TL;DR: Unsure if I should just run Syncthing, or do a Nextcloud. Tailscale seems at risk of enshittification, so do I find alternatives or just use it for ease? Is Immich easy enough to set up without Tailscale? Stick with docker or podman for ease? Are externsl drives easy to work with? Should my RAID1 be NTFS or Ext4?
Starting My Selfhosting Journey I recently got my drive bay and Optiplex and have already flashed Proxmox onto it so I could eagerly spin up some local services to see what I wanna stick with. Or at least I tried anyway 😅
Jellyfin in a debian container was quick, painless and seems to work fine. But I was trying to set up Nextcloud and I felt lost, with the many different ways people go about it. When I tried to set up Nextcloud AIO in a Debian VM with docker it forces you to set a domain for your instance, but I only want to do local for now (ease and security until I get the hang of things). Which then runs into the hosting a domain via Tailscale problem. 90% of guides, videos, scripts, etc. seem to only focus/support Tailscale, but they force you to use third-party accounts for logins, and I started this whole thing to distance myself from Big Tech. Is Headscale or NetBird a better idea (when I do decide to remotely access)? Who’s more beginner friendly? Similarly, docker or podman?
I do know the difference between Syncthing and Nextcloud, but I wonder which I should stick with. I want to start being better about backing up my phone and laptop, and I know I could use syncthing to share these backups with each other, but I thought it’d be nice to try to replace my minimal Google Drive and Onedrive usage with Nextcloud and just put everything there. I’d still have to backup that data to an external location though if I want to follow the 3-2-1. So should I just do encrypted backups and put them in a cheap provider’s cloud, and drop the idea of a selfhosted cloud?
Similarly related to the Nextcloud issue, is Immich another heavily Tailscale dependant service?
Side note: How easy is it to use external drives with these services I’ve mentioned? I plan to use my drive bay that currently has 2TB (4 drives running in RAID1), so I can only connect to it via cable. Can I have most of my media stored on the drives, or will that not work? Also, I swear I had to keep verifying my login every few mins when accessing my drives on ext4 format? I switched it to NTFS recently but Windows can’t read/see the drives at all (does it not like Linux formatting it?)
Future Ideas: Once I get these first few down, any suggestions? I’m feeling the power rush and craze from being free and able to run my own stuff, and I want to prove to my mom how useful it’ll be. I want to move away from YT Music, and I’ve heard Jellyfin + Jellyamp works good, but is there another I should run (Navidrome)? Should I get into the arr services and torrenting (I do have ProtonVPN)?
I tried looking at previous posts but I just wanted a little more personalized advice. I’m extremely greatful for any help and I will make sure to post my beautiful setup later once I get it going after y’alls input. It’s really exciting thinking about the possibilities!
I also had a lot of difficulty setting up NextCloud. Based on the various reviews and comments, it seems like I may have actually dodged a bullet.
In general, as I’ve tried different self-hosting solutions, I’ve found that using a dedicated solution for each purpose has given me better results. I use Radicale for contacts and Calendar, Immich for photos, Jellyfin for media (Navidrome for music is great, but I ended up keeping my music library in Jellyfin because I liked the client apps better).
I’m using OwnCloud for filesync, although I’m also testing CopyParty, which is pretty phenomenal and stupid simple.
Tailscale is GOAT. Some people have speculated that it could be subject to enshitification some day. It’s managed by a for-profit company, but everything they do is open source. There are already well-tested forks like HeadScale if you ever have the need to self-host it in the future.
NextCloud seems great if you can get it working and provides a lot of services in one. Some people have said that causes bloat and slowdown, so there are two sides to the coin.
Syncthing is likely not a good option for a file server. It’s great if you want to have a shared file or folder on multiple devices, especially if you just want to transfer files quickly and seamlessly. It’s fantastic at what it does, but it’s not a file server. There are a lot of opportunities for error when using Syncthing.
Id recommend setting up a domain even if just for local use. No-ip.com is at least working for me right now (i have free throwaway domain set up there and my router is keeping my dynamic ip dns records up to date so i can wireguard into my router/lan even if the ip changes).
You dont need to expose your services but if you ever do want to, it’s so much easier if youve got a working reverse proxy infront already set up plus you can use https via let’s encrypt certifications inside LAN
Setting up (sub)domains in lan forces you to learn to use a reverse proxy like caddy traefik or nginx. Personally to me NPM(nginx proxy manager) was the easiest to use but i use caddy nowadays. For half a year i didnt expose anything but after wanting to share some albums with the extended family i decided to do so via pangolin hardened with crowdsec running on a virtual private server. Pangolin - while not as easy as tailscale is selfhosted and is very well documented and works well. Then internally, i still have my casdy reverse proxy and certs.
