I'm looking for something that will inspect user input for signs of XSS, SQL Injection, etc. before it allows the request to be forwarded to the web application. Even better if I can configure it with what each endpoint is expecting an input to look like.

open-appsec looks interesting but I don't want to register for a license, even if it's free. Crowded appears to be just a crowdsourced list of bad IPs.

What else is out there as an actual WAF that I can simply add as an ingress proxy to my docker containers?

First of all, sorry for this post being a bit of a rant but I'm looking forward to your answers.

A lot of the docker images I use are using SEMVER for their versioning. For example the official Nextcloud image provides the tag 30-apache. I will get all minor and patch updates from Nextcloud by pinning my image to 30-apache but not the major update to 31-apache which could contain breaking changes.

However linuxserver.io images don't provide SEMVER tags. They highlighted why in Docker Tags: So Many Tags, So Little Time - SemVer Info but I don't really get their reason.

They say that an upstream project could release a minor change that coincides with structural changes in the image from linuxserver.io that could introduce breaking changes. This could give the user a false sense of security. However how is this better in the current state where the only tag one could reasonably use for linuxserver.io images is latest?

When they release structural changes that introduce breaking changes and I'm on latest I'm still affected by this breaking change. I don't even get why they would release such huge structural changes that could introduce breaking changes. They say they publish a docker image that has various components added to the upstream project's release. This just introduces more stuff that could break when updating the image. The official images just include stuff in the image that is needed for it to run and that's it. When a breaking change is required the image a breaking change can be released for the whole software.

If I understand this correctly, the only supported way to use the linuxserver.io images is to pint to a specific version like 30.0.2 but then I won't get any updates by pulling.
Each day I'd have to spend a lot of time updating those tags for a lot of different containers. This would be a lot of effort, even with ansible and an n8n task that notifies me for updates as, for linuxserver.io images, there is always the change of breaking changes because of structural changes introduced by them.

I would just avoid the linuxserver.io images if I could but some services don't have an official image.
For me this includes the complete *arr suite and speedtest-tracker.

Maybe some of you can give me some perspective on how this decision makes sense or tell me how you make updating the linuxserver.io images easier if you are using them.

Edit: Link formatting

Do you have experience with hosting shadowsocks with tweaks to prevent government-sponsored entitities to disrupt the connections?

The publicly available sources appear a bit outdated by now, e.g.: - How China Detects and Blocks Shadowsocks - Tell HN: The Internet situation inside Iran

Feel free to also direct message me. Thank you kindly!

I'm on the hunt for some fire Black Friday VPS deals. I need like 13 VMs, so I'm lookin' for a serious discount, like at least a month's worth. Hit me with the best deals you got.

HI r/selfhosted,

It has been some time since have introduced PdfDing to this community. PdfDing is a selfhosted PDF manager and viewer offering a seamless user experience on multiple devices.

Since then I have added some new features that I want to share with you:

• Share PDFs with an external audience via a link or a QR Code
• Shared PDFs can be password protected and access can be controlled with a maximum number of views and an expiration date
• Dark Mode, colored themes and custom theme colors
• Inverted color mode for reading PDFs
• PDF bulk upload
• Automated and encrypted backups to S3 compatible storage

The repository can now be found on GitHub: https://github.com/mrmn2/PdfDing. I would really appreciate it if you would star the repo!

im looking to get a stack for ebooks to organize and and get ebooks from? my mom has a kindle and reads a ton so figured it would be cool to get something going for her.

ive messed with some stuff in the past but they werent still being used and such so figured to see if theres anything new going on that i could use.

Hey self hosters, i currently running unraid on an old pc with i5-8400, h310 mobo, 16gb ram, with 3 refurbished iron wolf pro 4tb.

I run the usual arr apps and plex, but mostly stream to only 1~2 device max, also an immich server for photo backup, and frigate for surveillance footage recording.

Most of the time the cpu usage are less than ~10%, there's some >90% system memory alert from netdata from time to time, mainly cause by frigate schedule stuff, but that's it.

Now why I am thinking about upgrade because I have plenty of free times to explore more apps to be self hosted, especially I'm planning to degoogle as much as possible with self hosted apps.

Another thing is I may want to host some game server like Minecraft from time to time, I usually rotate between game like Minecraft/ARK/Palworld and invite my friends to play with me, so it would be great if i can host it within a vm in unraid.

But ultimately I also like to "save cost", both on equipment and electricity, it's not really an issue with affordability, but it's a fun challenges to make something work with low cost, (that's probably why I'm also a min/max player in many game, trying to get the best cost value)

The first upgrade route: ($250) - i5-12400 (oem from aliexpress) ~ $100 - 32GB 16x2 DDR4 3200Mhz RAM (used) ~ $40 - MSI B660M Mortar with 6 Sata port ~ $110

The second upgrade route: ($370) - i5-13500 (oem) ~ $180 - 64GB DDR4 RAM ~ $80 - MSI B660M Mortar with 6 Sata port ~ $110

(I'm also concerned about the 13th/14th gen issue and potential harm on my hdd/ssd, but they reddit says 13500 is just refreshed 12th gen and no people report issues on this cpu, yet?)

