I have an automation that is triggered by a door open/close sensor that I have attached to the flushing arm in my toilet with a custom made 3d printed mount for the sensor, which triggers a script on the server which connects to the chromecast speaker in the bathroom and plays the final fantasy 7 battle victory theme whenever someone flushes the toilet. It is perhaps my favorite part of my home.

I use restic on Linux, but duplicati seems like the new hotness and it’s cross platform

I’ve sysadmined wordpress for about 7 years professionally, so this stuff is as easy as making cereal to me. But there is a few steps. On a high level:

- Subdomain must point to your public IP

- Your public IP probably changes sometimes so you should have a way to automate updating the IP for your home server via the DNS provider’s API

- Your router must be forwarding port 80 and 443 to your server

- Your server needs a web server software that can take the request and map it to the right virtual host for your site (and you need to make said virtual host)

- The wordpress install needs to have used wp-cli or a wp-config.php hack to change the domain of the site that wordpress thinks it is running as

- You need to secure the domain with letsencrypt, certbot will do this for you

This is the steps for a traditional web server, but since we usually use docker around these parts, instead of the normal web server software (apache or nginx) the way to use in docker is “letsencrypt nginx proxy companion” which will route an incoming connection to the docker container running wordpress and handle letsencrypt for you.

There are also a few other ways one might commonly set this all up, and what steps you are missing depends on the way you are hosting wordpress right now.

If you fill in some of the missing information on what you do or dont have from the steps above, I’ll let you know what’s next. Or you can send me a PM on reddit and I’ll help you out!

snap install docker

“I heard you liek containers, so I put your containers in a container”

Your whole life becomes much simpler when you use docker.

Elevator pitch: Docker containers are preconfigured services which run isolated from the rest of your system and only expose individual directories you map into the container. These directories are the persistence part of the application and survive a restart of the container or the host system. Just backup your scripts and the data directories and you have backed up your entire server.

I have a few scripts as examples. ‘cd “$(dirname “$0”)”’ changes to the directory the script is stored in, and therefore will create and map data directories from that parent directory.

Letsencrypt proxy companion will set up a single listener for web and ssl traffic, setup virtual hosts automatically, and setup SSL, all with automations.

First, you need letsencrypt nginx proxy companion:

#!/bin/bash

cd “$(dirname “$0”)”

docker run --detach
–restart always
–name nginx-proxy
–publish 80:80
–publish 443:443
–volume $(pwd)/certs:/etc/nginx/certs
–volume $(pwd)/vhost:/etc/nginx/vhost.d
–volume $(pwd)/conf:/etc/nginx/conf.d
–volume $(pwd)/html:/usr/share/nginx/html
–volume /var/run/docker.sock:/tmp/docker.sock:ro
–volume $(pwd)/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro
–volume $(pwd)/nginx.conf:/etc/nginx/nginx.conf:ro
–volume $(pwd)/acme:/etc/acme.sh
jwilder/nginx-proxy

docker run --detach
–restart always
–name nginx-proxy-letsencrypt
–volumes-from nginx-proxy
–volume /var/run/docker.sock:/var/run/docker.sock:ro
–env “DEFAULT_EMAIL=YOUR_EMAIL_ADDRESS_GOES_HERE@MYDOMAIN.COM”
jrcs/letsencrypt-nginx-proxy-companion

Then for each service, you can start with a docker command as well with a few extra environment variables. Here is one for nextcloud:

docker run -d \

–name nextcloud
–hostname cloud.MYDOMAIN.COM
-v $(pwd)/data:/var/www/html
-v $(pwd)/php.ini:/usr/local/etc/php/conf.d/zzz-custom.ini
–env “VIRTUAL_HOST=cloud.MYDOMAIN.COM”
–env “LETSENCRYPT_HOST=cloud.MYDOMAIN.COM”
–env “VIRTUAL_PROTO=http”
–env “VIRTUAL_PORT=80”
–env “OVERWRITEHOST=cloud.MYDOMAIN.COM”
–env “OVERWRITEPORT=443”
–env “OVERWRITEPROTOCOL=https”
–restart unless-stopped
nextcloud:25.0.0

And Plex (/dev/dri is quicksync for hardware transcode):

docker run \
--device /dev/dri:/dev/dri \
--restart always \
-d \
--name plex \
--network host \
-e TZ="America/Chicago" \
-e PLEX_CLAIM="claim-somerandomcharactershere" \
-v $(pwd)/config:/config \
-v /my/media/directory/on/host/system:/media \
plexinc/pms-docker

Obsidian:

docker run --rm -d \

–name obsidian
-v $(pwd)/vaults:/vaults
-v $(pwd)/config:/config
–env "VIRTUAL_HOST=obsidian.MYDOMAIN.COM "
–env "LETSENCRYPT_HOST=obsidian.MYDOMAIN.COM "
–env “VIRTUAL_PROTO=http”
–env “VIRTUAL_PORT=8080”
ghcr.io/sytone/obsidian-remote:latest

I have found transcoding to work noticeably better when using quicksync (the intel chip native encoder) rather than a GPU.

At this point, I think the only real reason you would want a GPU is for LLMs.

