Smith & Wesson

Authentication with NPM is pretty straightforward. You basically just configure an ACL, add your users, and configure the proxy host to use that ACL.

I found this video explaining it: https://youtu.be/0CSvMUJEXIw?t=62

NPM unfortunately has a long-term bug since 2020, that needs you to add a specific configuration when setting up the ACL as shown in the video.

At the point where he is on the “Access” tab with all the allow and deny entries, you need to add an allow entry with 0.0.0.0/0 as IP address.

Other than that, the setup shown in the video works in the most recent version.

How do you handle SSL certs and internet access in your setup?

I have NPM running as “gateway” between my LAN and the Internet and let handle it all of my vertificates using the built-in Let’s Encrypt features. None of my hosted applications know anything about certificates in their Docker containers.

As for your questions:

1. You can and should – it makes managing the applications much easier. You should use some containerization. Subdomains and correct routing will be done by the reverse proxy. You basically tell the proxy “when a request for foo.example.com comes in, forward it to myserver.local, port 12345” where 12345 is the port the container communicates over.
2. 100% depends on your use case. I purchased a domain because I host stuff for external access, too. I just have my setup to report it’s external IP address to my domain provider. It basically is some dynamic DNS service but with a “real domain”. If you plan to just host for yourself and your friends, some generic subdomain from a dynamic DNS service would do the trick. (Using NPMs Let’s Encrypt configuration will work with that, too.)
3. You can’t. Every georestricting can be circumvented. If you want to restrict access, use HTTP basic auth. You can set that up using NPM, too. So users authenticate against NPM and only when it was successful,m the routing to the actual content will be done.
4. You might want to look into Cloudflare Tunnel to hide your real IP address and protect against DDoS attacks.
5. No 🙂

What is this scam and why is it still here?

I think the reason is stupid and it is contrary to what I expect from dockerized applications.

docker ps or Portainer as a nice web-UI wrapper around the Docker commands are the two main use cases with Docker I have have on a regular basis.

No, thank you. I am not going to maintain fifty containers and fifty + X volumes for just a handful of applications and will alway prefer self-contained applications over applications that spread over multiple containers for no real reason.

See it in a broader scope. If I’d only host Lemmy with is multiple mandatory things, I couldn’t care less, but I already have some other applications that I run via Docker. Fortunately I was able to keep the footprint small, no multiple containers or volumes for one application, but as said: those exist. And they would clutter the setup and make it harder to maintain an manage.

I also stand by my point that it is counter-intuitive to have multiple containers and volumes for just one single application.

To me, the point of Docker is having one container for one specific application. And I see the database as part of the application. As well as all other things needed to run that application.

Since we’re here, lets take Lemmy for example. It wants 6 different containers with a total of 7 different volumes (and I need to manually download and edit multiple files before even touching anything Docker-related).

In the end I have lemmy, lemmy-ui, pictrs, postgres, postfix-relay, and an additional reverse proxy for one single application (Lemmy). I do not want or need or use any of the containers for anything else except Lemmy.

There are a lot of other applications that want me to install a database container, a reverse proxy, and the actual application container, where I will never ever need, or want, or use any of the additional containers for anything else except this one application.

So in the end I have a dozen of containers and the same amount of volumes just to run 2-3 applications, causing a metric shit-ton of maintenance effort and update time.

To me the number one thing is, that it is easy to setup via Docker. One container, one network (ideally no network but just using the default one), one storage volume, no additional manual configuration when composing the container.

No, I don’t want a second container for a database. No I don’t want to set up multiple networks. Yes, I already have a reverse proxy doing the routing and certificates. No, I don’t need 3 volumes for just one application.

Please just don’t clutter my environment.

Does it support logging in to YouTube to have access to purchased content, premium content, subscribers-only content, etc?

Yeah. While I can dockerize those applications, all I checked out lack modern features and concepts/designs. It all feels heavily outdated technology-wise.

federated blog

I wonder what federated blog (or publishing platform) isn’t stuck in pre-Docker era, though.

You can run those as single-user instances or with approval of users so you can use those instances for your family and/or friends only.

The usual suspects: Mastodon (or mastodon-compatible servers like GoToSocial), PeerTube, Pixelfed, etc.

I am disappointed …

Loss of control of this data would be catastrophic, so I took its security very seriously.

Ask yourself: “If my current system is unavailable: How screwed am I?”

If the answer is anything less than “Not screwed at all!”, then it is time for a backup - regardless of what system you’re using or plan to use.

Absolutely. They’re advertised for being used in datecenters, so I assume noise optimization wasn’t a concern for Seagate when creating those drives.

Sorry, I can’t hear you under my enormous piles of money! 🙃

But yeah. You should do an SSD-only setup if this is within your budget. I assume that for most of us selfhosting is just some soft of hobby. If you’re willing to spend money on the latest and cooles tech: do it. If not, then it’s fine, too.

Okay, so … then maybe really look into the Seagate Exos drives. 20 TB should be pretty much fine for most selfhosting adventures.

I’m looking for something from 4TB upwards.

If you say “harddrive” … do you mean actual harddrives or are you using it synonymous with “storage”? If you really talk about actual harddrives, it’s hard to even find datacenter/server harddrives below 4 TB. Usually server HDDs start with 8 or 12 TB. You can even find HDDs with 20 TB - Seagate Exos series for example, starting at around 360 Euros (ca. 400 USD).

If you’re in for a general storage, preferably SSD, that’s another issue. There is the Samsung 870 QVO (8 TB) SSD that is often advertised as “datacenter SSD” (so I assume it would run well in a server that is active 24/7), but it is currently available with a maximum of 8 TB. The 870 QVO is at ca. 70 Euros per terabyte (ca. 77 USD) which, in my experience, is the current price range for SSDs. So it has a high price seen from the outside but it’s actually fine. It’s also a one-time investment.

For selfhosting I’d go with an SSD-only setup.

do any have particularly good or bad reputation?

From personal experience I’d say, stick with the “larger” brands like Samsung or Seagate.