SimpleLogin (manage email aliases and dynamically reply as the alias!)

https://github.com/simple-login/app#self-hosting

Tube Archivist: https://github.com/tubearchivist/tubearchivist

Here are some of the features in the self hosted Tube Archivist application:

• Subscribe to your favorite YouTube channels
• Download Videos
• Index and make videos searchable
• Play videos
• Keep track of viewed and unviewed videos

Once your YouTube video collection grows, it becomes hard to search and find a specific video. That's where Tube Archivist comes in:
By indexing your video collection with metadata from YouTube, you can organize, search and enjoy your archived YouTube videos without hassle offline through a convenient web interface.

Tube Archivist has also worked hard to keep the dislikes that Youtube has decided to remove from their platform.

Relies on ElasticSearch and Redis and FFmpeg + yt-dlp.

To package, should be similar to other Video apps we have, but way more usable.

What do you all think about having a regular weekly event to package an important App as a group in a live session, maybe even live streamed, where anyone on the call can also contribute their small part, so one person doesn't have to slog through it all by themselves?

Others can watch and learn and ask questions & chit chat.

Any volunteers?

The Problem

---

YouTube has an extremely invasive privacy policy which relies on using user data in unethical ways. You give them a lot of data - ranging from ideas, music taste, content, political opinions, and much more than you think.

By using Piped, you can freely watch and listen to content freely without the fear of prying eyes watching everything you are doing.

https://github.com/TeamPiped/Piped (backend: https://github.com/TeamPiped/Piped-Backend)

Demo / Live node - https://piped.kavin.rocks

Self-Hosting

---

See https://piped-docs.kavin.rocks/docs/self-hosting/ for more details.

The source code of the documentation website is available at https://github.com/TeamPiped/Documentation.

Documentation

Tailscale

https://tailscale.com

Private WireGuard networks made easy

No config files, no firewall ports

Create a secure network between your servers, computers, and cloud instances. Even when separated by firewalls or subnets, Tailscale just works.

Use your SSO and MFA

Devices only connect after signing in through your existing identity provider. Easily enforce multi-factor authentication, deauthorize employees who’ve moved on, and more.

Always the same IP

Every device on your network gets a stable IP and auto-assigned domain that stays consistent, no matter what Wi-Fi the device is on. It’s like a local network that works everywhere.

Strong security, without the pain

Best practices used by billion-dollar companies, made easy for teams of every size.

Free

• Up to 100 devices
• Limited to a single user
• Secure, point-to-point connections
• Magic DNS
• Connect to AWS, Azure, and Google Cloud instances
• Available for iOS, macOS, Linux, Windows, and Android
• Community support

Porter is a Kubernetes powered PaaS that runs in your own cloud provider.

Repository: https://github.com/porter-dev/porter

Porter is an alternative to Heroku that spins up the underlying infrastructure in your own cloud provider. The complexity of the underlying infrastructure is abstracted away from you just like Heroku, but you can fully control the underlying infra when you need to (as your applications scale and "grow out" of the platform).

Rob here (robi is my Croatian nickname and often computer username) for those in other cultures, short for Robert.

As a Strategic Advisor and (Business & Innovation) Catalyst, I'm mostly a full stack janitor

As a leader in several startups, I reserve a keen eye for emerging technologies (hi Cloudron and it's Apps); I have been a speaker, mentor, advisor for Google, NASA, IBM, and many more, finding safe, creative solutions all the way from the mundane to the complex with equal ease, which is one thing that keeps my passion ignited.

Remember WinAmp? Yeah, I was there during the mp3 revolution, in the credits until the recent reshuffle.

I've invented a bunch of stuff, including the first PCIe flash storage device in small form factor (SFF), now you'll recognize it as the M.2 PCIe SSD device for which there is now a slot on every motherboard being made. (didn't make a dime.)

Made core discoveries (read blunders) in physics (magnetism, light, water), mathematics, statistics, AI, ML, medicine, law, etc, which you can ask me about outside this thread.

3 decades ago I got bitten by the sysadmin bug and never left, despite all the C level gigs.

After 15 years, I am still on the board of directors for https://BayLISA.org which is one of the oldest meetups in Silicon Valley. We've had the Cloudron team speak at one of our meetups which should be online on YT.

I play a long running pickup soccer game every Saturday (same folks come out for 8+ years) and tennis 1-2 times a week if possible. Love ping pong and ultimate frisbee too.

If you want to see a small part of my other crazy projects, see https://venture.toldyouso.com

Otherwise a few here have found me on Twitter.

There's more, but that's plenty for now

What is Snikket?

Snikket is a messaging platform that is different to the mainstream messaging apps. Instead of entrusting your conversations and messages with proprietary servers “in the cloud” that analyze and sell your data, we like to do things a little differently.

Snikket lets you run your own service, that you control, on the system of your choice. For many people this is a cheap private server (VPS) or even a Raspberry Pi.

Instead of your messaging app connecting to hidden far-away servers managed and owned by a large corporation, your Snikket app will connect directly to your personal Snikket server.

https://snikket.org/service/
https://snikket.org/
https://github.com/snikket-im/snikket-server/

https://mailcare.io/

https://mirotalk.herokuapp.com

https://github.com/miroslavpejic85/mirotalk

Currently the way to roughly clean up some backups we don't want taking up space is to change the retention policy for a while, then come back later and change it back.

It would be nice to have a delete function for individual backups w/o having to shorten the policy.

https://github.com/juanfont/headscale

An open source, self-hosted implementation of the Tailscale coordination server.

