Belajar Agar Berkembang

Senin, 10 Maret 2025

Enjoying Self-Hosting Software Locally With CasaOS and Raspberry Pi

If you are someone interested in self-hosting, home automation, or just want to tinker with your Raspberry Pi, you have various options to get started.

But, if you are new, and want something easy to get you up to speed, CasaOS is what you can try.

CasaOS isn't your ordinary operating system. It is more like a conductor, bringing all your favorite self-hosted applications together under one roof.

Built around the Docker ecosystem, it simplifies the process of managing various services, apps, and smart devices from a browser-based dashboard.

Originally developed by the makers of ZimaBoard, CasaOS makes the deployment of tools like Jellyfi, Plex, Immich, PhotoPrism a matter of a few clicks.

Let us find out more and explore how CasaOS can help can transform our simple Raspberry Pi into a powerful personal cloud.

What is CasaOS?

Think of CasaOS (Casa being "home" in Spanish) as a home for your Raspberry Pi or similar device.

It sits on top of your existing operating system, like Ubuntu or Raspberry Pi OS, and transforms it into a self-hosting machine.

CasaOS simplifies the process of installing and managing applications you'd typically run through Docker containers by blending the user-friendliness of docker management platform like Portainer.

It acts as the interface between you and your applications, providing a sleek, user-friendly dashboard that allows you to control everything from one place.

You can deploy various applications, including media servers like Jellyfin or file-sharing platforms like Nextcloud, all through its web-based interface.

Installing CasaOS on Raspberry Pi

Installing CasaOS on a Raspberry Pi is as easy as running a single bash script. But first, let’s make sure your Raspberry Pi is ready:

💡

Feeling a bit hesitant about running scripts? CasaOS offers a live demo on their website (username: casaos, password: casaos) to familiarize yourself with the interface before taking the plunge.

Ensure your Pi’s operating system is up-to-date by running the following commands:

sudo apt update && sudo apt upgrade -y

If you do not have curl installed already, install it by running:

sudo apt install curl -y

Now, grab the installation script from the official website and run it:

curl -fsSL https://get.casaos.io | sudo bash

Access the CasaOS web interface

After the installation completes, you will receive the IP address in the terminal to access CasaOS from your web browser.

Simply type this address into your browser or if you are unsure type hostname -I on the Raspberry Pi to get your IP, and you will be greeted by the CasaOS welcome screen.

The initial setup process will guide you through creating an account and getting started with your personal cloud.

Getting Started

Once inside, CasaOS welcomes you with a clean, modern interface. You’ll see system stats like CPU usage, memory, and disk space upfront in widget-style panels.

There’s also a search bar for easy navigation, and at the heart of the dashboard lies the app drawer—your gateway to all installed and available applications.

CasaOS comes pre-installed with two main apps: Files and the App Store. While the Files app gives you easy access to local storage on your Raspberry Pi, the App Store is where the magic really happens.

From here, you can install various applications with just a few clicks.

Exploring the magical app store

The App Store is one of the main attractions of CasaOS. It offers a curated selection of applications that can be deployed directly on your Pi with minimal effort.

Here’s how you can install an app:

Go to the app store
From the dashboard, click on the App Store icon.

Browse or search for an app
Scroll through the list of available apps or use the search bar to find what you’re looking for.

Click install
Once you find the app you want, simply click on the installation button, and CasaOS will handle the rest.

The app will appear in your app drawer once the installation is complete.

It is that simple.

💡

Container-level settings for the apps can be accessed by right clicking the app icon in the dashboard. It lets you map (docker volume) directories on the disk with the app. For example, if you are using Jellyfin, you should map your media folder in the Jellyfin (container) setting. You should see it in the later sections of this tutorial.

Access

Once you have installed applications in CasaOS, accessing them is straightforward, thanks to its intuitive design.

All you have to do is click on the Jellyfin icon, and it will automatically open up in a new browser window.

Each application you install behaves in a similar way, CasaOS takes care of the back-end configurations to make sure the apps are easily accessible through your browser.

No need to manually input IP addresses or ports, as CasaOS handles that for you.

For applications like Jellyfin or any self-hosted service, you will likely need to log in with default credentials (which you can and should change after the first use).

In the case of Jellyfin, the default login credentials were:

Username: admin
Password: admin

Of course, CasaOS allows you to customize these credentials when setting up the app initially, and it's always a good idea to use something more secure.

