Yeah, I mainly just want to move away to more open projects. When I first started, everyone kept suggesting using Cloudflare. After half a year using their service, I just felt icky the entire time.

In the past couple months I was able to move away and chose to protect myself by learning how to harden my server as well as hiding my server behind multiple layers of obscurity.

With my current setup, the only site traffic I get has only been myself and my custom ssh port only gets hit by bots about 3-10 times a week according to my logs. Only time will tell how effective my layers of obscurity will hold up but so far it seems to satisfy my needs better than I was expecting.

Once I get podman in a state I like, I’ll pretty much be all open sourced and all I’ll have to do for myself is be in maintenance mode unless I care to add a new service. I like to keep things simple so I don’t normally go crazy adding new services anyways.

Thank you for the offer. I still need a bit more more time to experiment and zero in on the issue again. Fortunately my setup is quite simple and the only bottleneck will be Caddy.

I basically run Caddy which redirects to a static generated blog, simple file server page and a Kiwix instance. I’m mostly making a self hosted reference site of materials for Linux and Scripting resources.

One day I may add a Forgeo instance but currently my entire workflow exists around rsync. I’m happy just having my single file scripts hosted as text files and don’t really need the power of git. At least not at the moment.

I’ve been making another attempt to replace Docker with Podman. The issue is I can’t connect to my server through a web browser. I think it’s a firewall issue.

Networking and networking troubleshooting is a bit confusing for me and that’s the least favourite part about self hosting for me. Turns out I actually enjoy writing scripts more and the challenge of writing POSIX scripts especially.

If I can figure it out, I’ll probably write a guide for setting up Podman and Caddy on Alpine Linux since there isn’t a lot of recent information out there from what I found in my searches so far.

Early when I was learning self hosting, I lost my work and progress a lot. Through all that I learned how to make a really solid backup/restore system that works consistently.

Each device I own has it’s own local backup. I copy those backups to a partition on my computer dedicated to backups, and that partition gets copied again to an external SSD which can be disconnected. Restoring from external SSD to my Computer’s backup partition to each device all works to my liking. I feel quite confident with my setup. It took a lot of failure to gain that confidence.

I also spent time hardening my system. I went through this Linux hardening guide and applied what I thought would be appropriate for my web facing server. Since the guide seems more for a personal computer (I think), the majority of it didn’t apply to my use case. I also use Alpine Linux so there was even less I could do for my system but it was still helpful in understanding how much effort it is to secure a computer.

That’s been my main goal throughout securing my personal devices including my web facing server. To make things inconvenient as possible for potential outside interference. Even if it means simply wasting their time.

With how complex computers and other electronic devices have become, I never expect anything I own to be 100% secure even if I take steps I think will make me secure.

I’ve been on the internet long enough to have built a habit of obscuring my online or digital presence. It won’t save me but it makes me less or a target.

I found BashWrite which is just a very simple static site generator written completely in bash as a single file script.

The only dependency is having an up-to-date sed command which most systems should have. I use Alpine Linux which comes with a minimal sed command so I had to download the full command through my package manager.

It’s simple, basic and has support for the majority of markdown formatting. There’s some limitations due to it being written in Bash only but I am personally okay with that.

I found it on this list of static site generators if you’re curious to see more options.

I use rsync too. It’s older and from what I understand was designed at a time when data storage was much smaller so it may not be as fast as other backup options. It also doesn’t have encrypted backups like other backup options (I think).

Rsync has been the most reliable option for me though. Every syncing option I’ve tried seems too complicated and breaks down every time I look away. Since my entire backup size is around 550gb and I’m not concerned with encrypted backups, I think rsync just works just fine.

I even created my own tool that puts my rsync commands into easy to read/modify files so I can organize my most common transfers. I can easily backup my phone, HomeAssistant server, home server and computer to my two backup locations in a single alias or cronjob now.

A bit of a pain to learning how to make proper backups that restore successfully every time, but once I figured it out, I’ve been very confident in my backup strategy.

I finally got Caddy’s TLS working with a custom module to handle DNS challenges. Turns out all I had to do was wait 10-15 minutes and everything would sort itself out.

Now on to the next puzzle. I started with Caddy in a Docker container and it’s working as intended. Now I want to replicate that in Rootful Podman Compose but I’m running into an issue. With the exact same setup (docker-compose.yml, Dockerfile and Caddyfile) I can get my TLS cert without issue but I can’t seem to connect to my website from any external browser. Not through my domain name or even through my home’s local network.

Once I figure out how I can access my website, I’ll be one step closer to where I want to be. Next will be to get Rootless Podman working, then I can finally set up the file server and kiwix instance instead of the test page I am currently using.

After that, I can finally spend time doing what I want to do and focus my time looking into the Gemeni Protocol.

Down the road I’ll look into hosting an IRC server and Snikket instant messenger but that’s super low priority. I like tinkering with my Raspberry Pi and my constant backup/restores wouldn’t be good for reliability for such services.

Oh no, I was just about to move forward and then you gave me another rabbit hole.

I didn’t know Let’s Encrypt had a public database, that does sound like a good idea to use wildcard certs instead.

I assume this is what I can use as a reference for wildcard certs.

