Hi selfhosting community :)

I am hosting some services on a NixOS box (Immich, Nextcloud and some others). So far I had no problem reaching my services, just via tailscale when I am not at home.

But now I wanted to branch out and get a little fancy with https setup and a domain, so I can share my services with friends. I followed this guide and got a domain at cloudflare. However I ran into some problems.

The relevant setup: ::: spoiler spoiler Nextcloud:

 undefined

    
services.nextcloud = {
  enable = true;
  hostName = "nextcloud.<mydomain>.com";
  https = true;
};

  

Nginx:

 undefined

    
services.nginx = {
  enable = true;
  virtualHosts = {
    "nextcloud.<mydomain>.com" = {
      forceSSL = true;
      useACMEHost = "<mydomain>.com";
    };
    "immich.<mydomain>.com" = {
      forceSSL = true;
      useACMEHost = "<mydomain>.com";
      locations."/".proxyPass = "http://127.0.0.1:2283/";
    };
    "immich.<machine>.<tailnet>.net" = {
     
  

Disclaimer: This is for folks who are running services on Windows machines and does not have more than one device. I am neither an expert at self hosting nor PowerShell. I curated most of this code by doing a lot of "Google-ing" and testing over the years. Feel free to correct any mistakes I have in the code.

Background

TLDR: Windows user needs an uptime monitoring solution

Whenever I searched for uptime monitoring apps, most of the ones that showed up were either hosted on Linux or containers and all I wanted was a a simple exe installation file for some app that will send me alerts when a service or the computer was down. Unfortunately, I couldn't find anything. If you know one, feel free to recommend them.

To get uptime monitoring on Windows, I had to turn to scripting along with a hosted solution (because you shouldn't host the monitoring service on the same device as where your apps are running in case the machine goes down). I searched and tested a lot of code to finally

I followed this Guide to setup headscale with caddy. And tried to add Keycloak with this guide from the same guy.

Sadly my docker containers do not seem to be able to connect to the keycloak server. What happens is that if i try to download the openid configuration from the host (via wget) or from my local PC it just works. But the headscale server gets a timeout when trying to connect to the endpoint. When i use the internal docker name to connect to the keycloak container the connection works fine but then i get an error because its not the external url.

I experimented a bit and managed to reproduce the issue with a different container (running an ubuntu container and also getting a timeout when trying to download the config from keycloak). If i run the container with the host network i works just

Problem Statement

The official docker-compose and Docker documentation for self-hosting Lemmy is not suitable for my use-case. It:

• Spins up its own single-use containers for pictrs, postgres and nginx.
• Makes a bunch of assumptions about the deployment network topology that doesn't always work in a more managed setting.

I'm not a pro nor an expert in sysadmin, Docker or web technologies, so it took many hours of deciphering the (very) sparse documentation to figure out how to make Lemmy fit my deployment scenario. Here, I'd like to just share my own docker-compose, lemmy.hjson and my NGINX reverse proxy configuration, and hope it helps someone out there.

How I Host My Services

• Each service is single-instance, multiple-use. For example, my postgres container serves not just Lemmy, but other containers that require a DB service as well.
• I have an existing reverse proxy with nginx, already provided by the awesome [swag](https://docs.linuxserver.io/images/docker-sw