Self-hosted Weekly #7

this weeks newsletter comes a bit later than usual because of an two day event in the end of the week and needed yesterday to decompress a bit. A lot of links have accumulated over the week I hope you enjoy them.

My “find of the week” - Simple Login

Already last weekend I found Simple Login on Reddit. The concept seems intriguing, it offers both a mail relaying service (so you don’t have to “expose” your real email to services where you sign up) and a login provider. In a way its similar to “Sign in with Apple” that also masks your email for services where you use it to sign in. To strenghten your privacy it even has the capability to mask your sending email when you reply to a message received through it.

The downside of it is that the authors want to establish an own brand for their id provider instead of benefitting from existing efforts around OpenID Connect, such as ID4me. Back in the beginning of 2019 it was quite easy to add support for ID4me to Kopano Konnect.

Some similar services are:

Follow up to: How to makes services accessible from the outside?

In the last issue I have listed a few services that can be used to access services at your home when you don’t have an IPV4 address or the ability to modify firewall rules/port forwarding.

One of the possibilities I have give, but did not go into detail with was using a VPN and a reverse proxy to accomplish this task. Which is something that Senan is explaining in detail in his blog do-it-yourself ngrok alternative.

Give easy web based access to scripts on your server

One important way to make self-hosting more approachable is building beautiful (web-based) UI and UX so that users don’t have to rely on a text based terminal to execute tasks and troubleshoot.

script-server is a Python based tool to expose server functions to normal users and therefore empower even non-technical users with the ability to restart services (and that even without trusting them with direct server access or broad permissions on said server). The blog Script-Server: The Open Source Tool Everyone Should Use (Or at Least Know About) gives an introduction to it.

Add webhooks to applications without native support

A more low level approach to the above is the Go based webhook. Webhooks are an existing concept in machine to machine communication and can be used to send data from one service to another, for example when you want to let your OS notify you on Mattermost/Rocketchat/Matrix about pending updates.

The webhook binary even has an extensive rule framework that requests need to fulfill before the command in question is executed.

Easily and securely send files from a to b with Croc

While croc is not really a new application its still a worthwhile mention to the ago old question “how do I get this file to another computer?”. Croc is a command line utility that used direct connection for transfers within the same network and will utilise a relay in case no direct connection is possible.

How to effecively map user ids from container to host?

One problem with containers and using mounted volumes is that a naturally names and ids of users do not match inside and outside of the container.

There are multiple ways to approach the problem, from mapping the (primary) user of the container to a specific local id (see https://dev.to/acro5piano/specifying-user-and-group-in-docker-i2e), to altering the container to change the id of the running process before its started (see https://docs.linuxserver.io/general/understanding-puid-and-pgid).

The downside of the above approaches is that both will not work when running containers read-only or when the process in the container itself switches users. Luckily the solution to this is name space mapping, which can shift the id inside of the container to a chosen local one. You can read about this technique at https://seravo.fi/2019/align-user-ids-inside-and-outside-docker-with-subuser-mapping and https://echorand.me/posts/docker-user-namespacing-remap-system-user/.

Updates

  • Portainer for Kubernetes. The Portainer developers recently have shown a first peek at the upcoming possibillities to not only manage Docker containers, but also while Kubernetes clusters through Portainer.
  • code server is a web based version of Visual Studio Code. Just like ttyd it gives you a terminal to you server, but at the same time also a full editor and file browser (and even supports some of the extensions of VS Code).

I am always looking for new projects to try out! Just send a mail to selfhosted-newsletter@9wd.eu.

I hope you have enjoyed this issue. If this newsletter was useful to you please recommend it to colleges or tell them to subscribe to it via RSS.

Have a nice (rest of the) weekend! Felix