Yeah, Caddy was working fine, but the issue was me tinkering with it meant having to reload Caddy for the updated config to work, and that would break any connections people were using for file transfers etc. Also, it isn’t as quick for reverse proxying file transfers.

Therefore trying to run private and public services through it was limiting when I was also trying to tweak it constantly for my homelab.

I’ve found Traefik to be better in that it auto reloads the config live as you edit it, and it’s been faster for file transfers on my 1Gbps fibre.

And now I’ve split my services to separate public/private reverse proxies, that takes the pressure of having to keep one proxy always live. Pangolin uses Traefik, and so do I for my direct services through my firewall, and that makes life easier when only dealing with one type of proxy service.

I too am using a Cloudflare tunnel for my public facing services (such as WordPress), and that also allows you to put the WP login page behind another auth login as well which is great for security, so I do also vouch for Cloudflare.

I’m using Pangolin for private services on a VPS.

Plus, I have one service that is direct to my home IP for file sharing to one particular remote IP that is the only service directly through my firewall.

Therefore I have 3 ways my services are accessed and this has been the game changer for me recently, as previously I tried to run all this through one Caddy reverse proxy directly to my router and it gets painfully fragile mixing public/private services through one bottleneck when you’re tinkering as a selfhoster. So splitting it up has helped massively.

Good tip with the Cloudflare alts though!

I’ve relied on a Wireguard VPN for remote access until recently, I’m now playing with Pangolin via a VPS. I question why I need public (private) access, but it seems cool to operate that way and allows family members easier access.

I ran Blue Iris, but despite my love for it, my disdain at having to run it on Windows made me move away. You can run it still in a VM, but it’s not ideal, and also not meeting your requirement of moving off Windows.

I would recommend Home Assistant with Music Assistant for music playback of local library files, and that gives you a web page controller. I see Home Assistant also integrates iSpy DVR. No experience of iSpy, but the Music Assistant integration is superb. I use it to stream all music at home for the family to Chromecasts etc and this way everyone just accesses the same web portal.

Home Assistant can be Docker or it’s own OS.

Perhaps not the size you’re after, but I have a HP Z1 G5, i9-9900, 5 SSD, 3 HDD, and that can idle as low as 45W and costs me £60/yr in electric. I managed to pick it up off eBay for only £260 (discounted from £350; if you keep an eye on certain things, sellers drop prices to rid of their gear).

I love it. I started with pFsense, then really liked Untangle for its ease of use, then went (back) to OPNsense and preferred that for the fact it could run Caddy internally as a reverse proxy and was fast, but I was a bit frustrated at wanting to do more with it and needing to research everything. I already had Unifi APs and decided that it just made sense to have a Ubiquiti router. I’ve found it stable, easy to use with good feature updates, and have also just paid for the annual Cybersecure add-on which is reporting loads.

I was being too simplistic in my other reply. I was referring to basic router based DNS and NextDNS as the upstream resolver.

I don’t have an answer for hard coded DNS when it comes to NextDNS, which is essentially an upstream resolver with block lists functionality.

And to be honest, I misinterpreted OPs original question which was to take PiHole to the next level, whereas NextDNS is an alternative to.

I can run app based routing and blocking on my router, but whether that would restrict DNS for those services I don’t know.

Thanks for the clarification, you’ve got me wanting to pursue more DNS control now!

I think they’re forked form the same source, Bittorrent Sync, so function the same under the hood. I wasn’t suggesting Resilio did something Syncthing didn’t. I’ve just found Resilio easier to use for client devices. And that OP was concerned about losing files from syncing.

The only odd behaviour I’ve had with Resilio, is when hosted on Unraid, random files on the SMB share sometimes have database names on large folders with lots of files (RSH-78254 for example), but when synced to remote devices, the filenaming is then accurate. I’ve been meaning to spin up Syncthing to see if it does the same, but as Resilio has yet to lose me any files, I’m sticking with it.

Could be a Docker issue as well I guess.

If you’re referring to network based DNS, I use their script to have it on my Ubiquiti router as well. I have that with its own profile with full blocking for iot etc.

I had PiHole with unbound on my OPNsense way back when, but the internet just needs to work for both me and my family and not go offline with me tinkering with the homelab. NextDNS takes all of that hassle out of the equation.

I use Resilio to duplicate locally to my Unraid, which I know is hated as it’s not the FOSS Syncthing, but in 5 years of use, it’s never gone wrong, and the client software is dead easy to use. That has a hidden .sync folder which archives deleted files for 30 days. You can change the timeframe or remove this feature in settings. I go into the sync folder and remove the deleted files manually if it becomes too bloated.

