https://youtu.be/liV3c9m_OX8

This should help

Vaultwarden itself is actually one of the easiest docker apps to deploy…if you already have the foundation of your home lab setup correctly.

The foundation has a steep learning curve.

Domain name, dynamic DNS update, port forwarding, reverse proxy. Not easy to get all this working perfectly but once it does you can use the same foundation to install any app. If you already had the foundation working, additional apps take only a few minutes.

Want ebooks? Calibre takes 10 mins. Want link archiving? Linkwarden takes 10 mins

And on and on

The foundation of your server makes a huge difference. Well worth getting it right at the start and then building on it.

I use this setup: https://youtu.be/liV3c9m_OX8

Local only websites that use https (Vaultwarden) and then external websites that also use https (jellyfin).

See me comment above

https://lemmy.ca/comment/11490137

I don’t like that obsidian not fully open source but the plugins can’t be beat if you use them. Check out some youtube videos for top 20 plugins etc. Takes the app to a whole new level.

I could never get NextCloud on android to sync files back to the servers

The real power of obsidian is similar to why Raspberry Pi is so popular, it has such a large community that plugins are amazing and hard to duplicate.

That being said, I use this to live sync between all my devices. It works with almost the same latency as google docs but its not meant for multiple people editing the same file at the same time

https://github.com/vrtmrz/obsidian-livesync

This is the correct answer for the selfhosted crowd

And borgmatic makes retention rules with automatic runs super easy. It basically a wrapper that runs borg on the client side.

I’ve been using this for a few months now. Its really great.

For people wanting the a very versatile setup, follow this video:

https://youtu.be/liV3c9m_OX8

Apps that are accessed outside the network (jellyfin) are jellyfin.domain.com

Apps that are internal only (vaultwarden) or via wireguard as extra security: Vaultwarden.local.domain.com

Add on Authentik to get single sign on. Apps like sonarr that don’t have good security can be put behind a proxy auth and also only accessed locally or over wireguard.

Apps that have oAuth integration (seafile etc) get single sign on as well at Seafile.domain.com (make this external so you can do share links with others, same for immich etc).

With this setup you will be super versatile and can expand to any apps you could every want in the future.

The general principle is called single sign on (sso).

The idea is that instead of each all keeping track of users itself, there is another app (sometimes called an identity provider) that does this. Then when you try to log into an app, it takes to the to login of your identity provider instead. When the IP says you are the correct user, it sends a token to the app saying to let you access your account.

The huge benefits are if you are already logged into the IP on a browser for example, the other apps will login automatically without having to put in your password again.

Also for me the biggest benefit is not having to manage passwords for a large number of apps so family that uses my server have 1 account which gives them access to jellyfin, seafile, immich, freshrss etc. If they change that password it changes it for everything. You can enforce minimum password requirements. You can also add 2FA to any app now immediately.

I use Authentik as my identity provider: https://goauthentik.io/https://goauthentik.io/

There’s good guides to settings it up with traefik so that you get let encrypt certificates and can use traefik for proxy authentication on web based apps like sonarr. There are many different authentication methods an app can choose to use and Authentik essentially supports everything.

https://youtu.be/CPURnYaW3Zk

SSO should really be the standard for self hosted apps because this way they don’t have to worry about ensuring they have the latest security for user management etc. The app just allows a dedicated identity provider to worry about user management security so the app devs can focus on just the app.

Thank you for including oAuth options for sign on. Makes a big difference being able to use the same account for all the things like freshRSS, seafile, immich etc.