Tailscale is a modern VPN built on top of Wireguard. It works like an overlay network between the computers of your networks - using all kinds of NAT traversal sorcery.

Everything in Tailscale is Open Source, except the GUI clients for proprietary OS (Windows and macOS/iOS), and the 'coordination/control server'.

The control server works as an exchange point of Wireguard public keys for the nodes in the Tailscale network. It also assigns the IP addresses of the clients, creates the boundaries between each user, enables sharing machines between users, and exposes the advertised routes of your nodes.

Headscale implements this coordination server.

Our plans for PeerTube v4
April 13, 2021

In the PeerTube v3 release blogpost, we announced that we wouldn't resort to crowdfunding to finance PeerTube's development in 2021.

We are glad to announce that a big part of PeerTube v4 will be funded through an NLnet grant under their "Search and discovery" program (find here their page on PeerTube).

We plan to develop PeerTube's v4 all along 2021, with our main focus on customizing the experience so that instance administrators, content creators and users can display and discover the videos to their liking.

We truly believe that empowering instance administrators and content creators to customize their instances and channels is a great way forward to help PeerTube users to find and identify the videos they want to watch.

Such customization will have a direct impact on search, and on search results. Moreover we plan to extend the search scope to playlists so they can be displayed in search results. We also plan to improve search result pages with a more ubiquitous sorting/filter system and a better interface.
PeerTube's v4 main features

Here are the main "customization" features we plan to be working on:

Sorting/filter system on pages that list videos
Customize left menu for instances (through plugin API)
Customize homepage for instances (through a markup system)
Customize channels for content creators
Incentives to complete instance/channel attributes (i.e. descriptions, images, terms of service, etc.)

We also plan to work on frequently asked improvements such as:

Adding playlists to search scope (on PeerTube instance and Sepia Search)
Subscription to channels/accounts from an instance
Coordination with, support and contributions to external developments (clients, plugin, etc.)

More details on our plans can be found on the PeerTube Github page. Please note that these are the main features and developments. They can evolve due to circumstances, contributions, timings, etc. To be informed of any change, subscribe to PeerTube newsletter.
Managing expectations

This is already a lot, and we can't wait to implement those features!

That being said, we understand that lots of people have lots of expectations for PeerTube. But we won't uphold and develop them all, as we are not a tech giant, not even a startup.

Framasoft is a small French not for profit of 35 members, and has made the choice not to overgrow. We want to stay at 10 employees tops, even though we manage more than 80 different projects (OK, PeerTube is one the biggest ones, but it is still one of eighty projects).

We have only one developer dedicated to PeerTube (not even full time), helped by others in our team (design, administration, communication, etc.). Maintaining PeerTube means lots of different tasks (learn more about it here in our FAQ), and we don't want him (or anyone else, for that matter) to burn himself out to fulfill everyone's expectations.

So if our plans for 2021 and PeerTube's v4 don't match your priorities, that's completely OK, but we won't do more nor go faster. Remember that you are free to fork PeerTube to lead it in another direction, or to contribute by coding plugins and issues (get started on contributing here).
Thanks for the support

We really want to thank the PeerTube community for its work and support. We also want to thank NLnet for their grant that will fund the major part of our work on PeerTube this year, thus relieving us from having to organize a dedicated crowdfunding in 2021.

While most of our roadmap for PeerTube is covered by NLnet's donation, the rest will come from our own budget. Framasoft is funded by grassroots supporters who give us money for all our actions and projects.

If you want to support PeerTube, you can support Framasoft with a donation, but also by helping others to discover and learn more about PeerTube and our projects: sharing is caring!

https://joinpeertube.org/news#roadmap-v4

I was always hosting my own things since the first linux install back in the early 90s. When I came across Sandstorm I thought it was the bees knees, but it was far from pleasant to use with all the rough security and then the project shutdown! (for a while).

I actually called up the founder since I knew of him, and had a chat about it.. he was rearranging his life as he went to work for Cloudflare.

Shortly after I found Cloudron and haven't had to look back at anything else.

I even had @girish give a presentation on the mighty Cloudron at our meetup BayLISA. It was very impressive.

SO in some small way I am responsible for infecting a bunch of BayLISA members with the Cloudron bug and run 3 different Cloudrons myself spanning hundreds of domains now. Go Cloudron.

MediaCMS is a modern, fully featured open source video and media CMS, written in Python/Django and React, featuring a REST API.

It is developed to meet the needs of modern web platforms for viewing and sharing media. It can be used to build a small to medium video and media portal within minutes.

https://github.com/mediacms-io/mediacms

While it's still in beta and has rough edges with hardcoded paths and not working well behind a reverse proxy yet, we should keep track of the progress.

@brutalbirdie said in Monkey See, Monkey Do: Cloudron Video Explainers:

But then suddenly the Data-Center is burning down (OVH Fire - The Register | OVHcloud Wikipedia) .
Oh no! He never setup the backup and only had it on the server drive!

I'd modify this to, "We were back up in 30m as we had offsite Object storage backups which Cloudron makes it easy to 'set it and forget it'.

Then run through the restore process..

https://fosscord.com/
https://github.com/fosscord

Inspiration may come from any form capabilities with IFTTT and Zapier, for which we have N8N.

Even a simple HTML/CSS form can then submit things to N8N which can pass it on to any one of the other apps on Cloudron.

It seems we need more "connector" type integrations with all the Cloudron apps via N8N so all of the input->data transform->output flows can be completed.

How many N8N recipes do we have for Cloudron apps? 2? 3?

@Aizat Thanks for posting this!

They even have self-hosting instructions: https://docs.typebot.io/self-hosting

Already designed for docker. Mature.