My experience with CasaOS

For this article, I installed a few applications on CasaOS tailored to my homelab needs:

A Jellyfin server for media streaming
Transmission as a torrent client
File Browser to easily interact with files through the browser
Cloudflared for tunneling with Cloudflare
Nextcloud to set up my cloud
A custom Docker stack for hosting a WordPress site.

I spent a full week testing these services in my daily routine and jotted down some key takeaways, both good and bad.

While CasaOS offers a smooth experience overall, there are some quirks that require you to have Docker knowledge to work with them.

💡

I faced a few issues that were caused by mounting external drives and binding them to the CasaOS apps. I solved them by automounting an external disk.

Jellyfin media server: Extra drive mount issue

When I first set up Jellyfin on day one, it worked well right out of the box. However, things got tricky once I added an extra drive for my media library.

I spent a good chunk of time managing permissions and binding volumes, which was definitely not beginner-friendly.

For someone new to Docker or CasaOS, the concept of binding volumes can be perplexing. You don’t just plug in the drive and expect it to work, it requires configuring how your media files will link to the Jellyfin container.

Even after jumping through those hoops, it wasn’t smooth sailing. One evening, I accidentally turned off the Raspberry Pi.

When it booted back up, the additional drive wasn’t mounted automatically, and I had to go through the whole setup process again ☹️

So while Jellyfin works, managing external drives in CasaOS feels like it could be a headache for new users.

Cloudflared connection drops

I used Cloudflare Tunnel to access the services from outside the home network.

It was a bit of a mixed bag. For the most part, it worked fine, but there were brief periods where the connection was not working even if said that it was connected.

The connection would just drop unexpectedly, and I’d have to fiddle around with it to get things running again.

After doing some digging, I found out that the CLI tool for Cloudflare Tunnels had recently been updated, so that might’ve been the root of the issue.

Hopefully, it was a temporary glitch, but it is something to keep in mind if you rely on stable connections.

Transmission torrent Client: Jellyfin's Story Repeats

💡

The default username & password is casaos. The tooltip for some applications contain such information. You can also edit them and add notes for the application.

Transmission was solid for saving files locally, but as soon as I tried adding the extra drive to save files on my media library, I hit the same wall as with Jellyfin.

The permissions errors cropped up, and again, the auto-mount issue reared its head.

So, I would say it is fine for local use if you’re sticking to one drive, but if you plan to expand your storage, be ready for some trial and error.

Nextcloud: Good enough but not perfect

Setting up a basic Nextcloud instance in CasaOS was surprisingly easy. It was a matter of clicking the install button, and within a few moments, I had my personal cloud up and running.

However, if you’re like me and care about how your data is organized and stored, there are a few things you’ll want to keep in mind.

When you first access your Nextcloud instance, it defaults to using SQLite as the database, which is fine for simple, small-scale setups.

But if you’re serious about storing larger files or managing multiple users, you’ll quickly realize that SQLite isn’t the best option. Nextcloud itself warns you that it’s not ideal for handling larger loads, and I would highly recommend setting up a proper MySQL or MariaDB database instead.

Doing so will give you more stability and performance in the long run, especially as your data grows.

Beyond the database choice, I found that even after using the default setup, Nextcloud’s health checks flagged several issues.

For example, it complained about the lack of an HTTPS connection, which is crucial for secure file transfers.

If you want your Nextcloud instance to be properly configured and secure, you'll need to invest some time to set up things like:

Setting up secure SSL certificate
Optimizing your database
Handling other backend details that aren’t obvious to a new user.

So while Nextcloud is easy to get running initially, fine-tuning it for real-world use takes a bit of extra work, especially if you are focused on data integrity and security.

Custom WordPress stack: Good stuff!

Now, coming to the WordPress stack I manually added, this is where CasaOS pleasantly surprised me.

While I still prefer using Portainer to manage my custom Docker stacks, I have to admit that CasaOS has put in great effort to make the process intuitive.

It is clear they’ve thought about users who want to deploy their own stacks using Docker Compose files or Docker commands.

Adding the stack was simple, and the CasaOS interface made it relatively easy to navigate.

Final thoughts

After using CasaOS for several days, I can confidently say it’s a tool with immense potential. The ease of deploying apps like Jellyfin and Nextcloud makes it a breeze for users who want a no-hassle, self-hosted solution.

