Take back control: secure and private self-hosting on Debian with SSH keys, an ufw firewall and a robust fail2ban configuration. Use Docker and Caddy as a reverse proxy to securely provide your self-hosted services.
Step-by-step, minimal, and practical.
https://lukasrotermund.de/posts/simple-private-self-hosting/
I made a thing!
https://github.com/kassner/caddy-trapdoor
A Caddy module to temporarily block web scrapers sending tons of requests at once.
Dear #fediadmin, regarding the current ongoing full force assault on our services by AI scrappers with all the risks associated (costs, services stability, data being stolen and so on) I can only recommend the setting up of #techaro #anubis requests filter to "weight the souls of incoming HTTP requests"
I tested it so far on #alpine #debian deployed services with either #caddy , #apache2 / #httpd and #nginx for the following services #nextcloud, #mastodon, #forgejo, #lemmy, #funkwhale, #bookwyrm and a #minecraft #mapviewer with little hassle and no big issues
Following the use of #anubis, all scrapper (AI and regular) logs dropped drastically and bandwitch usage was cut by two third on the mastodon instance and half for the others services
Do yourself and your users a favor try it : https://github.com/TecharoHQ/anubis
Hello, I’m hosting a #Vaultwarden server behind #Caddy 2.10 and made the following test:
Tuning Caddy to allow only #PQC curves:
Shalien 
tls {
curves x25519mlkem768
}
Trying to connect with #Firefox Mac -> OK
Trying to connect with #Bitwarden #android client -> Fail
Without the #TLS tuning, the Bitwarden Android client will happily connect to the server.
Is it a problem with the Bitwarden Android client or with Android, or both?
If I don't want to use #Ansible and I'll only use #Terraform if I'm being paid to, what are my other options if I want to say, deploy #Caddy plus some kind of Fedi server and have it repeatable?
It looks like Jet was an alternative but the creator ran out of steam.
[I realise I am basically asking for #Docker but I would like to try something else]
Blog post about how FrankenPHP is now officially supported by the PHP Foundation
les-tilleuls.coop/en/blog/fran...
#PHP #FrankenPHP #Symfony #Drupal #Laravel #Wordpress #Caddy
RE: https://bsky.app/profile/did:plc:k3jkidzfkcdpsoxbisvuxz4f/post/3lpbmpak3pk2z
https://www.cyclingeu.com/593667/%f0%9f%87%a9%f0%9f%87%aa-live-%f0%9f%9f%a7-wilhelmshaven-jadebusen-e-bike-tour-%f0%9f%9a%b4%e2%99%82%ef%b8%8f%f0%9f%9a%97-kaffee-ebike/ {
} LIVE 
WILHELMSHAVEN – JADEBUSEN E-BIKE TOUR! 
#kaffee #ebike ##germany #abenteuer #adventurebuddy #Bicycling #BicyclingGermany #Biking #BikingGermany #caddy #Cycling #CyclingGermany #CyclingWilhelmshavenGermany #dercaddyrollt #deutsch #Deutschland #HinterDerKulissen #irl #irlstream #LetsUrbex #LetsUrbexStefan #LetsUrbexTwitch #letsurbex #LeturbexZweitKanal #Livestream #livestrream #Lostplace #overnight #StefanTotal #stefantotal #TwitchHighlights
Caddy 2.10 web & reverse proxy server lands with support for ECH, post-quantum key exchange, global DNS config, and wildcard certs by default.
https://linuxiac.com/caddy-2-10-web-server-debuts-enhanced-tls-privacy/
Some cleanup to the #Caddy #NixOS wiki page, especially documentation on the new plugin support with NixOS 25.05 
https://wiki.nixos.org/wiki/Caddy#Plug-ins
This morning's accomplishment: finally setting up an otel collector at home, pointing it at #clickhouse, getting #caddy tracing via otel, and throwing a #grafana dashboard on it.
I didn't expect the dashboard to be the hard part.
Hallo Leipzig!
Die #LeipzigerBuchmesse hat ihre Pforten geöffnet. Dank meinem tollen Team habe ich den Aufbau gestern geschafft und wurde sogar trotz operiertem Knie erfolgreich zu meinem traditionellen "Phoenix der Messecamper"-Foto aufs Auto und wieder runtergehoben. 
#Autor_innenleben #Messeleben #AutorinOnTour #Phantastik #FantasyAusDeutschland #Vantasy #Vanautorin #WirSindPAN #LeipzigerBuchmesse2025 #LBM #Caddy #CaddyMaxi #CaddyCamper #Messemobil #Messecamper @volkswagen_de
I'm curious to hear what others are #SelfHosting! Here's my current setup:
Hardware & OS
Infrastructure & Networking
Security & Monitoring
Authentication & Identity Management
Productivity & Personal Tools
#CookingAppsNotifications & Development Workflow
Accessibility Focus 
️
Accessibility heavily influences my choices—I use a screen reader full-time (#ScreenReader), so I prioritize services usable without sight (#InclusiveDesign, #DigitalAccessibility). Always open to discussing accessibility experiences or recommendations!
