Du wolltest schon immer mal deinen eigenen #Podcatcher bauen?
Nicht abhängig sein von Spotify, Apple #Podcasts oder sonstigen Plattformen, sondern deinen Podcatcher selbst hosten und verwalten?
Genau das hab ich jetzt mal ausprobiert – und zwar mit #Audiobookshelf
Spoiler: Funktioniert richtig gut.
Thank you @vdaron, #Traefik does seem better designed to be the gateway HTTP router for these services in containers.
Now I'm stuck in days of hell of “documentation examples don't quite work”, trying to get it to direct traffic correctly, to even get a proper response to ACME for generating a TLS certificate ;-(
Thrilled to have a new, production-ready CI/CD pipeline live! It automatically builds and deploys my Jekyll static WIP site (https://hofstede.it) on every push to the main branch.
The architecture is a showcase of modern Linux tools:
🔹 Server running on Red Hat Enterprise Linux 10 (RHEL)
🔹 Forgejo for Git hosting & Actions.
🔹 A rootless Forgejo Runner, running in Podman, managed by a systemd Quadlet file.
🔹 Traefik reverse proxy running as a Podman container.
🔹 An Nginx web server for the site, also in a container for easy discovery by Traefik.
The Forgejo Runner and the Nginx Webserver run in different unprivileged user contexts.
The magic is the secure bridge between the rootless CI job and the web server. The pipeline creates a build artifact, and a systemd.path watcher on the host instantly triggers a deployment script.
It's fully decoupled, secure, and works like a charm.
#devops #linux #forgejo #podman #rhel #cicd #traefik #systemd #redhat
Das Problem ist gelöst!
#Traefik und seine verflixten Priorities:
To avoid path overlap, routes are sorted, by default, in descending order using rules length. The priority is directly equal to the length of the rule, and so the longest length has the highest priority.
Die falsche Rule war zu lang...
由于最近一台服务器到期,迁移docker服务的时候,发现nginx迁移重新配置这样那样的比较烦,特别是迁移到另一台服务器上的时候本身还有nginx服务在run,合并配置还是蛮痛苦的,就说试试traefik那种服务发现的配置方式,直接将nginx弃用了,换traefik,试用了一下,还真的蛮好用的!在docker compose中编写相关的配置labels,traefik那边自己就发现并且绑定域名、配置ssl,具方便!
@bignose my advice would be to look at #traefik for your revese proxy. It's easier to manage than nginx, especially regarding ssl certificates. #Portainer could also be helpfull
Wie ihr Online-Dienste selbst betreibt, zeigen wir euch im @ct_uplink. Ganz gleich, ob Smarthome auf dem Raspi, Nextcloud auf dem Homeserver oder auf einem angemieteten Server im Rechenzentrum. Selber machen ist angesagt.
Die Folge könnt ihr ganz einfach hier im Fediverse schauen, über unsere #PeerTube Instanz.
https://peertube.heise.de/w/djrpQYtR1pRdLuivb8t3G9
#selfhosting #selfhostet #diy #hosting #homelab #homeserver #nextcloud #docker #container #traefik #portainer #linux #opensource
@dalohuer2004 @lzambrana Muy bueno! No estoy muy al tanto de docker compose, pero se ve bien.
No conocía #traefik, es un load balancer / reverse proxy? Algo similar a #haproxy ?
También veo a #passbolt más para entornos colaborativos, en lo personal sigo con #keepass, que además lo tengo como proveedor de 2FA.
Igual, algunas passwords de mi DB las he tenido que compartir usando keepass (copy paste), pero son poquitas, ya si fueran más algo como passbolt vendría muy bien.
Looking to enhance your self-hosted setup with @traefik v3 and CrowdSec for automated threat blocking? 🛡️
Check out this step-by-step guide by community member Jonny5 covering:
✅ Traefik File Provider (Services/Routers/Middleware)
✅ CrowdSec Remediation Component (for automatic IP blocking)
✅ Parser Agent Config (to detect malicious traffic)
✅ Example Configs for Plex & Web Servers
Full guide 👉 https://nova-labs.net/setting-up-traefik-v3-with-file-provider-crowdsec-on-your-homelab/
New guide up on @OpenTechPulse!
Learn how to self-host Nextcloud AIO securely behind Traefik using Docker & automatic HTTPS.
A perfect setup for privacy-conscious techies and home lab fans!
https://www.opentechpulse.org/How-to-install-Nextcloud-AIO-behind-a-Traefik-Reverse-Proxy/
#SelfHosting #Nextcloud #Traefik #Docker #OpenSource #HomeLab
I know #Docker is THE hot thing these days, but I swear, sometimes is JUST makes my life much more difficult than it needs to be.
e.g. I have an internal-only service, Zero WAN/Internet access, which will not run without HTTPS/certs as it leans on browser crypto APIs.