Looks like this should be our primary form target for packaging next, better than OhMyForm!

Having worked in the storage industry, there are many insights one gets from years of experience that you cannot get anywhere else.

The little known thing is that stupidity and ignorance always comes first.

Here's the perfect example:
All history of storage has a legacy that started with blocks on spinning disks. Taking this forward in time, all protocols, drivers and interfaces have been written to support block storage. Along comes solid state, and now all the slow block ways of doing things are just put on top of flash storage. Convenient right?

Stupid? You bet.

Now we have speed and volume of data in tsunamis greater than what disks can handle, and along comes object storage, which can do all that and handle sizes greater than terabytes, but petabytes (PB), exabytes (EB) and beyond!

What does the industry do first? They use block storage protocols and write directly to object stores. Convenient right?

Stupid? You bet.

And slow too. Not because object storage is slow, but because using block storage concepts on object stores makes them slow.

It's like putting diesel fuel in your gasoline car. It doesn't match and won't work very well, and may even destroy it.

That is exactly what happens when block storage concepts, with small random writes are used to dump data to a nice object store, who's architecture is optimized for large sequential transactions, for which it's brilliant at, especially at scale. It slow everything down and trashes the system, further causing problems.

Only in the last several years have a few smart folks begun to recognize this difference and write object storage connectors (and even start companies) that are actually tuned and understand what an object store does and use it properly.

Those are how the likes of Apple, Disney and other huge companies with enormous media assets are able to store all the apps, movies and data globally, so things just work when you click "play".

@dylightful I hear you.. it has not been made clear yet.

I just managed to deploy wg-easy in fly.io and it's simple UI is great, doesn't need a username, and similar to our OpenVPN app, easily generates .conf files for download for the clients.

For some of the things we wanted to do with VPNs for Apps which were a lot more complex, a lot more integrations were needed, and the people who started doing those didn't manage to complete them and the chain of events stopped progress.

What we perceive being reality, this can affect much simpler things from being re-prioritized; and of course life happens.

Un/fortunately those are not blockers for Cloudron having a fast personal VPN experience via Wireguard.

As I have a bit more time this month, I may start packaging wg-easy, and if someone else is interested in lending a helping hand, many hands make short work. (Send a PM to collaborate)

Nice, although I think they missed the mark on the nose color. It should be darker to resemble a nose.

Something more like:

It may be helpful to those who don't know what Miniflux is to tag this as an RSS app or add it to the description.

Shall we resume these events?

It's very easy to click on the tile opening the app when the intent was to open the configuration page.

Please increase the config clickable area as there is plenty to click the app. If that means making the icons larger, so be it, but their background area should be much larger.

• Certs, automagically.
• Email self-hosting on easy.
• Peace of mind

Adding Quay
https://github.com/quay/quay
Project Quay builds, stores, and distributes your container images.

High-level features include:

• Docker Registry Protocol v2
• Docker Manifest Schema v2.1, v2.2
• AppC Image Discovery via on-demand transcoding
• Image Squashing via on-demand transcoding
• Authentication provided by LDAP, Keystone, OIDC, Google, and GitHub
• ACLs, team management, and auditability logs
• Geo-replicated storage provided by local filesystems, S3, GCS, Swift, and Ceph
• Continuous Integration integrated with GitHub, Bitbucket, GitLab, and git
• Security Vulnerability Analysis via Clair
• Swagger-compliant HTTP API

I just thought about asking it to generate a manifest file for Rust Desk and it said it wasn't an existing app.

Then I gave it the URL of the github repo and this is what it generated:

I apologize for the confusion, given that now I have access to the source code of the RustDesk-server, I can provide you with an example of a Cloudron manifest file for this application. Keep in mind that this is just an example and you will need to adjust the values to match the specific requirements of your setup.

{
    "id": "com.example.rustdesk",
    "version": "1.0.0",
    "name": "RustDesk",
    "title": "RustDesk",
    "description": "RustDesk is a open-source, self-hosted, desktop-as-a-service",
    "icon": "rustdesk-icon.png",
    "homepage": "https://rustdesk.com",
    "location": "https://rustdesk.com",
    "type": "webapp",
    "accessRestriction": "public",
    "accessRestrictionReason": "",
    "manifestVersion": 1,
    "dependencies": {
        "domains": [
            {
                "domain": "rustdesk.com"
            }
        ],
        "services": [
            {
                "type": "http"
            }
        ],
        "ports": [
            {
                "name": "http",
                "protocol": "tcp",
                "public": true,
                "port": 3000
            }
        ]
    },
    "config": {
        "env": {
            "DATABASE_URL": "postgres://username:password@host:port/database",
            "APP_SECRET": "secret_key"
        },
        "command": "cargo run --release",
        "appUser": "rustdesk",
        "appGroup": "rustdesk",
        "workingDir": "/app/rustdesk-server"
    }
}


This manifest file assumes that the application is listening on port 3000, that is using a postgres database, and that you have set the DATABASE_URL and APP_SECRET environment variable.
It also assumes that the application is built with rust and cargo and that the source code is located in a folder named "rustdesk-server".

Please keep in mind that you will need to adjust the values for the id, version, name, title, description, icon, homepage and location accordingly.
Also, you will need to adjust the dependencies, config and other fields to reflect the actual requirements of your application.

You can find more information about how to package an application for Cloudron in the official documentation: https://cloudron.io/documentation/apps/packaging/

As discussed in this thread.

Clone / Duplicate an App quickly from a locally running App instead of fetching from (remote) backups.

https://github.com/mautrix/whatsapp

In case you want to connect WhatsApp to Matrix.

https://github.com/vabene1111/recipes
Recipes is a Django application to manage, tag and search recipes using either built in models or external storage providers hosting PDF's, Images or other files.

