TechHub

panigrc<a href="https://cyberfurz.social/@hack13" class="u-url mention" rel="nofollow noopener" target="_blank">@hack13</a> I have a <a href="https://mastodon.social/tags/wireguard" class="mention hashtag" rel="nofollow noopener" target="_blank">#wireguard</a> entrypoint in a <a href="https://mastodon.social/tags/vps" class="mention hashtag" rel="nofollow noopener" target="_blank">#vps</a> and connect through it to my <a href="https://mastodon.social/tags/homeserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#homeserver</a> Currently have: <a href="https://mastodon.social/tags/pihole" class="mention hashtag" rel="nofollow noopener" target="_blank">#pihole</a> <a href="https://mastodon.social/tags/homeassistant" class="mention hashtag" rel="nofollow noopener" target="_blank">#homeassistant</a> <a href="https://mastodon.social/tags/esphome" class="mention hashtag" rel="nofollow noopener" target="_blank">#esphome</a> <a href="https://mastodon.social/tags/mstream" class="mention hashtag" rel="nofollow noopener" target="_blank">#mstream</a> <a href="https://mastodon.social/tags/gonic" class="mention hashtag" rel="nofollow noopener" target="_blank">#gonic</a> <a href="https://mastodon.social/tags/WoodpeckerCI" class="mention hashtag" rel="nofollow noopener" target="_blank">#WoodpeckerCI</a> workerAnd <a href="https://mastodon.social/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#caddy</a> as reverse proxy<a href="https://mastodon.social/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#homelab</a> <a href="https://mastodon.social/tags/selfhost" class="mention hashtag" rel="nofollow noopener" target="_blank">#selfhost</a> <a href="https://mastodon.social/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#selfhosted</a>

Lucas Janin 🇨🇦🇫🇷<a href="https://kolektiva.social/@rae" class="u-url mention" rel="nofollow noopener" target="_blank">@rae</a> This is the way! My setup is very similar to your plan. I have 4 VMs on my public VLAN: <a href="https://mastodon.social/tags/Headscale" class="mention hashtag" rel="nofollow noopener" target="_blank">#Headscale</a>, <a href="https://mastodon.social/tags/PocketID" class="mention hashtag" rel="nofollow noopener" target="_blank">#PocketID</a>, Podsync and <a href="https://mastodon.social/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> as a reverse proxy. Like your plan, all my other services are only accessible via <a href="https://mastodon.social/tags/Tailscale" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tailscale</a>. So, I cut the Tailscale server dependency

Ivan Agosto 🇲🇽<a href="https://mast.lat/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> funciona muy bien si estas pensando autoalojar servicios. Es un server que puede funcionar de proxy inverso (para eso lo uso).Hoy configure Caddy para que muestre un mensaje cuando mi blog este caido como hoy que se fue la luz.Si aun no sabes que es caddy te dejo su sitio oficial: <a href="https://caddyserver.com/" rel="nofollow noopener" translate="no" target="_blank">https://caddyserver.com/</a>

Martin Boller :debian: :tux: :freebsd: :windows: :mastodon:Another short blog post on blocking <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#LLM</a> <a href="https://infosec.exchange/tags/Bots" class="mention hashtag" rel="nofollow noopener" target="_blank">#Bots</a> that slow down a website. Using <a href="https://infosec.exchange/tags/NGINX" class="mention hashtag" rel="nofollow noopener" target="_blank">#NGINX</a>, but easily adaptable to <a href="https://infosec.exchange/tags/ApacheWebServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#ApacheWebServer</a> <a href="https://infosec.exchange/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> etc<a href="https://www.infosecworrier.dk/blog/2025/07/botblocker/" rel="nofollow noopener" translate="no" target="_blank">https://www.infosecworrier.dk/blog/2025/07/botblocker/</a>

