If you are talking about the IP address then just add a static address, no? I do it anyway in my docker compose:

...
    networks:
      traefik.net:
        ipv4_address: 10.10.10.99

networks:
    traefik.net:
      name: traefik-net
      external: true

I’m not an expert so maybe I’m wrong, if so do not hesitate to correct me !

EDIT: If the IP address doesn’t change, you do not need to change to routing and iptables/nftables rules. ??

Strange electrical signal and high dopamine level flooding your brain 😍🤪

You can somehow change that behavior: Prevent docker from manipulating iptables

Option to disable this behavior would be 100x better then current, but what do I know lol

Prevent docker from manipulating iptables

Don’t know what it’s actually doing, I’m just learning how to work with nftables, but I saved that link in case oneday I want to manage the iptables rules myself :)

There is nothing better than Nextcloud for files, I was trying to use syncthing and seafile - both sucks in one way or another.

Syncthing is a sync utility wich is different from a cloud service. They both have different purpose and are for different tasks. IMO as cloud service go, they all suck (nextcloud, seafile, owncloud) if you’re just looking for a simple and unbloated selfhosted cloud service.

Also, I was using vikunja for tasks but it’s UI and UX… Well, strange and not eye-candy. I hope someday they’ll rewrite it.

I find it’s UI and UX pretty good, I really like it ! But with the new editor update it fucked up the caldav integration with jtxBoard, but it’s in the backlog and he/they are already working on it !

That’s true. But it doesn’t take away the possibility to use them in a selfhosted environnement.

Large enteprises like facebook and google still use them, but they have the backing to secure them safely.

Also, there is always the possibilty to add all subdomains in one certificate which takes away the wildcard subdomains.

Thanks for sharing, very cool stuff in there and great job ! Bookmarked !

While reading through your reverse proxy concept post, I think this statement is wrong:

As a sub-domain:
- Cons: require additional certificates for HTTPS/SSL for each sub-domain

There are actually wildcard SAN certificates where you can access all your subdomains with a single certificate: https://*.mydomain.com

Or you can add all your subdomains in a single certificate.

Great work and thanks for sharing !

• The MIT and Apache licenses are permissive licenses that allow developers to use the licensed code in proprietary projects without having to disclose the source code.

I understand that some projects needs these kind of license to protect their code, I get it. But this will most of the time shift the project to a closed proprietary/paid service over time… leaving the open source community with a strange feeling of being abused.

It’s not always the case, but it happened in the past, leaving people to fork the project and strating over.

• Licensees may redistribute Derivative Work under different terms.

• Licensees do not have to distribute the source code alongside with their Derivative Work.

https://itsfoss.com/open-source-licenses-explained/

Looks cool :) but AL2? no thank you !

This tutorial is what you are looking for.

It’s what I used to achieve exactly what you want :). It’s a goldmine of information and will give you exactly what you want :).

There is a lot to read and process and infos are a bit scattered arround, but everything you need to know (and more) is written there.

Good luck !

Edited my post :)

Navidrome has multi-user support, but Tempo android app doesn’t support it.

There is some kindof workaround, with docker volumes but i’m not a fan of these kind of tricks.

I edit my post with links :)

To navidrome, yes. But they won’t work over the android Tempo app.

Navidrome + Tempo is a must have for android users !

Only thing missing in Tempo android app, it’s multi-user account for those who want to share with family/friends over android.

It has been a while since I setup my wireguard server, if you host it on a linux system It can be easy as:

• Install wireguard on your system
• generate private/public key
• create a wireguard config file with iptables rules
• net.ipv4.ip_forward=1 on your server (yeah very important part)
• open the wireguard UDP port on your router
• configure clients

The first time you delve into, it can be Intimidating (at that time I was a total CLI/linux noob) if you are a beginner, but I think you will easily find your way :)

This tutorial seems rather complete and easy to follow with comments. Also, if you didn’t know, do not blindly copy/past the commands from the web directly in your CLI.

Till yesterday I had a fix public IP to reach my owncloud via port forwarding from my work laptop and as well my two desktop (outside my network)

Disable that port forwarding on your router, and install a wireguard server and forward that port only.

It’s free and works like a charm. It’s simple and elegant, and I can access all my containers from everywhere in the world!

Dunno your work policies, and what you’re allowed to setup or not, but this is the “best way” I know.

Thank you 🫶

Possible for a dark mode version XD? excalidraw can do that.

https://www.karlrupp.net/en/computer/nat_tutorial

Thanks !!

Thank you !

I do not know if this is different, but I do have some NAT configurations in my Wireguard setup, that forwards all traffic to a protonVPN free tier. I didn’t came up with the rules by myself (found some good tutorial on the web)

# Accept sending and receiving on wg0
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT;

# Forward traffic to wg-ext
PostUp = iptables -t nat -A POSTROUTING -o wg-ext -j MASQUERADE;

# allow local network connections
PostUp = ip route add **REDACTED**/24 dev enp4s0;
PostUp = iptables -t nat -A POSTROUTING -o enp4s0 -j MASQUERADE;

Is this somehow related on how a router configuration looks like underneath? Or is that totally different?

Thank your for the link :)!!!