Self-hosted Weekly #16

its been a while since the last issue of this newsletter. But I have not been (completely) lazy in the last few weeks, I have used the time to make small Youtube video on setting up your own installation of Kopano Meet and in a quest to make OpenID Connect (OIDC) more popular I have written a script to automate OIDC setup for Kopano WebApp on UCS, blogged about setting up OIDC login for Nextcloud on Cloudron and Rocket.chat (with the first one even being picked up on the Cloudron blog).

Zero - my find of the week

Zero is something I stumbled upon yesterday morning. Compared to solutions like Univention and Cloudron it follows DevOps principles such as configuration and infrastructure as code and combines a range of existing products like Gitlab and Portainer to craft a working and repeatable system setup.

I have already exchanged a few mails with the creators of this project and will definitely have a closer look on it soon. But first I need to upgrade the ram on my testing machine :-D.

Beginner guide to Portainer

Speaking of Portainer. In their Guide to Portainer for Beginners the folks over at Codeopolis give an in deoth look at Portainer and how to use it.

Btw did you know that Portainer has an API to easily interact with it from other parts of your infrastructure?

Cloudron add TURN service add-on

This new is already a bit older, but the 5.1 release of Cloudron added a turn service to its platform allowing apps running on Cloudron to use a locally provisioned turn. At the time of release the following Cloudron apps were updated to make use of it:

Self-hosted forms for your static website

This blog is created through the static website generator Hugo. Static website can be hosted very lightly and therefore very nicely. A downside of a static website is that all functionality that otherwise makes it “dynamic” must come from somewhere else, like for example (contact-)forms or comments.

MailyGo is a small server side component written in Go that will receive the form data from your page and will relay these to you through e-mail.

Posthog - Open source product analytics

This is a tool that I could see myself using at my daily work. Posthog can be used to track users and their behavior in your own apps, see what features they use, where they get consistently stuck and where you need to improve and extend your own product to make your users happy.

deck-chores - A job scheduler for Docker containers, configured via labels

In the past I have used supercronic to schedule recurring tasks in and for docker containers, but deck-chores looks like an even better aproach when it comes to scheduling tasks for a range of containers. It uses the label functionality of Docker to hold which command to invoke and when to do it.

Webinar about Docker & docker-compose

The Moby company organized a nice live stream talking about docker-compose and the things one can do with it. In my opinion compose is a very powerful tool for describing environments.

One thing that was also briefly mentioned during the stream was the awesome compose project which showcases how to use compose.

Remotely for remote access

A topic that comes up every few weeks is the question for a “self-hosted TeamViewer”. One very interesting solution in this space is Remotely. Remotely offers the ability to access windows and linux desktops either via invite or even unattended. Through its scripting module you could even automatically run maintenance tasks on connected machines. The connection between you and the machine you are accessing is established through WebRTC which guarantees secure connections.

Web Single Sign on (SSO) for ssh

ssh keys are a very convenient way to securely access remote machines. And if you want to give someone else access to a specific machine or account just drop their public key into the machine and remove it again once access is no longer needed.

In their blog DIY Single Sign-On for SSH the Smallstep team shows how to use their tools step and step-ca to issue short term ssh certificates to users that have previously authenticated themselves through OIDC. This way there is a central place to manage which user should have access to which servers at any given point in time.

Only downside I ran into while experimenting with step-ca is that it expects to be exposed directly on an ssl port, which means that one cannot use a reverse proxy to host it on port 443.

Related reading: [How to SSH Properly]{https://gravitational.com/blog/how-to-ssh-properly/}

Safer SSH agent forwarding

The usage of ssh keys goes hand in hand with the usage of some kind of agent on the local machine to store or at least cache then after they have been unlocked. In his blog Vincent Bernat explains the usage of AddKeysToAgent=confirm to selectively allow remote machines to reuse your agent.

Machineable - Open Source Backend-as-a-Service

For those that can write beautiful frontend code, but don’t want to spend too much time on writing backend service for authentication and data stored machinable may be very interesting. Developers can use it to easily prototype application backends or even use it for production deployments.

Their current demo showcase is a notes app.

Use “Cookbook” for managing recipes

I have played with Grocy in the past to try to store recipes that otherwise would need to be looked up again and again on the internet or looked up in some pdf or physical book. I must even confess that to catalogue what ingredients we have left I even bought a small bluetooth barcode scanner. But in the end it was not really practical partly because it only has its own user management (so no integration into existing user backends) and partly because running on my spare raspberry pi made it quite slow to interact with.

But if you already have a Nextcloud installation running somewhere, then the Nextcloud plugin Cookbook could be interesting to you. Cookbook focusses on storing only your recipes (so no inventory features in this one), but one feature makes it particularly easy to use: It allows to fetch recipes from existing websites and already tries to store items like ingredients and steps in the matching fields within Cookbook. Each recipe is stored in a json file so other tools can be used to view and edit the recipes as well.

Updates

I am always looking for new projects to try out! Just send an email to selfhosted-newsletter@9wd.eu.

I hope you have enjoyed this issue. If this newsletter was useful to you please recommend it to your friends or tell them to subscribe to it via RSS.

Stay safe! Felix