However, CasaOS is not perfect yet. The app store, while growing, feels limited, and those looking for a more customizable experience may find the lack of advanced Docker controls frustrating at first.

That said, CasaOS succeeds in making Docker and self-hosting more accessible to the masses.

For homelab enthusiasts like me, it is a great middle ground between the complexity of Docker CLI and the bloated nature of full-blown home automation systems.

Whether you are a newcomer or a seasoned tinker, CasaOS is worth checking out, if you are not afraid to deal with a few bumps along the way.

from It's FOSS https://ift.tt/rXqVQTs
via IFTTT

Sabtu, 08 Maret 2025

From OpenBSD to Linux: How Pledge can Enhance Linux Security

Imagine a scenario, you downloaded a new binary called ls from the internet. The application could be malicious by intention. Binary files are difficult to trust and run over the system. It could lead to a system hijacking attack, sending your sensitive files and clipboard information to the malicious server or interfere with the existing process of your machine.

Won’t it be great if you’ve the tool to run and test the application within the defined security parameter. Like, we all know, ls command list the files in the current working directory. So, why would it require a network connection to operate? Does it make sense?

That’s where the tool, Pledge, comes in. Pledge restricts the system calls a program can make. Pledge is natively supported on OpenBSD systems. Although it isn’t officially supported on Linux systems, I’ll show you a cool hack to utilize pledge on your Linux systems.

🚧

As you can see, this is rather an advanced tool for sysadmins, network engineers and people in the network security field. Most desktop Linux users would not need something like this but that does not mean you cannot explore it out of curiosity.

What makes this port possible?

Thanks to the remarkable work done by Justine Tunney. She is the core developer behind the project- Cosmopolitan Libc.

Cosmopolitan makes it a bridge for compiling a c programs for 7 different platforms (Linux + Mac + Windows + FreeBSD + OpenBSD 7.3 + NetBSD + BIOS) at one go.

Utilizing Libc Cosmopolitan, she was able to port OpenBSD Pledge to the Linux system. Here's the nice blog done by her.

📋

A quick disclaimer: Just because you can compile a C program for 7 different platforms doesn’t mean you would be able to successfully run on all these platforms. You need to handle program dependencies as well. For instance, Iptables uses Linux sockets, so you can’t expect it to work magically on Windows systems unless you come up with a way to establish Linux socket networking to Windows.

Restrict system calls() with Pledge

You might be surprised to know one single binary can run on 7 different platforms - Windows, Linux, Mac, FreeBSD, OpenBSD, NetBSD and BIOS.

These binary files are called Actually Portable Executable (APE). You can check out this blog for more information. These binary files have the .com suffix and it’s necessary to work.

This guide will show how to use pledge.com binary on your Linux system to restrict system calls while launching any binaries or applications.

Step 1: Download pledge.com

You can download pledge-1.8.com from the url- http://justine.lol/pledge/pledge-1.8.com.

You can rename the file pledge-1.8.com to pledge.com.

Step 2: Make it executable

Run this command to make it executable.

chmod +x ./pledge.com

Step 3: Add pledge.com to the path

A quick way to accomplish this is to move the binary in standard /usr/local/bin/ location.

sudo mv ./pledge.com /usr/local/bin

Step 4: Run and test

pledge.com curl http://itsfoss.com

I didn’t assign any permission (called promises) to it so it would fail as expected. But it gives us a hint on what system calls are required by the binary ‘curl’ when it is run.

With this information, you can see if a program is requesting a system call that it should not. For example, a file explorer program asking for dns. Is it normal?

Curl is a tool that deals with URLs and indeed requires those system calls.

Let's assign promises using the -p flag. I'll explain what each of these promises does in the next section.

pledge.com -p 'stdio rpath inet dns tty sendfd recvfd' \
curl -s http://itsfoss.com

📋

The debug message error:pledge inet for socket is mis-leading. Even a similar open issue exists at the project's GitHub repo. It is evident that after providing these sets of promises "stdio rpath inet dns tty sendfd recvfd" to our curl binary, it works as expected.

It’s successfully redirecting to the https version of our website. Let’s try to see, if with the same set of promises, it can talk to https enabled websites or not.

pledge.com -p 'stdio rpath inet dns tty sendfd recvfd' \
curl -s https://itsfoss.com

Yeah! It worked.

