[HN Gopher] Start Self Hosting
___________________________________________________________________
Start Self Hosting
Author : quaintdev
Score : 443 points
Date : 2022-03-23 18:16 UTC (4 hours ago)
(HTM) web link (rohanrd.xyz)
(TXT) w3m dump (rohanrd.xyz)
| dashwehacct wrote:
| I used to produce and record music and used a website called
| imeem to host my works. At some point it was bought out by
| MySpace and all non-licensed music was removed (granted there was
| a ton of stuff uploaded by individuals who did not own the rights
| to the work they uploaded) including stuff uploaded by the
| creators.
|
| My work was pretty sub-par at the time, but I felt the burn
| pretty badly. Since then I've had very little faith in any site
| that allows creators to upload their content.
|
| I still have work uploaded to SoundCloud, but also have backups
| stored locally and on my self hosted nextcloud instance for this
| reason.
|
| This is probably more along the lines of the current situation
| with Vimeo than it is with Picaso, but I can still feel the burn
| from time to time.
| detcader wrote:
| > It gives you the peace of mind by keeping you in control of
| your data.
|
| I like the sentiment and the points made, but the author uses
| this amorphous concept of "your data" throughout and I feel like
| it simplifies things a lot and conflates many different issues.
|
| Most people shouldn't focus on self-hosting literally all the
| data related to them. This is a sort of perfectionist mental
| compulsion many of us on HN are familiar with. You have to decide
| what data you actually really don't want to live without in the
| rare event you lose access to it, and prioritize _that_. For most
| people, this data is not very complex: family photos and videos,
| an album by an obscure artist, a game you like to play every few
| years or hope to show your children.
|
| If you are an activist, or someone creating dissident media, or
| something like that, you should already be wary of the cloud --
| the incentives already drive you to use tools that are secure and
| self-host when needed.
|
| If you truly don't like the ways the big tech companies are doing
| things, you should find ways to organize with others and demand
| change; otherwise you are just modifying your personal habits and
| thinking you are sticking it to the Man with a one-person
| boycott.
| pSYoniK wrote:
| Self hosting seemed so very daunting up until a year or so ago. I
| decided to give it a shot while struggling to find a way to keep
| my notes. OneNote isn't good (no Linux support), wasn't a fan of
| Evernote, Nuclino was crawling on my old laptop and I ended up
| finding BookStackApp.
|
| This led me to find a cheap VPS, install it using the install
| script and then figure stuff out from there. It led me to setting
| up a home server and working my way through the entire setup -
| format and mount drives, automate backups, automate hdd health
| checks, setup smb, docker, traefik, emby and so on.
|
| At this point I'm looking at experimenting with Proxmox as my
| server is overkill (it also made me realize how few resources are
| used in these setups... we end up needing 2-3000$ systems to just
| run an OS... which is absolutely ridiculous). Linux showed me
| that in order to do any meaningful work you don't need a 3k
| machine. In any case, I'm in the process of arranging ALL my
| notes in order and I plan on publishing a guide that walks a user
| through the setup step by step.
|
| I know people are talking about a lot of the complexities, but
| you can always share your knowledge. Help someone setup an old
| linux box to use as an smb nas... get them to install jellyfin or
| emby or plex on it and even there you have already massively
| helped them in the right direction. I think it's our
| responsibility to share our knowledge and empower people to
| migrate or at least understand what's involved.
| blenderdt wrote:
| Self hosting is hard. You need to take care of security, backups,
| software updates, software installation and so on.
|
| Even on something like a QNAP (which can be compared to managed
| hosting) this can be hard. Flip the wrong switch and you expose
| something to the world. Missed a security update: your device is
| now vulnerable.
|
| While I host a lot of things myself I can understand self hosting
| is not for everyone.
| edgyquant wrote:
| I used to love running my own servers with all the services
| etc. I'd manually write beautiful bash scripts to keep it all
| nice and easy to rebuild on the fly. My first job had 10 Ubuntu
| servers (on site) and I was the only guy who used Linux at home
| and had experience with sql.
|
| I have never volunteered to maintain servers since, it was
| horrible and everything was always my fault (it kinda was, I
| was a hobbyist at best with no real production Linux
| experience.)
|
| I do still end up as the dev ops/infra guy at every place I've
| worked but at this point I'm probably one of those stubborn
| senior guys who wouldn't like the way the juniors went about
| it.
| Gigachad wrote:
| Yeah I tried self hosting everything. Getting it actually
| running is the easiest part. Its the maintenance, backups,
| and security that are 90% of the job. You can get it working
| pretty easily and forget about it and it will run for a while
| until something goes wrong or it needs to be upgraded.
|
| Now I'd rather leave hosting to a someone dedicated to it who
| has internalized the latest state of things for all the
| relevant bits of software and is constantly keeping this
| knowledge in their brain. Set and forget self hosting can't
| work in the current environment we have where things require
| constant security updates and complex security hardening.
| chousuke wrote:
| Sounds like you might've had an unusually bad experience.
| Might've also been the distro; I don't like Ubuntu much
| myself. :P
|
| Maintaining inherited environments is also much more painful
| than ones you get to design from the ground up. I work with
| varied environments, and one with ~250 RHEL / CentOS machines
| has approximately the same level of maintenance burden as
| another with a dozen or so Ubuntus because the first
| environment has had configuration management from the
| beginning and the second is a complete mess that I've slowly
| tried to reverse-engineer and clean up.
|
| When your change management works, maintaining a dozen
| servers isn't all that different from maintaining a thousand
| or more; and the need for change management and automation
| doesn't really go anywhere even when you _don 't_ self-host
| things.
| vorpalhex wrote:
| For home hosting the trick is KISS.
|
| I used to backup to external drives. Now I use bare ones
| since finding big externals got difficult.
|
| I use (and probably abuse) docker compose. K8s is great but
| compose is easier.
|
| I use a single makefile. Kinda ugly but it's fine.
|
| Bunch of friends and family use my "services". They usually
| chip in for hard drives and stuff.
|
| I have a few central points of failure but it keeps things
| easy. My uptime still beats most big clouds - though I have
| it easier.
|
| I accidentally took down my server for a few days from a
| botched hardware install. It's a bit funny because now we
| realize how critical the home server has become to us.. on
| the other hand, already got the spouses blessing to build a
| backup standby server.
| tormock wrote:
| > Self hosting is hard. You need to take care of security,
| backups, software updates, software installation and so on.
|
| automation is not a thing? I'm pretty all cloud providers do
| it...
| Havoc wrote:
| Docker has taken much of the pain out of it though. And if kept
| on local network safety is largely a non issue.
|
| Drop in replacement while outside LAN are admittedly a little
| harder and more at risk of mistakes
| UncleSam wrote:
| > Even on something like a QNAP (which can be compared to
| managed hosting) this can be hard. Flip the wrong switch and
| you expose something to the world. Missed a security update:
| your device is now vulnerable.
|
| It doesn't even require actively flipping switches, but can be
| from not knowing a vulnerable feature was enabled by default.
| My QNAP got hit with ransomware because of a vulnerability in
| the cloud access software that I wasn't even using. I've since
| locked down all non-local traffic.
| khalilravanna wrote:
| Wanted to reply saying the same thing. I didn't really muck
| with the settings on my QNAP NAS and then checked into my
| files one day and everything was encrypted with some txt
| files telling me to send BTC to some address. I just
| formatted the disks, lamented not backing some stuff up, and
| moved on.
|
| I'd say the point being: I'm a software engineer who knows
| better about these sorts of things and still got caught with
| my pants down. You have to be very judicious with respect to
| security. You can't just plug and play and say "I'm too busy
| to worry about that."
|
| Another thing I'll add is the amount of software tools they
| have on these NAS machines strikes me as 1) very impressive
| for a company their size and 2) a huge surface area rife for
| being hacked. When it happened I wasn't surprised at all.
|
| I've since stopped using it because at the end of the day I'd
| rather pay Dropbox to have peace of mind.
| LAC-Tech wrote:
| _Self hosting is hard. You need to take care of security,
| backups, software updates, software installation and so on._
|
| I'm pretty sure we all used to that and it was mostly fine.
|
| I get that the mainstream computer user has been lost to
| techno-infantilism. But why should we?
| z3t4 wrote:
| You can use a popular Linux dist and turn on automatic updates,
| and use Snap apps that update by themselves. But you still
| would not have control - apps could update with breaking
| changes. The only way to win is by choosing simple tools that
| are either considered "infrastructure", or simple to build and
| even patch yourself if needed.
| dcchambers wrote:
| > You need to take care of security
|
| Easiest solution is to just host stuff on a local network
| without access to the wider internet. E.g. running on an old
| laptop/raspberry pi/server in your basement.
|
| Sure, that means you can no longer access your self-hosted
| stuff when you're out of the house, but the tradeoff is peace
| of mind about your data leaking or worse.
| jjnoakes wrote:
| That helps for external threats breaking into buggy network
| services, but it doesn't help for compromised
| apps/images/dependencies exfiltrating your secrets.
| asdff wrote:
| A compromised app on a local network has no one to phone
| home to.
| jjnoakes wrote:
| If it's an air-gapped local network, then sure, but how
| useful is that? Are you disconnecting your phone/laptop
| from the internet when you access the air-gapped network,
| or do you use two network interfaces on every device?
|
| I assumed the GP was talking about a typical home "local
| network", one behind a NAT - so no incoming traffic, but
| usually, it allows any outgoing traffic.
| spiffytech wrote:
| > Sure, that means you can no longer access your self-hosted
| stuff when you're out of the house, but the tradeoff is peace
| of mind about your data leaking or worse.
|
| Lots of things I'd consider self-hosting are functionally
| useless if I can't access them from my phone while out and
| about.
|
| I could put my phone on a VPN, but that's just another layer
| of complexity to add to the self-hosting process.
| mynameisvlad wrote:
| I do a split approach -- Most services are available
| internally only, some are reverse proxied out. It used to
| be caddy2, but after a recent issue and switching to
| TrueNAS, I just use Traefik with k8s Ingresses and only set
| it on the few containers I would like accessible.
| simonw wrote:
| Tailscale makes accessing a Raspberry Pi in your basement
| from outside of the house genuinely easy, including from
| mobile devices.
|
| I think Tailscale opens up all kinds of new opportunities for
| self-hosting.
| ngcc_hk wrote:
| How about add a remote apple host. Not for the world but just
| you?
| denton-scratch wrote:
| That's not really a solution if you want to self-host mail,
| or a blog; those services only work if the wider internet can
| see you.
| nirvdrum wrote:
| Setting up a VPN is pretty easy these days. If you don't want
| to run it on your router, you can look at something like
| Tailscale for remote access.
| kjs3 wrote:
| I'm amused by the implications here that 1) the outsourced
| alternatives are better than you are at keeping up with the
| 'hard stuff', and 2) that in an outsourced scenario you can't
| "flip the wrong switch and you expose something to the world".
| This thinking is why I can't tell you how many incident post-
| mortems I've done where I have to once again hear "...but, but,
| but...we outsourced this to them so this couldn't happen...".
| treesknees wrote:
| Depends on whether you're referring to a SaaS provider or
| something more like a MSP.
|
| I'd like to believe the engineers running Google Photos or
| iCloud are spending a lot more time on keeping my photos
| secure and available than I would be willing to put into a
| server running in my basement.