From my Unraid, I then backup to Hetzner using Duplicacy, which with the GUI is also very easy to use. From what I’ve read about the other backup solutions being a bit flaky, Duplicacy seems to have nothing but love.

I’ve had pihole running in the past, then Adguard, but moved to NextDNS several years ago and have been happy with it. For a small fee, it removes all need for self hosting your own. I set up profiles for the kids, wife etc, then set the DNS in their phones, tablets, so I know its always working wherever they are. You can set local IPs in it if you want, but I use a reverse proxy for all LAN requests instead.

Only slight issue I’ve had with it was recently making several quick changes to DNS in Cloudflare, and NextDNS took several hours to propagate which was a PITA at the time.

Edit: I’ve just seen that they now offer a free tier which they didn’t in the past.

I can’t quite figure out the downvotes to my first reply for suggesting backups and docker… I think my mention of Windows did it (do please avoid Windows for what it’s worth).

If you have reliable, easy to access backups, then it takes away the doubt of self-hosting. Hence the suggestion for Backblaze as it’s so easy to implement. Put in an encryption key and your remote data is private. I use it for everything except Plex media, which is something I wouldn’t care if I lost.

I jumped to Unraid about 2 years ago and haven’t looked back. Docker on Unraid is as easy to use as it gets, and now my confidence with it has grown and my demands are getting slightly more complex, I’m moving to Dockge for Docker stacks, and Pangolin on a Hetzner VPS for remote access. Hetzner have a great firewall feature for your VPS, so you can lock it down to home access to get you started once you start on a VPS journey.

But I would recommend Unraid for sure on ANY old HP desktop PC from eBay. I got an Z1 i9-9900, 32Gb RAM for £250. Bonkers cheap for what it is.

Good luck!

Backup. I use Backblaze personal which is $179 for two years of ‘unlimited’ storage. All my important self hosted data is duped to some old 2.5" external drives connected to my work machine that then is backing up to Backblaze. I also have 1yr retention, so any deleted file is accessible for up to 1yr.

After backups are sorted, stick with the OS you know best. If Windows (I hope not), then HyperV for VMs is good. Try the official Nextcloud VM from Hanson IT. Nextcloud is a good catch-all, but it’s beaten by other specific tools. I now host all I need from specific Docker containers: photos, calendar, email backup etc etc

But I would say Docker. Docker desktop if Macos or Windows if your thing. Get to know docker and the world of self hosting is your oyster.

As what others say, keep it all to your home network and tread carefully when trying to remote access it all.

The absolute irony… I’ve used Immich for nearly 2 years without fail; it’s never skipped a beat. Today I update to the stable release and my Immich mobile app now has a sync error warning. This is the first issue I’ve ever had.

EDIT: Phew! Clear File Cache in mobile app has sorted the error. For a moment I thought the universe was against me.

I too looked for a way to move my imap emails out of the cloud, and after looking for years, 2 came along in a matter of months. Mail Archiver and Open Archiver. I’ve been using Open Archiver for about 2 months and like it. I just VPN to home (well, Pangolin), and have it as a proxied web page to search old emails.

I suppose there’s always a catch with them opening up for 3rd party support.

I was keen to move to Unifi primarily for a doorbell. I had a Hikvision which was very temperamental, and I didn’t want a cloud based one like Ring or Nest, so believe it or not, most of my decision was made around a stupid doorbell.

Not FOSS, and with an entry price tag, but I ditched my OPNSense firewall for a Ubiquiti UDM Pro SE router about 2 years ago and invested in 3 of their cameras plus a doorbell and love it. I previously had Blue Iris for CCTV.

The Unifi Protect app is great. Easy to navigate, great detection, and easy to store clips. There’s no subscription fees, and I get a great firewall/router alongside a CCTV package.

Oh, and you can now add 3rd party cameras to the Unifi Protect system.

I’ve run Nextcloud several ways, the smoothest, easiest and most powerful being the official image by Hanssen IT. Run that in a VM and use their setup/update scripts to do all the hard work. I highly recommend.

Just to say I’ve tried this today and love it. Was running Authelia but wasn’t happy with the way it was configured. I spun up VoidAuth in about 5mins and am impressed. Running as basic auth for a Caddy reverse proxy, this feels very slick. Well done!

Easy to follow documentation as well. Less is more sometimes.

I like the way you have it checking SMTP credentials in the background with a simple ‘this is not configured properly’ on the UI.