How do you keep track of probing? I’ve been curious about that but haven’t put much effort into that as I’ve been focused on getting things working.

I’ve been using Alpine Linux. I’ve always leaned towards minimalism in my personal life so Alpine seems like an appropriate fit for me.

Since what is installed is intentional, I am able to keep track of changes more accurately. I keep a document for complete setup by hand, then reduce that to an install script so I can get back to the same state in a minimal amount of time if needed.

Since I only have a Laptop and two Raspberry Pi’s with no intention of expanding or upgrading, this works for me as a personal hobby.

I’ve even gone as far as to use Alpine Sway as a desktop to keep everything similar as well.

I wouldn’t recommend it for anyone who doesn’t have the time to learn. It doesn’t use systemd and packages are often split meaning you will have to figure out what additional packages you may need beyond the core package.

I appreciate the approach Alpine takes because from a security point of view, less moving parts means less surface area to exploit. In today’s social climate, who knows how or when I’ll become a target.

I finished setting up my personal computer with Sway on Alpine so now I can’t procrastinate anymore on getting TLS working with Caddy for my RPi 5.

I decided to ditch Cloudflare since using that service makes me feel uncomfortable. TLS is a bit of a pain because I am using an uncommon port so I need to do a DNS challenge. I still haven’t been able to get it working with DeSec.io but I hope maybe sometime this week.

I might look into using a tunnel service in the future but if I can figure this out, I’ll at least be able to adapt to changes in the future if I need to deal with any changing situations.

When I figure that out, I’ll look into Gemeni protocol and host something there. I don’t want anything big, just a little space of my own in the corner of the internet. Maybe I’ll look into hosting an irc server for a small group of people too.

It wasn’t until my first job at a grocery store during Christmas time that I learned it was “Feliz Navidad” being sung.

Before that, I couldn’t figure out why the cheerful song that only appeared around Christmas time was saying “Police shot my dad”

Frogcomposband is my favourite Angband varient. There’s a huge amount of classes to pick from, towns with quests and once you get a hang of it, most of the interactions can be done by the number pad.

I met one of my now closest friends at the end of a Halloween party just as things were shutting down and everyone was leaving.

As she was walking by, she randomly announced that she was going to see a band next week. One that I had already bought tickets for. We talked briefly and exchanged numbers. We saw the band together and hung out a few more times but I think after the third time we hung out, we knew we were best friends.

We both weren’t even supposed to go to that Halloween party. Both of us had very different plans and somehow ended up at the party as something to do. The timing for us to meet was just so tiny and it doesn’t even feel real sometimes.

https://github.com/rothgar/awesome-tuis

It has a list of Text User Interfaces for terminals. Handy since I work in a terminal mostly with my network devices. A TUI for file management made life a lot easier for myself.

Container databases seem as simple as shutting down a container, running a backup and then starting the container again. Although my my experience is only from hosting a Lemmy/PieFed instance. I did make many backups and restores with no issues to the database. It all worked as I intended it to work.

I would imagine a similar process for non container databases. Stop, backup, restart. Although someone with more experience would be better to answer that.

I personally use rsync since I do most my work by command line these days. It’s taken nearly half a year really understand it but it offers the flexibility I desire.

I have a small network with only a handful of devices. I keep all my incremental backups on encrypted partitions and encrypted detachable SSD’s which I manually decrypt. Rsync is set up to use SSH so there’s some form of encrypted transfers but that’s not actually a priority for me, just an added benefit.

I also use rsync to sync files and directories while maintaining additional system attributes across multiple systems. That is to say, what’s root or user accessible stays root or user accessible after the transfer is complete.

If I desired more protection, I’d probably look into Borg backup. Currently I just use encryption as an annoyance deterrence method. I also stick to the base Rsync command because every other option I tried brought with it complexities which have all failed me. I at least have a high level confidence in my backup/restore process now.

How do you think Ansible can help me? I’ve read about it a few times but it’s hard for me to understand it’s actual usage without spending time playing with it.

I can possibly look into it a bit more in the future. I’ve got a few things I’m working on like learning how to do TLS with Caddy so I can reduce my dependency with Cloudflare.

I haven’t tried arch at all. I used Linux Mint for a year, LMDE for a year and only really started working with command line since last December. I think I chose to try Alpine because I wanted my web facing devices to have the least amount of software installed. Security-wise it made sense to me to have less surface area to exploit.

It took a bit extra effort for me to learn how to use OpenRC as the init system. As well as learning Linux from a bare bones linux perspective.

I actually found using Busy-box Ash interesting to work with and that’s the only shell I currently use. I even wrote a whole script around Rsync in a POSIX friendly way because I liked the idea portable scripting.

If you’re interested, I can send you a link that contains the setup notes for my server. It’s about 85% of my setup process, the rest being some files that are mostly customization that I rsync into place towards the end of the setup process. That can give you an idea of what Alpine on ARM is like.

I can appreciate that about Debian. Common tools and stability can be both convinient and reliable. Learning linux is already overwhelming with choices.

Even though I use Alpine for all my Pi boards and laptop, I keep a live usb partition of Linux Mint Debian Edition as my emergency backup. It just works.