Happy Friday, r/selfhosted! Linked below is the latest edition of This Week in Self-Hosted, a weekly newsletter recap of the latest activity in self-hosted software and content.

This week's features include:

• State of the open home updates from Home Assistant
• Software updates and launches
• A spotlight on Papra -- a self-hosted document management platform (u/cthmsst)
• A ton of great guides, videos, and content from the community

Thanks, and as usual, feel free to reach out with feedback!

This Week in Self-Hosted (18 April 2025)

I know this answer historically was security, reliability, portlets, but aside from portlets, is security and reliability still the primary reason? In my research of top enterprise portals, I find Adobe Experience Manager (alot), Magnolia CMS, even Liferay as the go to for the big brands with scaled portals.

It looks like they've all been modernized as headless while retaining the content editors used by marketing and with next.js support they are speeding apps up, so all good there. Is it a time to market/lower operational overhead thing that you wouldn't decide to build a more cloud native interpretation of these java CMS solutions?

Don't get me wrong, I don't think everything should be a microservice, in fact, modular monolithic seems to be making a comeback for applications where that choice in design results in less complexity and cost than building out more infrastructure to make everything a microservice.

I know that there's a bunch people do with raspberry pi's in terms of self hosting, but I plan on restoring some old PC's which I know will do a much better job for pretty much all self hosting/home assistant stuff. So my question is, what are some things I can do with a leftover pi which are best suited to a pi vs other things?

Despite being an IT professional and pretty security aware, my main Google account was recently hacked and taken over by hackers targeting a popular YouTube channel I brand manage so they could upload their crypto scams. It was extremely scary and I was a breath away from losing this 15 year old account _forever_, GPhotos GDrive and all. My whole digital life effectively.

Side note for those curious - If you have a backup email recovery account set, it is possible to overcome full 2FA on the primary account on Google as an attacker if you gain access to the recovery account. Make sure it is itself secure!

Now of course its not great to lean so heavily on a third party like Google, but that's the trade off I've chosen. What I WOULD like to do now is setup automated backups of my Google account to my UNRAID NAS. My research so far has uncovered that it is not so easy to do in an automated fashion.

For GDrive, it seems relatively easy and a solved problem with things like rclone. But GPhotos has no such API that lets you download original content with EXIF metadata.

Can anyone recommend any frameworks/scripts that utilize maybe Google service accounts and APIs to create Takeout archives to download?

Ideally I don't have to manually perform some step every n months so I'm not a point of failure, but auth seems to be a real stick in the mud for this stuff.

Hello guys, do you have any alternatives instead of Portainer?

I run my own local Jellyfin server. Downloading media from my local server to my Android phone (via official and none official Jellyfin apps) does not work without an active internet connection.

I'm running a Hotspot from my Windows machine. I have tried many different programs and uses the native Windows "Mobile hotspot" etc.

Download into my Android device doesn't start and doesn't even show anything unless I'm sharing my internet connection.

How do I fix this?

I’ve been having issues getting Authelia to play nice with my reverse proxy, and I’ve been spinning my wheels for days…feel like I’ve read all the guides and forum posts without any success. I’ll try my best to break it down and explain what I’ve tried, but happy to give more info if that helps!

My setup: - SWAG is the reverse proxy (unRAID with Docker) - Authelia (unRAID with Docker) - Jellyfin (Proxmox VM with Docker) - SWAG and Authelia are on the same custom Docker network - Jellyfin is of course on a different device, but on the same network (I’ve been using LAN IPs in the SWAG config files) - I have my own domain, and I use Cloudflare for DNS/certs

Context and the issue: Currently, if I just run both Authelia and Jellyfin independently through SWAG, everything works perfectly. For example, auth.domain.com does correctly resolve to my Authelia instance, and jellyfin.domain.com resolves to my Jellyfin instance. However, the second that I add the ‘include’ Authelia config lines to the Jellyfin server and location blocks, Jellyfin throws a 500 error in the webpage. When I look at the nginx logs in SWAG, it’s showing error 400.

I know without the conf files, might be a bit hard give advice, but I think given it all works perfectly without Authelia included in the application’s proxy-conf, maybe somebody has a template I could compare mine to? I can try and get the full conf files posted here if that’s necessary!

Thank you so much in advance :)

Hey All...

I've finally had it with gmail and especially AWS's SES service.

I have a handful of domains, and an example of one need is to receive emails to [us@mydomain.com](mailto:us@mydomain.com) and have that then relay the email to multiple external addresses and/or internal mailboxes served by imap.

AWS's SES service doesn't allow this, but you can do some things with S3 and Lambda to "attach" the forwarded email to a NEW email as a .EML file. No thanks. I just want simple smtp-relaying.

So, my ISP of course blocks inbound TCP port 25 -- so I was wondering if anyone can recommend a VPN service that would give me a static public IP that I can use as the MX for my domains, then simply forward that connection over the VPN to my homelab.

Another option would be just to rent a cheap VM instance, setup my own wireguard tunnel, etc, but I'd still need a public static IP address I can receive SMTP (TCP 25 etc) ...

Thank you for your time.

