𝘋𝘪𝘳𝘬

Usually you just see LibreOffice and nothing else, so it’s fine, I guess. Not a web-based editor, but usable.

Ah, I see. Not as native web application, though.

They’re using Alpine Linux, install X and Openbox and Xvnc and serve KasmVNC via Nginx and connect via KasmVNC to that X instance. LibreOffice is started in fullscreen and looks like a slightly blurry web application.

But in reality it is just a regular desktop installation with some extra things.

@fikran@lemm.ee, maybe this is a solution? I wouldn’t recommend it because it’s not really a web-based document editor.

So, LibreOffice can be used over the Internet in a web browser?

Exactly. With directly using certbot handling all and everything fully automatically I ran my old setup with a free dyndns subdomain for quite some time without any issues.

Since Let’s encrypt nowadays is basically implemented in every reverse proxy: certificates are an absolute no-brainer.

If someone manages to buy and configure a domain to serve selfhosted content, this person will also be able to either set up certbot or use the built-in functionality of their reverse proxy.

It’s 2025. Not having “real certificates” is something admins intentionally do. Since there is Let’s Encrypt available, all other solutions for non-paid certificates are obsolete.

There – of course – won’t be a singular official source stating “Hey guys, we’re open core now”. You need to put this together bit-by-bit.

Here are some links for research

• Official statement on the takeover
• Gitea Enterprise/Gitea Cloud hiding features behind a cloud solution and a paywall which makes Gitea itself open-core
• Open Letter to the new Gitea owners with a summary and a reply, signed by a lot of Gitea devs and FOSS scene people.
• As @gratux@lemmy.blahaj.zone mentioned: A fork under the name Forgejo was done due to new Gitea owners did not care much about the concerns. (Started as asoft-fork but with 10.0 it became a hard fork.)
• Gitea owners made it mandaroy to remove copyright headers and set the corporation as copyright holder. Here, here, and here

It falls under self hosted, at least. If it is still truly open source is highly debatable.

Never heard of 99% in that list.

Also, Gitea should not be there. It is a corporate -owned open core project that was hostilely taken away from the community.

The gist:

The main reason I said to avoid Session, all those months ago, was simply due to their decision to remove forward secrecy (which is an important security protocol they inherited for free when they forked libsignal).

Smith & Wesson

Authentication with NPM is pretty straightforward. You basically just configure an ACL, add your users, and configure the proxy host to use that ACL.

I found this video explaining it: https://youtu.be/0CSvMUJEXIw?t=62

NPM unfortunately has a long-term bug since 2020, that needs you to add a specific configuration when setting up the ACL as shown in the video.

At the point where he is on the “Access” tab with all the allow and deny entries, you need to add an allow entry with 0.0.0.0/0 as IP address.

Other than that, the setup shown in the video works in the most recent version.

How do you handle SSL certs and internet access in your setup?

I have NPM running as “gateway” between my LAN and the Internet and let handle it all of my vertificates using the built-in Let’s Encrypt features. None of my hosted applications know anything about certificates in their Docker containers.

As for your questions:

1. You can and should – it makes managing the applications much easier. You should use some containerization. Subdomains and correct routing will be done by the reverse proxy. You basically tell the proxy “when a request for foo.example.com comes in, forward it to myserver.local, port 12345” where 12345 is the port the container communicates over.
2. 100% depends on your use case. I purchased a domain because I host stuff for external access, too. I just have my setup to report it’s external IP address to my domain provider. It basically is some dynamic DNS service but with a “real domain”. If you plan to just host for yourself and your friends, some generic subdomain from a dynamic DNS service would do the trick. (Using NPMs Let’s Encrypt configuration will work with that, too.)
3. You can’t. Every georestricting can be circumvented. If you want to restrict access, use HTTP basic auth. You can set that up using NPM, too. So users authenticate against NPM and only when it was successful,m the routing to the actual content will be done.
4. You might want to look into Cloudflare Tunnel to hide your real IP address and protect against DDoS attacks.
5. No 🙂

What is this scam and why is it still here?

To me, the point of Docker is having one container for one specific application. And I see the database as part of the application. As well as all other things needed to run that application.

Since we’re here, lets take Lemmy for example. It wants 6 different containers with a total of 7 different volumes (and I need to manually download and edit multiple files before even touching anything Docker-related).

In the end I have lemmy, lemmy-ui, pictrs, postgres, postfix-relay, and an additional reverse proxy for one single application (Lemmy). I do not want or need or use any of the containers for anything else except Lemmy.

There are a lot of other applications that want me to install a database container, a reverse proxy, and the actual application container, where I will never ever need, or want, or use any of the additional containers for anything else except this one application.

So in the end I have a dozen of containers and the same amount of volumes just to run 2-3 applications, causing a metric shit-ton of maintenance effort and update time.

To me the number one thing is, that it is easy to setup via Docker. One container, one network (ideally no network but just using the default one), one storage volume, no additional manual configuration when composing the container.

No, I don’t want a second container for a database. No I don’t want to set up multiple networks. Yes, I already have a reverse proxy doing the routing and certificates. No, I don’t need 3 volumes for just one application.

Please just don’t clutter my environment.