|
| In the case of a business hiring an MSP to manage something
| complex like firewalls, Active Directory, server patching,
| then sure it's reasonable to assume that if they made a
| mistake, the impact would be equivalent to you making the
| mistake yourself.
|
| It's possible you need to tell whomever you are reporting to
| for these post-mortems, they should be outsourcing to
| reputable service providers in order to free up time and man-
| hours, not necessarily just to save financially. I suspect
| that is the real problem.
| brettermeier wrote:
| I tried it but there are so many traps you can fall in, like
| security settings as mentioned by you. When i had my server
| online back then, it was hacked 1 week later :D
| macinjosh wrote:
| I hear a lot of stories like this. I've been self-hosting for
| a few years out of my home. I have a symmetrical gigabit
| fiber connection. My IP changes very frequently (DDNS and a
| low TTL solves that problem for my use cases).
|
| _anyway_
|
| I haven't been hacked.. yet. /me knocks on wood
|
| The precautions I take are basic: - Use
| unique and secure credentials on each service I expose.
| - I only expose ports 80 and 443 to the public. 80 HTTP
| redirects to HTTPS/443 - I keep my software updated
| (docker-compose pull) - Nightly backups to cloud
| storage and local disk - I "airgap" my home network
| from my hosting network. There is no shared hardware between
| them including firewalss/routers, switches, etc.
|
| I figure cloud services and SaaS get hacked anyway. I can't
| enumerate the breaches my data has been a part of. If my
| self-hosted stuff gets hacked at least I can do the forensics
| and actually see what happened and what was accessed. With a
| 3rd party all I can hope for is what their PR department lets
| out.
| aimor wrote:
| I'm interested in how you set up your home and hosting
| networks without any shared hardware. I've been running my
| own websites from home for awhile on their own machines,
| but never considered they could be on a completely separate
| network all the way up to the modem.
| Gigachad wrote:
| The first hack I noticed was that someone had set a
| password on my redis server because the default was no
| password and I had accidentally exposed it to the wider
| internet. This was exposed for 6 months before this
| happened. Who knows what else was accessed without me
| knowing.
| sgarman wrote:
| IMO separate hardware for your self-hosted network puts you
| into a whole new class of hosting at "home."
| cersa8 wrote:
| It has also gotten much easier. For instance running your own
| full blown email server with docker-mailcow. There's a great UI
| tool that helps to setup the required DNS records. I remember
| doing the lengthy postfix + dovecot + SASL + MySQL + Auth +
| this + that guides. No need for it anymore.
| nirvdrum wrote:
| To the extent permitted by the hosted service, you should still
| backup your data. If you manage to accidentally delete all of
| your hosted photos or if your account is compromised, I
| wouldn't rely on most services going to their backups to
| restore your data. Unless it's a site-wide issue, most places
| will say "that's too bad" and send you directions on how to
| protect your account.
| aeturnum wrote:
| I agree but I think about it in the reverse way: the hosting is
| easy, what you get when you use another company's service is
| the maintenance. Just like every other option where we choose
| who will maintain something there are trade-offs. You can
| maintain your own car if you want, but it'll involve things! We
| all look at our lives and decide which is best for us for each
| thing.
|
| Personally, I tend to self host the things whose maintenance I
| at least find satisfying, and hopefully enjoy. Otherwise I pay
| someone (through ads or my own money) to do it for me.
| mrmattyboy wrote:
| I'd love to see a blog post that says, this is how to setup X
| (I dunno.. mediawiki, owncloud, whatever).. and then go fully
| in-depth into _everything_ surrounding it.. security, backups,
| logging, alerting, monitoring, backup testing/restoration etc..
| a blog post that really covers everything for a well-protected
| 21st century hosted application that won't leave the owner in
| tears after a year!
|
| There's honestly so many posts that make it look so easy, but
| without everything else that would normally make it a job
| position in a company :)
| edgyquant wrote:
| These are called instruction manuals and no one likes to read
| them.
| Moru wrote:
| I realy hate the part when they say "But this is outside of
| the scope of this manual."
| unforswearing wrote:
| I am certain you have spent the time to ask everyone if
| they indeed do not like to read these, but I disagree.
| core-utility wrote:
| I think the hard part is that would be largely dependent on
| specific implementation, which itself is very opinionated. I
| could write a post on how I run, maintain, and secure Docker
| Container X on Ubuntu Y using vSphere with Synology and get
| 100 comments on why CentOS is better and I'm wasting
| time/money with vSphere over Proxmox, etc. Cloud doesn't have
| quite this problem. Once you've chosen a cloud provider, you
| have significantly fewer options in each category, minimizing
| this option-overload.
| Moru wrote:
| Write your howto on your private blog and disable comments.
| Problem solved. You can thank me later :-)
| cmroanirgo wrote:
| It should start with how to make your system upgradeable too.
| I've server that started on Ubuntu 16 and made a helluva mess
| upgrading to 18. Due to php changes i've had to use ondrej's
| packages for later php... but that will break on a (very
| overdue) upgrade to 20...
|
| All these script kiddie tutorials are terrible at showing how
| to maintain a server _for years_.
| rsync wrote:
| "Flip the wrong switch and you expose something to the world."
|
| One strategy for dealing with accidental misconfigurations is
| to employ a "network slug"[1]:
|
| "A Network Slug, or "Slug", is a transparent layer 2 firewall
| running on a device with only two interfaces. ... The purpose
| of a Slug is to reinforce a security policy or to block
| uninentional leaks of information."
|
| [1] https://john.kozubik.com/pub/NetworkSlug/tip.html
| hosteur wrote:
| I have never head this idea described in text before.
| However, I have made firewalls this way for decades. They
| were typically for stuff that ran in a datacenter so it would
| be a 1U server with three NICs.
|
| I would really like to make such devices for home or office
| use. What would be a good device to use for this?
| Unfortunately, RaspberryPIs do not come with 2 or 3 NICs. Any
| recommended alternatives?
| egberts1 wrote:
| Got one of those. It is hard. Very hard. Absolutely freakin'
| hard to make a bump-in-the wire dynamic 5-tuple blocking
| "hub".
|
| It also does "waterfall" egress packet delaying.
| rsync wrote:
| I'm not sure I understand what you're describing ...
|
| A slug should not need to be dynamic nor should it be
| complicated in any way ... in fact, it is one of the
| simpler systems I have ever deployed ...
| egberts1 wrote:
| Does it do Suricata, Zeek, Snort, Transparent Squid (with
| valid signed CA cert), and a furtive SSH port in which to
| monitor and API to block ports?
| hosteur wrote:
| I think all those are anti-features on a network slug. As
| I understand it, the device is intentionally simple
| because it is there to ensure some misconfiguration
| cannot expose some port that should not be exposed.
|
| I have implemented firewalls similar to this in the past.
| They typically had three network interfaces. Two of them
| were configured as bridges and then I use
| ebtables/iptables to filter traffic flowing through.
| These two interfaces would have no IP address and would
| not be visible on a traceroute, etc.
|
| The third interface would only be connected to a separate
| admin network. Or it might not even be plugged in. In the
| latter case, the admin needing to change anything on the
| device would have to be physically present and bring a
| "crossover" ethernet cable and plug their laptop directly
| into the third NIC of the firewall. From there, they
| would be able to ssh into the firewall and change config.
| rsync wrote:
| A network slug does not have an IP address. You cannot
| connect to it over the network. I'm not sure you
| understand what the device is and what it does.
|
| Let me give you an example - I have a "port 22 slug" and
| what it does is block all traffic of all kinds except for
| TCP22. That's it. It does nothing else and it does it
| transparently without having an IP address of its own. If
| I wanted to reconfigure it, I would connect with a serial
| console.
|
| Make sense ?
| fossuser wrote:
| I'm biased because I now work on it, but I think Urbit is the
| only way something like this will work for most people and at
| scale. "Only" is probably too strongly worded, but it's the one
| attempt I've seen where I think real success is among one of the
| possible outcomes (other attempts I've seen don't fix deeper
| issues and are DOA).
|
| The issues that caused the decentralized web to fail (and
| incentivize centralization) are deeper and to get self-hosting to
| work beyond the tiniest of niches requires rethinking some of the
| computing constraints we find ourselves operating under from
| first principles.
|
| People will never run their own servers if that means
| administering linux. Identity will never be solved by PGP key
| signing parties and spam will always be a problem on the current
| web. Federated systems in their current state that require
| everyone to run linux servers and keep them in sync/up to date
| will not work.
|
| https://moronlab.blogspot.com/2010/01/urbit-functional-progr...
|
| https://urbit.org/understanding-urbit
|
| On the current web we're just serfs allowed account access on
| company servers. I think it's admirable to make it easier to run
| your own server, but I think decades have shown that it won't
| work (beyond a narrow hyper-technical niche) without fixing some
| of the larger issues: https://zalberico.com/essay/2020/07/14/the-
| serfs-of-facebook... - the most exciting part of the web was what
| people thought it would bring in the 90s. I think that isn't
| impossible, but we're currently trapped in a local max. We can't
| get out of that local max without acknowledging why we're in it -
| why the centralized services are currently so much better and why
| the dream of everyone self-hosting (even with decades of effort)
| has been a failure.
| deforciant wrote:
| I self host a ton of things! :) it's really much less hassle than
| people think. I started with Docker compose and eventually
| started using my side project https://synpse.net/ for it as it
| just helps to move things around and update things remotely. I
| just wish more tools embraced 12 factor app style deployment :)
| asim wrote:
| If you really want mainstream adoption of self hosting then you
| need to stop calling it self hosting and rebrand to "personal
| cloud". The ease of use of cloud software includes zero install,
| zero management and consumption based pricing. Desktop and mobile
| had hardware packaged with software and a simple install
| mechanism with ease of use as a staple for mainstream users.
|
| Self hosting has zero standardisation around hardware, software,
| install mechanisms. It's a Dev led movement that has everything
| to do with control and ownership over ease of use. You want
| mainstream adoption of self hosting. Rebrand it, standardise it,
| make it easy for non devs.
| jart wrote:
| That's what Western Digital does with their "My Cloud" product
| line and honestly it makes me cringe.
| asim wrote:
| That's because its a product by western digital. No one wants
| that. Let's put it like this. Cloud 1.0 was infrastructure,
| Cloud 2.0 was services, Cloud 3.0 is personal/private.
| jart wrote:
| I respect Western Digital and think they're trying their
| best to do a good thing. It's that word in general though.
| Buzzword paradigms always make me feel unwell. As someone
| who's usually a ahead of the herd in terms of adopting
| tech, once the broader public catches on and starts making
| up jargon, I always get a sense that it twists the meaning
| I personally associated with these concepts and causes me
| to feel negative emotion about parts of my work life once
| tacitly normal.
| kerblang wrote:
| You know what would be kind of neat? Like, a web site you'd go to
| called makemeoneofthose.com, and you'd click some buttons, and
| then sometime later you'd have a hosting setup that you own with
| some software, web server(s) and database(s) on it, and then you
| can go hack on it yourself, add some features, whatever. Like
| they send you some AWS keys and say "It's all yours. Good luck
| and don't forget to pay your hosting bill."
|
| And now you have a blog, a picture-sharing thingie, a bulletin
| board, a whatever.