Features

📦 Sync files with Dropbox and Nextcloud (more can easily be added)
🔍 Powerful search with Djangos TrigramSimilarity
🏷️ Create and search for tags, assign them in batch to all files matching certain filters
📄 Create recipes locally within a nice, standardized web interface
⬇️ Import recipes from thousands of websites supporting ld+json or microdata
📱 Optimized for use on mobile devices like phones and tablets
🛒 Generate shopping lists from recipes
📆 Create a Plan on what to eat when
👪 Share recipes with friends and comment on them to suggest or remember changes you made
🐳 Easy setup with Docker
🎨 Customize your interface with themes
✉️ Export and import recipes from other users
➕ Many more like recipe scaling, image compression, cookbooks, printing views, ...

This application is meant for people with a collection of recipes they want to share with family and friends or simply store them in a nicely organized way. A basic permission system exists but this application is not meant to be run as a public page.

Has docker image https://github.com/vabene1111/recipes/blob/develop/docs/docker

@moocloud_matt said in [Backups] Ability to add multiple storage provider/location:

I actually don't like that the 3-2-1 is managed by the main server, because if that is compromised you will have compromised also your backup.

That's the problem with traditional backups.

Next gen way of thinking about backups is simply having a much more resilient storage system. For example, when your data is sprinkled across 8 places and you only need 5 to restore any file/object. There are some very clever and efficient algorithms for this m of n approach which removes the need for 3x replication.

Minio can do this, and as a community we can pool resources to have 20+ places and only need 7 or so to be available at any one time. Maybe even start a coop.

@nebulon Can you share the graph or numbers of growth, so we can rejoice too!

Journalist is an RSS aggregator that supports the Fever API and can be used with popular RSS clients. It is available on macOS, Linux, FreeBSD, NetBSD, OpenBSD & Plan9.

https://github.com/mrusme/journalist

https://lists.ubuntu.com/archives/ubuntu-announce/2022-March/000278.html

https://releases.ubuntu.com/22.04/

https://discourse.ubuntu.com/t/jammy-jellyfish-release-notes/24668

LTS for 5 years

Toolchain Upgrades
Probably mention Python 3.10 and ruby 3.0 and perl and PHP.

Security Improvements
nftables is now the default backend for the firewall.

ssh-rsa is now disabled by default in OpenSSH 31. See bug 1961833 19 to learn how to selectively re-enable it if necessary. If you are upgrading a system remotely over SSH, you should check that you are not relying on this to ensure that you will retain access after the upgrade.

scp offers a -s command line option 6 to use sftp mode rather than scp mode 10 when handling remote filenames. This new, safer, behaviour will eventually become the default.

Ubuntu Server
Ubuntu HA/Clustering
Corosync
It was updated to version 3.16 which includes some new features:

• Support for changing crypto configuration during runtime. This includes turning cryptography on or off, changing crypto_cipher and crypto_hash and also changing of crypto key.
• Default token timeout was changed from 1 seconds to 3 seconds.
  / Run corosync -v to get the list of supported crypto and compression models which can be used in corosync.conf
• Cgroup v2 support.

...

Containers runtime
containerd
It was updated to version 1.5.9. Some interesting changes are:

• Update pull to handle of non-https urls in descriptors
• Install apparmor parser for arm64 and update seccomp to 2.5.1
• Add support for clone3 syscall to fix issue with certain images when seccomp is enabled
• Add image config labels in CRI container creation
  For the complete list of changes please refer to the upstream release page 2.

runc
It was updated to version 1.1.0. There are many improvements and bug fixes which can be found in the upstream release page. Some deprecations and removals which might impact the upgrade are presented below:

Deprecation

• runc run/start now warns if a new container cgroup is non-empty or frozen; this warning will become an error in runc 1.2
  Removals

• cgroup.GetHugePageSizes has been removed entirely, and been replaced with cgroup.HugePageSizes which is more efficient

• intelrdt.GetIntelRdtPath has been removed. Users who were using this function to get the intelrdt root should use the new intelrdt.Root instead.

Ruby 3.0

PHP now defaults to version 8.1.2

OpenLDAP 2.5.x

PostgreSQL 14

MySQL 8.0

And much more.. Discuss! Test!

enJoy!

Open Source Social Network (OSSN)
https://www.opensource-socialnetwork.org/

Open Source Social Network (OSSN) is a social networking software written in PHP. It allows you to make a social networking website and helps your members build social relationships, with people who share similar professional or personal interests. It is available in 16 international languages.

https://github.com/opensource-socialnetwork/opensource-socialnetwork/

Awesome Privacy

https://github.com/pluja/awesome-privacy

I dropped a line on their Github issue to see if anyone is interested.

Go to the Cloudron appstore and select the "Notes" category for the available options.

Personally using HedgeDoc for team collab notes which then go into Joplin.

https://talkyard.io
https://github.com/debiki/talkyard

Create a community, where your users can suggest ideas and get questions answered. And have friendly open-ended discussions and chat (Slack/StackOverflow/Discourse/Reddit/Disqus hybrid).

Why you should replace NGINX

From: https://bcow.xyz/posts/why-you-should-replace-nginx

A common option for a web server and reverse proxy is NGINX. This would have been a good decision ten years ago, but with modern alternatives built in modern programming languages that have many more features that save you time, why use an inferior product? Simply put, modern web servers like Caddy and Traefik are better.