Gea-Suan Lin<a href="https://blog.gslin.org/archives/2025/07/04/12498/caddy-%e4%b8%8a%e7%94%a8-dnsbl-%e6%93%8b-bot/" rel="nofollow noopener" translate="no" target="_blank">https://blog.gslin.org/archives/2025/07/04/12498/caddy-%e4%b8%8a%e7%94%a8-dnsbl-%e6%93%8b-bot/</a>Caddy 上用 DNSBL 擋 bot<a href="https://abpe.org/tags/address" class="mention hashtag" rel="nofollow noopener" target="_blank">#address</a> <a href="https://abpe.org/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#ai</a> <a href="https://abpe.org/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://abpe.org/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#caddy</a> <a href="https://abpe.org/tags/dnsbl" class="mention hashtag" rel="nofollow noopener" target="_blank">#dnsbl</a> <a href="https://abpe.org/tags/ip" class="mention hashtag" rel="nofollow noopener" target="_blank">#ip</a> <a href="https://abpe.org/tags/proxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#proxy</a> <a href="https://abpe.org/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#spam</a> <a href="https://abpe.org/tags/wiki" class="mention hashtag" rel="nofollow noopener" target="_blank">#wiki</a>

Uckermark MacGyver :nonazi:Switched this server to my new <a href="https://hub.uckermark.social/tags/Hetzner" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hetzner</a> Object Storage backend. Also switched from <a href="https://hub.uckermark.social/tags/NGINX" class="mention hashtag" rel="nofollow noopener" target="_blank">#NGINX</a> as reverse proxy to <a href="https://hub.uckermark.social/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a>.

16180339887that's what i used for training-text: <a href="https://gutenberg.org/cache/epub/4682/pg4682.txt" rel="nofollow noopener" target="_blank">https://gutenberg.org/cache/epub/4682/pg4682.txt</a> that's the word list: <a href="https://websites.umich.edu/~jlawler/wordlist" rel="nofollow noopener" target="_blank">https://websites.umich.edu/~jlawler/wordlist</a> i had so much fun. <a href="https://goto.byrd.ws/@joshua" class="u-url mention" rel="nofollow noopener" target="_blank">@joshua</a> <a href="https://goto.byrd.ws/@v__v" class="u-url mention" rel="nofollow noopener" target="_blank">@v__v</a> you should try this <a href="https://gts.tuttipazzi.cyou/tags/fckai" class="mention hashtag" rel="nofollow noopener" target="_blank">#FckAI</a> <a href="https://gts.tuttipazzi.cyou/tags/iocaine" class="mention hashtag" rel="nofollow noopener" target="_blank">#Iocaine</a> <a href="https://gts.tuttipazzi.cyou/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> <a href="https://gts.tuttipazzi.cyou/tags/tuttipazzi" class="mention hashtag" rel="nofollow noopener" target="_blank">#TuttiPazzi</a>

16180339887or maybe i'll try iocaine: <a href="https://iocaine.madhouse-project.org/howto/fronting-iocaine-with-caddy/" rel="nofollow noopener" target="_blank">https://iocaine.madhouse-project.org/howto/fronting-iocaine-with-caddy/</a> <a href="https://gts.tuttipazzi.cyou/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> <a href="https://gts.tuttipazzi.cyou/tags/iocaine" class="mention hashtag" rel="nofollow noopener" target="_blank">#Iocaine</a> <a href="https://gts.tuttipazzi.cyou/tags/aipoisoning" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIPoisoning</a>

OpenUEMIf you want to deploy OpenUEM with Docker now you have the option to use a <a href="https://mastodon.social/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> container as a reverse proxy included in the compose file <a href="https://openuem.eu/docs/Installation/Server/docker/#3-use-a-reverse-proxy-optional" rel="nofollow noopener" translate="no" target="_blank">https://openuem.eu/docs/Installation/Server/docker/#3-use-a-reverse-proxy-optional</a> Thanks <a href="https://birdsite.kohl.dev/users/caddyserver" class="u-url mention" rel="nofollow noopener" target="_blank">@caddyserver</a>

HarukaA new article on my <a href="https://mamot.fr/tags/blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#blog</a>, about installing and configuring <a href="https://mamot.fr/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> the web server I use now instead of Apache and Nginx. <a href="https://memcat.eu/2025/caddy" rel="nofollow noopener" translate="no" target="_blank">https://memcat.eu/2025/caddy</a><a href="https://infosec.exchange/@caddy" class="u-url mention" rel="nofollow noopener" target="_blank">@caddy</a>