|
| Maybe there could even be a version where you pick a datacenter
| and somebody racks up a PC for you with the software on it.
| anamexis wrote:
| And we can call it cPanel ;)
| boplicity wrote:
| cPanel isn't "cool" so it doesn't get a lot of credit here,
| but it is actually an amazing product that solves real
| problems. It makes running a server -- even hosting email --
| almost effortless. Combined with a decent host, you don't
| need to have much technical knowledge at all. It really does
| make running your own server accessible to many, many people
| who would otherwise be unable to do it.
| ocdtrekkie wrote:
| Additionally: Setting up PHP/MySQL applications on these
| servers tends to be "upload files, load page" level simple,
| and cPanel hosting is still generally a fraction of the
| cost of modern "cool" cloud products.
|
| Sure, I have some neat modern things I'd like to do, but I
| also have a shared hosting that's been doing it's job for
| pennies since 2011.
| andreyk wrote:
| Seems like you could do this pretty easily with a Docker image
| and a config file. Actually, I've done this with AWS (use a
| pre-existing image to get some open source wiki software up and
| running, which I then customized)+
| kevincox wrote:
| But the hardest part of hosting anything is the maintenance
| over time.
| disqard wrote:
| Yes! This is what experience has taught me too.
|
| We tend to underappreciate the importance of _time_ in
| everything. A button click can instantiate something powerful
| (and useful (and easy-to-use...)), but it _will_ degrade over
| time, and eventually flat-out stop working.
|
| I had a stack that worked just fine for my own needs, but it
| ran on _shudder_ Python 2.7 -- everyone knows how that worked
| out (I chose to rebuild my stack on a different platform).
| dragonwriter wrote:
| > A button click can instantiate something powerful (and
| useful (and easy-to-use...)), but it will degrade over
| time, and eventually flat-out stop working
|
| Software doesn't degrade over time (other than, you know
| things like cosmic ray bit flips, but in most realistic
| situations that should be fully mitigatable.)
|
| The needs of the software user (including hardware and
| software they want the piece of software to interact with)
| may evolve, but that's different than software degrading
| over time.
|
| > I had a stack that worked just fine for my own needs, but
| it ran on shudder Python 2.7 -- everyone knows how that
| worked out
|
| While there's no further first party support for that
| version of Python, if it worked properly before, Python 2.7
| and the software running on it probably still works
| properly now.
| felixhammerl wrote:
| This comment was brought to you by someone who never
| produced/maintained software that had to withstand a 24/7
| onslaught of automated exploit kits and port scanners
| over an extended period of time.
| monkeyjoe wrote:
| Sure, but my old Google cloud apps on python 2.7 will one
| day get rug-pulled and forced to upgrade. It can only
| stay working forever if the platform doesn't change
| underneath it.
| dragonwriter wrote:
| > Sure, but my old Google cloud apps on python 2.7 will
| one day get rug-pulled and forced to upgrade
|
| "Degradation over time" was being cited as a reason not
| to self-host. Pointing out that _not_ self-hosting
| exposes you to risk of others changing the environment so
| it no longer supports your software is a diametrically-
| opposed argument.
| icedchai wrote:
| If your software is not publicly accessible, it may be
| possible for you to continue running on 10+ year old
| dependencies indefinitely. For anyone else, other than a
| hobbyist, it is just not practical.
|
| Otherwise, you are going to be influenced by external
| factors (security vulnerabilities, wanting to use a
| feature only available on a newer language version or OS,
| etc.) If you are a business, you'll also run into more
| practical concerns, like engineers not wanting to work on
| a mountain of technical debt.
| brimble wrote:
| I would absolutely use "degrade" to describe what happens
| to public-facing or Internet-connected software over time
| --eventually you'll have to upgrade it for security
| reasons, and you'll often find that this is _way_ more
| involved than just upgrading the server-side package
| itself, or even its immediate dependencies. The
| alternative is even more work back-porting security
| patches. All this is assuming someone 's actively working
| on the software you're self-hosting, at least enough to
| spot, advertise, and fix vulnerabilities.
|
| Ditto the average Rails/Python/Javascript project, as
| anyone who's tried to resurrect one that's gone so much
| as six months without being touched can attest. Which
| might not matter except that a ton of the software people
| might actually want to self-host are in one or more of
| those high-entropy ecosystems. Extraordinary levels of
| care and organization on the part of the creators and
| maintainers can mitigate this, but that amount of taste
| and effort is vanishingly rare.
|
| These are degradation due to _a changing environment_ ,
| sure, but I wouldn't describe it as due to evolution in
| the _needs of the user_ (presumably "must not have any
| well-publicized remote vulnerabilities" was a need from
| the beginning).
| FunnyLookinHat wrote:
| I have thoughts but not a lot of time - so forgive the
| terseness. I love the idea of this, but I'd take it further and
| even have a category in upwork for getting services spun up and
| maintained.
|
| But that's really the problem - maintenance. Right? Once
| something goes wrong _for whatever reason_ the user is then
| (for the immediate needs) just as stuck as with a cloud
| provider who disabled their access.
|
| Thankfully there is a better course of action - e.g. find
| someone to fix it for you. Maybe on upwork as well?
|
| But where are you hosting this? Is it AWS? Did _they_ suspend
| your account? I guess my point is that unless you host on
| hardware in your house (or another accessible place) you're at
| the risk of losing access to your data for any myriad of
| reasons. And even then, there have been warrants where devices
| were collected and went into a years-long battle as evidence.
| civilized wrote:
| This, but they also manage all the updates for me too.
|
| Ideally the only difference between self-hosting and relying on
| a cloud service would be, I own the servers and therefore the
| maintainer has no legal right to bar my access.
| qwertox wrote:
| A lot of hosting providers do offer OSS applications which can
| be installed with one click, like WordPress or Coppermine. The
| latter is, I quote:
|
| > a multi-purpose fully-featured and integrated web picture
| gallery script written in PHP using GD or ImageMagick as image
| library with a MySQL backend.
|
| And SSL certificates are for free and automatically generated.
|
| An example: https://www.netcup.eu/hosting/#webhosting-details
|
| https://www.netcup.eu/hosting/webhosting-application-hosting...
| Jerrrry wrote:
| I am not related at all, but seems like a good dude:
|
| https://www.molecule.dev/
| marc_io wrote:
| But then you have to know how to maintain it all yourself. This
| is hard. If you already have the knowledge to maintain such a
| tech stack, that allegedly neat tool would only be marginally
| useful.
| ad404b8a372f2b9 wrote:
| A lot of cloud providers offer this. Cloud ocean for example,
| you search for the application you're interested in, click
| lauch and you've got it deployed in a docker container on a
| remote machine.
| [deleted]
| Havoc wrote:
| >you'd click some buttons, and then sometime later you'd have a
| hosting setup
|
| Docker-compose comes pretty close to this. I had no idea wtf I
| was doing when I got started and it resulted in a functional
| thing surprisingly often
|
| Not quite the SaaS vision you describe, but point is you can
| stumble into something functional pretty easily these days
| molsongolden wrote:
| The digitalocean marketplace is kind of like this. Also
| sandstorm.io.
| losvedir wrote:
| I was so sad when sandstorm kind of fizzled out. I'm still
| hoping Kenton is on a secret mission to somehow bring it to
| life within Cloudflare. How cool would that be? One-click
| installs of docs, email hosting, photo sharing, etc apps from
| a server app marketplace, onto a cloud server you control.
| (Insofar as you "control" anything on a cloud host, but I
| feel like that's pretty far, still.)
| orblivion wrote:
| It's still slowly but surely chugging along. A small number
| of people (myself included to a small extent) are working
| on it. There's even a budget:
|
| https://opencollective.com/sandstormcommunity
|
| We've discussed the one-click install thing at some point
| (not necessarily with Cloudflare), I imagine that's still
| of interest. There were some issues with the setup process
| that would need to be addressed first.
|
| Kenton is in the loop and he still has the keys. But, he's
| busy with other things so he only does a few occasional but
| vital things.
| [deleted]
| ocdtrekkie wrote:
| > onto a cloud server you control
|
| Or a box in your house, which is where my Sandstorm server
| lives. :) I think there's a lot of potential for actual
| self-hosting, though servers like Sandstorm need to have
| reasonable defaults and make it easy to manage domain setup
| and backups and security updates, such that one can get a
| box, plug it in, and reasonably quickly get to "don't need
| to touch this ever" territory.
| pkulak wrote:
| We used to host our own software. It was called an application
| and it ran on your personal computer. We just need that, but
| running on some appliance instead, like a NAS. Package the
| service up in something like docker-compose, have a way to sell
| it, install it, update it and support it. Synology is pretty
| close with their Docker support, but still pretty far.
| edgyquant wrote:
| The problem is you're fighting a battle against global
| economies of scale for what is essentially a hobby or
| personal project. This is not a winning battle and most
| companies prefer to outsource the risk to someone else they
| can point to shareholders and blame.
|
| People get caught up in the technical aspects of developing
| for cloud but I'd bet those weren't anywhere near as
| important as risk outsourcing for the executive. At that
| point cloud was still new and the thought was we can run our
| infra if we need to.
| throwaway894345 wrote:
| You also need stuff like networking, TLS/certs, and DNS which
| aren't easily packaged, at least not in a way that doesn't
| require you to make sketchy changes on every client device.
| pkulak wrote:
| Something like Cloudflare Argo tunneling would work great
| for this. No certs at all for the user to mess around with,
| it terminated on the public internet, not in your house.
| erulabs wrote:
| Not to advertise, but I'm building exactly that at
| https://pibox.io - also solving other problems people have
| identified in this thread like automatic valid certificates,
| DNS, remote access, etc :)
| robbomacrae wrote:
| I want to run my servers from both AWS as well as my laptop. At
| the moment the configuration and deployment of each is unique
| which, apart form being a bit of a hassle, also means there might
| be issues on one i cannot reproduce on the other. It would be
| really cool if there was a way I could deploy to my machine with
| awscli and self host my own beanstalk setup so I can test and
| debug even offline safe in the knowledge it will work exactly the
| same.
|
| Are there any projects that offer something like this?
| romanzubenko wrote:
| Self hosting can also be a great option to protect against
| authoritarian regimes. After my family's VPN was banned in Russia
| a few weeks ago, it took me an hour to set up Wireguard server
| with Algo VPN on digital ocean. Now I'm supporting uncensored
| internet access for 3 families back home, while Russian
| authorities playing cat and mouse games with popular VPN
| providers.
| gunfighthacksaw wrote:
| Dear Gods of OPSEC, I hope your username isn't your real name.
| sgt wrote:
| Good luck on that side. Russians are great people and not
| everyone supports Putin.
| CrazyPyroLinux wrote:
| Great relevant podcast: https://selfhosted.show/
| davchana wrote:
| Author; Unrelated to the topic but related to your blog; the
| footer has a missing colon in address, in theme link. It is
|
| https://https//github.com/nodejh/hugo-theme-mini
|
| It should be
|
| https://github.com/nodejh/hugo-theme-mini
| ajsnigrutin wrote:
| Raspberrypi is solving self-hosting issues for most people (size,
| power usage, simplicity). It's also bringing the price down,
| because for 2 years of a paid dropbox plan, you can set up your
| own nextcloud instance + another backup drive if needed... plus
| all the bonus features (privacy, fast access at home, no ToSs to
| break, etc.).
