Officially moved our #Gitea instance to Canadian soil (aka my basement.) Did this both to reduce dependency on US Cloud/SaaS, and to lower costs.
Doing this has made me realize I don't truly understand reverse proxies as well as I thought. Tried the #nginx and #caddy plugins for OPNSense but I don't really understand their setup. So right now I just run it through some sketchy port forwarding.
I recently started to replace #nginx with @caddy and it's as satisfying as it is scary to replace a complex config that spans five included files and a total of about 400 lines with a single Caddyfile of around 80 lines.
And on top of that #Caddy also made certbot redundant as it takes care of fetching and renewing the tls certs from #LetsEncrypt and keeps a #ZeroSSL backup for all of my domains.
I think I'm in love..
Some cleanup to the #Caddy #NixOS wiki page, especially documentation on the new plugin support with NixOS 25.05 
https://wiki.nixos.org/wiki/Caddy#Plug-ins
Manchmal wünsche ich mir doch schon die Zeit zurück, in der man einfach mal in einen IRC-Channel sprang und dort mit einer qualifizierten Fehlerbeschreibung auch eine qualifizierte und hilfreiche Antwort bekam.
Damals haben Applikationen aber auch noch qualifizierte Fehlermeldungen ausgegeben. #rage #caddy #ReverseProxy #acme
Ok, so it took me more than 10 minutes to figure out the right Caddyfile syntax for a reverse-proxy with TLS using DNS challenge from Cloudflare.
Caddy is great, and generally it is super easy, but this particular case was not.
So in the interest of saving some other poor frazzled soul like myself from digging through the interwebs, I'm throwing an example up on my blog. Hope it saves someone a few.
Is anybody using #ntfy in the self hosted version? I'm using it with docker and #Caddy for TLS but ntfy-android doesn't support the certificate.
All other apps and browsers work fine with the web page of ntfy.
Details here: https://github.com/binwiederhier/ntfy-android/issues/107
Hallo Leipzig!
Die #LeipzigerBuchmesse hat ihre Pforten geöffnet. Dank meinem tollen Team habe ich den Aufbau gestern geschafft und wurde sogar trotz operiertem Knie erfolgreich zu meinem traditionellen "Phoenix der Messecamper"-Foto aufs Auto und wieder runtergehoben. 
#Autor_innenleben #Messeleben #AutorinOnTour #Phantastik #FantasyAusDeutschland #Vantasy #Vanautorin #WirSindPAN #LeipzigerBuchmesse2025 #LBM #Caddy #CaddyMaxi #CaddyCamper #Messemobil #Messecamper @volkswagen_de
I'm curious to hear what others are #SelfHosting! Here's my current setup:
Hardware & OS
Infrastructure & Networking
Security & Monitoring
Authentication & Identity Management
Productivity & Personal Tools
#CookingAppsNotifications & Development Workflow
Accessibility Focus 
️
Accessibility heavily influences my choices—I use a screen reader full-time (#ScreenReader), so I prioritize services usable without sight (#InclusiveDesign, #DigitalAccessibility). Always open to discussing accessibility experiences or recommendations!
I've also experimented with:
I don't really have a media collection, so no Plex or Jellyfin here (#MediaServer)—but I'm always open to suggestions! I've gotten a bit addicted to exploring new self-hosted services! 
What's your setup like? Any cool services you'd recommend I try?
#SelfHosted #LinuxSelfHost #OpenSource #TechCommunity #FOSS #TechDIY
Caddy with certbot's certificates
I would like to use #certbot to retrieve a certificate for my domain and instruct #Caddy to use this certificate. Problem is that clients can't validate the chain correctly. Any ideas or pointers?
I used the following in my Caddyfile:
a.example.com {
tls /etc/letsencrypt/live/a.example.com/fullchain.pem /etc/letsencrypt/live/a.example.com/privkey.pem {
ca_root /etc/letsencrypt/live/a.example.com/chain.pem
}
}
I made this because it reflects my latest experience of doing selfhosted stuff. Still new to all this and my system was running for around 10-11 months without any incidents. A fried SD card is definitely not what I expected to bring down everything 
Did you know that by default your zippy static website created with #hugo and served via #caddy doesn't support HTTP content compression? And did you know that of the three common compression options (gzip, zstd, and brotli), brotli gets substantially better compression results for most content (better than zstd!) and is supported by basically everything?
I wrote up a few details here:
https://scottstuff.net/posts/2025/03/09/precompressing-content-with-hugo-and-caddy/
I also wrote a tool to make pre-compressing directories full of web pages much less complicated, see https://github.com/scottlaird/incremental-compress.