patproHello, I’m hosting a <a href="https://social.patpro.net/tags/vaultwarden" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vaultwarden</a> server behind <a href="https://social.patpro.net/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> 2.10 and made the following test:Tuning Caddy to allow only <a href="https://social.patpro.net/tags/pqc" class="mention hashtag" rel="nofollow noopener" target="_blank">#PQC</a> curves:<pre><code> tls { curves x25519mlkem768 } </code></pre>Trying to connect with <a href="https://social.patpro.net/tags/firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Firefox</a> Mac -> OK Trying to connect with <a href="https://social.patpro.net/tags/bitwarden" class="mention hashtag" rel="nofollow noopener" target="_blank">#Bitwarden</a> <a href="https://social.patpro.net/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#android</a> client -> FailWithout the <a href="https://social.patpro.net/tags/tls" class="mention hashtag" rel="nofollow noopener" target="_blank">#TLS</a> tuning, the Bitwarden Android client will happily connect to the server.Is it a problem with the Bitwarden Android client or with Android, or both?

Lucas Janin 🇨🇦🇫🇷This week I learned to deploy <a href="https://mastodon.social/tags/Crowdsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Crowdsec</a> in my <a href="https://mastodon.social/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#homelab</a>:- CrowdSec LAPI on an LXC in my private VLAN - Caddy-bouncer to protect my public servives - CrowdSec-firewall-bouncer-iptables on my 2 <a href="https://mastodon.social/tags/Proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Proxmox</a> nodes - CrowdSec agent for all my public VMs and important VMs/LXCs Of course, I created an <a href="https://mastodon.social/tags/Ansible" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ansible</a> role to deploy the agent on my multiple hosts/VMs/LXCs using a certificate and a custom port, 8080 is a busy port :-)Yes, it’s overkill :-) <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.social/tags/selfhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#selfhosting</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#caddy</a>

Shane Rogers<a href="https://social.lol/tags/Yesterday" class="mention hashtag" rel="nofollow noopener" target="_blank">#Yesterday</a> I was able to get my <a href="https://social.lol/tags/MailcowDockerized" class="mention hashtag" rel="nofollow noopener" target="_blank">#MailcowDockerized</a> box to work behind the <a href="https://social.lol/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> reverse proxy. A lot easier than I anticipated.I may have to reconfigure my mobile <a href="https://social.lol/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener" target="_blank">#Thunderbird</a> client - for some reason it's not sending to outlook365, but SoGo does just fine.<a href="https://social.lol/tags/Today" class="mention hashtag" rel="nofollow noopener" target="_blank">#Today</a> I'm thinking about getting a static site to sit behind that caddy proxy. I'd like to get <a href="https://social.lol/tags/emacs" class="mention hashtag" rel="nofollow noopener" target="_blank">#emacs</a> and <a href="https://social.lol/tags/org" class="mention hashtag" rel="nofollow noopener" target="_blank">#org</a> working for publishing.So far, so good. Slow going.

Bradley TauntI'm in the process of porting over all OpenBSD related mini-sites to <a href="https://mastodon.bsd.cafe/tags/httpd" class="mention hashtag" rel="nofollow noopener" target="_blank">#httpd</a> running on my TinyKVM VPS.All other web projects will be migrated to Alpine <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a>, served through <a href="https://mastodon.bsd.cafe/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> on my other VPS.

Risotto Biashonestly there are probably several sanity/neatness benefits to "/opt/{app/{version}/db.sqlite" it's just whether a <a href="https://toot.risottobias.org/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#caddy</a> config reload will still respond to inflight requests or if it'll drop them during a reload.and then I guess you could use a shell script to say "if the current caddy config is 3000, the next server should listen on 4000" and build two systemd services (one for evens, one for odds) to let the systemd services fully start (or fully gracefully shut down?)

Thomas Frans 🇺🇦It seems like today, <a href="https://fosstodon.org/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> automatically stopped automatically renewing <a href="https://fosstodon.org/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSL</a> certificates.Yes, you read that correctly. I will now scream into the void.<a href="https://fosstodon.org/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosted</a> <a href="https://fosstodon.org/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a> <a href="https://fosstodon.org/tags/HomeServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeServer</a>

