i love selfhosting :3
Nice stack! What’s the crab logo? I don’t recognize it.
Do you notice a massive increase in request latency (like 10x-50x) when using a CloudFlare tunnel vs connecting directly to your IP? I’ve experimented with it a few times, but it really negatively impacts QoS for me, especially with federated services (like Matrix) where there are lots of small requests.
the crab is Homarr and no, i haven’t had any issues with cloudflare
Thanks! I haven’t tried that dashboard yet, I might give it a spin.
Do you notice a massive increase in request latency (like 10x-50x) when using a CloudFlare tunnel
Have not noticed that at all. I don’t run any federated services tho. Might be the difference, I don’t know.
Yeah I’m thinking the request frequency was the issue rather than bandwidth.
Why do you use two separate Debian VMs plus a truenas VM running nextcloud?
Security is the first thing that comes to mind. Compartmentalization prevents or at least makes it considerably harder for compromised services to screw up all the others.
Another thing would be that it might be easier to manage backups and snapshots.
From my understanding, it’s helpful that each VM will have its own IP so ports can be opened only on specific VMs, increasing overall security.
Am I doing something wrong? All my services are grouped in docker compose files. Containers that have to communicate internally - a server and it’s db for example - are on their own private docker network. A reverse proxy has its ports 80 and 443 open and it is on an external docker network. Services that I need to access from the outside are on this network and they do not have any ports open. Except for the torrent client, which has a UDP port open.
Same. One single docker compose, and a dozen images. I get to take advantage of publicly available docker images too which makes managing and updating things a breeze.
It’s strong, but splitting services into separate VMs is stronger than just using separate docker containers. This is especially true for the torrent client.
I’m not a netsec professional, this is just my understanding of best practices.
Soooo this is not really true unless you don’t trust your kernel. While a VM is more isolated from the host, since a container shares kernel space, that doesn’t make it less secure. I.E. isolation does not equal security.
Actual sandbox escape vulnerabilities happen in VMs as frequently as they do in Docker, and while all VMs have a full systems that many exfiltrations can hit (due to a full suite of services running), many docker containers are locked to a user space with only one process running.
@kureta@lemmy.ml if you are running separate Docker networks in compose, I would not recommend switching to VMs. If that kind of isolation is a requirement, add another server and use different SSH keys for it.
i love selfhosting :3
Me2! Nice solid stack you got going there bro.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NUC Next Unit of Computing brand of Intel small computers Plex Brand of media server package RAID Redundant Array of Independent Disks for mass storage SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption UDP User Datagram Protocol, for real-time communications
[Thread #270 for this comm, first seen 2nd May 2026, 08:00] [FAQ] [Full list] [Contact] [Source code]
You should look into container technology. No reason to have this many operating systems wasting resources
Heh. Container mafia going “hush, don’t worry about iso27002, just one more pull, bro.”
OP is still running 5 containers though? And why does a home server need to implement an IT security standard meant for large organisations? I hope you got an incident response policy written down, would be a shame to fail the next audit.
