cross-posted from: https://lemmy.world/post/25939893

"Youlag" is a theme and extension for the feed aggregator FreshRSS. It delivers a video-focused browsing experience for your YouTube RSS feeds, all within FreshRSS, with a sleek theme and extra features.

Supports video feeds from YouTube, Invidious, and Piped.

Why?

The general idea is to subscribe to YouTube channels via RSS, allowing you to follow your favorite creators without an account. With Youlag installed, you can browse and watch videos in a familiar, YouTube-like interface.

More features are planned, including video queuing (with some limitations).

Git repository for more details:

https://github.com/civilblur/youlag

Features:

• ⭐ Optimized for Video Viewing
  • Browse your YouTube, Invidious, Piped RSS subscriptions with ease.
  • Clean, familiar video platform layout.
  • Fullscreen viewing for videos and feed items.
  • Quickly exit videos with Esc key.
  • Shortcuts for external viewing: "Invidious", "YouTube", or "YouTube embed view" (for less distraction).
  • Dark mode.
• 🖥️ Desktop & Mobile
  • Reponsive design.
  • Redesigned menus for better one-handed navigation.
  • Improved readability and legibility across devices.

Since v3.0.0, and currently v3.0.2, Youlag has been refactored from a CSS theme to work more like an extension. This has improved stability and allowed me to add more features.

It's still not yet a native FreshRSS extension, but my plan is to convert it to one.

#SelfHosted #LinkAce Bookmark Manager Running, but Unable to Check for Updates or Generate a Cron Token

Hi all. Hoping someone in the #SelfHosting community can help here. I'm running LinkAce in #Docker behind non-Dockerized #Caddy and #Authelia, and most things are working, but I'm seeing "Could not check for updates" at the bottom of each page, and when I tried to generate a cron token, nothing happened except for the generate button graying out. I am seeing one or two 404 errors in my logs, but I don't know if that's causing the problem or not. I don't know much about #PHP applications.

Logs

2025-02-22 23:25:26,460 INFO supervisord started with pid 12025-02-22 23:25:27,465 INFO spawned: 'php-fpm' with pid 82025-02-22 23:25:27,467 INFO spawned: 'caddy' with pid 9[22-Feb-2025 23:25:27] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root[22-Feb-2025 23:25:27] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root[22-Feb-2025 23:25:27] NOTICE: fpm is running, pid 8[22-Feb-2025 23:25:27] NOTICE: ready to handle connections{"level":"info","ts":1740266727.5264525,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}{"level":"info","ts":1740266727.5280282,"msg":"adapted config to JSON","adapter":"caddyfile"}{"level":"warn","ts":1740266727.5280406,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}{"level":"info","ts":1740266727.529092,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}{"level":"warn","ts":1740266727.529331,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}{"level":"info","ts":1740266727.5294206,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40000bab00"}{"level":"warn","ts":1740266727.530186,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}{"level":"warn","ts":1740266727.530195,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}{"level":"info","ts":1740266727.530198,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}{"level":"info","ts":1740266727.5412574,"msg":"autosaved config (load with --resume flag)","file":"/home/www-data/.config/caddy/autosave.json"}{"level":"info","ts":1740266727.541271,"msg":"serving initial configuration"}{"level":"info","ts":1740266727.5477707,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/home/www-data/.local/share/caddy"}{"level":"info","ts":1740266727.5541356,"logger":"tls","msg":"finished cleaning storage units"}2025-02-22 23:25:28,555 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)2025-02-22 23:25:28,555 INFO success: caddy entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)::1 -  22/Feb/2025:23:25:34 +0000 "GET /index.php" 200::1 -  22/Feb/2025:23:25:34 +0000 "GET /index.php" 404

Docker Compose file

services:  #
***
LinkAce  linkace:    image: docker.io/linkace/linkace:latest    container_name: linkace    restart: unless-stopped    depends_on:      - linkace_db    ports:      - "0.0.0.0:3009:80"    volumes:      - ./.env:/app/.env      - ./backups:/app/storage/app/backups  #
***
Database  linkace_db:    image: docker.io/library/mariadb:11.5    container_name: linkace_db    restart: unless-stopped    command: mariadbd --character-set-server=utf8mb4 --collation-server=utf8mb4_bin    environment:      - MYSQL_ROOT_PASSWORD=${DB_PASSWORD}      - MYSQL_USER=${DB_USERNAME}      - MYSQL_PASSWORD=${DB_PASSWORD}      - MYSQL_DATABASE=${DB_DATABASE}    volumes:      - db:/var/lib/mysql  #
***
Cache  linkace_redis:    image: docker.io/bitnami/redis:7.4    container_name: linkace_redis    restart: unless-stopped    environment:      - REDIS_PASSWORD=${REDIS_PASSWORD}volumes:  db:

.env (secrets redacted)

## LINKACE CONFIGURATION# The app key is generated later, please leave it like thatAPP_KEY=redactedAPP_ENV=development## Configuration of the database connection## Attention: Those settings are configured during the web setup, please do not modify them now.# Set the database driver (mysql, pgsql, sqlsrv, sqlite)DB_CONNECTION=mysql# Set the host of your database hereDB_HOST=linkace_db# Set the port of your database hereDB_PORT=3306# Set the database name hereDB_DATABASE=linkace# Set both username and password of the user accessing the databaseDB_USERNAME=linkace# Wrap your password into quotes (") if it contains special charactersDB_PASSWORD=redacted## Redis cache configuration# Set the Redis connection here if you want to use itREDIS_HOST=linkace_redisREDIS_PASSWORD=redactedREDIS_PORT=6379APP_DEBUG=true# SSO configurationSSO_ENABLED=trueSSO_OIDC_ENABLED=trueSSO_REGISTRATION_ENABLED=trueREGULAR_LOGIN_DISABLED=trueSSO_OIDC_BASE_URL=https://auth.laniecarmelo.tech/  # Your Authelia base URLSSO_OIDC_CLIENT_ID=linkaceSSO_OIDC_CLIENT_SECRET='redacted'SSO_OIDC_SCOPES=openid,profile,email

Caddyfile snippet

{    email laniecarmelo@gmail.com    debug    acme_dns cloudflare redacted    http_port 80    https_port 443    admin :2019 {        origins 127.0.0.1:2019 0.0.0.0:2019 stormux:2019 caddy.laniecarmelo.tech    }}(logconfig) {    log {        output stdout        format json    }}(auth_headers) {    header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"}(proxy_config) {    header_up Host {http.request.host}    header_up X-Real-IP {http.request.remote}    header_up X-Forwarded-User {http.auth.user.id} # Pass user ID    header_up X-Forwarded-Email {http.auth.user.email} # Pass email}(authelia_middleware) {    forward_auth localhost:9091 {        uri /api/verify?rd=https://auth.laniecarmelo.tech/        copy_headers Remote-User Remote-Email Remote-Groups Authorization    }}bookmarks.laniecarmelo.tech {    route {        import authelia_middleware        reverse_proxy localhost:3009 {  # Directly proxy to LinkAce's web server            import proxy_config        }    }    import logconfig    import auth_headers}

Authelia config snippet

    - domain: "*.laniecarmelo.tech"      policy: bypass      networks:        - 192.168.1.0/24    # Local network        - 172.17.0.0/16     # Docker bridge network        - 100.64.0.0/10     # Tailscale network    - domain: "bookmarks.laniecarmelo.tech"      resources: ["^/api.*"]      policy: bypass    - domain: "*.laniecarmelo.tech"      policy: one_factor            - client_id: linkace        client_name: LinkAce bookmarking app        client_secret: redacted         public: false        authorization_policy: one_factor        scopes: [openid, groups, profile, email, offline_access]        redirect_uris:          - https://bookmarks.laniecarmelo.tech/auth/oidc/callback        grant_types: [authorization_code]        response_types: [code]        response_modes: [form_post, query]        userinfo_signed_response_alg: none        consent_mode: explicit        pre_configured_consent_duration: "1y"

Does anyone know what might be causing this and how I can fix it?
#Linux #ArchLinuxARM #Stormux #RaspberryPi #RaspberryPi500 #RPi #RPi500 #tech #technology
@selfhost @selfhosted @selfhosting

cross-posted from: https://lemmy.ml/post/26304038

from the OpenSSH 9.9p2 release announcement:

This release fixes two security bugs.

Security
========

* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
  (inclusive) contained a logic error that allowed an on-path
  attacker (a.k.a MITM) to impersonate any server when the
  VerifyHostKeyDNS option is enabled. This option is off by default.

* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
  (inclusive) is vulnerable to a memory/CPU denial-of-service related
  to the handling of SSH2_MSG_PING packets. This condition may be
  mitigated using the existing PerSourcePenalties feature.

Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.

Password is right in compose and config. Idk what else to do.

A distributed streaming platform that can run on Raspberry Pi 5.

Last October, at a conference we shared a demo running Fluvio and Stateful DataFlows on a Rasperry Pi 5 running an object recognition pattern.

Fluvio is a distributed streaming runtime for building event driven analytical applications.

Relevant for Builders who are writing applications in Rust. Software & Data Architects who are building intricate data processing workflows to build intelligent applications using Rust, Python, or JavaScript, and of course SQL.

Fluvio currently is version 0.15.2, closing towards version 1 steadily. The past release notes and features are here - https://www.fluvio.io/news/

Documentation updated as of last release - https://www.fluvio.io/

We released a benchmarking utility in v0.15 and a blog showing some basic benchmark runs here : https://infinyon.com/blog/2025/02/kafka-vs-fluvio-bench/

Would love for you awesome people to try it out and share your experience.

#MiniFlux users, can anyone help?

Hi all. I'm having some issues with MiniFlux, a #SelfHosted #RSSReader, and hoping someone can help. MiniFlux was working fine until I tried to deploy ReactFlux on the same domain as it, rss.laniecarmelo.tech, on a subpath, /reactflux. This didn't work so I removed ReactFlux. I also migrated MiniFlux from #Docker to #Pacman package, thinking it would be easier on my system. This problem, or a similar one, was occurring before I did that though.

Now, rss.laniecarmelo.tech loads the MiniFlux login page, but when I login, it redirects to a blank page at rss.laniecarmelo.tech/login. I've added trusted proxies and cookie configuration to my miniflux.conf and headers to my Caddyfile, but I still have the issue.

I'm using #Caddy for #ReverseProxy and #Cloudflare for #SSO. Has anyone seen anything like this before? This is on a #RaspberryPi500 running #ArchLinuxARM.

I've checked MiniFlux logs, and it's getting the login requests and creating sessions. I'm not sure what's happening after that. Cloudflared and Caddy seem to be working normally.

#SelFhosting #Linux #RSS #RaspberryPi #RPi #tech #technology
@selfhost @selfhosted @selfhosting

Within the past couple months, I saw someone's pet-project where they were cobbling together a self-hostable FOSS app/service to allow people to collaborate on travel planning. It included note taking, images, possibly some functionality around dates, and a map to drop pins and see a route (I'm not sure which backend but I would guess OSM).

Now I can't find it. :(

Does anyone use an app like this? Does anyone have any recommendations? My needs are loose - my only requirements are a FOSS license and to be self-hostable.

Thanks for ideas/suggestions.

Would you be able to host instances for stuff like mastodon and peertube on a raspberry pi more specifically the raspberry pi 5

Hello, I have set up a synapse homeserver with email support, but i get one of two errors, depending on what smtp port i'm using:

465:Unable to add email address
MatrixError: [500] An error was encountered when sending the email (https://tanuki.gay/_matrix/client/v3/account/3pid/email/requestToken)

587: fetch failed: NetworkError when attempting to fetch resource

anyone know of a solution to this? can provide configs on request.

i created a browser-based tool for p2p file transfer where it doesnt use any backend for storage. instead, it relies on storage provided by the browser.

https://file.positive-intentions.com/

• my methods have been:

• use trilium for any detailed notes and documentation

• memos for random thoughts especially if shorter

• pen and paper when offline or on mobile because mobile trilium and moememos both suck

• zotero for citation and bibliography manager

• backed up to nextcloud

• i have paperless-ngx but found it randomly errors a ton of things and zotero is fine.

• considering if it’s worth it to have so many different spread out methods

• theyre fun to use but it creates more chaos then needed

When I first set up my web server I don't think Caddy was really a sensible choice. It was still immature (The big "version 2" rewrite was in beta). But it's about five years from when that happened, so I decided to give Caddy a try.

Wow! My config shrank to about 25% from what it was with Nginx. It's also a lot less stuff to deal with, especially from a personal hosting perspective. As much as I like self-hosting, I'm not like "into" configuring web servers. Caddy made this very easy.

I thought the automatic HTTPS feature was overrated until I used it. The fact is it works effortlessly. I do not need to add paths to certificate files in my config anymore. That's great. But what's even better is I do not need to bother with my server notes to once again figure out how to correctly use Certbot when I want to create new certs for subdomains, since Caddy will do it automatically.