James M. WoodwardI know <a href="https://infosec.exchange/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a> is THE hot thing these days, but I swear, sometimes is JUST makes my life much more difficult than it needs to be.e.g. I have an internal-only service, Zero WAN/Internet access, which will not run without HTTPS/certs as it leans on browser crypto APIs. Okay, not unusual, but can I deploy certs to a container easily? Fuuckkkkk no. The tool's creator recommends <a href="https://infosec.exchange/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#ACME</a> (<a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#LetsEncrypt</a> or another tool implementing ACME) but again, no-internet. Well, I have an internal <a href="https://infosec.exchange/tags/PKI" class="mention hashtag" rel="nofollow noopener" target="_blank">#PKI</a>. Their docs contain a one-liner saying it should use <a href="https://infosec.exchange/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> / <a href="https://infosec.exchange/tags/traefik" class="mention hashtag" rel="nofollow noopener" target="_blank">#traefik</a> / <a href="https://infosec.exchange/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#nginx</a> reverse proxy in that situation. Now, I have to stand up, configure, manage, etc. something else just to drop a cert in front of this thing. It's still not natively encrypted.Took me 10 seconds to whip up a cert from my infra and it's gonna take me longer to build something to actually dish it out.

Lucas JaninPocket-ID: Bare Metal Installation on DebianAfter using PocketID for several months with an LXC installation and Proxmox Helper Scripts, I noticed that the service runs as root. I also learned that a VM installation is more secure than an LXC. This article will guide you on installing Pocket-ID as a non-root service on Debian.PresentationFirst, if you’re not familiar with Pocket-ID, it’s a modern and lightweight OIDC client designed for managing authentication for services like Authentic and Aurelia. Its unique feature is that it exclusively supports passkeys. I use it with several self-hosted services, including Proxmox, Proxmox Backup Server, Komodo, Betszel, Karakeep, and, of course, Headscale/Headplane. For more details, the <a href="https://pocket-id.org" rel="nofollow noopener" target="_blank">official website</a> will surely answer many of your questions. If a Docker installation is more suitable for your environment, I invite you to visit <a href="https://www.blackvoid.club/pocket-id-passkey-oidc-provider" rel="nofollow noopener" target="_blank">BlackVoid’s excellent post</a>. It also details the configuration for using Pocket-ID to connect to Synology DSM.Preamble Since I’m not short on memory on my Proxmox node and I’m very particular about the security of my home lab, I set about installing a VM. This was laborious, as up to version 0.53, there were two services, numerous dependencies, and required compilations. Despite the many obstacles, I succeeded in my mission! Then, a few hours later, without even having time to savour my small victory, version 1.0 was released. This major revision greatly simplifies things, as it’s an executable. Here is the procedure for a streamlined installation as a service with a non-root user in a Proxmox Debian VM. This procedure should be relatively easy to adapt to other types of configurations. There are many other methods for installing Pocket-ID; I invite you to consult the <a href="https://pocket-id.org/docs/setup/installation" rel="nofollow noopener" target="_blank">installation</a> page on the Pocket-ID website.Preparing the VM in ProxmoxIf you are in Proxmox, I invite you to install a Debian VM using the Proxmox Helper Scripts. It is also possible to do this with a lighter Alpine, but I have not yet embarked on this adventure. Choose the advanced mode and adjust for your situation, and change the hostname to “pocketid”.