Expired TLS certificates

I regularly come across this while browsing the smaller internet; what do they all have in common? NGINX. Most notably, Manjaro appears to struggle with this. Guess which web server they use: NGINX. This would never have happened if they had chosen Caddy (or any other modern web server). Every modern web server supports automatic HTTPS.

Outdated HTTP protocols

NGINX utilizes HTTP/1.1 by default. Due to missing optimizations present in later versions, this leads to poor website performance. Although HTTP/2 is supported by NGINX, you must enable it (and many users don't). NGINX does not currently support HTTP/3, and even when it does, it is unlikely that it will be enabled by default, and most users will not have access to it. This leads into the next section about NGINX's configuration and their update distribution.

Bad configuration

NGINX configuration is overly complicated. Many lines of NGINX configuration can be replaced by a few lines of Caddyfile. And because the Caddyfile is a single file, no files need to be moved, and Caddy can reload configuration without restarting.

Poor update distribution

Linux distributions should not be trusted with updates. Debian and Ubuntu are the most popular server distributions, but they are also the worst at updating (this is a "feature"). This is why packaging formats such as Flatpak exist (in the server world, Docker). Many websites are using NGINX versions that are years old and may contain critical security vulnerabilities (some of this is on the user for not updating even when updates are available). Caddy maintains their own repositories for some Linux distributions, while others, such as Traefik, are designed to run within a container. Developers of these web servers can ship updates quickly and be confident that users will have access to the most recent version.

Written in C

Every alternative I've mentioned thus far has been written in Go. Go is a modern programming language with memory safety and an excellent HTTP library in its standard library. This makes it the ideal language for creating a web server. Using Go has advantages such as removing dependence on libc and producing a binary that runs on any distro.

Conclusion

NGINX's antiquated design slows you down and holds back innovation on the web. It's time to move on and replace it with something fresh. Sure, more configuration and software can solve all of these issues. But, at that point, why not just switch? The alternatives are endless, but the best is undoubtedly Caddy. It does not have any of the issues I mentioned above and is very easy to use. Traefik (a little difficult to get started with), Sozu, and Envoy (I haven't tried these yet, but they look interesting) are some other options. You could also move to a PaaS provider like Fly.io and stop managing servers altogether, that's what we did here.

Typesense is a fast, typo-tolerant search engine for building delightful search experiences.

An Open Source Algolia Alternative &
An Easier-to-Use ElasticSearch Alternative
https://typesense.org/
https://github.com/anthonynsimon/typesense
https://hub.docker.com/r/typesense/typesense/
https://typesense.org/docs/0.21.0/guide/install-typesense.html#-start

https://www.balena.io/open/

OpenBalena is a platform to deploy and manage connected devices. Devices run balenaOS, a host operating system designed for running containers on IoT devices, and are managed via the balena CLI, which you can use to configure your application containers, push updates, check status, view logs, and so forth. OpenBalena’s backend services, composed of battle-tested components that we’ve run in production on balenaCloud for years, can store device information securely and reliably, allow remote management via a built-in VPN service, and efficiently distribute container images to your devices.

https://boringproxy.io/

What is boringproxy?
boringproxy is a combination of a reverse proxy and a tunnel manager.

What that means is if you have a self-hosted web service (Nextcloud, Emby, Jellyfin, etherpad, personal website, etc.) running on a private network (such as behind a NAT at home), boringproxy aims to provide the easiest way to securely (i.e. HTTPS and optional password-protection) expose that server to the internet, so you can access it from anywhere.

To see how boringproxy compares to other similar software, see the comparison here.

The main features are:

100% free and open source under the MIT license.
Designed from the ground up with self-hosters in mind.
No more port forwarding, NAT traversal, firewall rules, HTTPS certificate management, etc etc. Let boringproxy handle it all for you.
No config files. Seriously, none. It has nice defaults and the few knobs are easily adjusted with simple CLI parameters.
Lightning fast web GUI for managing tunnels from one central place. It even works great on mobile browsers.
Fully configurable through a REST API.
The client software works on Linux, Windows, Mac, and ARM (i.e. Raspberry Pi and Android).
Ships as single executable which contains both the server and client.
SSH under the hood. You can use a standard SSH client if you prefer.
End-to-end encryption (since version 0.4.0). Choose whether to terminate TLS at the server, client, or your application. All handled seamlessly with Let's Encrypt integration.

Real-time collaborative anything made easy with GUN.

GUN is an ecosystem of tools that let you build community run and encrypted applications - like an Open Source Firebase or a Decentralized Dropbox.

The Internet Archive and 100s of other apps run GUN in-production.

• Multiplayer by default with realtime p2p state synchronization!
• Graph data lets you use key/value, tables, documents, videos, & more!
• Local-first, offline, and decentralized with end-to-end encryption.

https://github.com/amark/gun#docker

Iris.to - a decentralized IG runs on top of GUN.
Hence the ability to deploy GUN nodes on Cloudron lets you run your own community.
Iris Messenger Github
Along with many other awesome-gun goodies:
https://github.com/amark/gun/wiki/awesome-gun

The GUN ecosystem stack is a collection of independent and modular tools covering everything from CRDT conflict resolution, cryptographic security & encryption, radix storage serialization, mesh networking & routing algorithms, to distributed systems correctness & load testing, CPU scheduled JSON parser to prevent UI lag, and more!

Technically, GUN is a graph synchronization protocol with a lightweight embedded engine, capable of doing 20M+ API ops/sec in just ~9KB gzipped size.