| the_common_man wrote:
| Can recommend https://cloudron.io for those looking to get
| started with self-hosting and don't have a whole lot of time
| figuring out how to install/update a variety of apps.
| mmaunder wrote:
| I agree with the issues raised, but I'd say there are costs and
| risks associated with self-hosting, and those aren't factored
| into the post.
|
| Self-hosting will have the same appeal as off-the-grid power:
| It's expensive and technically complex to implement, comes with
| it's own unique risks, and is way less convenient than sucking it
| down through the same pipe everyone else is. But it does provide
| a sense of empowerment.
| epalm wrote:
| When I hear "I have nothing to hide" my response of "OK, just
| send me your browser history" is usually met with silence.
| gkoberger wrote:
| I understand this, but I also... really like the cloud.
|
| I can share, be social, get recommendations, not worry about
| backups or a lost computer, not maintain anything, access from my
| iPhone, etc.
|
| I have thousands of photos and music collections lost on old
| laptops and hard drives that I'll never see again.
|
| I know there's huge tradeoffs (as articulated here), but there's
| some really amazing things about the direction the web is going.
| devmunchies wrote:
| One thing I think would help the self-hosting community is a
| standardized method for tapping into repositories of scripts and
| functions. The next step is to build a UI on that platform and
| then I can do admin things from a self-hosted UI but it just runs
| several script for me behind the scenes. E.g. a button for check
| upgrade for my email server, a button for upgrading my email
| server, etc.
|
| If administrative configuration became standardized, then it will
| become commoditized by hosting platforms.
| cuillevel3 wrote:
| What exactly is self-hosting? Are you just running services in
| isolation?
|
| Updates come from a central place, I guess. With some appliances,
| there is integrated federation, "cloud" access? Those can still
| comprise you.
|
| Do you share hosting with your family and friends? Are they still
| "self-hosted", or are you their provider?
| maestroia wrote:
| Irony.
|
| Hosting a list of applications for self-hosting on a SaaS
| platform.
| aborsy wrote:
| The main problems with self hosting are securing the server for
| remote access, and maintenance.
|
| If you can keep it local, Synology has good boxes that are
| reliable and largely plug and play. They require little to no
| maintenance.
| alfiedotwtf wrote:
| Flip-side:
|
| I self-hosted my blog and email for over 10 years, everything
| automated - first with Perl and Bash scripts, then much later
| with Ansible. It was beautiful. But last year I moved to
| S3/CloudFront via CloudFormation for my blog and Migadu for
| email. It's even more beautiful because it's now _somebody else
| 's_ problem and also a hell of a lot cheaper.
| anon23anon wrote:
| imagine being at that beautiful place but on that shitty
| computer.
| mrmattyboy wrote:
| I love promoting self-hosting.. self-host, self-host, self-host!
|
| Having said that, I'd say: Chose your battles wisely...
|
| You can run your hardware in X number of physical locations that
| you have access to (personal house, family etc.). But that
| doesn't always suffice for backups, so go with an additional
| cloud provider for additional backups.
|
| Emails: Do you want to be hit with tonnes of spam traps because
| you're an unknown IP (any individual doesn't send email emails to
| 'warm-up' your IP). Do you want to lose emails because your
| personal server had a power-cut or internet connection drop?
|
| Monitoring: I'd said for small-medium personal setups, to get the
| level of monitoring, central logging and intrusion detection
| detection that someone (at least for me) would be comfortable
| with in the current age, a fair chunk of computing power goes to
| this. Maybe you'd use an external vendor for monitoring, since
| your home server monitoring itself won't detect if it goes out.
|
| Instant messaging: For IOS, at least, you need to jump through a
| bunch of hoops to send notifications to devices - should you use
| an external service for this?
|
| Honestly, I'm rambling, but.. I absolutely recommend self-hosting
| everything.. but I think a foreword about the amount of effort
| that needs to go into setting up services that you rely on a
| daily basis is (or should be) pretty high.
|
| I.e. if I were wanting to setup a single service for myself that
| I _heavily_ relied on.. I probably wouldn't do it. If I wanted a
| bunch of applications.. serving 5 applications from a k8s cluster
| and some additional work for monitoring, log management, backups
| and other bits and pieces probably starts making sense.
|
| On another note, for me, hosting things on your own, especially
| for data/services that you truly care about, sometimes can have a
| keep-you-up-at-night feeling of "you don't know what you don't
| know".. what if someone is in my network.. what if there's a
| vulnerability in the VPN, firewall and X, Y Z that hasn't been
| patched and someone is on my machine deleting/stealing my data.
| There's also people at lot more clever than you in the world and
| plenty of people writing scripts to automatically break into
| services that require a little more knowledge than you have on
| the subject (whatever the attack vector maybe).
| kodah wrote:
| Self-hosting is something that we should be constantly iterating
| on making easier; it's really the path forward for privacy
| centric folks. The main challenges are managing workload
| scheduling (SystemD is complicated for a layperson). Networking
| is another challenge; for instance, if you wanted _all_ or _part_
| of these services to remain offline or on a Mesh VPN there 's a
| lot of knowledge required.
|
| There's some projects trying to tackle the workload orchestration
| piece; CasaOS (https://www.casaos.io/) being one of my favorites
| but there's also Portainer (https://portainer.io). TailScale and
| and ZeroTier are great for Mesh VPN networking, where you may
| need to run some workloads in the cloud but want them networked
| with your home applications (or just to keep them offline). They
| also allow you to access applications running on a home server
| that doesn't have a static IP. Cloudflare Access is okay; I
| haven't tried it because it deviates from the mesh VPN model
| significantly.
| Havoc wrote:
| Quite surprised at seeing CasaOS mentioned so often here. It's
| quite a young project & best as I can tell it was sorta a
| sideproject of the guys sitting on their hands while trying to
| ship Zimaboard kickstarter hardware during a ship shortage.
|
| Good for them that it is seeing traction :)
| [deleted]
| [deleted]
| fknorangesite wrote:
| > Self-hosting is something that we should be constantly
| iterating on making easier
|
| I'm pretty sure that's exactly what we did and ended up where
| we are today. Any sufficiently-advanced self-hosting is
| indistinguishable from AWS?
|
| I'm not sure how joking I am.
| lumost wrote:
| Having started my career in hosting, I would suggest that this
| world is unlikely to come back except for exceptionally small
| applications with minimal business impact. What does self-
| hosting provide which end-end encryption does not?
|
| Self-hosting means:
|
| - Needing to know how to configure your linux host across
| firewalls, upgrades, backups.
|
| - Negotiating contracts with network service providers. While
| verifying that you have the right kind of optic on the network
| line drop.
|
| - Thinking through the order of operations on every remote
| hands request, and idiot proofing them so that no one
| accidentally unplugs your DB.
|
| - Making sure that you have sufficient cold spares that a
| server loss doesn't nuke your business for 6-12 weeks depending
| on how the hardware manufacturers view your business.
|
| - Building your own monitoring, notifications, and deployment
| tools using both open source and in-house tools.
|
| - Building expertise in all of your custom tools.
|
| - A 6-20 week lead time to provision a build server.
|
| - Paying for all of your hardware for 3-5 years, regardless of
| whether you will actually need it.
|
| - Over-provisioning memory or CPU to make up for the fact that
| you can't get hardware fast enough.
|
| - Getting paged in the middle of the night because the hardware
| is over-provisioned and something gets overwhelmed or a
| physical machine died.
|
| - Dealing with the fact that an overworked systems engineer or
| developer is never making any component the best. And
| everything you touch will just passably work.
|
| - Everyone will have their own opinions on how something should
| be done, and every decision will have long term consequences.
| Get ready for physical vs virtual debates till the heat death
| of the universe.
| gz5 wrote:
| tailscale is strong for network-centric use cases.
|
| openziti is strong for app-centric use cases - put the
| (programmable, zero trust) network into your self-hosted app
| (via SDKs for various languages), rather than putting the app
| on the network.
|
| https://openziti.github.io/ (quick starts)
| https://github.com/openziti
|
| disclosure: founder of company selling saas on top of openziti
| Hendrikto wrote:
| > SystemD is complicated for a layperson
|
| Is it? It has clean and logical abstractions, and consistency.
| Services depending in each other isn't complex or difficult to
| understand.
|
| I suspect that a nice GUI would make systemd quite usable for
| non-expert users.
|
| BTW: It's called "systemd":
|
| > Yes, it is written systemd, not system D or System D, or even
| SystemD. And it isn't system d either. [0]
|
| [0]:
| https://www.freedesktop.org/wiki/Software/systemd/#spelling
| spiffytech wrote:
| Technologists have a very skewed idea of what's complicated
| vs easy with computers. Things we think are absolutely
| trivial are often insurmountable hurdles for laypeople.
|
| (This can, of course, happen if you put a technologist
| outside their element, too)
| zepearl wrote:
| > _Services depending in each other isn't complex or
| difficult to understand._
|
| It is for me with Systemd - I had to spend hours (on two
| different occasions, if I remember correctly on Debian &
| Linux Mint) trying to understand how to set a dependency
| against an NFS filesystem mount so that a DB would not be
| started before that, and to make that work reliably =>
| Systemd's docs & behaviour (& special distro settings related
| to systemD?) weren't that great for me.
| kodah wrote:
| > Is it? It has clean and logical abstractions, and
| consistency. Services depending in each other isn't complex
| or difficult to understand.
|
| For a technologist or engineer, yes. For a _layperson_ , no.
| The average consumer who desires privacy is probably neither
| a technologist or engineer, so the longterm target is
| something that _just works_.
|
| Laypeople also aren't going to entertain the kind of pedantry
| that is systemd vs systemD vs System D vs SystemD so making
| systems that abstract further away from those communities is
| beneficial.
|
| Edit: Thank you for your correction, as a systems engineer,
| but I couldn't help but highlight this is a big hurdle even
| in the Linux communities that I've been a part of as desktop
| Linux as gained wider adoption by laypeople.
| lnxg33k1 wrote:
| I think it has come the time where the society starts to
| advance without caring about laypeople, if some folks can
| learn it, if there is documentation, then we can just go on
| without caring about who doesn't know how to use it,
| because that's fixable. And I speak considering the German
| government who had to pull back from Linux because employee
| didn't know how to use it
|
| Let's start treating tech as the world treats everything
| else: Ignorance is not a justification
| prox wrote:
| It is about expendable time. I mean it might take you a
| few hours or so do it, or even less.
|
| People working in other sectors, maybe with a family when
| they come home, do not have that skill or luxury.
|
| And speaking from experience, documentation is often
| greatly lacking. For example just today I had to thumb
| down a couple of google docs because it was riddled with
| inconsistencies and lacking crucial information. And
| that's a company with near infinite money. And its like
| that for most software, with great docs an exception
| rather than a rule.
| lnxg33k1 wrote:
| I don't agree with you, only for the fact that right now,
| in this age computers are everywhere, everything is
| digital, it is not luxury to learn how things work, it's
| survival, it's not expendable time, it's professional
| time
| ndiddy wrote:
| Laypeople don't know that systemd exists. They will install
| a webserver or something and the package manager will
| automatically install and enable its unit file.
