Self-hosted Weekly #12

self-hosting is only possible to do for the masses with applications that take care of their users by automating the repetitive and complex bits. From installing, to configuring for the local environment, to ongoing maintenance.

The first part of this newsletter will feature some applications that are working towards this.

HomelabOS - Your very own offline-first privacy-centric open-source data-center!

HomelabOS not only takes care of application setup (and it has a long list of available apps) it also has a special focus on privacy with automated setup of Tor, Let’s Encrypt, OpenVPN/Wiregard and even a special bastion host setup for installations that are not directly reachable from the internet.

Similar to HomelabOS ansible-nas is utilizing Ansible to achieve easy application setup. Besides its name the focus is rather on providing a platform to run apps, that actual data storage.

MinkeBox - Let anyone run Docker without knowing Docker

MinkeBox follows a slightly different approach. This rather new project focusses on providing a platform to easier utilise applications running in Docker containers.

Taisun - Single Server Docker Management for Humans

Taisun follows a similar approach, where all of its parts are encapsulated in individual containers. Apart from the possibility to easily pull in applications from LinuxServer.io it adds the ability to access graphical applications through Guacamole.

YunoHost - Keep calm and host yourself

YunoHost is an already older contender in the space of making self-hosting achievable. Starting with a Debian base YunoHost installs its own web ui and puts a focus on providing a portal page to the end user from which they can directly log into the desired application.

nginx-proxy-manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface

Nginx is a power house when it comes to handling web requests. And with this power also comes an extensive and sometimes complex configuration syntax (although already much simper than Apache). The Nginx Proxy Manager aims to make Nginx configuration easier by providing a web ui to manage configuration and by automating SSL setup.

More ways to expose local scripts to the web

A few weeks ago I did already feature webhook as a simple way to trigger scripts and binaries from the web. I am currently setting up a new system and was looking if there is something even smarter out there. Here are some similar applications:

  • shell2http - exposes a single command/binary to the web
  • websocketd - focusses on streaming output of a command via a websocket. Needs a webserver to serve html document that embeds websocket.
  • webhookd - Similar to webhook is allows to execute a multitude of scripts. Instead of requiring explicit configuration of each command it uses a simple folder structure to organize available commands.

More mail forwarders

When featuring Simple-Login I did already list a few alternatives last week I stumbled upon two more.

AnonAddy is a mail forwarder written in PHP. In addition to the expected features like forwarding mails and being able to reply without exposing your actual email, AnonAddy also brings the ability to sign and optionally encrypt forwarded emails to prevent tampering.

MailCare is a bit of a weird mixture between a disposable mail system, an actual mail server and a mail filtering system. It provides an API on top of its managed mailboxes to define an “automation” to for example upload E-Mails from a specific sender directly into a document management system.

As I think such an application could simplify a bit my handling of various domains and aliases I also started looking into Dockerising forwardemail, but did not make much progress so far. Maybe I need to have a closer look at AnonAddy next.

How to setup multiple mail relays for your own mail server

This howto on the LinuxBabe blog explains in detail how to setup transport and relay maps to have fine control over how and where emails should be relayed to.

Centralised SSH Bastion for NATed devices

ShellHub aims to make it easier to reach devices through SSH, that would overwise be hidden behind firewalls. It does so by letting these devices connect to ShellHub and then offering either a web-based terminal client or exposing them through a gateway that can be connected through any ssh client.

All in all ShellHub looks like a easier/simpler alternative to Teleport, with which I’ve been wrestling the last few days. The upsides of Teleport however are that it focusses way more on the security aspects by enforcing 2FA for accounts by default, recording all sessions for later audits and enforcing a CA for connections.

What is interesting about ShellHub however is that it installs its agent as a docker container, which will only forwards connections from ShellHub itself to the local SSH server. It being a Container means it can be easily stopped/removed if no longer needed.

Another similar application to ShellHub is rtty or docker-autossh just for the SSH tunneling part.

I am always looking for new projects to try out! Just send an email to selfhosted-newsletter@9wd.eu.

I hope you have enjoyed this issue. If this newsletter was useful to you please recommend it to colleges or tell them to subscribe to it via RSS.

Have a nice rest of your weekend! Felix