I am setting up my NAS right now, and I need some suggestions for apps that I can run on my NAS or self-host.
-
I have seen some online articles, but they are too confusing because they list too many apps for each category.
-
I want backup apps for iOS, Android, Mac and Windows. (It would be great if they could back up automatically).
-
I want to sync my calendars and contacts.
-
I want to download media like TV shows and movies. (And music, too). “Of course, only legal obtained from the internet cough.”
-
I want apps that let me access my data from anywhere.
-
I saw this cool thing where you could use a Raspberry Pi to access your NAS bios from your PC.
Os - Unraid
Among my must-have selfhosting items, in no particular order, I can recommend:
- Portainer, to keep track of what’s going on.
- Nginx Proxy Manager, to ensure https with valid certificate to those services I want to have available from the outside.
- Pihole, of course.
- Gitea, to store my coding stuff.
- Paperless-ngx, to store every paper in my life.
- Immich, an amazingly good replacement for Google Photos.
Due to some concerns about Gitea’s future I would recommend Forgejo instead. It’s a drop-in replacement with less concerning contribution policies and management structure.
What are those concerns? Why is it relevant to self-hosting?
Is it like the rumor that the Lemmy devs are pro-Russia or whatever it was about?
Honestly asking, here. Not trying to start a flame war, just want to know whether to bother to care about this.
Gitea is managed by a for profit which is now offering a hosting service. That alone is already a conflict of interest because one of Giteas core features is the easy self hosting.
Then the contribution guidelines have been made stricter, anyone contributing now has to give up their copyright to the gitea management, meaning they could change the opensource license to a stricter one down the line without requiring community consent.
The concern is that as time passes features will be locked behind a premium tier for self-hosters or the self-hosting itself will be made more difficult in an effort to push their cloud service.
I’ve been using Forgejo for about 6 months now and I’m really impressed with it. Covers all my needs!
Due to some concerns about Gitea’s future I would recommend Forgejo instead. It’s a drop-in replacement with less concerning contribution policies and management structure.
Quoted for emphasis and affirmation.
What do you use for scanning for paperless?
I’ve commented elsewhere on this page:
Brother ADS-1700W
Tiny,fast, scans double-sided straight to a network share. It’s the most amazing thing I’ve bought in years, literally.The printer has a web interface where you set up destinations, and I set up a file path there. Separately, on the printer itself, you can set it up to do one action automatically when it detects material in the auto sheet feeder, and I used that so it auto-scans to PDF/A and saves it on that network share.
Then I have Paperless check that path once a minute. So my workflow is literally, drop the paper in the scanner, and 5 seconds later put it in a box, then a minute later I see it in Paperless. It’s bliss.
You should try PhotoPrism, it’s amazing. All great picks BTW. Gittea had GH Actions compatible runners now!
I have tried Photoprism but was not as impressed by it as Immich.
100% agree on you list. I’d also throw in some file management solution, such as filebrowser, NFS/samba or syncthing.
Ha e you looked at dockge? I like it way more than portainer, atleast for single instance. It works with normal compose files so it keeps your stuff a lot more compatible to change and its by the guy who makes uotime kuma.
If you don’t mind, could you please check your typing? You had some obvious typos so I am not so sure of the exact name of the tool you are suggesting.
Sorry about that, my reply was from my phone and therefore terrible. Here’s the app: https://github.com/louislam/dockge
Why do people recommend Gitea for self projects? What do you do with it that git+ssh can’t?
We aware that Immich breaks one week and then the other week too
Sorry but that’s not true. I have been running Immich for a long time now, and it is solid and stable.
A recent update had a change in the Docker configuration, and if you didn’t know that and just blindly upgraded, it would still run and show a helpful explanation. That’s amazing service.
What is a long time? I’ve been running it more than a year, and the number of times it broke and the amount of time I had to invest into its quite high. You may be lucky, or I may be unlucky, but I’m just explaining my experience
Theres so many. Check out the awesome list: https://github.com/awesome-selfhosted/awesome-selfhosted
I think your stategy should be one service at a time. Do everything in docker, and start by tackling a simpler service. For example, you should try paperless-ngx. Absolute game changer. I didnt realize how much managing ny own directory structure sucked until I used this. Then, grow your service list more and more!
This is a fantastic list I’ve bookmarked, thanks. But I do want to highlight OP’s first point where it says:
…they are too confusing because they list too many apps for each category.
Might be a little more beneficial for OP to highlight a couple useful for their use case that are fairly beginner friendly? I’d do it but I’m basically in the same boat as OP right now, lol
I would avoid self-hosting backups at the same location where your devices are currently kept. There is a reason off-site backups are a thing. So many failure causes are shared with devices in the same home, from electrical issues (lightning and technical defects among other things) over water and fire damage to theft.
That being said: backing up to a single, central, local location and then syncing those backups to some offsite location can actually be very efficient (and avoids having to spread the credentials for whatever off-site storage you use to multiple devices).