I’m in the exact same situation, and I’ve been eyeing the device on amazon named: “Mediasonic PROBOX 4 Bay 3.5” SATA Hard Drive Enclosure – USB 3.0 eSATA Support (HF2-SU3S3)” - I think this is what you are looking for. If I understand correctly, a single eSata cable will be able to drive all 4 drives in this box, so basically as much expandability as you want.

So I assume you have a web server somewhere which is configured to host virtual hosts in some regard. You need to set up a virtual host which is configured to respond to requests for mydomain.com and reply with a redirect to aa.mydomain.com. The DNS for the domain root must be an A record, so you will have to set the IP address for your web server on the A record for mydomain.com. How exactly this looks and what sticky points you have in setting this up depends on what your web server setup is like - maybe you have this all working, but if not, if this is just an apache or nginx install, then we need to work through setting up the virtual host, or if this is a docker style nginx letsencrypt manager, then thats another set of configuration issues.

Let me know how far you’ve gotten, or if nowhere at all and you need a recommendation for how to do this, let me know. Let me know a little more about your web server environment that responds to mydomain.com if you have one set up (linux? windows? router with pfsense?)

The way I do this is my router forwards all http and https traffic to my web server running ubuntu, and docker-letsencrypt-nginx-proxy-companion handles all the virtual hosts. Then if I wanted to create a redirect for a single domain, I would make a docker container that served an nginx server and have it configured with a redirect. But I must acknowledge I’ve been a sysadmin for 10 years and there may be more user friendly turnkey ways to do this, I’m just doing what works for me.

This is just a WordPress quirk, you did everything ok. You can usually solve this but using wp-cli to do a global find and replace for your IP address with the new domain name on your WordPress install. Another option is setting some constants which are something like SITE_HOME (I’m not sure that’s right) in your wp-co fig.php file. Google “change domain WordPress” and it should point you in the right direction.

If you have a central server which is performing backups, and the client computer trusts the server, use syncthing to mirror the files on the client to the server. Syncthing also has an android client.

If the client computer doesn’t trust the server, for example you are offering a backup destination for friends or extended family, then use duplicati for incremental encrypted backups.

Both options work on both linux and windows.

Ubuntu server, some bash scripts, and a docker install. KISS

Last I tried this, the Nvidia cli I stalker was easy peasy for my 1050ti.

However, I haven’t took a look at jellyfin, but the Intel quicksync encoder on the Intel chip on my home server did the same encoding tasks and was far less temperamental with plex than Nvidia was. Do you really need the GPU? If it’s just for video encoding I feel like you could skip it. If it’s for more esoteric stuff like running LLM then of course it’s a requirement.

Used Dell Optiplex SFF (Small Form Factor) PC from ebay. They are tiny and total powerhouses for home server stuff. I run one with a 1 TB SSD and 16 TB hard disk, and it runs basically all of that using docker containers. And minus the storage it cost me about $120 bucks.

There is this thing called the internet, it’s filled with web servers. It’s what cybersecurity is basically all about.

A web server is more than just a thing that serves up personal web pages. Virtually all system to system communication uses a web servers nowadays, the world runs on APIs.

I feel like this is like asking why you’d have to know how a stove works if you’re going to be a cook. It’s more than just related, it’s practically the core most fundamental thing you need to know how it works in order to be a cybersecurity pentest person.

Imho attitude’s like this really turn me off in some people. A friend of mine wanted to learn computer programming and information technology, so I gave him a crash course on docker with the goal of setting up a container to handle vpn bittorrent downloads. Really simple stuff, like copy and pasting a few commands. He asked why even do this if he can just use deluge on his desktop. Like, it’s missing the forest for the trees, you need to know how stuff works to be useful to people that are looking to hire people who know how stuff works.

The friend of mine was hoping to work with me as a contractor so he could get high paid computer work, but frankly, I don’t need to hire someone who is too lazy to learn even the most basic fundamentals. And in your case, knowing how a web server works is fundamentals. And you can figure out the basics in only a few days.

The only way you’re going to make it in info tech is to be curious and figure out how stuff works. That is the *only* real skill you need to succeed.

I wrote a bunch of scripts that for each file I got from bittorrent, it removes it from the daily backups, and instead has a log of what file goes where and what torrent it came from. I’ve actually had to use it’s restore function a few times because I’m trigger happy and sometimes ruin my server. One of these days I will clean up the script and make it portable…

Oh dude, yeah ChatGPT knows Linux and docker better than I do and I’ve been doing this sort of thing professionally for 15 years, lol. Whatever you need as far as writing scripts, invoking containers, or generally asking it questions, you can just consider it an expert network administrator and it can write all your scripts and whathaveyou.

One of the best moments this year was when I realized I never had to figure out how to write an iptables command again lol

One thing nobody has mentioned here, I run all my services as a docker container. It makes them very easy to back up, and very easy to segregate. If a service gets compromised, in theory, it’s isolated to what it can access inside the docker container and can’t compromise the host. And if you delete and rebuild the container, any damage done in the container dies with it.

Running home assistant with docker is as simple as the command:

sudo docker run -d \

--name homeassistant \

--restart=unless-stopped \

-e TZ=America/Chicago \

-v $(pwd)/homeassistant:/config \

--network=host \

homeassistant/home-assistant

There is of course, more details to learn and the devils are in the details, but thankfully anything you want to know on how to set up your network in this regard you can just ask chatgpt.