Alternative motherboard option: - CWWK Q670 $153 (8 sata, dual nic +vpro, BUT ddr5 ram cost double, only 2 ram) - Some random china brand cloud star Z690 $110 (8 sata, 4x intel nic, ddr4, 4x m.2)

Main concern is these motherboard may have compatibility issue, less update, and I most likely won't be able to ship back.

some suggestions here would be appreciated!

I want to self host a VPN service to allow my friends to access my JellyFin library. I first used wireguard, but you can't manage what IPs they can access without themselves being able to change it back. I trust my friends, but not to the degree of possibly giving them access to my whole network.

I tried to use NetBird self host, but can't get it to work properly and i am confused with the dashboard and how to set the proper rules. Thinking about trying headscale, as i have heard much good about tailscale, but as said want it to be selfhosted.

Fore management and accessing all internal IPs i use Wireguard on my router.

If somebody has tipps for me when using headscale or another software (that is rather easy to setup as a peer for my friends) i am open for suggestions

I would like to purchase a VPS with following config:

8GB Memory 2 vCPU 100GB Disk

I plan to use this to host my hobby projects, mostly in Django via Docker.

I will also be using this as db server for projects.

I am ready to pay upfront for 3 years. Which one will be perfect for this requirement.??

I'm from India, so looking centers from Asia Pacific.

Thanks

Hello everyone,

as with RC Version 7.0.0, it is no longer possible to run RC without internet connection in the community edition.

I read that i need to build my own "FOSS" Version of RC. So my question, is there a guide out there that tells me how to do it and can i just replace my current setup or do i need to setup everything (users, messages,,...) again?

Here are some Links about it:

https://docs.rocket.chat/docs/rocketchat-release-notes

https://forums.rocket.chat/t/did-anyone-got-fossify-build-working/20989

https://github.com/RocketChat/Rocket.Chat/blob/develop/scripts/fossify.ts

Regards

Good day,

I just started learning selfhosting stuff with linux and i wanna ask advice for congure my local network

I purchased Xiaomi Redmi Router AX6000 device and installed openwrt on it, but i stiil learning how to use it. I found that people install pihole as network adblocker on external device, but i wanna use only my router for network blocking and dns setting.

Also i used my old pc(ethernet connection) for learning linux.

I tried to install different distribution, but in the end only archlinux somehow could install on old NVIDIA GeForce GTX 650 nvidia-470xx linux drivers. I configured device with virt-manager, docker and KDE desktop.

but have problem with network stuff.

If i use netwrokmanager(KDE, vnp, proxy) should i also use dhcpcd or dnsmasq services for setting linux device dns?

I tried used networkmanager with dnsmasq, but always return that device already used.

Is anyone aware of open source software that is similar to Paperless-ngx but for audio?

So if I have a large number of mp3s with voice memos, something that can go through and transcribe all of the files and allow global searching of keywords from those transcriptions?

Network Setup: Cable Internet - 1gbps download and 100mbps upload.

Cable Modem - Netgear CM1000v2, the Modem is mine, not the ISPs.

Router/DHCP: Synology RT2600AC Router, which is the sole router of my Homelab, no meshnet or extenders.

All my homelab devices and softwares connect to my Synology Router. Through Synology VPN I can VPN Remotely into my Router through their Android App. I am currently as of now running a Cloudflare Tunnel inside my Synology NAS DS218 that's connected to my Router, this allows me to remotely accessing my Homelab containers without VPN or opening a Port.

Initially when getting into Homelabing last year for the first time. I looked at repurposing a used mini PC, and installing a 2nd ethernet port to use as a Bridge/Firewall with pfsense OS installed. However it wasn't working right while testing and being unfamiliar with Network Architecture at the time, I decided against it.

I didn't want to place a machine in between my Cable Modem and my Router, a used and repurposed PC with a software I didn't understand and have it knock down my internet.

Anyways, my point being is I am looking for a dedicated hardware router/firewall for homelab (an affordable one). I was thinking of a Firewalla to use as a bridge mode router and made a post on the firewalla subreddit. Come to quickly find out that I am actually looking for an Edge Router, not a Bridge Router. And surprisingly or unsurprisingly, I received a lot of negative feedback regarding Firewalla customer reviews.

Hello everyone,

I've been setting up seafile with a friend of mine our server use the same names for everything so copying setups is quick and easy.

His version of seafile runs fine with authentiq sso works fine but mine on the other hand seems to always create a new user when I use SSO. Anyone have any idea what might be causing this?

current Seafile version is 12.0.4
authentik 2024.10.4

I've seen similar posts about photo frames, but not one this specific.

I'm looking for something commercially available and relatively inexpensive rather than building something myself with a rPi or similar.