Okay, not unusual, but can I deploy certs to a container easily? Fuuckkkkk no. The tool's creator recommends #ACME (#LetsEncrypt or another tool implementing ACME) but again, no-internet.
Well, I have an internal #PKI. Their docs contain a one-liner saying it should use #Caddy / #traefik / #nginx reverse proxy in that situation. Now, I have to stand up, configure, manage, etc. something else just to drop a cert in front of this thing. It's still not natively encrypted.
Took me 10 seconds to whip up a cert from my infra and it's gonna take me longer to build something to actually dish it out.
In case you want to get your hands dirty with Traefik, Kubernetes and the new GatewayAPI, I got you covered.
Here is another vagrant-libvirt setup that has #k3s, #Traefik and a #Nginx deployment. Instead of using a #Kubernetes #ingress or a Traefik ingressroute, this setup uses the #GatewayAPI resources like Gateways and HTTPRoutes.
https://codeberg.org/johanneskastl/traefik_gateway-api_on_k3s_vagrant_libvirt_ansible
https://github.com/johanneskastl/traefik_gateway-api_on_k3s_vagrant_libvirt_ansible
As usual, #Ansible does the heavy lifting and deploys everything in the cluster.
Have a lot of fun.
#k8s #Kubernetes #Traefik #Ingress #GatewayAPI #DevOps #vagrant #libvirt #Nginx #HellYeah
@bryanredeagle Good to know. #Cryptpad turned out to have too many issues for my use case (<10 users, trying to replace google docs/drive etc) - no cross-document search, size and perf issues, missing files when downloading folders being the killers.
I'm running all my stuffs on a pi4 through docker (compose) with #traefik doing the proxy work. happy to share configs if useful.
#weeklyreview 21/2025
On Sunday I did a day trip to the countryside. Just a short weekend and on Saturday we stayed in Berlin for the Jugendweihe of my niece.
Database consolidation
I am running several services in Docker Compose setups on my virtual machine at Hetzner. Docker compose is very convenient as it encapsulates complex application deployments in a single file. They are nicely isolated from each other and can’t easily break their neighbors with dependencies.
The drawback is, that I have a large amount of duplicate database instances running. I was counting 8 PostgreSQL instances on my machine.
That seems a little wasteful in terms of memory and I/O. So I decided to explore consolidating the databases into a single central one. Turns out that this wasn’t too hard actually. Set up the DB in their own docker compose file and into its own docker network.
Docker manages the name resolution on its networks. I just had to add the new database network to the other setups and attach the containers which need database connection to that network. Then reconfigure the app to use the different db host.
Before that I pg_dump‘ed all the app databases and created new databases in the central instance. Each app got its own credentials with permission only for their database. Imported all the dumps and then restarted the apps. Done.
Down from 8 to just 2 database instances now. The last instance is the one from the AIO setup of Nextcloud that I have not yet consolidated.
Bot Blocking
The week before I had started blocking Bots (mainly AI scrapers) centrally in my setup by serving the /robots.txt for all my services from a central place.
Of course some Bots simply ignore this setting and still fetch content from all over the place. So I finally decided to block Bot users completely based on their user agent strings.
For this I’m using a Traefik plugin which recognises the bots by their user-agent string and responds to their requests for an HTTP 403 – Forbidden.
The plugin needs to be defined in the static configuration of Traefik. The configuration for the user-agent strings can be dynamic Traefik config. I’ve put this into a file so I can change the file without the need to restart Traefik.
Then each service which should make use of this must configure the new middleware to block the bots. I’ve documented my setup in a little repo: https://repos.mxhdr.net/maxheadroom/Traefik-Bot-Blocking
Tomato outside season
We’ve finally potted our tomato seedlings on the weekend to stay outside. Since about February we were hatching inside from seeds and bringing them outside during the day. But until recently the nights were still much too cold for them to stay outside. In fact just last week we still had nights with -5º C which caused quite some damage on the surrounding trees and bushed.
Hoping that these cold nights are over and the plants will survive to bless us with a good harvest later this year.
Fediverse Reactions
#database #enEN #gardening #traefik #Uckermark #weekly #weeklyreview #wochenrueckblick
@edzob Self-hosted, using Docker on a pi4. I've spun up #NextCloud, #Collabora and #ElasticSearch in #Docker, running behind #Traefik. I'm currently looking at SSO options like Authelia and Authentik, as I have a few other services I'd like to expose (a few Nginx sites, either Gitlab or Forgejo, Immich, etc)
Containous released #Traefik version 3.4.1. https://traefik.io/
You're running #Traefik and you want to centrally block all Bot's from scraping your services? Consider my setup: https://repos.mxhdr.net/maxheadroom/Traefik-Bot-Blocking
I'll keep updating the rules file with new bots I find.
