Hi all!
So I want to get back into self hosting, but every time I have stopped is because I have lack of documentation to fix things that break. So I pose a question, how do you all go about keeping your setup documented? What programs do you use?
I have leaning towards open source software, so things like OneNote, or anything Microsoft are out of the question.
Edit: I didn’t want to add another post and annoy people, but had another inquiry:
What ReverseProxy do you use? I plan to run a bunch of services from docker, and would like to be able to reserve an IP:Port to something like service.mylocaldomain.lan
I already have Unbound setup on my PiHole, so I have the ability to set DNS records internally.
Bonus points if whatever ReverseProxy setup can accomplish SSL cert automation.
I’m a grumpy linux greybeard type, so I went with… plain text files.
Everything is deployed via docker, so I’ve got a docker-compose.yml for each stack, and any notes or configuration things specific to that app is a comment in the compose file. Those are all backed up in a couple of places, since all I need to do is drop them on a filesystem, and bam, complete restoration.
Reverse proxy is nginx, because it’s reliable, tested, proven, works, and while it might not have all those fancy auto-config options other things have, it also doesn’t automatically configure itself into a way that I’d prefer it didn’t, either.
I don’t use any tools like portainer or dockge or nginx proxy manager at this point, because dealing with what’s just a couple of config files on the filesystem is faster (for me) and less complicated (again, for me) than adding another layer of software on top (and it keeps your attack surface small).
My one concession to gui shit for the docker is an install of dozzle because it certainly makes dealing with docker logs simple, and it simplifies managing the ~40 stacks and ~85 containers that I’ve got setup at the moment.
I appreciate that mentality though. When things break, if your understanding of your setup is there, it’s less to deal with.
I am forgoing the Portainer route this time. I am going to strictly use Docker Compose for my containers. I had too many issues with Portainer to consider using it.
For reverse proxy, I just need/want it for simple ip:port to sub.domain.lan type addresses locally. Anything I need outside of my home will be tunneled through wireguard.
I always quite liked Dozzle. It was handy, and has helped me comb through logs in the past.
Yeah, exactly: if you know how it works, then you know how to fix it. I don’t think you need a comprehensive knowledge about how everything you run works, but you should at least have good enough notes somewhere to explain HOW you deployed it the first time, if you had to make any changes as well as anything you ran into that required you to go figure out what the blocking issue was.
And then you should make sure that documentation is visible in a form that doesn’t require ANYTHING to actually be working, which is why I just put pages of notes in the compose file: docker doesn’t care, and darn near any computer on earth made in the last 40 years can read a plan text file.
I don’t really think there’s any better/worse reverse proxy for simple configurations, but I’m most familiar with nginx, which means I’ve spent too long fixing busted shit on it so it’s the choice primarily because, well, when I break it, I already probably know how to fix what’s wrong.
I run a k3s cluster for selfhosted apps and keep all the configuration and docs in a git repo. That way I have history of changes and can rollback if needed. In that repo I have a docs folder with markdown documents about common operations and runbooks.
There are other ways to do this, but I like keeping docs next to the code and config so I can update them all at the same time. Deployed several wikis in the past but always forget to update them when I change things.
I really should spend time familiarizing with maintaining a git repo. I’ll likely find one I can self host.
https://forgejo.org selfhosted has been good for me, FOSS fork of Gitea.
Thank you for the suggestion. The fact that it’s FOSS wins my vote. I have been trying to go all open source where possible.
If you want a git “server” quick and low maintenance then gitolite is most likely the best choice. https://gitolite.com/gitolite/index.html
It simply acts as a server that you can clone with any git client and the coolest part is that you use git commits to create repositories and manage users as well. Very very or no maintenance at all. I’ve been using it personally for years but also saw it being used at some large companies because it simply gets the job done and doesn’t bother anyone.
I will have to check out gitolite. Thank you!
- caddyserver for reverse proxy
- docker-compose for ~75% of documentation
- logseq for notes, though I don’t keep much.
Docker and docker-compose are nice because every service you want to run follows the same basic pattern. You don’t need much documentation beyond the project docs and the compose files themselves
Edit: caddyserver can do automatic certs, even behind a firewall if you set up the api call method. Varies by registrar
So I want to get back into self hosting, but every time I have stopped is because I have lack of documentation to fix things that break. So I pose a question, how do you all go about keeping your setup documented? What programs do you use?
Joplin or Obsidian? Or… plain markdown files with your favorite text editor.
I use Joplin and it works great for this exact thing. Anytime I discover a new command that fixes something I’ll throw it into my Joplin notebook. “New Server Cheatsheet” goes to list in order common operations and commands for setting up SSH, UfW, making a non-root user, configuring wireguard, etc. I have hundreds of notes by now and they’re easily found via search bar.
You could try Logseq, it’s like Obsidian but open source. I use Obsidian for most notes and I also have a personal wiki built with Otterwiki.
I use NGINX for my reverse proxy, you could check out NGINX Proxy Manager which uses Certbot to automate the SSL certificates.
I’ve heard a lot of people also like Caddy and Traefik. Can’t remember which is easier to use, maybe Caddy.
I will likely dabble with Logseq.