As you pick up your jaw, don't forget to vote it up.

https://organizr.app/

https://github.com/causefx/Organizr - PHP 7.2+

About

Do you have quite a bit of services running on your computer or server? Do you have a lot of bookmarks or have to memorize a bunch of ip's and ports? Well, Organizr is here to help with that. Organizr allows you to setup "Tabs" that will be loaded all in one webpage. You can then work on your server with ease. Want to give users access to some Tabs? No problem, just enable user support and have them make an account. Want guests to be able to visit too? Enable Guest support for those tabs.

Docker container available

The simplest way to take a full page screenshot, we support a long pages up to 20000 pixels

https://github.com/Flowko/website-shot

Simple Dockerfile w/ npm

https://github.com/RizkyRajitha/linkin

Features

Free and Open Source

Self Hosted, you own your data and Postgres DB

Customize your link tree with few clicks using a feature-rich dashboard

SEO friendly design built using Next js

Supports one-click deploy using multiple cloud providers

Try the Linkin demo here. Main page.

Demo Admin http://linkindemo.vercel.app/admin

Demo username = admin
Demo password = linkin123

https://hostyoself.com bit of a meme, but useful for self hosting an ngrok type web based instance.

A hosting service from the browser, because why not.

https://github.com/schollz/hostyoself

@humptydumpty those only work for the supported managed DNS providers in Cloudron, not things like the many free+ Dyn DNS providers.

Very different thing.

In this case, we have a client that runs on desec.io and their domain is manually added to Cloudron.

So unless @staff are interested in making a simple generic DDNS client, having one in an app does the trick too.

Headway

Headway is a maps stack in a box that makes it easy to take your location data into your own hands. With just a few commands you can bring up your own fully functional maps server. This includes a frontend, basemap, geocoder and routing engine. Over 200 different cities are currently supported.
https://github.com/headwaymaps/headway

An example config of WG-Easy deployment from:
https://github.com/WeeJeWel/wg-easy/wiki/Using-WireGuard-Easy-with-nginx-SSL

docker-compose.yml:

version: "3.8"

services:
  wg-easy:
    environment:
      # ⚠️ Change the server's hostname (clients will connect to):
      - WG_HOST=wg-easy.myhomelab.com

      # ⚠️ Change the Web UI Password:
      - PASSWORD=foobar123
    image: weejewel/wg-easy
    container_name: wg-easy
    hostname: wg-easy
    volumes:
      - ~/.wg-easy:/etc/wireguard
    ports:
      - "51820:51820/udp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1

  nginx:
    image: weejewel/nginx-with-certbot
    container_name: nginx
    hostname: nginx
    ports:
      - "80:80/tcp"
      - "443:443/tcp"
    volumes:
      - ~/.nginx/servers/:/etc/nginx/servers/
      - ./.nginx/letsencrypt/:/etc/letsencrypt/

~/.nginx/servers/wg-easy.conf:

server {
    server_name `⚠️wg-easy.myhomelab.com`;

    location / {
        proxy_pass http://wg-easy:51821/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }
}

@braginini Would you be open to helping package this for Cloudron?

https://arstechnica.com/gadgets/2022/12/mastodon-highlights-pros-and-cons-of-moving-beyond-big-tech-gatekeepers/

Good references to many Masto projects, including RSS to A/P integrations.

Article Full text:

NOT EXTINCT —

Standards-based interoperability makes a comeback, sort of.

Aurich Lawson | Getty Images

As Elon Musk's Category 5 tweetstorm continues, the once-obscure Mastodon social network has been gaining over 1,000 new refugees per hour, every hour, bringing its user count to about eight million.

Joining as a user is pretty easy. More than enough ex-Twitterers are happy finding a Mastodon instance via joinmastodon.org, getting a list of handles for their Twitter friends via Movetodon, and carrying on as before.

But what new converts may not realize is that Mastodon is just the most prominent node in a much broader movement to change the nature of the web.

With a core goal of decentralization, Mastodon and its kin are "federated," meaning you are welcome to put up a server as a home base for friends and colleagues (an "instance"), and users on all instances can communicate with users on yours. The most common metaphor is email, where yahoo.com, uchicago.edu, and condenast.com all host a local collection of users, but anybody can send messages to anybody else via standard messaging protocols. With cosmic ambitions, the new federation of freely communicating instances is called "the Fediverse."

I started using Mastodon in mid-2017 when I faintly heard the initial buzz. I found that the people who inhabited a world whose first major selling point was its decentralized network topology were geeky and countercultural. There were no #brands. Servers were (and are) operated by academic institutions, journalists, hobbyists, and activists in the LGBTQ+ community. The organizers of one instance, scholar.social, run an annual seminar series, where I have presented.

The decentralization aspect that was such a selling point for me was also a core design goal for Mastodon and the predecessors it built upon, such as GNU Social. In an interview with Time, lead developer Eugen Rochko said that he began development of Mastodon in 2016 because Twitter was becoming too centralized and too important to discourse. "Maybe it should not be in the hands of a single corporation,” he said. His desire to build a new system “was generally related to a feeling of distrust of the top-down control that Twitter exercised."

As with many a web app, Mastodon is a duct taping together of components and standards; hosting or interacting with a Mastodon instance requires some familiarity with all of these. Among them, and the headliner at the heart of The Fediverse, is the ActivityPub standard of the World Wide Web Consortium (W3C), which specifies how actors on the network are defined and interact.

Mastodon and ActivityPub evolved at about the same time, with Mastodon's first major release in early 2017 and ActivityPub finalized as a standard by the W3C in January 2018. Mastodon quickly adopted ActivityPub, and it has become such a focus of use that many forget that ActivityPub is usable in many contexts beyond reporting what users had for lunch.