| hotpotamus wrote:
| You know, nothing is really ever that simple and this
| comment makes me realize that. You actually hit on a
| philosophical difference in package managers lol. Ubuntu
| (not sure about Debian) will install, enable, and start a
| package, But Red Hat only installs it, because they
| expect you to configure the service first.
| nobody9999 wrote:
| >For a technologist or engineer, yes. For a layperson, no.
| The average consumer who desires privacy is probably
| neither a technologist or engineer, so the longterm target
| is something that just works.
|
| In comparison to system V initd startup files, systemd unit
| files are, arguably, less complicated.
|
| I'd say the "complexity" of systemd unit files is _mostly_
| irrelevant to end users.
|
| For a relatively non-technical user, implementing whatever
| application/service one might want to use should be as
| simple as installing the relevant package(s) and
| dependency(ies) via existing, well managed package
| management systems.
|
| That said, too many developers encourage self-hosting, but
| don't provide appropriate packages and defaults for most
| popular distributions.
|
| If developers spent just a little more time creating
| buildable packages (supporting the creation of binary and
| source .rpm, .deb, etc. packages) with sane
| defaults/startup files could make the inclusion of such
| apps into the standard/extras repositories of a broad
| swathe of Linux distributions much simpler and, for the
| non-technical user, easy to install and configure.
|
| Matrix Synapse[0] and Diaspora[1] both come to mind in this
| respect. Installation and configuration of these platforms
| requires the installation of several software development
| frameworks and separate (from the standard system package
| managers, e.g., DNF, apt, dpkg, etc.) package management
| tools for the language dependencies.
|
| Requiring installation of software dev environments and
| building the software/databases/admin tools for such "self-
| hosted" solutions just confuses non-technical users.
|
| As a professional with decades of Unix/Linux implementation
| and management experience, I find implementing such
| platforms simple enough. Just read the docs, install the
| dependencies and compile/install/configure the software.
|
| For a non-technical person, that's likely a non-starter
| unless there's a UI that will do so automagically.
|
| Fortunately, there is such a UI for _most_ Linux /Unix
| distributions -- it's called the system package manager.
|
| Unless and until developers provide distribution
| developers/maintainers with appropriate packageable sources
| (or even separate repositories with binaries!) to be added
| to the default repositories, self hosting many apps will
| only be the purview of technical users.
|
| This annoys me. A lot. Not because I, personally, mind a
| complicated set up process for such applications, but
| because it limits the ability of both Linux/Unix
| distributions and self-hosted applications/platforms to be
| used more broadly by non-technical users.
|
| Especially with tools like Diaspora, Matrix/Synapse and
| others which have the potential to overturn centralized
| hell holes like Twitter, Facebook, Instagram, WhatsApp,
| etc.
|
| It's been _at least_ five years since I first installed a
| Diaspora pod and a year since I installed Synapse and a
| STUN server. In both cases, had I not been a long-time user
| /manager/implementor of Unix/Linux and associated sw dev
| environments, the install would have been nightmarish.
|
| For both platforms, installation pretty much _requires_
| knowledge of software development tools and practices, as
| well as more than a passing familiarity with Unix /Linux
| shells and environments.
|
| I can't imagine my 64 year-old sister in-law (a reasonably
| well educated and smart cookie with decent problem-solving
| skills) taking the time to learn how to use git, clang/gxx
| or even docker to install this "self hostable" stuff.
|
| That should be the target audience for such self hosted
| tools, not devs and other technical people.
|
| Taking the time to make one's application/platform easily
| installable/configurable (and building from git repos
| and/or Docker-compose aren't "easy" for non-technical
| folks) by non-technical end users could make a _huge_
| difference in this space.
|
| [0] https://matrix.org/docs/projects/server/synapse/
|
| [1] https://en.wikipedia.org/wiki/Diaspora_(social_network)
| GrayShade wrote:
| I swear, writing it as SystemD isa shibboleth of systemd
| haters.
| kodah wrote:
| For the record, I actually like and use it. I'm just at
| work and didn't put much thought on how to spell it. I also
| didn't really expect someone to care that much in a
| general, high-level discussion.
| cozzyd wrote:
| they are all in favor of SystemE
| bqmjjx0kac wrote:
| More like SystemSh
| cozzyd wrote:
| SystemS?
| teekert wrote:
| What lay person does anything with systemd though? I have all
| my services in a docker-compose.yaml... Sure, I remember the
| days before systemd, I remember upstart, Gentoo's rc.conf. I
| still think it's useful I can find my way trough the
| internals of a Linux box, but for me all that stuff is far in
| the past. This is how it goes nowadays: Install the system in
| 20 min, clone the infra as code, put the data back, start the
| infrastructure... Where does the init system still play a
| role?
| 0xdeadb00f wrote:
| I'm certainly not a layperson, but systemd frequently
| confuses me.
|
| I want to edit a service to harden it for example. Oh, wait I
| shouldn't edit it directly with vi? Because it gets
| overwritten by package updates. Okay, makes sense, I need to
| use systemctl edit instead. But that opens a file that has
| everything commented out. Do I uncomment the [Unit] heading?
| What do I need to keep and where do I add my additions? I
| recall there being a comment at the start of this file, but
| unless I'm misremembering it doesn't answer that.
|
| All I ask of it to do one thing - start something.service
| after other.service. yet it just refuses to order them this
| way. Why? I have no idea. I also have no idea where to start
| debugging a problem like this. There's a billion ways to try
| and do this after all: do I add Before=something to
| other.service? Do I add After=other to something.service?
| Both? Wants=something?
| bmn__ wrote:
| > it gets overwritten by package updates
|
| This doesn't happen. The package manager installs the new
| configuration under a different name so that you do not
| lose your changes and can merge them easily.
| johnny22 wrote:
| what they are saying is that they edited the file in
| /usr/lib , which definitely would get overwritten. You're
| supossed to copy it into /etc/systemd/ for the
| appropriate service type.
| lvass wrote:
| systemctl edit --full does what you want.
|
| I wish package managers would make patching packages easy,
| this kind of thing is so much more manageable on Nix.
| evantahler wrote:
| The world of Synology products is fascinating in this regard.
|
| Take photos - They've got iOS and android apps that replace your
| photo app; a truly self-hosted server you run in your home with
| pretty easy to use DNS support tools. Even shared albums work
| without much fuss. I think they've invested in the UX in recent
| versions, and it shows.
|
| https://www.synology.com/en-global/DSM70/SynologyPhotos
| viburnum wrote:
| I've had a Synology raid for a few years but I'm completely
| baffled by it. There seem to be three options for everything
| (Photo Station, Moments, Photos. Similar situation for video).
| Nothing ever seems to work and it's very slow. It's never clear
| exactly where you're supposed to put your files either.
| Constantly doing security updates isn't very reassuring either.
| I feel like I'm going to get hit with ransomeware all the time.
| Forge36 wrote:
| Definitely pro-sumer, I think professionals are the primary
| audience, though as an individual this cuts most of the effort
| out of the process for me.
| evantahler wrote:
| Exactly! I guess above by "UX" I meant far more than the
| screens you interact with - running the app, storage,
| integrating with mobile and home ecosystems, etc. Sure it's
| fun to learn how all of that works, but for a few 100$, you
| can really move a family to fully self-hosted (content) in a
| day.
| CommanderData wrote:
| Photos is great but lacking. It seems like all of the other
| iterations of Synology's attempts to make a photos app.
|
| It starts off great and then never receives any attention. I
| bet their working on Gallerys next.
|
| Photos can be great but the facial recognition is extremely
| poor and not there yet..
| DrSiemer wrote:
| How would that work, self hosting Spotify and YouTube?
|
| In theory you could probably find ways to rip and download
| everything you want to save, but it would require a massive
| amount of storage space just to be sure you never lose things
| that have a tiny chance of being missed.
| mcdermott wrote:
| Agreed, we've given up too much control, privacy and sense of
| ownership.
| patientplatypus wrote:
| zelon88 wrote:
| I love self hosting. I made my own cloud platform [1] with app
| launcher [2] and add-on games [3], file conversion server
| application [4], and anti-virus server application [5].
|
| I'm currently working on the third iteration of the Cloud and app
| platform [6] which features completely noSQL and cookieless user
| and session management features. They are my passion projects.
|
| [1] https://github.com/zelon88/HRCloud2
|
| [2] https://github.com/zelon88/HRCloud2-App-Pack
|
| [3] https://github.com/zelon88/HRCloud2-Game-Pack
|
| [4] https://github.com/zelon88/HRConvert2
|
| [5] https://github.com/zelon88/HRScan2
|
| [6] https://github.com/zelon88/HRCloud3
| gregmac wrote:
| Like so many things, this is just all about trade-offs. Self-host
| is not a silver bullet, it just swaps in a different set of
| problems.
|
| Risk is part of it. Cloud service disappearing, discontinuing,
| failing, changing pricing, or modifying product, vs fire/flood,
| theft, hardware failure or software update breaking things.
|
| Responsibility for maintenance is a whole thing, too. Maybe you
| like that sort of thing, but is still a time suck and for most
| people it eventually gets boring (especially if it's similar to
| your day job). Do it less often and eventually you will find
| yourself upgrading something through major versions with all
| kinds of breaking changes.
|
| Security is a constant concern, and it's unfortunately not as
| simple as "it's firewalled on my LAN with no inbound access"
|
| Media disappearing from a cloud service is incredibly irritating,
| but you know what else is bad? Trying to watch a movie with your
| spouse but instead spending your evening diagnosing why your NAS
| refuses to boot.
| stathibus wrote:
| The author mentions but doesn't address the Picasa problem, which
| incidentally is the one I care most about.
|
| What do I do when all the useful software is cloud based and
| requires me to store my data with the service provider in order
| to use it? Self hosting is not a solution.
| quaintdev wrote:
| Good point. I use Photoprism to manage my pictures.
|
| https://photoprism.app/
| Isthatablackgsd wrote:
| Self-hosting is not always the answer for a lot of people.
|
| Self-hosting are not easy for laypeople (someone who are not
| familiar with it) to try to get their feet wet with it. For
| myself, I am on the level of beginner and I do struggle to stay
| on self-hosting path. When I set it up, I learn there is more
| steps that I have to do because the documentations and guides did
| not bother to explain those step and expect me to research more
| to find the information about it.
|
| My biggest beef with self-hosting is that they expect us to set
| up the SSL/TLS certificate without explaining the step to set it
| up. Some guides does have section about it but never provide the
| details about creating CA for my self-hosting needs. I turn to
| Google/DDG to find information about it and they are all over the
| place or leading into dead-end.
|
| There are few others thing I have gripes with self-hosting. I
| like self-hosting and they are pleasing for me as I don't need to
| rely on third party solution. The gripes I have is the
| documentations that are over the place or sparse information
| about it.
| mhitza wrote:
| > My biggest beef with self-hosting is that they expect us to
| set up the SSL/TLS certificate without explaining the step to
| set it up. Some guides does have section about it but never
| provide the details about creating CA for my self-hosting
| needs. I turn to Google/DDG to find information about it and
| they are all over the place or leading into dead-end.
|
| If you have your own domain pointed at your server, the Let's
| Encrypt certbot can automatically pull in a certificate and
| configure your apache/nginx webserver (alternative webserver
| caddy has this feature built in as far as I know).
