(`netdata.laniesplace.us`)" service: netdata entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "netdata.laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true" forgejo: rule: "Host(`git.laniesplace.us`)" service: forgejo entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "git.laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true" dokuwiki: rule: "Host(`wiki.laniesplace.us`)" service: dokuwiki entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "wiki.laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true" cockpit: rule: "Host(`cockpit.laniesplace.us`)" service: cockpit entryPoints: \- websecure tls: certResolver: le middlewares: \- authelia@docker headers: customRequestHeaders: X-Forwarded-Proto: "https" X-Forwarded-Host: "cockpit.laniesplace.us" X-Forwarded-Uri: "/" X-Forwarded-For: "true"
@selfhost @selfhosting @selfhosted @linux traefik docker-compose.yml:
networks:
web:
external: trueservices:
traefik:
image: traefik:v3.2.5
container_name: traefik
security_opt:
- no-new-privileges:true
ports:
- “80:80”
- “443:443”
- “8080:8080”
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml:ro
- ./acme.json:/acme.json
- ./dynamic:/etc/traefik/dynamic:ro
- ./logs:/etc/traefik/logs
networks:
- web
restart: unless-stopped
labels:
- “traefik.enable=true”
- “traefik.http.routers.dashboard.rule=Host(traefik.laniesplace.us)”
- “traefik.http.routers.dashboard.service=api@internal”
- “traefik.http.routers.dashboard.entrypoints=websecure”
- “traefik.http.routers.dashboard.tls.certresolver=le”
- “traefik.http.routers.dashboard.middlewares=dashboard-auth”
@selfhost @selfhosting @selfhosted @linux traefik.yml:
global: checkNewVersion: true sendAnonymousUsage: false log: level: DEBUG filePath: /etc/traefik/logs/traefik.log accessLog: filePath: /etc/traefik/logs/access.log entryPoints: web: address: :80 http: redirections: entryPoint: to: websecure scheme: https websecure: address: :443 http: tls: certResolver: le api: dashboard: true insecure: false providers: file: directory: /etc/traefik/dynamic watch: true docker: endpoint: unix:///var/run/docker.sock watch: true exposedByDefault: false network: web certificatesResolvers: le: acme: email: laniegcarmelo@gmail.com storage: /etc/traefik/acme.json tlsChallenge: {}
@selfhost @selfhosting @selfhosted @linux Web services docker-compose.yml, includes Linkding:
services: linkding: image: sissbruecker/linkding:latest-plus container\_name: linkding environment: LD\_ENABLE\_AUTH\_PROXY: "true" LD\_AUTH\_PROXY\_HEADER: "Remote-User" LD\_AUTH\_PROXY\_AUTO\_LOGIN: "true" LD\_AUTH\_PROXY\_LOGOUT\_URL: "[https://auth.laniesplace.us/logout](https://auth.laniesplace.us/logout)" volumes: \- linkding\_data:/etc/linkding/data healthcheck: test: ["CMD", "node", "-e", "const http = require('http'); const options = {host: 'localhost', port: 9090, path: '/', timeout: 2000}; const request = http.request(options, (res) =\> { process.exit([200, 302].includes(res.statusCode) ? 0 : 1)}); request.on('error', () =\> process.exit(1)); request.end()"] interval: 30s timeout: 10s retries: 3 networks: \- web labels: \- "traefik.enable=true" \- "traefik.http.routers.linkding.rule=Host(`bookmarks.laniesplace.us`)" \- "traefik.http.routers.linkding.entrypoints=websecure" \- "traefik.http.routers.linkding.tls.certresolver=le" \- "traefik.http.services.linkding.loadbalancer.server.port=9090" \- "traefik.http.routers.linkding.middlewares=authelia@docker" volumes: linkding\_data: networks: web: external: true
@fmstrat Ah yeah just noticed you’re on Lemmy. Yeah I’m posting from Mastodon.
@fmstrat Not sure what you mean. I included hashtags in my post, but there was no title to it or anything.
@virtuous_sloth @selfhost @selfhosting @selfhosted @mastoblind @main No, my situation is weird. My domain is hosted on Porkbun.com but its nameservers point to Vultr.com, where my WordPress install is hosted on a friend’s server. Porkbun won’t let me edit DNS records or do much of anything with my domain unless I change back to the default nameservers, which would break my WordPress setup.
@jdw @selfhost @selfhosted @linux @selfhosting Not sure what you mean. I have a Raspberry Pi with MiniFlux, LinkAce, and a bunch of other stuff on it. The only thing I’m not hosting is the WordPress site.
@remakingeden @selfhost @selfhosted @linux @selfhosting Yeah I don’t want to add a whole log, just alerts that backups were done successfully or if something goes down, or a daily summary of how my system is doing. I’ll look into Pushover.
2·2 months ago@fastfinge I was thinking about it, and I want to work on my computer, not my phone. I guess I either need to use a different Linux distro or try Virtualbox.
@fastfinge I’ll look into it. Never heard of it before. I have an iPhone but it’s an iPhone 13 Mini and not in the greatest shape, so probably not good for that kind of thing.
@jyarbrough @selfhost
@bravemonkey @selfhosting @selfhosted @linux @MangoPenguin @geillescas Yeah, I’m very tempted to go back to the way I had things, which allowed me to access services with my Raspberry Pi’s IP and a port number. Since I don’t leave home much and I’m not the ISP account holder, this is starting to seem like more trouble than it’s worth.