So I am for the most part a lurker and a hobbyist. I’ve always been a bit of a techie, but over time decided I wanted to be more anti-consumption and such.
I started out with by doing my own calendar. I have a desktop that has my nextcloud and use it to sync my gnome calendar with fossify (with davx5). This was rather straight forward and gave me a nice confidence boost. This is mostly done on my local network, tho I am thinking of reading more into tailscale and getting a domain. The next move I did was to bring my todo list over. This was a bit tricky as many apps don’t have a setting to support repeat todos and crossing one off might just remove the item entirely and kill the resets that another app set up. At one point I found the app super productivity. This app is basically perfect. Only downsides is that it is a bit more strict (particularly on the mobile app) about an ssl cert. There is an option to have the app sync with a local file. I thought I could be clever and just have nextcloud do the syncing and let the apps think they are working only off the local on their respective device. Alas there was a snag here. For some reason nextcloud will write the files with read only permission on the laptop, so I cannot add or cross off items. Then I remembered using some apps around a decade ago that worked off a todo.txt file. I figured maybe I could find some mobile and desktop apps and recycle the idea of letting nextcloud manage two way sync of a file and letting apps interact with it as if it were local. It seems like I have some winners here with sleek on desktop and ntodo.txt on mobile.
Just my humble story of selfhosting so I don’t feel like a poser when listening to podcasts or lurking.
Cheers to your journey so far, and to your continued success!
You can absolutely do free SSL certs with Let’s Encrypt without exposing your infrastructure to the internet. Just use DNS based validation instead of HTTP, copy the required TXT records to your domain as instructed, wait for any cache/TTL of any old records to expire (generally 1-2 hours by default), and finally complete the validation.
You’ll need to renew the certs every 3 months, which could be annoying if done manually. If your Registrar has a decent API, writing a script could be a fun automation project. Alternatively I can also send you scripts that I used to use for that purpose.
Whoa thanks for that nugget of knowledge. Sounds like something I was searching but didn’t run into.
Happy to help!
You can find a bit more information at the URL below, and feel free to message me if you run into any issues getting it set up.
https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
Will do ☺️
If you’re looking for a different approach, I moved from Nextcloud to Radicale for my family calendars, which includes ToDo functionality.
From an app point, for Android I’m using Fossify Calendar (which I think you’re using?) and Tasks.Org ToDo - and this definitely handles recurring tasks (inc. with different types of schedules)
From a remote access point of view, I have HA Proxy to convert the internal HTTP traffic into external HTTPS traffic (with Lets Encrypt certificate)
(Yes, I also have a VPN for other things… just focusing here for the calendar / todo)
Pangolin has been really cool for a few days!
You could look into using https://headscale.net/stable/ an opensource alternative to tailscale. Have yet to implement it myself as I’m using Tailscale currently, but its on my todo list :)
Adding to my list to check out :)
ty for the heads up
So your server is running NextCloud? I hope you have it locked down tight, with all it’s web ui access points.
I started out with by doing my own calendar.
Wasn’t the first thing for me, but the most consistent over time. Calendar and Contacts, synced between phone and laptop. I used first DaviCal, now Radicale.
The next move I did was to bring my todo list over.
AFAIK these are just CalDAV calendars labeled todo; all you need is a different client app, the server software is the same.
Only downsides is that it is a bit more strict (particularly on the mobile app) about an ssl cert.
Can you explain? Doing things encrypted by default is extremely important.
I am running things locally. I cannot get an ssl cert for my local network stuff because i cannot prove i own it to the issuer (i think?). As far as the todo apps, from what I dug up its that caldav does not support recurring stuff on the todo stuff? At least the default nextcloud app does not. You can set a recurring to do with an app that does, but sometimes i would cross it off on mobile and it would no longer show up on my desktop. It seems that they all internally juggle how recurring stuff happens and diffrent clients might trigger another one to see it as done and no need rescheduling.
They mention they’re only doing things locally, and looking into using tailscale, so they aren’t exposing to public web and the security concerns you mention are a lot less important.
FYI super productivity can sync via webdav, and nextcloud has a webdav server.
I did try that, but the mobile app is more strict about an ssl cert and I am only doing local stuff right now. Tho I am planing to hook my server to a domain eventually.
Try the web app (PWA). I don’t remember it complaining about http localhost.
I’d also raise that as an issue with the developer. No self host-able app should enforce https. Only warn/notify. There are numerous situations where http is a perfectly fine, permanent solution (LAN/VPN).
So I realize the following does not directly apply in this specific case, since we are talking about a full android app. But in general, there are strictly technical limitations which absolutely requires you to use https. This for example applies to PWA’s, and it also applies to apps which are WebView-based.
Basically the w3c is disagreeing with you; there are several important javascript features which are forcefully disabled if you are not connecting over https. This is a decision made by the webbrowser itself, and not something you or the dev can disable or otherwise avoid.
For example, it is impossible to use the browser’s built-in api for getting the sha512 hash of a file, which is why i had to go through great pains to do that in other suboptimal ways in one selfhosted service i made. Most devs rightfully wouldn’t bother, since those restrictions are arbitrary and effectively pointless, as there are (usually painful) workarounds.
List of features which require https: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts/features_restricted_to_secure_contexts
Thanks for sharing!
:) its good to engage with the community
