Don’t you think recommending k8s to someone who just wants to run some services, which partly don’t even have k8s support/helmcharts on the same machine is a bit too much? Compared to docker compose or whatever op is using, it’s way more complex if you’re not already familiar with kubernetes resources.

I don’t know much about k3s in particular admittedly, but I wouldn’t recommend k8s for this unless op just wants to use it as a lab.

You need different Subdomains as you suggested in your first paragraph. And add a reverse proxy like nginx or caddy to the machine which then proxies the different subdomains to the respective services (e.g. lemmy.your.site to localhost:2222, mbin.your.site to localhost:3333).

Theoretically, you could put a landing page behind some SSO/iam like authentik, and then link to the subdomains from the landing page, but eventually users will need be on the subdomain to use a specific site.

Is your current setup up to date?

If you’re selfhosting already, you know how to deploy it. Are those services available in the internet via some domain? Having an SSL certificate with automated renewal is quite important. Make sure to update the machine the service runs on regular.

Backups! Having daily snapshots to be able to roll back if necessary is great. If you want to use your own hardware, I suggest Proxmox. If you want to rent a VPS, see if the cloud provider has something like that as well (will likely cost a little extra). Also, check the service’s documentation on what data to back to in order to be able to restore on a new machine in case your server explodes. (3-2-1 rule). Shutting down the instance with no prior warning because of some error you can’t recover from because of no working backup is the best way to spoil anyone’s experience.

If you use docker, make sure to have it behind a reverse proxy and configure your docker ports to be bound to localhost only so you don’t accidentally expose your database to the internet.

Think not only about technical deployment but also governance. Set instance rules and think how you want to do moderation. See if you have someone to help you with that.

Go for it! Set it up, fiddle around for a while and when you get comfortable, invite your friends. Just be upfront that there might be an occasional downtime for maintenance (which you will advertise a day before or so) every now and then.

Goals and Stretch Goals Primary Goals

Accelerate development on Pixelfed (Web, Apple iOS and Android)
Accelerate development on Loops (Web, Apple iOS and Android)
Plan development on Sup (Apple iOS and Android)
Expand the moderation, security, privacy and safety platforms
Get Pixelfed/Loops/Sup translated into multiple languages

Stretch Goal

Full time development
Hire additional developers
Build a cloud/CDN platform for the Fediverse
Register a Pixelfed Foundation as a legal entity (more details below)

How is there more or less benefit to federation with this content?

Yeah, I feel like exposing ports 80 and 443 towards an up to date nginx/whatever is referred to as a super dangerous thing in this community and also the selfhosted subreddit. Recommending cloudflare is almost the default, which I find a bit sad given many people selfhost to escape the reliance on big monopolist companies.

One can add different layers of security of course, but having nginx with monitoring in it’s own VM without keys to jump to another VM is enough of risk mitigation for me.

Op mentioned pixelfed for several people though, is it possible to reverse proxy through tailscale from a VPS or similar? It’s probably not suitable to have a service for several people behind a vpn

Yes! Mostly having a plan on how to make your service reachable in the internet while keeping the rest of your local stuff shutdown.

Many people recommend cloudflare, but I don’t think it’s necessary. If you get a public IP from your ISP, it’s relatively easy with dyndns. Personally, I have a virtual machine running nginx as a reverse proxy and configured the router to forward port 80 and 443 to that machine.

You got quite good answers already, here and in the other thread.

My suggestion is to not start with pixelfed but something else (simple stuff like dokuwiki, you can use it to document your stuff while you’re at it) to get an understanding of the whole process (running the service itself, making it available to the internet after hardening your infrastructure a bit etc).

Also, if you’re not settled for how to do it exactly, give Docker a try. There’s a reason it’s popular among selfhosters!

Most important: replace the raspi SD card with an SSD

General hardware: see if I find a better solution than my current Proxmox box (repurposed desktop which consumes 60w idling but is capped to 16GB Ram)

Incoming traffic: currently having a VM that runs nothing but nginx and certbot. Considering switching to another reverse proxy and, more important, get proper monitoring of the logs (e.g. IP detection, 403, etc)

Maybe add some iam like authentik

Finding a solution for selfhosting podcasts client with sync on Android and Linux… gpodder never really seemed to work, considering audiobookshelf.

Probably setting up calibre web and gethomepage

Keeping what I have and maybe optimize a bit:

• Prometheus stack
• plenty exporters
• Nextcloud
• paperless
• home assistant, mosquitto
• pihole
• vaultwarden
• selfoss

On VPS:

• Mastodon
• Bookwyrm
• some WordPress (want to move this to my homeserver as well)

This should be possible, in nginx you would just have near identical entries that deliver the same content. The service itself sometimes takes a domain to build internal links etc, and those usually only take one.

Interesting approach, good luck! Admittedly I’m not sure if many users want to take their media uploading in their own hands and pay for it but maybe I’m wrong. Where are the images stored? Do you have your own hardware? Backups etc?

Also since you’re interested in Fediverse media storage, I recently read about https://jortage.com/ It’s a third party storage for your instance with deduplication, pretty interesting idea. Takes away a bit of the federated part though

My company does host an instance, but I’ve never used it for game streaming. No idea what the fps is

Jitsi or Element call

It seems like the vps stuff is fine, but the company I work at uses them as cloud provider (many VMs plus K8S clusters) and the quality is not so great to say the least. Also the support is sometimes blaming us for their outages and generally not too helpful.

This sounds super cool, I’ve been looking for something to keep track of my plants! Gonna try this

Wait, how do you know my password?

That’s actually better I think. A project with zero open issues/requests is usually dead, not fast in solving issues.

Didn’t see it back then, just came across this on mastodon today. Sure they are competitors, given that nextcloud started as am owncloud fork, but they probably monitored ownclouds development closer than everyone else.