• 1 Post
  • 20 Comments
Joined 5 months ago
cake
Cake day: June 3rd, 2024

help-circle




  • I have a similar setup. I use d.rymcg.tech (a configuration manager for Docker, as well as a collection of open source web services and config templates) and have Traefik (reverse proxy) on a Digital Ocean dropet connected to a VM in my home lab through wireguard. This framework allows me to put authentication and authoriation in front of any apps/services I’m hosting (HTTP basic auth, oauth2, mTLS). This setup allows me to control what is allowed access from outside of my home, without opening any ports.









  • Thanks for your research and the suggestion, @Evkob@lemmy.ca.

    I wasn’t able to make that work, but I don’t think it was trying to solve the problem I’m having, anyway. That procedure was to add self signed SSL certificate to Android, but my certificate is neither self-signed nor an SSL cert. At least I think not - I find certs very confusing. The cert I’m trying to work with is an mTLS cert, a client cert. It’s not used to establish a secure SSL connections, it’s used to verify that I (the person with the cert) and authorized to use the app.

    Additionally, I’m able to successfully install the cert into Android, but the problem is that it seems to be ignored. The mTLS cert is installed in GrapheneOS’s “VPN & App User Certificate” section, and my CA cert is installed in the “CA Certificate” section. Vanadium, Fennec, and Mull browsers just aren’t using them. :(








  • I’m trying to deGoogle/deFAANG/deBigData so I try to host FOSS alternatives to every service I use on the internet, though some services won’t be possible or practical (e.g., email).

    I host:

    • audiobookshelf (to stream and sync podcasts between my devices)
    • baikal (to host contacts and calendars)
    • cryptpad (for collaborative spreadsheets and kanban, though it does more than this)
    • drawio (flowchart-like diagrams
    • forgejo (my git repos and oauth2)
    • homepage (personal dashboard of services and links)
    • invidious (youtube frontend)
    • lemmy (duh :) )
    • minio (S3 object storage)
    • mosquitto (mqtt server)
    • nextcloud (can do a lot, but I’m only using it to look at Memories for photo storage and management - I currently selfhost Photostructure, but it’s not FOSS)
    • peertube (youtube alternative)
    • prometheus (metrics monitoring)
    • qbittorrent (torrents)
    • syncthing (currently only used to sync photos from my pixel to my server, but might be replaced if I switch to a photo management app that has an android app that can sync images)
    • tiddlywiki-nodejs (pretty powerful wiki, but I use it just to sync text-based info between devices)
    • traefik (reverse proxy in front of everything I host)
    • tt-rss (RSS feeds)
    • vaultwarden (password management - this is a fork of bitwarden)
    • wordpress (for my personal websites)
    • xbrowsersync (bookmark syncing between browsers/devices)

    I use the d.rymcg.tech framework. It’s a little over my head, but the framework makes it pretty easy to use all the apps. It’s a bit tricky to add new apps to the framework, but it’s fun and all the source is there to learn from and the developer is really nice and really helpful.