<pre><code>bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/vm/debian-vm.sh)"</code></pre>QEMUIt’s a good practice to install the QEMU Guest Agent on your VM. You can follow these steps in the Proxmox console of the VM.Update your package list:<pre><code>sudo apt update && sudo apt upgrade -y</code></pre>Install the Proxmox QEMU Guest Agent package:<pre><code>sudo apt install qemu-guest-agent -y</code></pre>Start and enable the service:<pre><code>sudo systemctl start qemu-guest-agentsudo systemctl enable emu-guest-agent</code></pre>Verify that the service is running:<pre><code>sudo systemctl status qemu-guest-agent</code></pre>This will ensure that the Proxmox QEMU Guest Agent is successfully installed and running on your Debian system.Installing Pocket-ID Get Debian ready<pre><code>apt update && apt upgrade -y</code></pre>Create a dedicated user<pre><code>useradd -r -s /bin/false -m -d /opt/pocket-id pocketid</code></pre>Install curl needed for the installation<pre><code>apt install -y curl</code></pre>Downloading and Installing Pocket-ID<pre><code>cd /opt/pocket-idARCH="amd64"LATEST_RELEASE_URL=$(curl -s https://api.github.com/repos/pocket-id/pocket-id/releases/latest | grep "browser_download_url.*pocket-id-linux-${ARCH}" | cut -d '"' -f 4)sudo curl -L -o pocket-id "${LATEST_RELEASE_URL}"sudo chmod +x pocket-idsudo chown pocketid:pocketid pocket-id</code></pre>Creating directories for Pocket-ID data<pre><code>sudo mkdir -p /opt/pocket-id/data/uploads</code></pre>Pocket-ID configuration file. To locate visitors’ IP addresses, I invite you to create an API key on the <a href="https://support.maxmind.com/hc/en-us/articles/4407111582235-Generate-a-License-Key" class="" rel="nofollow noopener" target="_blank">Maxmind</a> website.<pre><code>sudo nano /opt/pocket-id/.env</code></pre><pre><code>APP_URL=https://id.xxxx.xxPORT=1411# Database: SQLite, file located at /opt/pocket-id/data/db.sqlite# (relative to WorkingDirectory=/opt/pocket-id)DB_CONNECTION_STRING=file:data/db.sqlite?_journal_mode=WAL&_busy_timeout=2500&_txlock=immediate# Optional: Maxmind License Key for IP GeolocationMAXMIND_LICENSE_KEY="YOUR-MAXMIND-LICENSE-KEY"# Optional: Logging level (debug, info, warn, error)LOG_LEVEL=info</code></pre>Make sure all Pocket-ID files have the correct user permissions.<pre><code>sudo chown pocketid:pocketid /opt/pocket-id/.envsudo chmod 600 /opt/pocket-id/.env</code></pre>Setting up the Pocket-ID service<pre><code>sudo nano /etc/systemd/system/pocketid.service</code></pre><pre><code>[Unit]Description=Pocket ID Application ServerAfter=network.target[Service]Type=simpleUser=pocketidGroup=pocketidWorkingDirectory=/opt/pocket-idExecStart=/opt/pocket-id/pocket-idEnvironmentFile=/opt/pocket-id/.envRestart=alwaysRestartSec=10NoNewPrivileges=truePrivateTmp=true[Install]WantedBy=multi-user.target</code></pre><pre><code>sudo systemctl daemon-reloadsudo systemctl enable pocketid.servicesudo systemctl start pocketid.servicesudo systemctl status pocketid.service</code></pre>If everything goes as planned, you should receive a confirmation.<pre><code>● pocketid.service - Pocket ID Application Server Loaded: loaded (/etc/systemd/system/pocketid.service; enabled; preset: enabled) Active: active (running) since Sun 2025-06-01 07:12:57 EDT; 7s ago Main PID: 28699 (pocket-id) Tasks: 8 (limit: 2309) Memory: 8.7M CPU: 65ms CGroup: /system.slice/pocketid.service └─28699 /opt/pocket-id/pocket-idJun 01 07:12:57 pocketid systemd[1]: Started pocketid.service - Pocket ID Application Server.Jun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Starting job schedulerJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Server listening on 0.0.0.0:1411Jun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 GeoLite2 City database is up-to-dateJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "UpdateGeoLiteDB" run successfullyJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "SyncLdap" run successfullyJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "SendHeartbeat" run successfully</code></pre>Caddy Reverse ProxyHere is my Caddyfile with the /robots.txt file in case it is respected (it’s nice to dream).<pre><code># Snippet for robots.txt(common_robots_txt) {handle /robots.txt {# Set the Content-Type headerheader Content-Type "text/plain; charset=utf-8"# Respond with the body and status code 200respond `User-agent: *Disallow: /` 200}}# Pocket-IDid.xxxx.xx {import common_robots_txt# Fallback to reverse proxy for other requestsreverse_proxy 192.168.x.yyy:1411 [xxxx:xxxx:xxxx:xxxx::yyyy]:1411}</code></pre><pre><code>systemctl reload caddy.service </code></pre>For the first setup of your Pocket-ID instance, I invite you to create your administrator account at<a href="https://id.xxxx.xx/login/setup." rel="nofollow noopener" target="_blank"> <code>https://id.xxxx.xx/login/setup</code>.