thomasabishop/self-host
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of https://forgejo.systemsobscure.net/thomasabishop/self-host

Browse source
This commit is contained in:
thomasabishop 2025-08-10 15:46:06 +00:00
commit e215f42ac6
4 changed files with 64 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -4,3 +4,4 @@
proxy/nginx/vim proxy/nginx/vim
proxy/nginx/.* proxy/nginx/.*
services/linkding/data services/linkding/data
services/forgejo/runner-data

37
README.md
View file

@ -4,41 +4,36 @@ Configuration of self-hosted third-party software on my Hetzner Cloud VPS.
![](./diagrams/directory-structure.png) ![](./diagrams/directory-structure.png)
## Services I am currently self-hosting ## Third-party applications
- Grafana ### Services
- Linkding
- Forgejo
- RocketChat
## Service data | Server port | Docker port | Subdomain | Service | Description |
| ----------- | ----------- | ---------------------------- | -------- | -------------------------- |
| 8000 | 3000 | grafana.systemsobscure.net | Grafana | Server logs and monitoring |
| 8001 | 9090 | bookmarks.systemsobscure.net | Linkding | Article bookmarking tool |
| 8002 | 3000 | forgejo.systemsobscure.net | Forgejo | Git forge |
| 8004 | 3000 | wakapi.systemsobscure.net | Wakapi | Coding statistics tracker |
| 8005 | 8080 | miniflux.systemsobscure.net | Miniflux | RSS aggregator |
Most application data is stored in a network-attached Hetzner Storagebox drive ### Service data
Some applicaton data is stored in a network-attached Hetzner Storagebox drive
("Storagebox Alpha"). Docker volumes are mapped to this location. ("Storagebox Alpha"). Docker volumes are mapped to this location.
This device is permanantly mounted using the [CIFS This device is permanantly mounted using the [CIFS
protocol](https://www.lenovo.com/gb/en/glossary/what-is-common-internet-file-system-cifs/) protocol](https://www.lenovo.com/gb/en/glossary/what-is-common-internet-file-system-cifs/)
at `/mnt/storagebox_alpha`, as specified in `/etc/fstab`. at `/mnt/storagebox_alpha`, as specified in `/etc/fstab`.
For certain services, data is stored on the small harddrive of the VPS: Other application data is stored on the small harddrive of the VPS:
| Service | Data | Location | Description | | Service | Data | Location | Description |
| ------- | --------------- | --------------------- | ----------------------------------------------- | | ------- | --------------- | --------------------- | ----------------------------------------------- |
| Forgejo | MySQL database | `/data/mysql/forgejo` | Database data only. Repositories stored in NAS. | | Forgejo | MySQL database | `/data/mysql/forgejo` | Database data only. Repositories stored in NAS. |
| Wakapi | SQLite database | `/data/sqlite/wakapi` | | | Wakapi | SQLite database | `/data/sqlite/wakapi` | |
## Port mappings ## My applications
| Range | Function | ### systemsobscure.blog
| ----- | ---------------- |
| 8000 | Web applications |
### Services This is a static website served from `/var/www/` directory.
| Server port | Docker port | Subdomain | Service | Description |
| ----------- | ----------- | ----------------------------- | ---------- | -------------------------- |
| 8000 | 3000 | grafana.systemsobscure.net | Grafana | Server logs and monitoring |
| 8001 | 9090 | bookmarks.systemsobscure.net | Linkding | Article bookmarking tool |
| 8002 | 3000 | forgejo.systemsobscure.net | Forgejo | Git forge |
| 8003 | 3000 | rocketchat.systemsobscure.net | RocketChat | Messaging app, alerts |
| 8004 | 3000 | wakapi.systemsobscure.net | Wakapi | Coding statistics tracker |

44
proxy/nginx/conf.d/s3.conf Normal file
View file

@ -0,0 +1,44 @@
# HTTP configuration
# -- Redirect all HTTP requests to HTTPS port
server {
listen 80; # HTTP port
server_name s3.systemsobscure.net;
location / {
return 301 https://$host$request_uri; # Variable is a placeholder for all requests to the server name
}
}
# HTTPS configuration
server {
listen 443 ssl;
server_name s3.systemsobscure.net;
client_max_body_size 100M; # Allow large image uploads
# SSL configuration
ssl_certificate /etc/letsencrypt/live/systemsobscure.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/systemsobscure.net/privkey.pem;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Proxy Configuration
location / {
proxy_pass http://127.0.0.1:3900;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS headers for web access
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization, Content-Type";
# Handle preflight requests
if ($request_method = 'OPTIONS') {
return 204;
}
}
}

4
scripts/regenerate_certificates.sh
View file

@ -21,7 +21,9 @@ sudo certbot certonly --standalone \
-d linkding.systemsobscure.net \ -d linkding.systemsobscure.net \
-d miniflux.systemsobscure.net \ -d miniflux.systemsobscure.net \
-d systemsobscure.blog \ -d systemsobscure.blog \
-d www.systemsobscure.blog -d www.systemsobscure.blog \
-d s3.systemsobscure.net
echo "INFO Confirming certificate creation..." echo "INFO Confirming certificate creation..."
sudo certbot certificates sudo certbot certificates