this post was submitted on 05 Nov 2025
169 points (91.6% liked)

Selfhosted

52785 readers
383 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
169
Safebox: Open-source framework for managing self-hosted apps (Beta) (lemmy.world)
submitted 1 day ago by drebora@lemmy.world to c/selfhosted@lemmy.world
27 comments fedilink hide all child comments
 

Hi everyone, we’ve been working on Safebox, an open-source framework that helps you install, manage, and access self-hosted applications such as Home Assistant, Nextcloud, and Jellyfin ect. Safebox runs on Linux, macOS, and Windows (supporting both x86 and ARM64 architectures, even Raspberry Pi, Banana Pi hardwares also tested). It manages domain and subdomain setup, Let's Encrypt certificates, DNS configuration, and reverse proxy (nginx). It also includes a WireGuard-based remote access feature and a geo-redundant backup system (currently in development). The project is in beta, and we’re looking for people interested in testing and sharing feedback. All information about Safebox and beta testing can be found in our Discord channel. Try it using Docker: docker run --rm -v /var/run/docker.sock:/var/run/docker.sock safebox/framework-scheduler

Then open: http://localhost:8080/

Links: Website: https://safebox.network/ GitHub: https://github.com/safeboxnetwork/framework-scheduler Discord: https://discord.gg/aBP8bz6N8J

We’d really appreciate any feedback or ideas for improvement.

all 28 comments
sorted by: hot top controversial new old
[–] yggstyle@lemmy.world 14 points 1 day ago* (last edited 1 day ago) (2 children)

Alright so I'll ask a hardball question or two. What precisely are you offering that isn't just repackaged install scripts and a wireguard wrapper?

What is your / your teams background in software security? The implication of the name and your "branding" are selling a lot - what outside of docker and wireguard are you bringing to the table. On that note: why docker?

Further - you are paywalling remote access... When your platform is utilizing wireguard.

Netbird (one of many examples) doesn't even do that... What's the reasoning?

I have more but let's start there.

[–] survirtual@lemmy.world 3 points 55 minutes ago

The creator didn't have a good answer, so there may not be a good one for this project. But the value proposition is actually there.

These self-hosted solutions are riddled with configuration options, often obscure requirements, and countless maintenance pitfalls.

For a disciplined tech person, it is no problem to install and maintain.

For people less disciplined or non-tech, self hosting is ill-advised and can be dangerous.

But even for a tech person, when you have enough docker-compose services laying around, it can start to get a bit overwhelming to keep it all up to date, online, and functional. If you change your router etc you have to recall how things were set up, what port-forwards you need, what reverse lookups, etc etc.

There actually is a gap in usability and configuration management. I could see a product that has sensible defaults that unifies config across these self-hosted services without needing to access the command line.

[–] drebora@lemmy.world 1 points 19 hours ago (1 children)

Our software is basically a web app that makes it easier to install and manage supported third-party apps. Wireguard (currently) is only used for remote access, if you don’t need that you don’t have to turn it on.

For security, everything runs in an isolated sandbox using docker and that also answers your other question.

We do plan to offer a paid remote access service in the future, but it’s totally optional. The same goes for backups, they can be geo-redundant if you use our service, but these are optional feature.

[–] yggstyle@lemmy.world 4 points 16 hours ago* (last edited 16 hours ago) (3 children)

Our software is basically a web app that makes it easier to install and manage supported third-party apps. Wireguard (currently) is only used for remote access, if you don’t need that you don’t have to turn it on.

So my point I was driving at - especially with such a diverse offering of wireguard services which do not charge for (effectively) VPN access to your own infrastructure - I was more interested in why your service would be looking to pay gate it as a "premium" feature.

This would be different if we were talking you hosting all these services on your infrastructure but considering the marketing to homelab - I find it to be an unusual choice... And was curious as to the reason for the decision.

For security, everything runs in an isolated sandbox using docker and that also answers your other question.

Right. Docker does sandboxing. That's a core feature it provides - I'm just trying to ascertain what precisely your company is actually offering outside of a ui wrapper on these established services.

I mentioned earlier that your branding seems to emphasize security - but all I'm seeing is mention of existing security features inherent in the software being wrapped. Does your team do additional tuning for security? Do they have experience in infrastructure security, hardening systems, or the like? To be clear I just want to better understand the branding and what is being offered.

the same goes for backups, they can be geo-redundant if you use our service, but these are optional feature.

Alright so this is a feature that a homelab user can actually use - backups. Could you expand on how you will be managing this feature / plan to implement it once it is offered?

[–] gyurix@lemmy.world 1 points 1 hour ago

Alright so this is a feature that a homelab user can actually use - backups. Could you expand on how you will be managing this feature / plan to implement it once it is offered?

Very good question, the backup/restore processes are under development. We would like to use the Borg backup for and prepared the backup services for access each others both local network and vpn network. You can find it takeing a look at the source code of the framework-scheduler repository (https://github.com/safeboxnetwork/framework-scheduler/blob/main/scripts/scheduler/entrypoint.sh # it is started at line 1339)

[–] gyurix@lemmy.world 1 points 1 hour ago

I mentioned earlier that your branding seems to emphasize security - but all I’m seeing is mention of existing security features inherent in the software being wrapped. Does your team do additional tuning for security? Do they have experience in infrastructure security, hardening systems, or the like? To be clear I just want to better understand the branding and what is being offered.