</a>It is strongly encouraged to have two passkeys since this is the only way to authenticate. I have one in Bitwarden/Vaultwarden and another in iCloud Keychain (via Safari).UpdateSince we’re not using Docker, updating can be a bit more complicated. However, it’s nothing insurmountable, especially since version 1.0 is already compiled. Here’s a small update script that allowed me to move from version 1.0 to 1.1.0 without a hitch.<pre><code>nano /root/update-pocketid.sh</code></pre><pre><code>#!/bin/bash# update-pocketid.sh# --- Configuration ---INSTALL_DIR="/opt/pocket-id"SERVICE_NAME="pocketid.service"USER="pocketid"GROUP="pocketid"VERSION_FILE="${INSTALL_DIR}/version.txt" ARCHITECTURE="amd64" # Change if needed (e.g., arm64)# --- End Configuration ---echo "Checking for the latest version of PocketID..."LATEST_TAG_JSON=$(curl -s https://api.github.com/repos/pocket-id/pocket-id/releases/latest)LATEST_TAG=$(echo "$LATEST_TAG_JSON" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') # Version without 'v'LATEST_TAG_WITH_V=$(echo "$LATEST_TAG_JSON" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') # Version with 'v'if [ -z "$LATEST_TAG" ]; then echo "Could not retrieve the latest version from GitHub." exit 1fiecho "Latest version available: v${LATEST_TAG}"CURRENT_VERSION="0" # Default to 0 if no version fileif [ -f "$VERSION_FILE" ]; then CURRENT_VERSION=$(cat "$VERSION_FILE")fiecho "Currently installed version: v${CURRENT_VERSION}"if [ "$LATEST_TAG" = "$CURRENT_VERSION" ]; then echo "PocketID is already up to date (v${CURRENT_VERSION})." exit 0fiecho "New version v${LATEST_TAG} available. Updating..."DOWNLOAD_URL=$(echo "$LATEST_TAG_JSON" | grep -E "browser_download_url.*pocket-id-linux-${ARCHITECTURE}" | cut -d '"' -f 4)if [ -z "$DOWNLOAD_URL" ]; then echo "Could not find the download URL for linux-${ARCHITECTURE} and version v${LATEST_TAG}." exit 1fiecho "Stopping service ${SERVICE_NAME}..."sudo systemctl stop "${SERVICE_NAME}"echo "Backing up the old binary..."BACKUP_NAME="pocket-id_backup_v${CURRENT_VERSION}_$(date +%Y%m%d_%H%M%S)"sudo cp "${INSTALL_DIR}/pocket-id" "${INSTALL_DIR}/${BACKUP_NAME}"echo "Old binary backed up to ${INSTALL_DIR}/${BACKUP_NAME}"</code></pre>Make the script executable<pre><code>sudo chmod +x /root/update-pocketid.sh</code></pre>Create an alias<pre><code>alias update='/root/update-pocketid.sh'</code></pre>Consider updating the system before updating Pocket-ID.<pre><code>sudo apt update && sudo apt upgrade -y</code></pre>If you are using Proxmox, I encourage you to take a snapshot just before the update and have regular backups (you never know :-).ConclusionNow, you are ready to step into the future with OIDC and Passkey. You can visit the <a href="https://pocket-id.org/docs/client-examples" rel="nofollow noopener" target="_blank">Client Examples</a> page to easily configure your services with Pocket-ID. I wish you a safe journey into the exciting world of self-hosting!

Adam ♿If I don't want to use <a href="https://aus.social/tags/Ansible" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ansible</a> and I'll only use <a href="https://aus.social/tags/Terraform" class="mention hashtag" rel="nofollow noopener" target="_blank">#Terraform</a> if I'm being paid to, what are my other options if I want to say, deploy <a href="https://aus.social/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> plus some kind of Fedi server and have it repeatable?It looks like Jet was an alternative but the creator ran out of steam.<a href="https://aus.social/tags/AskFedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#AskFedi</a>[I realise I am basically asking for <a href="https://aus.social/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a> but I would like to try something else]

Thomas Frans 🇺🇦Having a home server is so much fun. Can't scan because the scanning software doesn't run on <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a>? No problem, just set up the scanner to upload over SFTP to your server and serve the files using <a href="https://fosstodon.org/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a>!I love this!<a href="https://fosstodon.org/tags/SelfHost" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHost</a> <a href="https://fosstodon.org/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a> <a href="https://fosstodon.org/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosted</a> <a href="https://fosstodon.org/tags/HomeServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeServer</a>

Recent searches

Search options

Administered by:

Server stats:

#caddy