|
| If you don't have your own domain, don't go with self-signed
| certificates. Get a free https://desec.io/ subdomain, and they
| have their own certbot plugin to generate automatic
| certificates.
| bsder wrote:
| > If you have your own domain pointed at your server, the
| Let's Encrypt certbot can automatically pull in a certificate
|
| Yeah, but don't have a mistake too many times, or Let's
| Encrypt will block you for a week until your rate limit times
| out.
|
| I hit this. I understand why Let's Encrypt has to do this,
| but it's very annoying and you have no choice but to _do
| nothing_ for a week.
|
| There needs to be something in between Let's Encrypt (free)
| and a couple thousand a year (other CAs).
| quesera wrote:
| Use the LetsEncrypt staging server for testing. When you
| have a process that works, switch to prod.
| bsder wrote:
| That's a tautology saying "Don't make mistakes."
|
| A DNS misconfiguration can cause your Let's Encrypt to do
| weird things on a configuration that was (and still is)
| perfectly correct.
|
| That was how I hit it. I eventually figured out what
| people screwed up in DNS. But certificates still didn't
| clear. So I spent an extra couple hours staring at DNS
| trying to figure out what I missed when the issue was
| that we bumped into the rate limit at Let's Encrypt
| (which is _REALLY_ low--I think 5 failures is enough to
| trip it) while the DNS was bad and the only thing we
| could do was sit around for a week with dead
| certificates.
|
| Not fun.
| quesera wrote:
| Sorry, quick comment, didn't mean to be glib.
|
| I've hit the problem you describe, and I feel your pain.
| I also respect LetsEncrypt's choice to rate limit
| failures. I renew a couple dozen domains at a time, so
| one error can quickly cascade into being blocked. IIRC
| the block timeout starts at 24 hrs and goes up from there
| if you keep trying -- this is easy to do if you don't see
| the raw response error message!
|
| After being bitten by this a couple times, I added a dry-
| run step to my autorenewal script. If the dry-run exits
| with success and generates a good new cert for the
| domain, I repeat by pointing to the LE prod server. This
| works every time (so far, but for years now).
|
| I'm suggesting that any LetsEncrypt certificate
| automation system (or docs) targeted at relatively low-
| sophistication users (i.e. not you or me) should include
| this sort of dry-run check so that the user doesn't paint
| themselves into a corner with a somewhat persnickety, but
| essential, service.
|
| Also of course, it should attempt to renew after 60 days,
| so that if things go badly wrong, there are a few block-
| timeout retries available before the 90 day expiration.
| francislavoie wrote:
| If you use Caddy, you'll almost never run into rate limits
| from Let's Encrypt, because Caddy rate limits itself, and
| will fallback to ZeroSSL instead of Let's Encrypt, and even
| fallback to LE's staging for additional retries against LE
| before trying the live one again if it works with staging.
| See https://caddyserver.com/docs/automatic-https#errors
| ryandrake wrote:
| I think the whole "self hosting isn't easy" meme gets repeated
| so much that people just take it as given now and default to
| managed software. Or, someone might argue "Well, my grandmother
| who knows nothing about tech cannot self-host, so it's not
| viable!" ignoring there is a huge spectrum of competence
| between grandma and a seasoned Linux sysadmin. People aren't
| morons, and there's enough info out there on how to do it. I
| agree it's not organized very well, but it's not like setting
| up a web server is dark wizardry.
|
| With all the tools out there and easy access to VPS services
| and even bare metal for your basement, there's never been a
| better time to self host. And not just web servers, but E-mail,
| git, photos and media, and so on, it's very accessible.
| lbriner wrote:
| The complaint is fair though. Trying to find a complete or
| the "correct" guide to something is very difficult even when
| you already know roughly what you are doing.
|
| I took me ages to work out how to setup postfix properly from
| about 10 slightly different "guides". The Postfix book wasn't
| even that helpful. There are also lots of very out-of-date
| guides that might have been OK for 2015 but not anymore. They
| don't get deleted because "link juice"
|
| It is sad but true but you get one little bit wrong and you
| potentially leave a door wide-open.
| plainnoodles wrote:
| Postfix is a special kind of hell though, in that getting a
| good setup requires wading though decades of legacy stuff
| and patching together a bunch of non-default stuff to get,
| for instance, dkim signing and stuff working right. I've
| done this before myself, and agree it was super annoying
| and not fun, but I also think it is potentially _the_
| biggest outlier in self-hosting difficulty I 've
| encountered.
|
| Lots of services are barely more than - apt install,
| systemctl enable --now, ufw allow 8080 (if you even
| firewall within your network).
| Karrot_Kream wrote:
| I actually found Postfix fairly easy to configure once
| you have a solid understanding of Email (which took me a
| good while at first). Dovecot on the other hand...
| Yhippa wrote:
| I'm skeptical that your layperson would be able to keep self-
| hosted applications secure constantly. Hell, huge
| corporations have a difficult time with it.
| Isthatablackgsd wrote:
| I have this issue too. When I tried to set up self-hosting,
| I assumed that there are steps that requires me to expose
| it to the internet. Turn out that it already exposed and
| didn't (or barely) provided the information of how to close
| it off securely and keep it private network only. When I
| tried to find information about it, there was always guides
| that are not consistent with it. Some will say I have to go
| in php.ini to do this, then go to SQlite to do that, then
| go to other files do there, then adding 20 steps to keep it
| secured. I'm just wondering why there are not any
| centralized options to do this. I just want a option that I
| can tick in the software and left it off as that.
|
| I understand those documentations are not for laypeople for
| me. However it is annoying when people out there kept
| pushing the self-hosting for beginners narrative without
| providing the necessary tools for laypeople to keep
| themselves secured and reliable.
| nobody9999 wrote:
| >I understand those documentations are not for laypeople
| for me. However it is annoying when people out there kept
| pushing the self-hosting for beginners narrative without
| providing the necessary tools for laypeople to keep
| themselves secured and reliable.
|
| And that, in a nutshell, is the problem.
|
| A few clicks, a configuration form and integrated tools
| to set up external dependencies (i.e., LetsEncrypt
| certs), et voila! You're running a self-hosted
| application.
|
| AFAICT, this is more about developers not creating the
| packaging/configuration/management tools necessary for
| effective use by non-technical users.
|
| Sure, I can write a sql query to modify the schema of an
| applications' database, but my highly educated and
| intelligent physician brother would just throw up his
| hands in disgust.
|
| Make self hosting easy and people will use it. And
| Docker-compose isn't "easy" for a lay person.
| plainnoodles wrote:
| I agree it's overblown. It's amazing how robust of a setup
| (more than sufficient for residential use!) you can get with
| little effort given how easy things are nowadays.
|
| I've been self-hosting a lot of load-bearing household stuff
| (I have stuff on the "wife-critical" path: if it goes down,
| "the internet goes down" and I get a text from her) for
| almost 10 years and I've only had 2 incidents of particular
| reputational-risk note:
|
| 1) a routine reboot of the main server triggered a BTRFS bug
| that blocked mounting it again. This took an evening and a
| reboot into an arch linux ISO to fix (arch had a new-enough
| version of the btrfs tools that had the ability to
| fsck/repair the fs).
|
| 2) my proxmox setup was initially installed with zfs and zfs-
| on-root. This exploded and the "on root" part stopped working
| one day. This was the most annoying thing to fix so far
| because I ended up dumping any interesting data to an
| external HDD and just re-paving the server, this time
| reinstalling with just ext4 and lvm (which is admittedly a
| setup I'm much more comfortable debugging). No issues since
| then.
|
| Both these events are from over 3 years ago, so it's been
| smooth sailing in recent times.
| Isthatablackgsd wrote:
| Majority of the documentations I came across usually have the
| mantra of "Do this and you are golden". I know it is not dark
| wizardary, it just the documentations are aiming for someone
| who have the experience and the technical knowledge of this.
| Whereas there are people who are pushing "self-hosting is the
| answer! Even your tech-inept grandma can do it!" without
| providing documentations for inexperienced people like me.
| Annoyingly that some guides have parts that have a links to
| other guides that barely provide information about this. It
| is like "I know how to set it up but I am not gotta tell you
| how to do it, so here the link that might help" and it didn't
| help at all.
| adrian_b wrote:
| When I have begun to install and manage servers, more than
| 20 years ago, I did not have any kind of prior experience
| and I did not have anyone whom I could ask.
|
| So I have just read the handbook, but I have read it
| completely, which needs more than a day.
|
| It is likely that there are also other operating systems
| and Linux distributions that have good documentation, but I
| can testify only about those that I have used in the
| beginning, the FreeBSD handbook and then the Gentoo Linux
| handbook.
|
| Both handbooks were good enough to convert anyone into a
| system administrator.
|
| Unfortunately, both handbooks are not as good in 2022 as
| they were e.g. in 2002, because they have not always been
| updated after every change, or the updates have not been as
| detailed as the original parts of the handbooks.
|
| Even so, both handbooks remain reasonably good today.
|
| Especially the FreeBSD handbook is good for someone who
| lacks experience, because FreeBSD is much more self-
| contained, i.e. there are a lot of choices that have
| already been made for you and you do not have to worry
| about them.
|
| So for someone who is inexperienced, I believe that the
| fastest way to managing a server remains to read the
| complete FreeBSD handbook and install and configure a
| server based on that.
|
| There are programs which are available only on Linux, but
| the administration of a Linux server requires much more
| work than for a FreeBSD server (even if much less than for
| a Windows server), so for a beginner I think that FreeBSD
| with its more complete documentation and less possible
| choices is easier to try.
| capdeck wrote:
| To do this right you should also think of backups, updates, and
| monitoring. Self-hosting is true freedom but doing it right for
| things like email is akin to running a small business. On the
| positive side docker makes many things a breeze.
| Isthatablackgsd wrote:
| I tried with Docker before and it is not a breeze as you
| think it is. I tried to use Docker for Calibre-Web and it is
| a pain to make it work. Because Calibre-Web required to
| access their database in the filesystem outside of Docker.
| Docker provided minimal (more of lacking) information of how
| to expose the filesystem for Calibre-Web to use their
| database. Calibre-Web cannot create their own database, it
| relies on Calibre, standalone app, to generate the library
| that it need to have access to. It took me ages to finally to
| find a way to expose the filesystem and only provide
| permission to access that particular library.
| beenpola wrote:
| ShowalkKama wrote:
| If you find self hosting too annoying you could always try
| Yunohost to have one click deploys for the most common
| services.
|
| https://yunohost.org
| wolpoli wrote:
| It sounds like part of the difficulty has to do with the
| general poor quality of online tutorials. There is a need for
| properly written guide books and magazines, but unfortunately,
| it seems like there is no way to pay for people to write them.
| andrewallbright wrote:
| I wish self hosting was a bit easier. Right now it seems you need
| to know so much. I've always wondered if there was a way of
| making self hosting products that were easy to set up and secure
| by default.
|
| I'd love to spend $100 for a mail server that I just plug into my
| router, as an example.
| chipgap98 wrote:
| The irony of an article titled "Start Self Hosting" having its
| site go down
| ct0 wrote:
| You're missing the point if you think uptime is the number 1
| priority.