A quick glance at promises

In the above section, we used 7 promises to make our curl request successful. Here’s a quick glimpse into what each promises intended for:

stdio: Allows reading and writing to standard input/output (like printing to the console).
rpath: Allows reading files from the filesystem.
inet: Allows network-related operations (for example, connecting to a server).
dns: Allows resolving DNS queries.
tty: Allows access to the terminal.
sendfd: Allow sending file descriptors.
recvfd: Allow received file descriptors

To know what other promises are supported by the pledge binary, head over to this blog.

Conclusion

OpenBSD’s pledge follows the Least Privilege model. It prevents programs from mis-utilizing system resources. Following this security model, the damage done by a malicious application can be quite limited. Although Linux has seccomp and apparmor in its security arsenal, I find pledge more intuitive and easy to use.

With Actually Portable Executable (APE), Linux users can now enjoy the simplicity of pledge to make their systems more secure. Users can provide more granular control over what processes can do within these environments would add an extra layer of defense.

Author Info

Bhuwan Mishra is a Fullstack developer, with Python and Go as his tools of choice. He takes pride in building and securing web applications, APIs, and CI/CD pipelines, as well as tuning servers for optimal performance. He also has passion for working with Kubernetes.

from It's FOSS https://ift.tt/axv94dl
via IFTTT

Rabu, 05 Maret 2025

FOSS Weekly #25.10: Skype is Dead, GNOME 48 Features, Ubuntu Versions, Nano Guide and More Linux Stuff

Skype is being discontinued by Microsoft on 5th May.

Once a hallmark of the old internet, Skype was already dying a slow death. It just could not keep up with the competition from WhatsApp, Zoom etc despite Microsoft's backing.

While there are open source alternatives to Skype, I doubt if friends and family would use them.

I am not going to miss it, as I haven't used Skype in years. Let's keep it in the museum of Internet history.

Speaking of the old internet, Digg is making a comeback. 20 years back, it was the 'front page of the internet'.

💬 Let's see what else you get in this edition

VLC aiming for the Moon.
EA open sourcing its games.
GNOME 48 features to expect.
And other Linux news, tips, and, of course, memes!
This edition of FOSS Weekly is supported by ONLYOFFICE.

✨ ONLYOFFICE PDF Editor: Create, Edit and Collaborate on PDFs on Linux

The ONLYOFFICE suite now offers an updated PDF editor that comes equipped with collaborative PDF editing and other useful features.

You can deploy ONLYOFFICE Docs on your Linux server and integrate it with your favourite platform, such as Nextcloud, Moodle and more. Alternatively, you can download the free desktop app for your Linux distro.

📰 Linux and Open Source News

Electronic Arts has open sourced four Command & Conquer games.
VLC is literally reaching for the Moon to mark its 20-year anniversary.
Internxt Drive has become the first cloud storage with post-quantum encryption.
Electronic Frontier Foundation has launched a new open source tool to detect eavesdropping on cellular networks.

GNOME 48 is just around the corner, check out what features are coming:

🧠 What We’re Thinking About

A German startup has published open source plans for its Nuclear Fusion power plant!

As per the latest desktop market share report, macOS usage has seen a notable dip on Steam.

🧮 Linux Tips, Tutorials and More

Get the 'Create new document' option back in the right-click context menu in GNOME.
Facing errors while trying to watch a DVD on Fedora? It can be fixed.
Learn to record a selected area or an application window with OBS Studio.
Knowing how to edit files with Nano text editor, might come in handy while dealing with config files.

New users often get confused with so many Ubuntu versions. This article helps clear the doubt.

👷 Homelab and Maker's Corner

As a Kodi user, you cannot miss out on installing add-ons and builds. We also have a list of the best add-ons to spice up your media server.

And you can use virtual keyboard with Raspberry Pi easily.

✨ Apps Highlight

Facing slow downloads on your Android smartphone? Aria2App can help.

lichess lets you compete with other players in online games of Chess.

📽️ Video I am Creating for You

How much does an active cooler cools down a Raspberry Pi 5? Let's find it out in this quick video.

Subscribe to It's FOSS YouTube Channel

🧩 Quiz Time

For a change, you can take the text processing command crossword challenge.

💡 Quick Handy Tip

You can play Lofi music in VLC Media Player. First, switch to the Playlist view in VLC by going into View → Playlist.

Now, in the sidebar, scroll down and select Icecast Radio Directory. Here, search for Lofi in the search bar.