Like Mastodon, ActivityPub represents a rebellion against an increasingly centralized web. Christine Lemmer-Webber is the lead author of the 2018 ActivityPub standard, based on prior work led by Evan Prodromou on another service called pump.io. Lemmer-Webber tells Ars that, when developing the ActivityPub standard, "We were like the only standards group at the W3C that didn't have corporate involvement... None of the big players wanted to do it."

She felt that ActivityPub was a success for the idea of decentralization even before its multi-million user bump over the last few months. "The assumptions that you might have, that only the big players can play, turned out to be false. And I think that that should be really inspiring to everybody," she said. "It's inspiring to me."

Standards setting

The idea of an open web where actors use common standards to communicate is as old as, well, the web. "The dreams of the 90s are alive in the Fediverse," Lemmer-Webber told me.

In the late '00s, there were more than enough siloed, incompatible networking and sharing systems like Boxee, Flickr, Brightkite, Last.fm, Flux, Ma.gnolia, Windows Live, Foursquare, Facebook, and many others we loved, hated, forgot about, or wish we could forget about. Various independent efforts to standardize interoperation across silos generally coalesced into the Activity Streams v1 standard.

Both the original Activity Streams standard, and the current W3C Activity Streams 2.0 standard used by Mastodon and friends, offer a grammar for expressing things a user might do, like "create a post" or "like a post with a given ID" or "request to befriend a certain user." The vocabulary one would use with this grammar is split into its own sub-standard, the Activity Vocabulary.

Now that we have a way to express a person's stream of thought and action in JSON blobs, where do all these streams go? The ActivityPub standard is an actor-based model which specifies that servers should have a profile for each actor providing a universal resource indicator (URI) for each actor's inbox and outbox. Actors can send a GET request to their own inbox to see what the actors they follow have been posting, or they can GET another actor's outbox to see what that specific actor has been posting. A POST request to a friend's inbox places a message there; a POST request to the user's own outbox posts messages for all (with the right permissions). The standard specifies that these various in- and outboxes hold activities in sequential order, much like our familiar social media timelines.

(PS: If you want to see what an activity stream looks like, and your browser renders JSON nicely, just grab a random outbox and have a look.)

Here we have the vision of the Fediverse: a set of ActivityPub nodes, scattered across the globe, all speaking a common language. Mastodon is one of many efforts to implement the inboxes and outboxes of the ActivityPub standard. There are dozens of others, ranging from other microblogging platforms ("It's like Mastodon, but...") to an ActivityPub server that runs a chess club.

In theory, they all intercommunicate; in practice, not so much. The sources of incompatibility stem from several issues, from imperfections in the standard to questions of how online communities should form to efforts to reach beyond the standard post/comment/follow format of typical social networks.

Different instances for different goals

The differences among ActivityPub-based social networks often reflect different visions of what socialization online can look like.

Darius Kazemi, now a senior engineer at fact-checking and content-moderation nonprofit Meedan, spent a year as a Mozilla Open Web Fellow developing a guide to the many decisions that must be made for an online community to fully function. He told me about the "global governance problem, which is that it's impossible to make a set of governance rules that a billion people can agree to. But it is possible to make a set of governance rules that 50 or 100 people mostly agree to. And so I like this as a chance for people with aligned values to get together and decide on what their own governance and guidelines look like."

Twitter’s global guidelines lean toward Silicon Valley-style free speech absolutism, in which everybody has the right to speak and be heard (and never shadow-banned). Vulnerable users increasingly felt the effects of Karl Popper's Paradox of Tolerance, that if we include in a more tolerant discussion those who are less tolerant, they will prevent the discussion from being fully open. (Thus, in Popper's view, some level of "intolerance towards intolerance" must be exercised even by the tolerant.) In a 2021 report, the Gay & Lesbian Alliance Against Defamation (GLAAD) bluntly stated that, "Surveying the current landscape of leading social media platforms, the entire sector is effectively unsafe for LGBTQ users."

Lemmer-Webber drew a direct line from problems on other social networks to the development of a network where local controls are built in. "Queer people built the Fediverse," she said, adding that four of the five authors of the ActivityPub standard identify as queer. As a result, protections against undesired interaction are built into ActivityPub and the various front ends. Systems for blocking entire instances with a culture of trolling can save users the exhausting process of blocking one troll at a time. If a post includes a “summary” field, Mastodon uses that summary as a content warning.

Advertisement

Other governance questions are more subtle, because features for greater privacy, almost by definition, limit the discovery and exploration we also look for in a social network. For example, the question of whether Mastodon should allow instance-only posts that do not go out to the Fediverse at large has been especially contentious. The final decision leaned toward discoverability, so Kazemi forked Mastodon to create Hometown, which includes this more-limited sharing option and various improvements.

If you want to run an instance to bring local friends onto the Fediverse, the first question is which platform to base it on. Lemmer-Webber recommends that those who want a single- or few-user instance try Misskey. Pleorama, with a less discovery-focused project governance group, has its own how-to for installing it onto various flavors of Linux. Mastodon, as the incumbent, has some pre-built packages that offer a relatively turnkey setup, or follow the full step-by-step procedure.

Building your own ActivityPub server (or trying to)

ActivityPub is not perfect. Tom MacWright, a software developer in Brooklyn, has firsthand experience with the pitfalls of ActivityPub. As an experiment, he tried to turn his photo blog into an actor that could be followed by users via their Mastodon accounts. It worked in the end—and you can search for @photos@macwright.com from your Mastodon instance to follow his photography—but it wasn't easy.

"I initially came at it from the perspective that I could just read the specifications and follow those, which is an approach that works for some specifications, but it definitely did not in this case," he said.

