Okay, so, You’re going to need to pretend like I’m 5 years old here.

The end goal is for me to give this my email creds, it will then monitor my email and when I get a match it’ll run the API call, right?

However, right now, you don’t want to take usernames and passwords so you generate random emails as an example to show what it COULD do.

If I’m correct it might be a little early to give people access as there’s nothing I can really do. I created an account on your site but there’s nothing there explaining what I’m doing just a couple input boxes with a one word label.

I would use this for email -> matrix but I’d have to self host it. I’m sure others would use it if you had some built in API calls that less techy people could use.

Do you allow users to matched regex from the email and use it the API Call?

I don’t understand what you’re doing here. I use your website to what?

Monitor my email and when I get one that matches the regex it’ll make an API call?

Or is your website the API endpoint?

The video didn’t help me understand.

This is actually really interesting, I might have to try this.

I currently use a USB stick with a key file on it that I need to plug in on boot. Something like this but it wasn’t that easy for me. https://openterprise.it/2022/07/fedora-unlock-luks-full-disk-encrypted-system-using-usb-stick/

Edit: I wonder if yours will work on my VPS… I’d love to encrypt that.

I host pingvin for people to send stuff to me. To send, usually I’ll just move the file into a folder that exposed to Nginx with indexing and send that link. Otherwise I’ll also just use my pingvin instance.

I’ve had no problems with the normal nextcloud apache container for the last couple years. I lock to a major version and let it update itself on the minors until I feel like like changing the yaml to the next major. I’ve gone from 24 to 30 this way without issue.

Actually, I do have to install the contacts and calendar apps from time to time but that’s only when I want to use the webUI for them, caldav/carddav has always worked.

Thinking more about it, If you just want to host and not mess around like I do, I would use your current computer, install Docker on it and see how you like it. Host a example website see if you can get it to work, Try a Minecraft server and see if it works… If that’s not for you then you can try VMs with an entire OS. This will be a lot more overhead but it will also work.

After you know what you like (Docker containers or an entire VM), I’d design what you want to do. Are you going to have a lot of people on your Jellyfin and Minecraft servers? how much RAM, CPU, Storage do they use?

Once you have that information, Look at prices, Do you want one big PC and will it do everything you want? If you need to buy several, maybe it’s better to get a bunch of small ones?

If it’s one big PC then you’re done. Get it, install Docker/VM and go.

If you want to play around or you need to get many PCs, do you want to cluster them so Minecraft server can move to a different PC if that PC fails? then do Swarm or K3s if you’re okay with docker.

If you need to do small PCs, maybe you install Docker normally on each and manage them separately.

In the end it’s totally up to you what you do. I use K8s :)

I’ve never actually used swarm so I could be wrong. However, I was under the impression that Docker swarm is a lot easier to use with a lot more examples for people to deploy their Containers.

With K8s/K3s I find myself translating a lot of docker examples into deployment yamls with Services, Network Policies, PVCs, secrets, etc, etc. It’s just a lot more lines in the .yml files. This also assumes you know that anything that you run in docker you can run in K8s with 1 replica and more is not ideal.

https://docs.docker.com/engine/swarm/

Yeah, so you have more than one PC and they will talk to each other and decide who hosts what.

For example, you host nextcloud and the cluster will decide (unless you tell it differently) it goes to PC1. Then you host Minecraft and the cluster will put it on PC2.

Now, PC2 dies, you unplug it, or generally something bad happens. The cluster will see that Minecraft isn’t running, PC2 is down, and start Minecraft on PC1. The best part, just keep adding cheap computers as you need more compute power. One container (Plex,emby,etc) can not run on two or more computers. If you need to transcoded then you’ll want one with a GPU or a more powerful CPU depending on how many people will use the service.

This all assumes you’re not using local data. Meaning if the Minecraft save and config files are on PC2 and it dies, starting it on PC1 will either not work or be 100% new. There’s other self hosted software to replicate the data to more than one computer or you can have a NAS of some sort.

It’s a bit more advanced but a lot of fun if you enjoy that kind of thing. It allows you to work on your stuff with minimal downtime. Of

I have 3 raspberry PIs, 4 various lenovo tiny PCs all in a kubernetes cluster and it seems I need more RAM than CPU. Storage is on a DIY NAS with 8*8TB disks in a raid 6.

I run bookstack, nextcloud, 2007scape, gitea, synapse, the *are stack, Plex, and a bunch of other things.

If I was just starting out I’d grab a used lenovo tiny or two, set up a docker cluster and play with that. There is software to replicate local storage across nodes that I’ve never touched but I’d try out a few of them also if you don’t want to use a NAS. Worst case, just use local storage and the containers will be locked to that host.

I think Proxmox let’s you run VMs and Containers too if you prefer that route.

Good luck!

If you want to stay with whatever provider you have you can try openVPN over TCP or a SOCKS proxy over SSH (both TCP traffic). Anything TCP might be faster than WG

Yeah, that sounds about right to me. I’d look for a different provider if you’re looking for speed. Like I said above, OVH was unusable to me so I went to hetzner.

Lookup “lowendbox” if you want something cheap. I used some Christmas or new year deal at racknerd that was alright.

You could also try a VPS from hetzner and see if its any better. Here’s my speed test just now using WG on my cell, exit through Hetzner.

Is your test TCP or UDP? My guess is that’s TCP traffic.