Now, double-click on any Lo-fi channel to start playing. On the other hand, if you want to listen to music via the web browser, you can use freeCodeCamp.org Code Radio.

🤣 Meme of the Week

You didn't have to join the dark side, Firefox. 🫤

🗓️ Tech Trivia

In 1953, MIT's Whirlwind computer showcased an early form of system management software called "Director," developed by Douglas Ross. Demonstrated at a digital fire control symposium, Director automated resource allocation (like memory, storage, and printing), making it one of the earliest examples of an operating system-like program.

🧑‍🤝‍🧑 FOSSverse Corner

An important question has been raised by one of our longtime FOSSers.

❤️ With love

Share it with your Linux-using friends and encourage them to subscribe (hint: it's here).

Share the articles in Linux Subreddits and community forums.

Opt for It's FOSS Plus membership and support us 🙏

Enjoy FOSS 😄

from It's FOSS https://ift.tt/25P4bKg
via IFTTT

Record Windows and Cropped Area in OBS Studio

When it comes to screen recording in Linux or any other operating system, OBS Studio becomes he go-to choice.

It offers all the features baked in for users, ranging from casual screen recorders to advanced streamers.

One such useful feature is to record a part of the screen in OBS Studio. I'll share the detailed steps for Linux users in this tutorial.

🚧

The method mentioned is based on a Wayland session. Also, this is a personal workflow, and if readers have better options, feel free to comment, so that I can improve the article for everyone.

Record an application window in OBS Studio

Before starting, first click on File → Settings from OBS Studio main menu. Here, in the Settings window, go to the Video section and note the Canvas resolution and Output scale resolution for your system.

This will be helpful when you are reverting in a later step.

Step 1: Create a new source

First, let's create a new source for our recording. Click on the “+” icon on the OBS Studio home screen as shown in the screenshot below. Select “Screen Capture (Pipewire)” option.

📋

For X11 system, this may be Display Capture (XSHM).

On the resulting window, give a name to the source and then click OK.

Once you press OK, you will be shown a dialog box to select the record area.

Step 2: Select the window to record

Here, select the Window option from the top bar.

Once you click on the Window option, you will be able to see all the open windows listed. Select a window that you want to record from the list, as shown in the screenshot above.

This will give you a dialog box, with a preview of the window being recorded.

Enable the cursor recording (if needed) and click OK.

Step 3: Crop the video to window size

Now, in the main OBS window, you can see that the application you have selected is not filling the full canvas, in my case 1920×1080.

The output will contain this window and the rest of the canvas in black if you keep recording with this setting.

You need to crop the area so that only the necessary part is present on the output file.

For this, right-click on our source and select Resize Output (Source Size) option, as shown below:

Click on Yes, when prompted.

As soon as you click Yes, you can see that the canvas is now reduced to the size of the window.

Step 4: Record the video

You can now start recording the video using the Record button.

Once finished, stop recording, and the saved video file won't contain any other part, except the window.

Step 5: Delete the video source

Now that you have recorded the video, let's remove this particular source.

Right-click on the source and select Remove.

Step 6: Revert the canvas and output scale

While we were resizing the canvas to the window, the setting has been also changed on your OBS Studio video settings. If left unchanged, your future videos will also be recorded with the reduced size.

So, click on File in the OBS Studio main menu and select Settings.

On the Settings window, go to Videos and revert the Base Canvas Resolution and Output Scaled Resolution to your preferred normal values. Then click Apply.

Record an area on the screen in OBS Studio

This is the same process as the one described above, except for the area selection.

Step 1: Create a new source

Click on the plus button on the Sources section in OBS Studio and select Screen Capture.

Name the source and click OK.

Step 2: Select a region

On the area selection dialog box, click on Region. From the section, select Select Region option.

Notice the cursor has now changed to a plus sign. Drag the area you want to record.

You can see that the preview now has the selected area. Don't forget to enable the cursors, if needed.

It is normal that the canvas is way too big and your video occupies only a part of it.

Step 3: Resize the source

Like in the previous section, right-click on the source and select Resize output option.

Step 4: Record and revert the settings

Start recording the video. Once it is completed, save the recording and remove the source. Revert the canvas and output scale settings, as shown in step 6 of the previous section.

💬 Hope this guide has helped you record with OBS Studio. Please let me know if this tutorial helped you or if you need further help.

from It's FOSS https://ift.tt/TZV0OX8
via IFTTT