I should have written “your only backup”, obviously it can’t hurt to have both.
Will need to research it as I’m not aware of it. Thanks for the heads up.
I’d say it’s about designing a good strategy. I have local backups on my NAS and a nightly incremental backup to cloud locations from there. That way the capture from my local equipment to the NAS is lightning fast and it’s not a big deal to have it take a few hours to reach the cloud. Also having a NAS on a power backup is a must-have.
Syncthing for back ups. Lovely and easy to use.
As long as it’s set to keep copies. Else it’s just a way to sync accidental file deletions.
I want apps that let me access my data from anywhere
This may sound exaggerated, but paperless-ngx combined with a good network scanner will change your life. All paper mail accessible anywhere and also searchable. Plus, it is much easier to just scan something and drop it in an archive box instead of trying to figure out which folder (banking or taxes or maybe bills?) to file it in AND still remember that decision years later when you need to find it.
Brother ADS-1700W (edit: now that’s the exact model)
Tiny,fast, scans double-sided straight to a network share. It’s the most amazing thing I’ve bought in years, literally.
Since I have this exact problem and need… I went looking. By any chance did you mean the Brother ADS 1700W? If I’m going to take recommendations from strangers on the internet, I want to be sure I get it right. =)
Yes! Sorry for giving wrong details. That was from memory, and I am a goldfish…
The printer has a web interface where you set up destinations, and I set up a file path there. Separately, on the printer itself, you can set it up to do one action automatically when it detects material in the auto sheet feeder, and I used that so it auto-scans to PDF/A and saves it on that network share.
Then I have Paperless check that path once a minute. So my workflow is literally, drop the paper in the scanner, and 5 seconds later put it in a box, then a minute later I see it in Paperless. It’s bliss.
I have just ordered a Brother ADS 1700W. You’ve convinced me!
Congratulations! I think you’ll love it. There are some things to set up. Let me know if you have questions :-)
My printer/scanner doesn’t scan to FTP. Anyone out there shopping for a Brother Laser, step up to the MFC series that doesn’t require USB to scan, and also hardwired Ethernet. It’s only another $50 and will also include a document feeder.
For the downloading media part:
The *arr stack is what you’re looking for + Jellyfin for streaming (Opensource, 100% free, and much better than Plex).
Prowlarr: manage your indexers
Radarr: find/automatically download movies
Sonarr: find/automatically download tv shows
Jellyfin: streaming your media
Look up trashguides for setting up all this stuff, very detailed guides. They are compatible with torrents and Usenet. I like using docker with portainer for easy management and if you use a VPN container you can selectively route these containers through the VPN so your other services that dont require the VPN dont need to route through it.
Jellyfin for streaming (Opensource, 100% free, and much better than Plex).
*Better for your wallet and the privacy, not better in any functional way.
Plex gotten around to av1 transcoding yet?
I think it depends on your clients. If you’re using Roku, you can skip Jellyfin…sadly.
deleted by creator
Still gotta pay for guide data iirc. Has that changed?
An update for the Roku app was released 5 days ago which massively improves it (finally an OSD!). It’s getting there.
I use zap2xml or whatever it is. Simple script and crontab job and it’s worked without issue for near two years now I guess (since I initially configured it.) All free. I’m in the States so not sure if it’s location dependent or not.
Well not better, just cheaper.
Never used Plex, but if being open source is a feature Jellyfin is better than Plex.
Not requiring an external authentication server is the biggest drawback of Plex. I don’t want Plex to have my watch history and info about my media library.
With Findroid supporting the intro skip plugin I’m fine since I don’t need many platforms.
Removed by mod
And Android TV, it’s gotten better, but generally still sucks.
I use Jellyfin because it’s FOSS, private, and it’s also written in a tech stack I’m very familiar with.not because it’s better than flex, because it really isn’t.
I’ve used both extensively and stand by my statement, from a functional standpoint as well.
That’s a bold opinion given its barebones UI, widespread playback issues, and lack of basic functionality like a proper intro skip. Like even Emby is miles ahead of Jellyfin. Which isn’t surprising given JF is free but let’s be real lol
Clearly just upset you got conned into paying hundreds for an inferior product
No I would love to switch to Jellyfin. I ditched Plex after some of their more recent shenanigans but Jellyfin is just so vastly inferior on almost every front that it’s difficult to even compare the two. For now I’m using Emby which is another fork of the same project Jellyfin is and it’s a lot closer to feature parity with Plex. And I’ll gladly pay money for a quality product over settling for a free product that doesn’t really get the job done.
I just hope that one day Jellyfin reaches a maturity that it’s actually worth switching to.
My recommendation: host OpenVPN, change the default port and only access your NAS from the internet using your VPN. Also only allow the VPN port on your router firewall.
If this, then I would highly recommend Tailscale or Headscale. Just simplifies this process so much. Tailscale is so darn good, my number one tool of choice.