I used NGINX Proxy Manager for a while, then had some issues that ultimately killed my homelab setup, so not sure that I want to go down that route again, or if I want to investigate Caddy, Traefik, or another.
Yeah, I could never get NPM to work right on my system either. I use the NGINX Docker image and set up my certs manually.
If I were to do it all over again today, I would probably go with Caddy since it now has a bunch of that stuff built in with automatic HTTPS by default and the basic reverse proxy setup is literally 2 lines of code.
I use markdown text files which are synced to my nextcloud instance.
This is somewhat tangential to your post, but I think using infrastructure as code and declarative technologies is great for reliability because you aren’t just running a bunch of commands until something works, you have the code which tells you exactly how things are set up, and you can version control it to roll back to a working state. The code itself can be a form of documentation in that case.
I think I need to utilize this strategy because I get lazy and don’t update external documentation.
Some examples of technologies which follow that paradigm are docker compose, ansible, nixOS and terraform. But it all depends on your workflow.
I think I am going down the docker compose route. When I started using docker, I didn’t use compose, however, now I plan to. Though, Ansible has been on my list of things to learn, as well as nixOS.
Another suggestion for you, I highly recommend specifying a version for the docker image you are using for a container, in the compose file. For example, nextcloud:29.0.1. If you just use :latest, it will pull a new version whenever you redeploy which you may not have tested against your setup, and the version upgrade may even be irreversible, as in the case of nextcloud. This will give you a lot more control over your setup. Just don’t forget to update images at reasonable intervals.
That is good advice, and honestly never really occurred to me to set specific versions for containers.
My documentation is a folder with the docker compose files I am using. And some notes in Nextcloud Notes if needed.
My reverse proxy is Traefik, since it’s docker aware. :)
Came to write basically this. I would try caddy but my compose file is 600 lines long now and half of that is traefik labels, I can’t be arsed with the migration.
Traefik or Caddy are the 2 I am bouncing back and forth between currently. I may spin up a nextcloud instance.
This might be a bit late, but from my perception Traefik has a touch more of a learning curve, but it integrates much better with solutions like Authlia/Authentik and Prometheus than Caddy does.
I might be wrong, I’ve never used Caddy, but that’s my perception.
Good to know. Thank you!
My documentation problem was largely fixed by using Nixos. The actual OS instances are self-documenting that way.
As far as the documentation for the network setup itself goes, a simple wiki does the rest of the trick for me.
I still want to get familiarized with NixOS and the concepts behind it. Just haven’t taken the time.
I’m adding documentation about what I do in Joplin and I’m using Nextcloud to keep it synced.
For reverse proxy I use Nginx Proxy Manager for its simplicity. I really don’t need anything more fancy… https://nginxproxymanager.com/
- ansible playbook for automated/self-documenting setup
- for one-off bugs or ongoing/long-term problems, open an issue on my gitea instnce and track the investigations and solutions there.
I’m also using ansible everywhere in my home / private infra and lab. Occasionally I get slightly annoyed that I have to open an inventory file or a role var to find something. But in general I’m so grateful that there is one place to find this information, and the same is used to set up everything from scratch.
Is it extra work to write the roles and playbooks? Yes. Does it solve the documentation and automation problem completely? Absolutely. 10/10 would recommend. And for the record, most things I host run on containers, but the volumes and permission management alone make it worth your time.
Personally I use Linkwarden for keeping snapshots of websites as well as a bookmark manager and Memos for a simple note-taking app. Both can be installed on mobile as PWAs, so it makes it easier to access on-the-go.
I’m using Nginx Proxy Manager, which I highly recommend for new users due to how simple it is get set up and running! NPM renews SSL certs automatically before they expire as well (afaik). You just gotta make sure that your different Docker containers’ ports don’t collide with each other.
Today I learned about Linkwarden, and I am so excited to check it out. Thank you!
NPM I did use, however it was ultimately the catalyst as to why I quit homelabbing. But when it did work, it was simple even for SSL cert renewal.
I hope you have fun with Linkwarden!
If you don’t mind me asking, why did NPM push you to quitting homelabbing?
I ran into an issue where I changed nothing, and all of a sudden none of my SSL certs worked on top of most of the hosts were not working through the reverse proxy. I had not even changed ip addresses on any of them. I am not sure what was going on.
It was more of a “I didn’t want to troubleshoot” and gave up, so I shut down my servers.
I have an Ansible playbook that I use to setup everything and all troubleshooting steps I ever had to take to fix something get written down in an Obsidian.md vault.
Wiki.js Nginx Proxy Manager.
I use obsidian for my notes/wiki. I use the git plugin to backup/sync my notes. I self-host forgejo as my gut server. Works great!
Caddy is my favorite reverse-proxy. The setup is just a config file.
Traefik for reverse proxy. Tag your container with the route and let traefik take over.
I think Traefik is going to be what I investigate using. However the last time I tried, I was a little lost. I will have to comb over the documentation better this time.
Traefik is powerful and versatile but has a steep learning curve. It also uses code to control its configuration which is a bonus for reliability and documentation as discussed elsewhere ITT. Nginx proxy manager is much simpler and easier to use, may be a good one to get started with, but lacks the advantages of traefik described above. Nginx proxy manager does support SSL cert automation.
Jim’s garage has some videos on it.