Just like Cloudron.

Tbh, I have given up on Proxmox Helper Scripts for more demanding things recently as I had similar issues.

You can use the fully packed VM appliance or iso as well. Or Docker.

Or,tbh,try the manual install,it’s somewhat straight forward. If you need help let me know.

Another option: Zabbix.

Sounds like overkill initially, but works fine and can be automated fairly well. Once installed (as a LXC/VM or on a seperats device if you want independent monitoring), you can setup a API acess for monitoring Proxmox (which will monitor all LXCs,etc. automatically) and then add the agent on top to monitor the underlying machine. There are dozens of ways to monitor Zabbix hosts temps, HDDs,etc. available online.

In theory you could also let a zabbixproxy collect all your hosts data (e.g. your Proxmox Host, your switch,etc.) in your network and then send it to a VPS outside your network so you monitor offsite and can be alerted when not at home.

ZeroSSL has unpaid plans (for non wildcards) that have a few advantages that LE doesn’t:

• No Ratelimits,
• A WebDashboard
• More ways to validate
• They have a RestAPI

And, first and foremost, they are European and it’s always good tk have an alternative ready.

But as said before, I totally missed the wildcard issue, as I haven’t touched these for a long time and recently had more to do with my public services (which get a ACME single domain cert via zeroSSL)

Sorry, then proceed with LE. Got that part mixed up, you are totally rjght.

It is absolutly possible, but oersonally I would highly recommend getting yourself a proper public domain for that,even if you won’t use it otherwise (it’s even somewhat saver if you use a designated one for it).

To make it really easy get the domain with someome who also provides DNS with it (Hetzner is a solid choice, so are others, has to have an API). (E.g. “mydomain.casa”.)

Now get an internal DNS server that can handle it’s own zones. I always recommend technitium, but there are other choices. Pihole is not a good choice here.

Next thing is a reverse proxy,as you mentioned. If you want it easy, NginxProxyManager is a good choice, but limits what one can do later. But it kind of works out of the box. Traefik and caddy are both often named,but I found none of them as “fire and forget” as NPM is - and caddy can’t do a lot of things either. Traefik is what I currently use,but even using Manatrae or similar GUIs it’s sometimes a pain. But it’s absolutely powerful especially when you run a lot of docker container on the same host. Tbh, if I had not some special requirements I would still use NPM.

Now, what to do? (Not a full manual, more like a ovrview that it’s not that complicated)

1. Install all of the above on docker.
2. Setup NPM with a wildcard certificate, register with zerossl.com (has advantages over LetsEncrypt), add them as a provider and get a wildcard(!) certificate. (*.yourdomain.casa).
3. Setup a proxy host. You simply add the domainname (nextcloud.mydomain.casa),point it to the actual container ("192.168.1.10:3000) and choose the wildcard certificate as a SSL and switch on “force SSL”.
4. Go to the DNS server, create a DNS zone “mydomain.casa” and then simply add “nextcloud.mydomain.casa” and point it to the Reverse proxy IP. Done.

For good practice I would recommend to also keep a zone that links directly to the services so you can use that whenever necessary. (mydomain.internal)

I would avoid a Raspi/ARM at all costs. But there is a third alternative: A x86 SBC like a Zima Board or blade might be exactly what you are looking for. Small, powerful enough and far easier than an ARM to maintain.

Look at the Zimablade maybe. Full,Proxmox capabale x86, can be powered via PoE with a splitter(would not recommend it,though), cheap.

I have expanded my setup over the years. And tbh, I reached so many stages where I read up how pi-hole or adguard achieved this and that. And every time it was like “damn,if you want more than the basics they are actually more complicated. I just have to look up this and this and Technitium does it by the book.”. That’s so refreshing.

Yeah, came here to write about Technitium. It is rock solid. Absolutely. It looks intimidating at first but you soon figure out you hardly need 10% of the options in the beginning.

But it’s so rock solid and good…

Duplicati is probably one of the easier options.

Afaik bluestack is the best option for that but I might be mistaken

Tbh: I haven’t found a really good replacement yet (we are simultaneously coming off confluence as well and that is even harder)

What we tried:

• Bookstack: I.can.not.understand.what.people.like.about It.Period. From my point of view it’s one of the worst systems on the market. Why? The fact that it only allows three different levels of hierarchy, the fact that by default all your images are public and their recommended solution is security by obscurity instead of proper handling it(which it can do) or their absolutely abhorent permission handling.

• Xwiki: It’s… Clumsy. Possibly the most capable one, but it’s Java and munshes resources like they are free and it’s bothersome to setup/get working. Once it works it’s extremely capable,especially from a business point of view. It’s one of the close contenders for my confluence customers atm.

• DokuWiki has become pretty capable,but takes a good theme and a few modules to be “up to modern standards”. The second close contender.

• Another major contender is also BlueSpice. Will look into that next week.

• Last but not least outline is also an idea. Currently looking into that.

• For my personal reference,especially for everything self hosted I used to maintain a fairly extensive Wiki.js,but I have found it more and more bothersome as a split between the configuration assets and the wiki was always there. So nowadays it’s often more integrated and stringent to use my GIT repository (forgejo) to keep my documentation as well.

• The same approach is also a nice one for my work and we still discuss if we might “make it work” with our project management (Redmine) and it’s wiki component.

• Lastly for a personal wiki Tiddly might be enough, btw.

But not for OAuth.

Yeah, as many said: It’s dead. I was heavily invested into Wiki.JS but cannot recommend it to anyone anymore due to the antics of the developer. Even if the mysterious new major version that should fix every issue comes out at some point, as long as the development policies don’t change it’s not worth it.

I am currently actively moving everything away from it.

Layer 7 storage servers might be what you are looking for.

Another happy Hetzner customer here. They are more than solid.

The only issues I had was with the abysmal performance of the storagebox, but that got better recently.

Layer 7 is also an idea for those seeking storage,but won’t really help OPs case.

In terms of software: Agent NVR is imho currently one of the easiest and most compatible camera software systems available for free. Runs on a pi,even though I would absolutely not recommend one

(Use a proper x64 SBC like the zimaboard. Makes a lot of things easier).

Camera wise Dahua, Hikvison and Foscam are far better than Reolink, imho, but they most definitely need a separate network or a block so they don’t access the internet.

Yeah,came here to say that. I second that.

I use an SXT, as I got it cheap, but the wap LTE kits, the LTAPs mini or the hap AX lite should do as well - softwarewise they are all the same anyway. (Just watch out for hardware without LTE modem card and be aware of the difference between LTE-M and LTE as in the knot.)

Sometimes you find decent older ones on eBay as well.