Hi, I am one of developers from Safebox and would like to answer your security related questions: you have right, our Safebox platform contains only a HAproxy loadbalancer and Nginx backend proxies to route your domain based TCP packets and does not responsible for security of the 3rd party providers applications. That means Safebox is not more secure as the installed 3rd party applications, because if the application you install isn’t secure or you don’t take care of your passwords, then your data could still be stolen. But it does provide security in the sense that you know where your data is, and you know that it belongs to you.

In addition we plan to develop a 'homeguard' plugin for Safebox to manage accessing the main platform and set individualy permissions via backend proxies to access the deployed 3rd party applications.

[–] drebora@lemmy.world 1 points 1 hour ago* (last edited 1 hour ago)

So my point I was driving at - especially with such a diverse offering of wireguard services which do not charge for (effectively) VPN access to your own infrastructure - I was more interested in why your service would be looking to pay gate it as a “premium” feature.

This would be different if we were talking you hosting all these services on your infrastructure but considering the marketing to homelab - I find it to be an unusual choice… And was curious as to the reason for the decision.

Right now, we’re not charging anything for our service. In the future, if we do, it would only cover things like domain registration, proxy setup, and some extra features such as monitoring and traffic analytics.

It’s important to mention that using our service isn’t required for Safebox to work. You can use your own domain provider, set up a VPS with a public IP, point your domain to it, and everything will work just fine.

I asked one of our developers to answer your other question since he can give you a more accurate answer.

[–] BeatTakeshi@lemmy.world 26 points 1 day ago (2 children)

I won't delve into the debate of open-source and financing, and I don't necessarily throw the stone when I hear subscriptions is the plan, so for your sake I just ask:

Who are you people, and is your long term business plan as open as the software?

[–] drebora@lemmy.world 12 points 1 day ago* (last edited 1 day ago) (1 children)

We're just a family working together in our spare time. We want to make self-hosted web hosting easier to start and easier to use for everyone. We don't have a business plan yet, we just want to build something useful and see what people think of it. Are you assuming it's not open source because of the github page? We used Gitea before, and we're moving everything over from there, that's why it may look a bit empty right now.

[–] BeatTakeshi@lemmy.world 7 points 1 day ago

Thank you for answering. No there was no underlying assumption on the open source.

[–] non_burglar@lemmy.world 5 points 1 day ago

Go look at the code in github. It's one person, and it's just bash scripts.

[–] Canuck@sh.itjust.works 16 points 1 day ago (2 children)

This is an ad disguised as a helpful post

[–] Bababasti@feddit.org 26 points 1 day ago (1 children)

I don’t think they’re doing a lot of disguising? They openly introduced themselves and asked for feedback lol

[–] drebora@lemmy.world 7 points 1 day ago

Thanks, yes we're looking for early users and feedback

[–] BarbecueCowboy@lemmy.dbzer0.com 8 points 1 day ago

Hmm, you might be right, it looks like there are plans for a premium subscription service with pay walled features after the beta is over.

Hard pass.

[–] Natanox@discuss.tchncs.de 16 points 1 day ago (2 children)

In which way does it differ from Yunohost?

[–] sexy_peach@feddit.org 18 points 1 day ago* (last edited 1 day ago) (3 children)

They will have a paid tier after beta, also it's deployed with docker only. It's a shame, it does look quite clean.

[–] MoonRaven@feddit.nl 27 points 1 day ago (1 children)

€10 a month even though you're hosting things yourself on your own hardware.

[–] Onomatopoeia@lemmy.cafe 11 points 1 day ago* (last edited 1 day ago) (1 children)

To be fair, the pro plan is for the non-local stuff, which is at least understandable as domains and resolution services are non-free.

Also ongoing development takes resources. Seems like a reasonable approach.

I say this as someone who absolutely despises subscriptions.

[–] ZeldaFreak@lemmy.world 2 points 1 day ago (1 children)

They should clarify it. If these 3 points are just offering an easier way to do it, then fine. If they block these features in general when you want to manage it yourself, then screw it. I had one self hosted software, which blocked remote access even when you use your own reverse proxy. At least it was a one time payment.

[–] drebora@lemmy.world 2 points 19 hours ago

Since the software is open source, we’re not planning to block or restrict anything now or in the future. Right now we’re focused on development, and later we might build some services around it, but the software itself will always be free to use.

[–] polymachine@feddit.org 11 points 1 day ago (1 children)

From their FAQ:

What is the difference between the Basic and the Pro plan? The Basic (free) plan includes local access, a full suite of applications, and encrypted backups to local devices. The Pro (€10/month) plan provides remote access via custom domains, geo-redundant backups across locations, and unlimited subdomain support.

[–] drebora@lemmy.world 4 points 1 day ago

Thanks! That's a mistake, the pro version is currently completely free in beta.

[–] corsicanguppy@lemmy.ca 3 points 1 day ago

Yep, two reasons I'm out.

[–] drebora@lemmy.world 7 points 1 day ago

The main difference is that Safebox is software that runs on any operating system with a single command using docker. There's no need to use terminals and commands later on. Like Yunohost, you can install and manage self-hosted apps with it, but it also includes geo-redundant backup and remote access features, all in one interface.

[–] pfr@mastodon.bsd.cafe 1 points 1 day ago* (last edited 1 day ago) (1 children)

@drebora looks cool. Would be nice to see an #TSDProxy app as an option too.

https://github.com/almeidapaulopt/tsdproxy

[–] drebora@lemmy.world 1 points 18 hours ago

Thanks for the suggestion, we'll definitely look into it.