| themodelplumber wrote:
| That's a good post on the topic, thanks. Like a lot of others I'm
| a hybrid-self-hoster. I do rely on some third-party, third-party-
| hosted or other cloud services, but I also spend a lot of time
| bringing things back home when I can.
|
| It's tricky to be in that hybrid-box since the conversation in
| this area is very dichotomous--cloud things OR my own thing--but
| overall I like keeping my options open and swimming with the herd
| ;-) in making sensible use of cloud services when it seems
| appropriate.
| ndneighbor wrote:
| I think the granularity of control is just as important as
| where the app is hosted imo. Its perfectly valid to make a fair
| compromise on ease of management vs. being able to vendor your
| own versions. And especially with how great Tailscale/Wireguard
| networking is nowadays, you really can make that line blur
| between your own network + a cloud provider.
| dlivingston wrote:
| Follow-up question:
|
| Should someone interested in self-hosting do it from a literal PC
| in your basement, configured as a server?
|
| Or is self-hosting on AWS / DreamHost / whatever good enough?
|
| I ask because I like self-hosting a lot, especially when market
| solutions don't _really_ do what I need them to.
|
| But security, man, that worries me. I can't tell you what a
| three-way handshake truly is, or what a signed certificate
| _really_ means: so self-hosting my own email / web server / etc.
| from my basement gives me a fear that someone, somewhere will
| take advantage of a vulnerability in some system component that
| I've never even heard of.
| rpdillon wrote:
| I self-host entirely on a Dreamhost VPS, precisely because of
| the issues you mention. I'm fairly experienced with many of the
| more technical aspects, but Dreamhost is more diligent than I
| am, and they stay abreast of issues I'm unaware of. So I handle
| the app layer (Nextcloud, FreshRSS, Fossil, etc.) and they
| handle the OS, web server (Apache, PHP, etc.), and certs
| (through Lets Encrypt). This balance has worked really well for
| me. No affiliation, just a customer since 2004.
| adrian_b wrote:
| I would not encourage someone who completely lacks experience
| in server/network management to do self-hosting, as it is easy
| to make mistakes.
|
| Nevertheless, if someone is willing to dedicate some time for
| study and experimentation in the beginning, this is not an
| insurmountable problem.
|
| I have been using self-hosting on "a literal PC in my basement"
| for about 20 years, without any problems whatsoever, and with
| negligible costs (the main cost being that I have a set of
| public IPv4 addresses and a fixed IPv4 address on my router
| connected to the ISP, which implied a more expensive monthly
| fee for the ISP).
|
| After the first few months, during which I have made frequent
| changes in the configuration, while I understood better and
| better how it should work, the time wasted with server
| management during the next years has been negligible, i.e. just
| a few hours per year, used mainly for software or hardware
| upgrades.
|
| Configuring and managing services just for personal needs or
| for the needs of a small number of users, e.g. a family, is
| much simpler than in an enterprise setting.
|
| For reliability, it is good to have a second spare computer and
| a second image of the root SSD/HDD used on your server, to be
| able to replace the active server in case of failure. As others
| have already mentioned, periodic backups should be done and
| they should preferably be stored in a different location.
|
| While I believe that self-hosting is not difficult, unless
| someone has already done such management work as a
| professional, it is necessary to learn many things.
|
| For security, the first thing needed is to understand well what
| a firewall does, which are the firewall rules needed by
| whatever services you want to host and how to configure and
| monitor whatever firewall program you choose.
|
| For this, some knowledge about how the main IP protocols for
| networking work is necessary.
|
| The management of keys and certificates is also important, as
| you have mentioned, but what you need to learn for this is much
| less than what you need to learn about networking protocols, in
| order to both make a correct server configuration in the
| beginning and to diagnose any problems that might appear later
| (usually because someone at your ISP makes some changes in
| their configuration, which break yours, but nobody who answers
| the support call has any idea that they have changed anything,
| so you should better be able to identify yourself what they
| might have done, if you want a quick solution).
| ozim wrote:
| Even better do you really need "self hosting" many people will
| be good enough with external drive.
|
| You can also setup something like Synology which is good enough
| for layman and if you keep it in your local network it is
| basically easier than configuring some old PC.
| inetknght wrote:
| > _Should someone interested in self-hosting do it from a
| literal PC in your basement, configured as a server?_
|
| It's a good place to start/test. But don't open your firewall:
| do all of your testing on your internal network. You really
| _don 't_ want to open your network to the kind of problems that
| can occur while you're learning.
|
| When you're ready to really host things then you should rent a
| cheap shared instance, or maybe a low-priced dedicated server.
| You can pick up something decent for $10/mo. That's not much if
| you're skilled enough (eg, employable enough) to learn how to
| self-host.
|
| For your internal network you can use a pi-hole to set up all
| of your DNS entries so you can even visit "http://example.com"
| and have it point to an IP on your LAN.
| vbezhenar wrote:
| If you need mail, you need VPS with good reputation. Otherwise
| hosting from your basement is an option if you've got
| accessible IP address.
| dna_polymerase wrote:
| For some things your local network is enough, like personal
| pictures and other private files. E-Mails I would suggest to
| host in a datacenter. Not necessarily in AWS but a local
| company offering hosting.
|
| For those who feel unable top securely self host I'd suggest
| looking into smaller providers of hosted E-Mail solutions. A
| large number of federated services is better than everyone
| being on Google Workspace or MS360.
| alexk307 wrote:
| Self-host in your basement, use nginx as your reverse proxy and
| add tls with letsencrypt. I'd argue this is more secure than
| most modern applications.
| simow wrote:
| em3rgent0rdr wrote:
| > "But if you cannot wait, head over to r/selfhosted"
|
| The irony of this blog post is telling me to visit a non-self
| hosted cloud service to get started self-hosting.
| dmitriid wrote:
| I'd love to self-host something like Picasa or Google Photos.
| Alas, there are not too many choices that can replicate the
| experience.
| xwdv wrote:
| Although I once loved the idea of self-hosting, my opinion
| nowadays is that life is too short to self-host. Yea platforms
| will come and go and sometimes it sucks, but what we really need
| is easy ways to move data from one place to another, more than we
| need self-hosting.
| holri wrote:
| https://freedombox.org/ can make this easier. It is based on
| Debian and has a nice Web GUI. One can also order an appliance:
| https://www.olimex.com/Products/OLinuXino/Home-Server/Pionee...
| symkat wrote:
| I've been working on https://markdownsite.com/ - the "Git Repo ->
| Website" type of hosting platform, and have completely opened
| sourced it so others can run it themself.
|
| The installation and on-going configuration management are first
| class things, with documentation and graphs:
| https://github.com/symkat/MarkdownSite/tree/master/devops
| simow wrote:
| 750$ GiftCard
|
| To win :
|
| REGISTER : https://bit.ly/3ilBacs
| u2077 wrote:
| I don't need a reason _why_ to self host, I need nice, clear, up-
| to-date tutorials on _how_ to self host various services.
|
| Self hosting should be easy enough for everyday people. Perhaps
| preconfigured servers that treat services just like apps. Once I
| have a server setup, I should be able to install (and uninstall)
| services in a single click. The OS can handle permissions and
| containers.
| kesslern wrote:
| Unraid can do something extremely similar to this. There's a
| plugin that provides a repository of Community Applications
| that are essentially docker configuration templates designed
| specifically for Unraid. You can search for say, HomeAssistant
| and install it with just a few clicks.
| pixelN wrote:
| https://www.cloudron.io/ or https://yunohost.org/ might be
| interesting.
| mxuribe wrote:
| I'm guessing the "why" eventually can trigger experts to craft
| mechanism and associated tutorials/docs to show the "how". That
| is, i think people should understand the compelling reasons why
| self-hosting could be important...and maybe there will be much
| more incentive to get experts to create more things - and
| easier - for lay people to adopt them...For example, if tons
| more people start demanding that easier self hosting options
| exist (both mechanism AND how to docs), then we would have many
| more entities - both commercial and private - incentivized to
| generate better/easier on-ramsp for self hosting. But of
| course, you're right that ultimately, eventually, the "how" to
| get to such a nirvana is essential too. That is my guess
| anyway.
| olah_1 wrote:
| I am with you. I think the future is something like Umbrel[1].
|
| Because frankly, I would rather have the server running on a
| little device in my home than having to mess around with things
| like SSH and a VPS. An app that is running on a little computer
| in my house is both more understandable and easier for me to
| maintain.
|
| [1]: https://getumbrel.com/
| Gigachad wrote:
| There are numerous projects which have attempted to create
| this.
|
| https://sandstorm.io/ was the biggest one but as far as I can
| tell its largely unmaintained and most of the apps are outdated
|
| https://yunohost.org/ probably has the best "just works"
| experience but I didn't like that it wasn't using any kind of
| containerization which has caused them issues with shared
| libraries like PHP being difficult to update. As well as
| security concerns about one insecure app giving access to the
| whole server.
|
| Ultimately the problem is just extremely difficult / high
| maintenance. And no one wants to pay for this work.
| BonoboIO wrote:
| YES!
|
| I think the single most important thing of any software is "how
| do i install this". Thats the first thing i search for on a
| github repo.
|
| And please no outdated tutorials, that sucks so bad ... that i
| give up and don't use it.
| moonbas3 wrote:
| Most things offer a docker image, so maybe learn how to work
| with those.
| Gigachad wrote:
| It's not as easy as "just run the docker image". Maybe it
| is if you just want to run a single one. But as soon as you
| want to run multiple it becomes a very complex job of
| configuring nginx and lets encrypt. It took me several
| hours to work out how to host nextcloud and get the nginx
| config working.
| judge2020 wrote:
| What self hosting stories don't seem to focus enough on is backup
| and encryption, as these are the main issues with server-in-your-
| house hosting. Even disregarding fire/water damage it's not
| uncommon to have hard drives die outright, which is a problem if
| you didn't think to (or had the money to) set up zfs for data
| redundancy purposes.
| gen220 wrote:
| I agree coming up with a good backup strategy is an essential
| ingredient to long-term-sustainable self-hosting.
|
| Speaking for myself, I don't have the goal of 100% detaching
| myself from "the grid", so to speak. I still want to pay an ISP
| to act as a gateway to the internet, and want to pay the local
| electric company to power my house.
|
| To me, "backups" are a commodity service, like internet service
| and electricity.
|
| Dumb file servers are offered by any number of places for a
| price lower than the cost of in-housing that service, and with
| a negligible switching cost at for my workload.
|
| I'm personally OK with having one relatively shitty local
| mirror, and a background task that rsync's to backblaze. If BB
| makes noises about going under, I can migrate aws s3,
| rsync.net, digital ocean, whatever entity wants to charge me
| the least for my workload.
|
| I don't think NAS's or ZFS are strict requirements, although
| playing with them can be fun.
| ndneighbor wrote:
| This is an important call to action, in a world where your user
| experience of an application is determined by a Product Manager
| who may be stat-maxxing a graph, I hope that we can see a
| resurgence of self-hosted apps.
|
| Selfishly speaking, I work at Railway and our community maintains
| a list of self-hosted apps (we call them starters) that people
| can deploy to our platform. You can checkout the list of apps
| here: https://railway.app/starters and we even accept submissions
| via our GitHub repo: https://github.com/railwayapp/starters (Just
| reply to me here and we can get it reviewed for ya.)
