A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Anything exposed to the internet gets a daily / weekly update, depending on how exposed it is, how stable the updates are and how critical a breach would be. For example nginx would be a daily update.
Anything behind a vpn gets a more random update schedule mostly based on when I feel like it (probably around once a month or every other month)
Usely every 3/4 months roughly. I try to remeber to update. The base. Server. And docker based things! /webserices. I update. Sparingly. Every few new versions. As I am the only user of my server. I don't have a high need to update. So I update only if a new future. Is added or a mayor bug /security patch.
Almost everything I have runs Debian or NixOS, so…….. once a month? Except for VMs I’m playing around with, which usually get updated every time I log into them, or instal stuff.
All services are dockerized, updated nightly.
Server OS runs a kernel-patch service for real time exploit patching.
All other updates as soon as they appear.
Yeah, sometimes I'll need to go in a repair - but that's way better than having to clean up after having been exploited due to not keeping up on security patches.
On my ubuntu I use unattended updates but that doesn't work reliably. I have to update it manually most of the time. Once every other month.
On my fedora server it auto updates every day at 4 reliably.
The next server is going to be atomic such that the server restart is even shorter (not that I would care about it at 4).
Automatic upgrades handle the security patches. Everything else maybe once a month. My big services like Nextcloud auto update as well.
First Friday of the month. Easy to remember.
Mine is set to update all the stuff I use, and the OS, automatically whenever an update is available. 🤷♂️
Depends, on how critical something is...since we deal with servers / customers at work that often are purposely not adjusted for years...because introducing a different behaviour (even if better) would grind production to a halt, I take a not careful approach.
I was using OpenSUSE Leap, and with zypper you can review which patches are available, whether they are critical or run recommended or not needed. You can then apply which specific patch you want be CVE if necessary.
But with Leap's path seaming messy at the moment, I moved to Tumbleweed, since you have snapshotying built in. If an update did mess something up you just rollback to the previous snapshot and in less than a minute it is fixed
Got apticron set up on my servers or similar solutions to get notified when updates are available. Then usually, from time of notification +1 or 2 days.
And for containers auto updates once every day.
All systems, daily via a single ansible script. That's apt update, upgrade and reboot if needed (some systems set to only reboot with a separate script so I can handle them separately).
Rarely have any sort of problems.
Every day to once a week, depending on free time