For example, Mastodon demands that ActivityPub actors interacting with a Mastodon instance be discoverable via the WebFinger standard, which in practice means a GET request to /.well-known/webfinger?resource=acct:sampleactor@example.com will return sampleactor's ActivityPub-formatted information. Not complicated, but it's not in the ActivityPub standard, and it's one more moving part to think about.

Activities also have to be signed by the sender via HTTP signatures. MacWright's approach to reading the spec failed here, too. "There's a specification (for signatures) that somebody tried to write and never got approved," he said. "The ActivityPub spec is like, 'You can use encryption or you can not use encryption.'" Meanwhile, Rochko explained in this blog about faking an ActivityPub server to post a reply to a Mastodon post, HTTP signatures are mandatory when corresponding with Mastodon—and because Mastodon is the metaphorical 800-pound gorilla of ActivityPub applications, that means HTTP signatures are mandatory. (MacWright eventually based his final photo blog actor on a barebones ActivityPub server by Kazemi.)

Advertisement

Fediverse.party lists around a hundred ActivityPub-based systems, many going well beyond the traditional social network. There's Pixelfed, which provides a Fediverse instance with an images-forward front end ("It's like Instagram, but..."). You can share video with PeerTube or federate your music via a Funkwhale instance, write collaboratively on Write freely or dokieli, review books and form your book club on BookWyrm, or plan events using Kazemi's gath.io.

Kazemi is optimistic about coming full circle and using ActivityPub as the next RSS. "I hope it's even better. I hope it's even more widely adopted than RSS was back in its heyday," he said. While we chatted, he set up @ars_technica@rss.friend.camp, an ActivityPub actor republishing everything on Ars' main RSS feed; search for it from your Mastodon, Pleroma, or Misskey instance, follow it, and you can retire that RSS reader you keep only to check for Ars articles.

But almost all of these new applications beyond social posting have to extend—i.e., deviate from—the standard. On its front page, Pixelfed describes itself as fully Mastodon compliant, but MacWright found that the fine print added requirements regarding Pixelfed's Activity Vocabulary dialect but not many details about how those work. Such diverse uses could enrich the Fediverse—or spin it apart.

Is this time different?

What's next? The Fediverse may remain a host of small hosts. But there are economies of scale. In the federation model, a small, ragtag community sharing an instance is now stuck paying the server bill.

In terms of skill and time costs, the preparation for many of the systems on the Fediverse is as easy as "just spin up a Docker container on a Raspberry Pi." Of course, most people cannot understand and execute that (relatively) simple instruction.

Or the Fediverse may centralize. Large instances can be bought. The CEO of Tumblr has promised to implement ActivityPub ASAP, and with 135 million monthly active users, that could make Tumblr the bright giant around which the rest of the Fediverse revolves. MacWright speculates that in such a case, “Inevitably everyone's gonna get grumpy that they're dominating the standard and it's no longer an Indieweb thing, and the cycle starts over.”

As I run 50+ apps in my Cloudron, I often have to check on services during troubleshooting, and when loading the System Info (/#/system) page it displays the Services, BUT as soon as I want to click on one, the Disk Usage loads and pushes all the Services down a page. (Bait and scroll?! )

Always makes me wonder why Services doesn't have it's own tab to avoid this problem.

Please fix.

As a very happy birthday present, this came about synergistically, and now we have the worlds first Cloudron App running in a Sysbox container runtime from Nestybox.com

Gratitude to this community and the Nestybox team.
This couldn't happen w/o @marcusquinn & @Rodny-Molina

Marcus provided the Cloudron based development environment which made this super easy and convenient, and Rodny provided the integration muscle and Sysbox expertise.

Here is the first issue filed related to our work:
https://github.com/nestybox/sysbox/issues/151

Feel free to follow along or jump in.

That's all for now

It seems statping has stopped being maintained.

However, there is good news with statping-ng which is current.
https://github.com/statping-ng/statping-ng

@staff Shall we replace statping with statping-ng ?

https://gotify.net
https://github.com/gotify

Gotify

a simple server for sending and receiving messages

• Self Hosted - You control your data.
• Free and open source - Gotify is licensed under the MIT license.
• Simple - Both Gotify's API and user interface is designed to be as simple as possible.
• Cross Platform - Gotify is written in Go and can be easily compiled for different platforms.
• Docker - Docker images are automatically built on every release.
• Code Quality / Tests - Several static code analyzers and many unit/end2end tests are run on every travis-ci build.

---

gotify/server

The heart of this project. gotify/server features a WebUI and functionality for:

• sending messages via a REST-API
• subscribing/receiving messages via a web socket connection
• managing users, clients and applications

Helps us keep track how long it takes backups to complete over time.

https://github.com/gruns/icecream

IceCream — Never use print() to debug again

Do you ever use print() or log() to debug your code? Of course you
do. IceCream, or ic for short, makes print debugging a little sweeter.

ic() is like print(), but better:

1. It prints both expressions/variable names and their values.
2. It's 40% faster to type.
3. Data structures are pretty printed.
4. Output is syntax highlighted.
5. It optionally includes program context: filename, line number, and
   parent function.

IceCream in Other Languages

Delicious IceCream should be enjoyed in every language.

• Dart: icecream
• Rust: icecream-rs
• Node.js: node-icecream
• C++: IceCream-Cpp
• C99: icecream-c
• PHP: icecream-php
• Go: icecream-go
• Ruby: Ricecream
• Java: icecream-java
• R: icecream
• Lua: icecream-lua
• Clojure(Script): icecream-cljc
• Bash: IceCream-Bash