Your VPS provider can rate limit as specific as a single UDP port. Try a different WG UDP port or wrap your WG traffic in TCP with other software and try again.

My WG traffic looked like a DOS attack to OVH and I got blackholed for 5min, then 15, then 30.

My guess is your provider is rate limiting your UDP traffic.

There’s free domains too. I can’t recommend any but I know .tk should be free.

http://www.dot.tk/en/index.html?lang=en

I’ll try to remember to DM you when/if I get any answers

Thanks! No worries if not, It’s just a different setup then I’m use to. Safe travels! I think I got sick over the weekend too. hah.

I also have 500 MBit/s symmetrical internet. They tried to upsell me on 1.5GBit/s but my Firewall only supports “up to 700 MBit/s throughput” even though it has gigabit NICs so watch out for that also :) https://shop.netgate.com/products/1100-pfsense is the one I use. I’d love to upgrade but money has been tight for awhile.

but of course, don’t ever feel obligated to answer.

No problem! I’ll answer when I can, even if it’s a “I don’t know”

I am trying to work myself towards as complete control over my data as possible,

I started doing this in college. Deleted Facebook, started buying cheap Tiny Lenovo PCs to run everything on. It’s almost a chore now but I still enjoy it. I think the issue is I also do it all day at work so it kind of feels like more work after work, you know? I’m paying a company to host my email because I tried doing it myself and it was too much work.

I hope you get through your stuff in your personal life. This interaction has in any case been greatly appreciated by me.

All good, I was just giving context. Thanks though!!

My fibre box does TV, phone, and internet all in one. I guess you have one for each? I’m interested to find out if you’ll share.

I think asking them what each of them do and understand it is a good first step. Maybe you can get that down to 2 boxes. Good luck!

Nice! Glad its still working! Definitely triple check with something like https://canyouseeme.org/ when you open ports. I’m a Linux Sys Admin and happy to do my best to help of you have any more questions. At least I’ll try and get you on the right track.

I 100% agree with you on the rest. Canada isn’t doing anything and at this point I’m ready to give up. I’m not sure where to draw the line anymore and self hosting is a bit of a pain for me these days. Personal life is a bit rough and it’s just so easy to make a gmail account and have them host it.

I have two small boxes in a cabinet - one is receiving a white cable that comes from outside my home, and outputs an optical signal that goes into the other box. This other box also gets a coax cable from outside my home, and outputs an ethernet connection that is connected to what my ISP calls a WiFi router. This has additional LAN ports as well.

humm, I’ve never seen or heard of this. I’ve only ever been provided one box by my ISP. I have two guesses… Either you can replace your WiFi router with your own and everything will be okay or you’ll have to add a 3rd that is your own and Plug it into the WiFi router and ask them to put it in bridge mode. My guess is they can help you a lot better then me guessing.

torrent client is bound to the interface created by the VPN client.

perfect. Then you can close the open port on your router for sure. My Torrent client (rutorrent) shows what IP and port I’m using at the bottom, these are my VPN IP and the port I opened with the VPN provider.

The IP address is outside my network

I don’t like this. That’s super weird and I would not trust it. I’m sure it’s “fine” but I’d hard pass on that. Set up my own 100% for sure.

There’s a modem connected to the WAN port, and the router/hotspot is connected to the modem. But I guess that doesn’t change anything?

I don’t understand. Can I get a pic (MS Paint or real or something) or some brand names or something? I understand if you don’t want to show, I’m just not sure what you’re saying.

My ISP gave me a white box, I plug a fibre cable from the street Plus power from the outlet into this box. Then I have a cat6 cable from this box (port 1 as per their instructions) into the WAN port of my firewall. My Firewall has a Public IP on it’s WAN interface and I have 4 ports for LAN. The same firewall gives off wifi to the rest of my house.

I will definitely need to setup this myself then. Do you run this as cron jobs?

Yeah, here’s one of them for a VPS I rent: 30 * * * * root dnf clean all ; dnf -y update && needs-restarting -r || /usr/sbin/reboot

I actually run things in Kubernetes and use https://github.com/keel-hq/keel to keep my pods (containers) up to date.

I do use a VPN (with port forwarding supported, but I have not activated it, which I know could affect performance, but I have not noticed anything here). Is the port opening on my router unnecessary in this case?

The port opening on the router is unnecessary and could be a bad thing. If you’re using a VPN with port forwarding I’d close the one on your router right now. The “open” port is open via the VPN connection so they do all the opening for you, you just need to make sure your PC is on the VPN.

Go to this site with out your VPN on, it will tell you if you’re using your raw internet to download torrents: https://iknowwhatyoudownload.com/en/peer/

it sounds like you might be doing that, or at least have the ability for people to connect to you via your ISP (bad) and not over the VPN (good)

Thinking about the torrent thing, there’s no better way to do it. I’d personally open a static port IE 12345 and point that at the torrent client on the PC. I would not randomize it and open a massive range on your firewall just in case. Then just close the client when you’re done and know that packets for 12345 will still reach your PC, they’re just dropped there.

Not that I support it, but if you’re downloading more then just Linux ISOs and you’re in a country with pretty strict laws around this sort of thing, you should be using a VPN that supports opening ports. then you do not need anything open on your firewall, just to connect to the VPN when you’re ready to sail the high seas.

UPNP should be disabled on your firewall (unless you play xbox or whatever). This allows a device, like an xbox or PC, to request your firewall open a port. This is needed for some online games to work properly but is not very good for security.