I've also experimented with:
I don't really have a media collection, so no Plex or Jellyfin here (#MediaServer)—but I'm always open to suggestions! I've gotten a bit addicted to exploring new self-hosted services! 
What's your setup like? Any cool services you'd recommend I try?
#SelfHosted #LinuxSelfHost #OpenSource #TechCommunity #FOSS #TechDIY
Caddy with certbot's certificates
I would like to use #certbot to retrieve a certificate for my domain and instruct #Caddy to use this certificate. Problem is that clients can't validate the chain correctly. Any ideas or pointers?
I used the following in my Caddyfile:
a.example.com {
tls /etc/letsencrypt/live/a.example.com/fullchain.pem /etc/letsencrypt/live/a.example.com/privkey.pem {
ca_root /etc/letsencrypt/live/a.example.com/chain.pem
}
}
I made this because it reflects my latest experience of doing selfhosted stuff. Still new to all this and my system was running for around 10-11 months without any incidents. A fried SD card is definitely not what I expected to bring down everything 
Hi all. Hoping someone in the #SelfHosting community can help. I'm trying to set up #Linkwarden in #Docker behind #Caddy. The service is running, but I'm unable to create a user account. This is what I see in my browser console when I try:
register:1 [Intervention] Images loaded lazily and replaced with placeholders. Load events are deferred. See https://go.microsoft.com/fwlink/?linkid=2048113
register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms)
<input data-testid="password-input" type="password" placeholder="••••••••••••••" class="w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:border-primary duration-100 bg-base-100" value="tyq5ghp!QVH-mva1agc">
register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms)
<input data-testid="password-confirm-input" type="password" placeholder="••••••••••••••" class="w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:border-primary duration-100 bg-base-100" value="tyq5ghp!QVH-mva1agc">
Error
api/v1/users:1 Request unavailable in the network panel, try reloading the inspected page Failed to load resource: the server responded with a status of 400 () Failed to load resource: the server responded with a status of 400 ()
compose file:
services:
postgres:
image: postgres:16-alpine
container_name: linkwarden_postgres
env_file: .env
restart: always
volumes:
- ./pgdata:/var/lib/postgresql/data
networks:
- linkwarden_net
linkwarden:
env_file: .env
environment:
- DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@linkwarden_postgres:5432/postgres
restart: always
# build: . # uncomment this line to build from source
image: ghcr.io/linkwarden/linkwarden:latest # comment this line to build from source
container_name: linkwarden
ports:
- 3009:3000
volumes:
- ./data:/data/data
networks:
- linkwarden_net
depends_on:
- postgres
networks:
linkwarden_net:
driver: bridge
Relevant part of .env file:
NEXTAUTH_URL=https://bookmarks.laniecarmelo.tech/api/v1/auth
NEXTAUTH_SECRET=x8az9q9w8ofAxnrVcer2vsPHeMmKSPbf
# Manual installation database settings
# Example: DATABASE_URL=postgresql://user:password@localhost:5432/linkwarden
DATABASE_URL=
# Docker installation database settings
POSTGRES_PASSWORD=redacted
# Additional Optional Settings
PAGINATION_TAKE_COUNT=
STORAGE_FOLDER=
AUTOSCROLL_TIMEOUT=
NEXT_PUBLIC_DISABLE_REGISTRATION=false
NEXT_PUBLIC_CREDENTIALS_ENABLED=true
Caddyfile snippet
*.laniecarmelo.tech {
tls redacted {
dns cloudflare redacted
}
header {
Content-Security-Policy "default-src 'self' https: 'unsafe-inline' 'unsafe-eval';
img-src https: data:;
font-src 'self' https: data:;
frame-src 'self' https:;
object-src 'none'"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
X-Xss-Protection "1; mode=block"
}
encode br gzip
# Bookmarks
@bookmarks host bookmarks.laniecarmelo.tech
handle @bookmarks {
reverse_proxy 127.0.0.1:3009
}
}
Can anyone help? I have no idea how to fix this.
#SelfHosted #CaddyServer #Linux #Tech #Technology
@selfhost @selfhosted @selfhosting
I would call this a big success. A valid, trusted certificate, signed by Let's Encrypt, without ever exposing a single port to the public internet. Just what I needed. I can't believe how easy it is to do this with #Caddy. They weren't lying when they said you barely needed any configuration. What an incredible program!
Och ffs ey. Ich will #Seafile in #Docker mit einem #apache-#Proxy in einer #virtuellenMaschine installieren (weil ich das Testen will und nur Chuck Norris in Prod testet). Warum geht das nicht wenigstens halbwegs out-of-the-box?
Auch ohne den apache-Proxy klappt das nicht. (Edit: da spielt ja jetzt immer noch ein #caddy mit rum, bei dem nicht dokumentiert ist, ob ich ihn wirklich brauche, wenn hinter apache, oder wie da die Einstellungen sein müssen.)
