Haha, for my parents it’s better to change an unvisible setting in the router, instead of placing a raspberry pi in their network or installing WireGuard on every device. They are paranoid with any software that must be installed :D

Wow, never heard of it, that’s amazing news!

Just kidding, there is at least one post about CloudFlare here every day.
Secure and convenient, but with some downsides concerning privacy because of Man-in-the-Middle.

“These plug-ins from github are out of the question, because I don’t even know how to run them and I’m not always at home, so that the server (my computer) is always on and watching the sites.”

You are asking on “Selfhosted” for an alternative solution to a free selfhosted app, because you are too lazy for “Selfhosting”. Wow.

Ask your IT-Guy. If you don’t have one, you shouldn’t selfhost at all as a company.

Because we can. Just because we can.

Some day I might setup the Intrusion Prevention System of my OpnSense Firewall …

But I don’t have the feeling I need it. I’m trusting the devices in my HomeNet, and my IoT devices are in a separate VLAN without Internet Access.

Yes, it’s really a shame, it’s an awesome project, but they would really need someone who is integrating a better CalDAV library.

“with an nice client?”

You gave the answer to yourself. There aren’t any user friendly multi-platform clients with synchronization / conflict resolution / versioning.

Proxmox Backup

I’m using Proxmox Backup Server for my local daily backups.
But for external cloud backup, it’s 5 GB for docker config + persistent data vs. 60GB for the complete LXC containers. So it’s more convenient to just backup the data to the cloud that you really need for an emergency-restore.

Uptime Kuma

I try to minimize the number of applications that have access to the docker.socket, as this can be a high potential security risk (e.g. a malicious container update because of a hacked github account) .

If I can achieve the same goal with just a simple bash script and without additional software, it’s the better solution for me :)

You have a WiFi 6E Mesh, that’s awesome, would be really stupid to replace it.

However, you could look how to combine the Asus WiFi Mesh with a self-hosted firewall.
E.g. using a OPNsense-VM as Gateway / DHCP / DNS server für all clients in the network …

But that’s more for playing around.

Versioning is helping, I can go one year back in history.

My backup strategy:

Data:
- Sycnthing with 1x Copy with my Clients and 1x Copy on my Server accessible via Nextcloud
- Daily Push-Backup with of my Nextcloud-Data-Folder via Kopia to Backblaze
- Daily Pull-Backup of my Nextcloud-Data-Folder via QNAP-NAS in the basement

VM:
- Daily Backup of my VM’s to a Proxmox Backup Server running on QNAP-NAS
- Daily Backup of my VM’s to BackBlaze (but encrypted before)

Still, I’m not fan of having just one Cloud-Backup. So I think I will also get Hetzner Cloud Storage for Borg Backup additional to Kopia.

Goal:
- Different Hardware (Server, QNAP, etc.)
- Different Backup software (Syncthing, Kopia, Borg)
- Different Backup technique (Push, Pull, Snapshots)
- Different Locations

“On the other hand, if I run Watchtower first, I’m backing up the latest version.”

This makes no sense. I hope you are backing up the persistent data, not the Docker-Images.So before and after Watchtower is identically in the best case scenario.

(In the worst case scenario, after the docker update your persistent data are corrupted because of an bad version update. So the backup should always be before)

- Don’t expose the web interface of wg-easy ( 51821 ) to the internet
- update your docker installation frequently
- Keep the private keys of your clients safe

That’s all you need to do.
Personally I also would change the UDP port of WG (via different port forwards of your router). But more for getting through firewalls in public WiFis (e.g. UDP Port 443, 53 or 123)

Do you have an example?

“Open Source + hosted” always involves trust, as you can only look into the Github repository, not if the running hosted application is running identically.

Only exception: It’s an E2EE encrypted solution, and everything else happens client-side (example: Bitwarden)

E-Mail.

And maybe unpopular opinion:

1. Any service that you use with port-forwarding, besides WireGuard.
   I would never access any self-hosted application without VPN.

2. Password manager. I want to minimize complexity with my most important data (that’s why I’m using KeePass instead of Self-Hosted Bitwarden).

If you want to secure something, you should know how it works?!

My journey:

Joplin -> Trilium Notes -> Logseq -> Obsidian

I find Obsidian the most powerfull, because of the PlugIn system and full compatiblity with Android and iPad.

And I realized, it’s a stupid idea to have a “knowledge base” in a Docker setup, if you need this knowledge base also for debugging or reinstall your Homelab. So the local installation of Obsidian togeter with Synchting gives you always access to your knowledge, even if the server are down.

However, none of the above have collaborate features. But don’t need it.

Expensive. And I avoid small providers, without any established compliance, where a bored admin could surf through my server root ;)

Terminal of Proxmox.

pct enter

Now you have SSH