Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Can you expand on this? What is it that you call the "global list of subdomains"?
Certificate transparency, unless you use wildcard certs
It'd be better and more accurate say the list of certificates then.
Sub domains aren't public unless your DNS server has XFER on.
Interesting! I'm going to look into this. Not sure my provider has this in their UI
It trivial to get a list of all registered domains and subdomains and the IP addresses they map to. There are any number of paid services to make it easy (e.g. https://subdomainfinder.c99.nl/) but I'm pretty sure there's also a way to do it yourself.
This is kind of why I have wild card on my main domain... Nothing on www.
Except it isn't. Saying it is trivial is just gross generalization. It's trivial to configure bind to have internal zones that aren't resolvable publically. It all depends on configuration, such as reverse ns entries, zone accessibility, etc.
You can have (sub)domains that are listed in the certificate lists and yet aren't resolvable externally as well.
Actually, wait. Something you a said might actually be just what I'm looking for: you mean that I can have DNS entry for mydomain.com and no additional CNAMEs, and have a cert for nextcloud.mydomain.com (or wildcard maybe?) and somehow still be able to use name based virtual servers?
Hmmm. I thought I was going to be limited to path-based.
Explain more?
Absolutely. Simply use ACME with the DNS validation method. Using bind you'll want to create keys and allow TXT access for those keys to the validation domains. Fear not, this isn't exclusive to bind, ACME tools supports dozens of other backends. That's all you need the actual domain doesn't need to be resolvable with an A/CNAME record. Internally you can run an entirely different DNS server to resolve your hosts, use hosts files, or use bind zones.
Okay. Yup, that's probably true. I'm not that deep into network stuff. But, if you're just doing the basic, 'ha.mydomain.com => 121.41.38.9' that works out of the box with name based virtual hosts and reverse proxy, then yeah, you'll get traffic on that within 24 hours.
I reckon if a person understands what you're talking about though, they're already doing better than most.