Yeah definitely a good idea. Routing your mobile traffic through it so your carrier cannot access your traffic and the services you don’t want to share location with can’t snoop as much on you.
I meant more because people generally don’t have as much time to spend on IT security as companies, but yeah, it works for privacy as well.
this is a great idea but it will only work if they have a public ip
Depends on your router. I have an Asus and it has a free ddns option through their domain. I point my Wireguard client at this address and never think of it again. That way, the only port that’s open on your router is a Wireguard port and they don’t respond to sniffing.
If that’s not a possibility, I had a ddns service before that for like $2/month
I have a vps for 2€/month. It’s not a powerful machine, but easily enough to host wireguard and caddy.
maybe is specific to my country, but here the majority of network plans have a CGNAT down the line. So we have a private ip at the router and there is no way to reach it, unless you reley the traffic to a third point.
if you want a public ip (even dynamic) you need to pay up
You can grab a static public IP on a VPS for free. That’s what I do — works well, though the VPS speed is capped pretty low.
No he doesn’t mean a static IP, he means a publicly routable IP. That’s not something DDNS will help you with.
True. But pretty much the same applies for dynamic DNS services, except you have to trust your dynamic DNS provider.
DDNS won’t help you if your IP isn’t a public IP
It makes a tunnel through to you and links to that.
DDNS doesn’t do tunneling. DDNS is a solution to a changing public IP, not something like CGNAT. You’d need a separate service with a relay server to do something like what you’re suggesting, like how Zerotier or Tailscale work.
Ah, I’ve only ever seen it in combination with a tunnel, so I assumed it’s part of that.
I have only a few services. I could probably downscale my server.
-
AdGuard DNS
-
Tailscale and Zerotier
-
Open Media Vault
-
Jellyfin
-
Uptime Kuma
-
Graphana / Prometheus
-
Torrent/seed box
All on Proxmox and mirrored ZFS 2 x 20TB
For backups I use FolderSync and the default backup for windows. Super lazy, but I don’t want to be the IT support of the family.
Is there some quick start templates for graphana / Prometheus? I started setting it up and it’s extremely configurable, but I feel like I have to hand craft everything.
That’s my issue with Prometheus… I want to have solid monitoring and metrics, but there’s so much setup and I feel like I’m just hosing it all up.
-
Also, privacy-wise, what do you guys use to keep your home server anonymous/hidden and protected? Is VPN enough? If yes, what VPN do you recommend?
I’m using wireguard but I hear a lot of good things about tailscale.
Tailscale is a mesh VPN. Its a level of abstraction passed a regular VPN, lime wireguard or OpenVPN. Tailscale uses wireguard under the hood.
Totally go with Tailscale, can’t stress how nice it is.
How does it compare with a VPN?
This article explains it better than I could
It’s a mesh network, so there’s no open ports on your router. In that way it’s more secure than a VPN in my opinion. You do have to trust Tailscale themselves, but they’ve documented why that’s not a concern.
Mesh network clients on your home network make an outbound connection to their respective discovery servers (or whatever theyre calling them). Companies like Tailscale host these servers so your mesh clients can find each other.
I saw this cool thing where you could use a Raspberry Pi to access your NAS bios from your PC.
That’s PiKVM
You should host the internet.
Here is an alternative Piped link(s):
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
I just discovered this and it’s awesome, if you’re into gaming at all. It’s a containerized console emulator suite, and I think it is very well done. https://github.com/linuxserver/docker-emulatorjs
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CGNAT Carrier-Grade NAT DNS Domain Name Service/System Git Popular version control system, primarily for code IP Internet Protocol NAS Network-Attached Storage NAT Network Address Translation Plex Brand of media server package VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) ZFS Solaris/Linux filesystem focusing on data integrity
9 acronyms in this thread; the most compressed thread commented on today has 4 acronyms.
[Thread #351 for this sub, first seen 14th Dec 2023, 10:45] [FAQ] [Full list] [Contact] [Source code]
Tailscale will give you encrypted access to all devices everywhere, including iOS. For any hardware that can’t run Tailscale, you can use any Tailscale client on the same network to be a subnet router - other Tailscale clients can then access that network via that client. I do this with a Raspberry Pi.
Once you have a mesh network like Tailscale setup, you can use native tools to copy files, etc, because the the mesh network provides the connection.
Checkout Syncthing and Resilio Sync. Both are great sync tools with different features. I use both, but rely primarily on Syncthing since it’s much better on memory use on Android. I use Resilio just for its on-demand sync feature.
Syncthing can also run on an Rpi. I’m pretty sure Resilio can too.
I’m 50/50 regarding tailscale; from what I heard, it’s not fully open source.
You can try out Headscale. The self hosted/open source version of it.
The important part is open source (the client) so you can verify everything that has to do with your privacy.
Adguard Home or pihole is a must. Jellyfin is also pretty cool.