Gerade habe ich bei #Nextcloud AiO die Domain gewechselt. Grund:
Die DDNS Domain, die ich verwendet hatte (seit NCP Zeiten), gehört einem bekannten Firewall und Sicherheitslösungen Anbieter. #crowdsec , welches ich mit #Caddy verwende, hatte viel zu tun. Jetzt ist ruhe.
(Wie bekomme ich einen . hinter ein Hashtag?)
Hi all. Hoping someone in the #SelfHosting community can help. I'm trying to set up #Linkwarden in #Docker behind #Caddy. The service is running, but I'm unable to create a user account. This is what I see in my browser console when I try:
register:1 [Intervention] Images loaded lazily and replaced with placeholders. Load events are deferred. See https://go.microsoft.com/fwlink/?linkid=2048113
register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms)
<input data-testid="password-input" type="password" placeholder="••••••••••••••" class="w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:border-primary duration-100 bg-base-100" value="tyq5ghp!QVH-mva1agc">
register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms)
<input data-testid="password-confirm-input" type="password" placeholder="••••••••••••••" class="w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:border-primary duration-100 bg-base-100" value="tyq5ghp!QVH-mva1agc">
Error
api/v1/users:1 Request unavailable in the network panel, try reloading the inspected page Failed to load resource: the server responded with a status of 400 () Failed to load resource: the server responded with a status of 400 ()
compose file:
services:
postgres:
image: postgres:16-alpine
container_name: linkwarden_postgres
env_file: .env
restart: always
volumes:
- ./pgdata:/var/lib/postgresql/data
networks:
- linkwarden_net
linkwarden:
env_file: .env
environment:
- DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@linkwarden_postgres:5432/postgres
restart: always
# build: . # uncomment this line to build from source
image: ghcr.io/linkwarden/linkwarden:latest # comment this line to build from source
container_name: linkwarden
ports:
- 3009:3000
volumes:
- ./data:/data/data
networks:
- linkwarden_net
depends_on:
- postgres
networks:
linkwarden_net:
driver: bridge
Relevant part of .env file:
NEXTAUTH_URL=https://bookmarks.laniecarmelo.tech/api/v1/auth
NEXTAUTH_SECRET=x8az9q9w8ofAxnrVcer2vsPHeMmKSPbf
# Manual installation database settings
# Example: DATABASE_URL=postgresql://user:password@localhost:5432/linkwarden
DATABASE_URL=
# Docker installation database settings
POSTGRES_PASSWORD=redacted
# Additional Optional Settings
PAGINATION_TAKE_COUNT=
STORAGE_FOLDER=
AUTOSCROLL_TIMEOUT=
NEXT_PUBLIC_DISABLE_REGISTRATION=false
NEXT_PUBLIC_CREDENTIALS_ENABLED=true
Caddyfile snippet
*.laniecarmelo.tech {
tls redacted {
dns cloudflare redacted
}
header {
Content-Security-Policy "default-src 'self' https: 'unsafe-inline' 'unsafe-eval';
img-src https: data:;
font-src 'self' https: data:;
frame-src 'self' https:;
object-src 'none'"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
X-Xss-Protection "1; mode=block"
}
encode br gzip
# Bookmarks
@bookmarks host bookmarks.laniecarmelo.tech
handle @bookmarks {
reverse_proxy 127.0.0.1:3009
}
}
Can anyone help? I have no idea how to fix this.
#SelfHosted #CaddyServer #Linux #Tech #Technology
@selfhost @selfhosted @selfhosting
I would call this a big success. A valid, trusted certificate, signed by Let's Encrypt, without ever exposing a single port to the public internet. Just what I needed. I can't believe how easy it is to do this with #Caddy. They weren't lying when they said you barely needed any configuration. What an incredible program!
Och ffs ey. Ich will #Seafile in #Docker mit einem #apache-#Proxy in einer #virtuellenMaschine installieren (weil ich das Testen will und nur Chuck Norris in Prod testet). Warum geht das nicht wenigstens halbwegs out-of-the-box?
Auch ohne den apache-Proxy klappt das nicht. (Edit: da spielt ja jetzt immer noch ein #caddy mit rum, bei dem nicht dokumentiert ist, ob ich ihn wirklich brauche, wenn hinter apache, oder wie da die Einstellungen sein müssen.)
Wir erzählen euch jetzt mal wohin die Reise geht mit #Uberspace8 in unserem ersten Übersichts Blogpost 
#Caddy v2.10.0-beta.1 with automated! Encrypted ClientHello (#ECH) support
https://github.com/caddyserver/caddy/releases/tag/v2.10.0-beta.1
#caddyserver
