76 lines
2.5 KiB
Markdown
76 lines
2.5 KiB
Markdown
# Self-Hosting
|
|
|
|
## Infrastructure Overview
|
|
|
|
### Current Stack
|
|
|
|
**VPS** (public):
|
|
- Cloudflare Tunnel + Traefik (reverse proxy)
|
|
- authentik (auth provider)
|
|
- joplin, gitea (to be migrated)
|
|
|
|
**Proxmox** (macbook pro 2017, private):
|
|
- Running VMs/CTs for future services
|
|
|
|
**Dell R710** (2010, private):
|
|
- restic backup server
|
|
- Pi-hole (DNS)
|
|
- Home Assistant
|
|
|
|
**Synology DS218+** (NAS, 2x 18TB):
|
|
- NFS mounts → main storage provider
|
|
- Plex
|
|
- Synology stack (Surveillance Station, etc.)
|
|
|
|
---
|
|
|
|
## Self-Hosted Apps Wishlist
|
|
|
|
> Things Claudio wants to self-host or has explored
|
|
|
|
### Priority / Active
|
|
- [ ] Migrate Gitea from VPS → Proxmox
|
|
- [ ] Migrate Joplin from VPS → Proxmox
|
|
- [ ] Set up proper backup system (restic already on Dell, needs orchestration)
|
|
- [ ] Cloudflare Tunnel management (move off VPS?)
|
|
|
|
### Considered / Explored
|
|
- [ ] Linkding (bookmarks)
|
|
- [ ] FreshRSS (RSS reader)
|
|
- [ ] Vaultwarden (password manager)
|
|
- [ ] Home Assistant (already running on Dell)
|
|
- [ ] Nextcloud (file sync — already has Synology though)
|
|
- [ ] Uptime Kuma (monitoring)
|
|
- [ ] Glances (system monitoring)
|
|
- [ ] AdGuard Home (alternative to Pi-hole)
|
|
|
|
---
|
|
|
|
## Backup Strategy (TODO)
|
|
|
|
- Restic server already running on Dell
|
|
- Synology is primary storage
|
|
- Need to define backup rotation for:
|
|
- Gitea data
|
|
- Joplin data
|
|
- PostgreSQL DBs
|
|
- Config files
|
|
|
|
---
|
|
|
|
## Notes
|
|
|
|
- VPS hosts critical infrastructure (auth, proxy) — keep it minimal
|
|
- Proxmox is for ephemeral/experimental services
|
|
- Dell is for always-on base services (DNS, backups, HA)
|
|
- Synology is bulk storage + media
|
|
|
|
## Pangolin reverse proxy notes
|
|
|
|
- Pangolin runs in Docker, so when exposing a service that is running directly on the VPS host, the backend must be reachable from the container network, not just from the host itself.
|
|
- For Pangolin public resources that forward to host-level services, use the Docker-to-host reachable IP (`172.17.0.1`) rather than `127.0.0.1`.
|
|
- `127.0.0.1` inside the Pangolin container refers to the container loopback, not the VPS host loopback.
|
|
- If a VPS service is bound only to `127.0.0.1:<port>`, Pangolin cannot reach it from the isolated Docker network.
|
|
- For example, Gitea did not work when forwarded to `127.0.0.1:3000`; removing the `127.0.0.1` bind and exposing the service on a host-reachable interface made it work.
|
|
- Practical rule: when a reverse proxy lives in Docker but the upstream service lives on the host, confirm both the host IP and the bind address are reachable from the container namespace.
|