Hello,

I've been looking into setting up an emulator that runs server side where I can connect a raspberry pi box (or several) to play my retro game collection.

My thoughts process being; I have a few pi's set up as tv boxes (to run things like jellyfin for the family) and I'd like there to be an app I can click and start playing my game library powered by my home server.

So far the only option I've found is moonlight/sunshine, which hits most of my buttons, but isn't quite there for me.

So I figured it might be a fun hobby project to make my own. My question is just if there is any interest from the community or is there a reason why sunshine is the only solution out there.

I'm launching a small business and need to establish an online presence. The website will be extremely basic: 1-2 pages featuring company information, images, and a contact form – no scripting or complex functionality required.

Given my past experience with web hosting security concerns (dating back over two decades!), I'm prioritizing a secure and low-maintenance solution.

Currently, I'm evaluating the following options:

Budget Hosting: Found providers offering introductory rates of $3/month, increasing to $11 after the first year.

Self hosting: While cost-effective, opening ports directly to my server raises security concerns.

Cloudflare Tunnel: This service appears to offer robust security by tunneling traffic through Cloudflare's network, however, I wonder if it's overkill for such a simple website.

Additionally, I have access to the following infrastructure:

Synology NAS: Equipped with a built-in web server and potentially capable of handling hosting requirements.

ProxMox Cluster: A Debian-based VM backbone that would host a dedicated web server.

My Question: Considering my need for simplicity, security, and affordability, which option would you recommend? Are there any other solutions I should explore? Your insights are greatly appreciated.

Hello everyone! I am in a bit of a dilemma when it comes to my little homelab.

I am currently hosting a handful of services, some on my local network only and some that is accessiable to the open internet.

My current setup is that I have two VMs on a Proxmox host, with one VM for networking things like pi-hole, komodo, and such. On this VM an internal only instnace of Nginx Proxy Manager is running which handles all requests within my network thanks to having configured split-horizon DNS for my domain.

On a second VM I'm hosting most of my other services such as web tools like it-tools, StirlingPDF, searcxNG among others. This VM is also running a separate instance of NPN. It is this VM that is port forwarded in my router (only port 443) and which responds to DNS queries that have been configured on cloudflare where my domain is registered.

(I also have a third VM for game server using AMP where I have also port forwarded the game servers. Only the AMP Control Panel is proxied through the internal NPM instance.)

When I stared homelabbing, I began with using NPM as so many others thanks to numerous guides on youtube, but as time went on I started to find posts talking about how it is not secure, it is not developed and not maintained and so on. I then stumbled upn NPM+ by ZoeyVid which seems to be a very actively maintained fork of NPM. I also looked into using Caddy as my reverse proxy.

My main "problem" is that I now need to redo many of my beginner mistakes that I have made when starting this journey and want to do thinkg more properly and safely. And one of my big questions are which reverse proxy to use.

I really like NPM and its GUI as it makes it very easy to visualize what I have configured. The drawback is that more advanced configuration such as adding Authentik to the externally facing services becomes a pain and has bricked my NPM install at least once due to a mistake on my part.

NPM+ is the same but with more on top, it feels like more things that I don't yet understand and when I tried it things seemed to break for no reason (or rather the reason being my lack of knowledge...).

Finally I have also tried Caddy which seems to work well, but the documentaiton examples are very sparse when configuring using wildcard certs, thus making it feel a bit inaccessiable for novice user like myself. There is no clear guides beyond "just" reverse proxying, even more basic things as far as I can find such as adding authentik when also using wildcard certs or creating redirects or "custom" pages for unconfigured subdomains like NPM offers. Rith now caddy just servers a single white page for unconfigured domains.

My big question is then:

• Is NPM really that unsafe to use as a reverse proxy facing the internet?
• Is NPM+ that much better when it comes to security and is it worth the headache it causes me due to my lack of knowledge of many of its features?
• Are there any better resources that cover slightly more advanced Caddy configurations that also consider using wildcard certs?

I have tried to find informatin on this topic but the best threads I can find is more than a year old. I have also considered Traefic, but I find it extremely confusing even after watching several guides and will not be considering it further at the moment,

Sorry if the post is a bit rambling, I feel like I'm still in the stages of homelabbing and networking where I don't know what I don't know and thus might make very simple yet "bad" mistakes for security.

Thanks for any help and advice! 🙂

I love to selfhost, currently using Immich and I love it.

One problem I still have tho, is managing duplicates from WhatsApp and Messenger.

I'm using dedup tools currently but I feel there must be a better way.

How are you managing the following:

• Family groups in WhatsApp and/or Messenger

• My wife is also in those groups

• I need to store both mine and her photos, taken by ourselves (no duplicates possible)

• But also photos shared in the groups, sometimes our own photos that we send (first kind of duplicates), sometimes photos sent by the other members in the group that we then both have in our phone (second kind of duplicates)

(any resemblance to another post is purely coincidental)

Hi all!

I've just added a feature to Vigilant, an open source all-in-one website monitoring application.
This feature monitores your certificates so that you get notified when they expire or when automatic renewals fail.

I am curious, does anyone here take the time to monitor certificates or do we all just hope that the automatic renewal works?