I've been annoyed with my Nginx config for a while, and kept wishing to find the motivation to streamline it. It started simple, but as I added things to it over the years the complexity in the config file blossomed. But the thing that tipped me over to trying Caddy was seeing the difference between the Nginx and Caddy configurations necessary for Jellyfin. Seriously. Look at what's necessary for Nginx.

https://jellyfin.org/docs/general/networking/nginx/#https-config-example

In Caddy that became

jellyfin.example.com {
  reverse_proxy internal.jellyfin.host:8096
}

I thought no way this would work. But it did. First try. So, consider this a field report from a happy Caddy convert, and if you're not using it yet for self-hosting maybe it can simplify things for you, too. It made me happy enough to write about it.

🌟 Self-Hosting Journey Update! 🌟

After weeks of work, I'm excited to share my self-hosted setup! 🎉 I'm running everything on a Raspberry Pi 500 with Stormux (Arch Linux ARM-based), 8 GB RAM, and a 512 GB SD card (planning to upgrade to SSD or NAS as soon as I can afford it). Here's what I’ve built so far:

🔧 Services in Action:
- Development: Forgejo, Code-Server, Woodpecker CI
- Productivity: Joplin Server, Monica CRM, Homepage dashboard
- Monitoring: Prometheus + Alertmanager, Grafana, Netdata, Uptime Kuma
- Networking: AdGuardHome + Unbound, Tailscale VPN
- Tools: MiniFlux, Linkding, TheLounge
- Management: Portainer, Cockpit, Watchtower

🔒 Security & Access:
- Caddy + Cloudflare Zero Trust/Access for reverse proxy & SSO
- FirewallD + Fail2ban for extra protection

📧 Emails Powered by Zoho ZeptoMail:
All email-capable services (e.g., Forgejo, Joplin) are configured for reliable notifications.

💾 Backups: Using IDrive's 5 TB plan for peace of mind.

This journey has been challenging yet rewarding! 🚀 I'd love to hear your thoughts—especially tips on scaling storage or optimizing performance. Let's chat! 💬

#SelfHosting #RaspberryPi #Linux #ArchLinuxARM #Stormux #Tech #OpenSource #DIYTech #HomeLab #CloudComputing #AdGuardHome #Grafana #Prometheus #CodeServer #Portainer

@selfhost @selfhosted @selfhosting

I've gone handwritten, obsidian, onenote, and now Trilium. Considering switching to something else because there is no offline mobile support.

I use memos and trilium together but since neither offers mobile offline support considering switching both. No reason to run two services when I could run one.

Considering:

• Joplin
• Logseq
• SiYuan
• ?

Just wanted to share in case others encounter this dumb issue.

I've noticed that with time, my homelab is growing and with this comes complexity and time required to maintain. A big challenge is keeping on top of updates of firmware and key components (router and NAS, with pfsense and Truenas Scale respectively). What area people doing to ensure they keep on top of their homelab?

I have LMS at its latest version (8.5.3) installed on a VM. I hadnàt updated for a while and so decided to do so. To my surprise, I learnt that Logitech Media Server is now called Lyrion Music Server. Has anyone migrated from one to the other in a non-painfull way? I did a quick search. There are some guides for Synology and QNAP servers but I was after a more generic guide for pure docker. Anyone come across any?

I recently update pfBlockerNG on my pfsense box and after login in several days after I have loads of messages saying: "pfBlockerNG ASN - To utilize the ASN functionality, you must register for a free IPinfo Account. Review IP Tab for more information." Once I register are they going to start collecting data every time pfSense querries their ASN database?

cross-posted from: https://lemmy.world/post/24674369

I have some downtime at the moment so I'm thinking of reviving my personal blog again. I have enough experience with managed services that I'm reasonably confident to self-host. I'm aware that WordPress / Drupal / Joomla will most likely do what I want, but they're way overkill for my needs and I don't need the extra headaches.

Currently I'm leaning towards ghost, even though activitypub is only in alpha as far as I know. Plume isn't actively maintained any more, which is a shame. WriteFreely is a great project but doesn't suit my aesthetics and doesn't support themes as far as I know. I know connecting a flat-file CMS to activitypub is possible, but seems like way more trouble than I'd like to go to.

Is there anything I've missed that I should be looking at?