All the services work with the same domain names internally (via the routers dns) and externally. Internally the domain simply points to my severs LAN address. Externally the domain points to my VPS where Pangolin relays my internal domains to the users but adds an extra authentication layer/recerseproxy/access control layer infront. For authentication i use Pocket ID. I can reach nextcloud and access and edit all my documents and other files right there in the browser from any computer which is very convinient.
To answer your first bit:
I went owncloud --> nextcloud --> syncthing + radicale.
Not looked back.
I run everything through a proxy in my home-built pfsense box.
I use wireguard directly instead of tailscale. Not sure what router you’re using, but mikrotik support it out of the box. I am sure they are not the only ones. My phone runs on it 24/7 and has access to the rest of my services.
I haven’t setup nextcloud, so can’t give any advice on that. Immich was insanely easy to setup though.
I like navidrome, but I am not using jellyfin, so I have nothing to compare it with.
Syncthing. You don’t need nextcloud.
Tailscale is great. You should use it. Most of their code is open-source. Their coordination server is closed-source, however there’s a self-hostable open-source reimplemention called Headscale if you want a fully-open-source Tailscale stack.
Tailscale is a peer to peer VPN, meaning there’s no central server like with OpenVPN. Systems on the VPN connect directly to each other. You can also use Wireguard in this way if you configure it as a mesh (every device on the VPN has every other device configured as a peer, and for each pair, at least one of them has the port open and forwarded). Tailscale is more reliable for that as it uses several NAT traversal techniques, so you don’t need to open the port and it works even if both ends are behind NAT.
Immich doesn’t rely on Tailscale; you can use any VPN.
They don’t recommend exposing it to the public internet at the moment though, which is why you’d use a VPN(edit: as per a reply, this is not the case any more). In general, never expose anything publicly unless it absolutely has to be (like a website that anyone can access). For giving access to friends, you can share a device with them via Tailscale and configure an ACL so they can only access particular services on it.For the drives, I’d recommend ZFS instead of Ext4 or NTFS. ZFS can detect bitrot and corruption using checksums, which neither Ext4 nor NTFS can do. NTFS isn’t recommended unless you’re running Windows Server, but you already said you’re using Proxmox.
IMO, use Syncthing instead of Nextcloud, unless you’ll be using all the other apps that come with Nextcloud (calendar, office tools, chat, etc). Syncthing does one thing and it does it well, which is almost always better than using software that tries doing a large number of things. Consider Seafile too.
For backups, I’d recommend Borgbackup and Borgmatic. Get a cheap storage VPS to store it. You should be able to get a deal for less than $2/TB/month during the current Black Friday sales. Check LowEndTalk for deals. A Hetzner storage box would work great too.
On the public Immich bit, they have docs on how to setup a reverse proxy correctly. No security warnings.
That sounds like a thumbs up to me?
Interesting! They used to have a warning about it. I guess they removed it at some point. It’s referenced in this discussion for example: https://github.com/immich-app/immich/discussions/13008
That pretty much says: safe when stable. (Which it is now) Makes some sense.
Mine is public, so I hope it’s safe (ish)
Dumb question: my bitwarden browser plugin doesn’t work properly of my Vaultwarden doesn’t run https. Right now I’m exposing it under subdomain with self-cert in nginx proxy manager. Could I switch over to using my Headscale with “tailscale serve”? Does this work and can I use it https in that way?
Tailscale serve might work; I haven’t tried it so I don’t know what it’s capable of.
Usually I’d recommend getting a real domain name and using Let’s Encrypt. .com domains are around $10/year but some TLDs are even cheaper. If you don’t mind which TLD you use, go to tld-list.com and sort by renewal price.
Edit: I forgot to mention - a server does not need to be publicly exposed to use Let’s Encrypt. You can use a DNS challenge instead of a HTTP one.
A domain with DNS access costs around 2€ a year. Just buy your own and generate certificates with Acme.
I did this about a year ago, and started with tailscale. But for some bizarre reason, tailscale would cause my entire internet connection to drop. I had the internet provider come out 5 times to fix it, i got a new router twice, they even checked for cable problems between my house and the neighbourhood switch. All to no avail. I would lose internet connection several times a day until i would reboot my router. I then found someone on their forum mention that tailscale was causing problems, so i turned it off. The problems stopped. I found no way to mitigate this.
I ended up running wireguard, which works great for me, but does have a bit of a learning curve. I have rented a tiny cloud server which is the central hub, and all of my services run in podman with their own wireguard config. I run my own dns for the lacal domains. It took me a bit of effort, but is now running very stable.
I’m still learning myself, but am planning to use NetBird instead of Tailscale to access my VMs and apps without exposing them to the web. So far, it’s been pretty easy to set up.