| [deleted]
| cube2222 wrote:
| No thank you.
|
| I'll have to take care of backups, security, availability,
| updates, etc. I prefer to use a managed solution.
|
| If you don't want to lose data on being banned, just do your own
| backups, which are by themselves much less time consuming to
| handle than full-blown self-hosting.
|
| I'm fine with the occasional service being axed, I'll just
| migrate to another one. Often, somebody writes a migration script
| and open sources it, making that even easier.
|
| It is good though to promote and vote with your wallet for
| services that give you good and dependable support.
| Kenji wrote:
| fareesh wrote:
| Anyone know of a good YouTube channel that reviews self-hosted
| programs? I don't mind self-hosting but I don't have the time to
| install, configure and deploy 50 different video library products
| and then decide which one works for me. I'd rather watch a video
| and listen to someone who has done that exercise, because it
| saves me a lot of time.
| rcarmo wrote:
| I've gone down this path a while back and self-host Gitea and
| other things: https://taoofmac.com/space/blog/2022/02/12/1930
|
| I will be moving my KVM/LXD setup to Proxmox eventually (probably
| when I get new hardware) and am looking into low-wattage servers
| (ARM would be nice, to continue the grand tradition of running
| services on an NSLU2 a few years back, but there just aren't any
| good ARM server boards with lots of RAM and NVME storage).
| mendelmaleh wrote:
| > I will be moving my KVM/LXD setup to Proxmox eventually
|
| How come? I'm running proxmox currently but I'm considering
| just using a regular distro with lxd because I'm almost only
| using lxc containers...
| uhtred wrote:
| Syncthing, baby.
| [deleted]
| Karrot_Kream wrote:
| Philosophizing on your blog seems to be the new way to tilt at
| windmills. If you're actually interested in self-hosting,
| https://github.com/awesome-selfhosted/awesome-selfhosted is a
| great resource for self-hosted apps. Roll up your sleeves, get
| prepared to get lost in documentation, and have some fun! You'll
| realize the tradeoffs of what to self-host and what not-to
| quickly as you start playing around with actual technologies.
| Just remember that your life is production and if you're self-
| hosting XMPP for your family, you may want to be confident you
| know how to run XMPP before pushing everyone onto it, so maybe
| setup a lab or staging environment. But that's fine, it's part of
| the process! Stop writing screeds and start actually self-
| hosting.
|
| EDIT: Since I'm mostly just reposting the link that OP links in
| their post, I'll add a couple fun things that I use a lot with
| self-hosting.
|
| https://hoppy.network/ lets you setup a Wireguard tunnel to have
| your own static IPv4 /32 and /128 IPv6.
|
| https://freerangecloud.com/ gives you similar products but also
| lets you do things like colocating a Raspberry Pi or getting a
| VPS at an IX
|
| https://www.zerotier.com/ can effortlessly setup a private
| network between hosts
|
| There's more I'm sure, but I like these.
| dvtrn wrote:
| _Philosophizing on your blog seems to be the new way to tilt at
| windmills._
|
| not the first time I've seen such comments or sentiments close
| to it regarding the content of developer blogs, when one gets
| shared here.
|
| I ask most sincerely: isn't that just one of the many reasons
| people chose to launch a personal blog in the first place?
| Karrot_Kream wrote:
| It surely is. I prefer less of it which is why I made my
| comment.
| [deleted]
| [deleted]
| yewenjie wrote:
| That blog post literally mentions that link.
| Karrot_Kream wrote:
| I know. Now I made a comment that helps self-hosters just as
| much as the OP with much less text and much less moralizing.
| haswell wrote:
| One of the most important aspects of choosing a solution is
| understanding the problem first.
|
| There's a place for both:
|
| 1. Blogs that moralize and talk about a much larger
| philosophical underlying problem. These help the reader
| understand a problem that they may not have fully
| understood. Before, the problem was: "I need a place to
| host my photos". If that's your only problem, there's no
| reason not to choose something easy like Google Photos.
|
| Only by digging deeper does one start to understand that
| there's more to it than this, and choosing certain
| solutions bring with those solutions a whole set of new
| problems. Now, you realize "I need a place to host my
| photos and I need it to provide a certain level of privacy,
| and a certain degree of predictability..." etc. A set of
| problems that can be solved by self hosting.
|
| 2. Blogs that are solution oriented. You already know what
| you want, now go do it.
|
| If all you ever present are solutions, the reader is left
| to wonder why they'd ever invest the time and effort in
| doing something that is much easier elsewhere. An
| investment that does start to make sense if you have
| problems with the implications of hosting elsewhere.
| Karrot_Kream wrote:
| If you're trying to frame the problem in your mind like
| that, I suggest doing an HN search like https://hn.algoli
| a.com/?dateRange=all&page=0&prefix=true&que... to give
| you a good idea why people self-host. There's lots of
| prior art.
| haswell wrote:
| As a person who self hosts quite a few things, I'm
| intimately familiar with why people self host. That was
| not my point.
|
| The point is that there exist people who do not
| understand why self hosting can be valuable, nor should
| we assume that they will come to HN, do a "self-host"
| query, and then comb through the myriad of results to
| back into why this is an interesting topic.
|
| You were criticizing the blog post...essentially for
| existing in its current form...and I pointed out that
| there are legitimate reasons for such posts to exist.
|
| The post was probably not meant for you or I.
| JoshTriplett wrote:
| Your comment doesn't convince anyone to self-host who isn't
| already doing so, unlike this blog post. It's absolutely
| possible to write more concisely if you have a narrower
| target audience of people who already agree with you.
| sekou wrote:
| I'm not affiliated but I came across some software called
| Yunohost (https://yunohost.org/) recently, a Debian-based OS that
| tries to be user-friendly for self-hosting applications. Not sure
| how much it's being maintained.
| NelsonMinar wrote:
| Self hosting also implies building (or using) your own self
| hosted product. That's a significant requirement, particularly if
| you want social features.
|
| I'm going through this dilemma with books. Goodreads lost my
| account of nine years. I've managed to recover most of the data
| from a backup and set up my own blog. I'm self hosting! But my
| blog is very spare and is not backed by a database of books, book
| covers, etc. Also it has no social features, no easy way to see
| other people's reviews or find related books or... I could
| imagine building all those things but that's like building a
| whole product! I could also imagine some self hosted book product
| I could just use (analagous to Picasa in the story) but it
| doesn't happen to exist.
|
| Meanwhile there's a pretty great product for books in Goodreads,
| other than the crippling disaster of losing a user's account.
| Also some good cloud competitors like The StoryGraph. So maybe I
| should just use their product and hope my data is safe.
|
| PS: I was at Google when Picasa was acquired. My memory is that
| the plan was always to focus on the hosted version. Maintaining a
| desktop standalone product was very much not in the Google
| business model.
| aww_dang wrote:
| Try this, I think they have some covers as well as other meta
| data. It has been years since I used it.
|
| https://openlibrary.org/developers/dumps
| NelsonMinar wrote:
| Maybe I didn't explain myself well. Yes, I could get a data
| dump from many sources. It is a lot of work to turn that dump
| into a product that I self host.
| zozbot234 wrote:
| You don't have to write that stuff. There is a fairly well-
| known project licensed under AGPL3, that's fine for self-
| hosting if perhaps not commercial use. Just search around.
| yewenjie wrote:
| What are you all self-hosting? For me -
|
| - Gitea (git forge)
|
| - Maddy (email)
|
| - Calendso (scheduling)
|
| - Vaultwarden (password manager)
|
| - linx (filesharing)
|
| - Syncthing (file syncing)
|
| - Wireguard (VPN)
|
| - a couple of metasearch engines
|
| I am not mentioning all the tools and services for monitoring and
| management.
|
| Self hosting is easy for me cause I am managing all of this with
| NixOS.
| TwoNineA wrote:
| - Vaultwarden (passwords)
|
| - FreshRSS (RSS reader)
|
| - Homebridge (gets some non homekit devices into Homekit)
|
| - Minecraft Server (kids)
|
| - Valheim Server (me and my buds)
|
| - Syncthing Discovery and Relay servers (I am paranoid, for
| file sync)
|
| - PiHole (network adblock)
|
| - Wireguard (all our devices have it installed, combined with
| PiHole = adblock on the go)
|
| - Grafana + InfluxDB (to monitor system health)
|
| All this is running in a 16 GB space eating VM that's backed up
| offsite. Maintenance is not too bad, if something goes wrong
| I'll roll back in a flash and investigate later.
| sccxy wrote:
| - Wireguard (VPN)
|
| - Pi-hole (Adblocking and works with VPN)
|
| - Plex (Media collection)
|
| - Plausible (Web analytics)
|
| - Home assistant (Smart home)
|
| - Uptime Kuma (Monitoring)
|
| - Traccar (GPS tracking)
|
| - 5 nodejs web apps
|
| Wireguard and nginx ports are only opened to internet.
| pronoiac wrote:
| I run Caprover on a $5 Linode VPS, and it makes it easy to spin
| up new apps from a curated selection or from a Docker Compose
| file. I checked out Dokku, but the learning curve out of the box
| was harder.
| BonoboIO wrote:
| I HATE the Spotify podcast player.
|
| It is the worst UI for pretty much anything: music, video,
| podcast, lyrics ...
|
| I selfhost ... i download the spotify exclusive podcasts and host
| them myself to use the with overcast. They come as OPUS files,
| but ffmpeg to the rescue.
| v-yadli wrote:
| PhotoPrism[1]+NextCloud is a potential solution to the Picasa
| problem. I run them on my personal NAS.
|
| The devops experience is fine -- I can wrap up PWAs for all the
| devices (PCs and phones) in the family. Need to set up a few
| systemd timers to synchronize data, build indices and check for
| PhotoPrism app updates but that's not too bad. Docker makes
| deployment super easy.
|
| The user experience, hmm, modern, minimalism, tolerable.
|
| Modern = it knows about iPhone live photos and all sorts of photo
| metadata; has machine learning for classification. Recognizes
| faces. etc.
|
| Minimalism = just a viewer, no photo editing (Picasa photo
| editing and the ability to put an album together into one picture
| totally rocks)
|
| Tolerable = meh classification precision, slow geotagged map
| (dreaming of Picasa + Google Earth), NextCloud iOS autoupload
| constantly breaks (you want non-iCloud cloud on iOS and you're
| not a megacorp huh? good luck) etc.
|
| Conclusion? It has been a decade since Picasa is gone. I'd expect
| a lot more improvements to happen, but in reality, the best thing
| we have now is just that. Some good, some bad, some ugly.
|
| [1]: https://photoprism.app/
| mceachen wrote:
| I'm writing PhotoStructure, which you might be interested in.
| It's self-hosted, but also runs on Windows and macOS without
| docker, libraries are portable, and photo and video
| deduplication is robust. Photoprism had a couple features I
| haven't built out yet, but I'm getting there. More details are
| here: https://photostructure.com/faq/why-photostructure/
|
| Also, if nextcloud gives you attitude (I had scaling issues
| with it), know that there are several other alternatives to
| background phone syncing with your server:
| https://photostructure.com/faq/how-do-i-safely-store-files/#...
| v-yadli wrote:
| Very interesting project, and nice landing page! Will
| definitely check it out.
|
| I'm a long time ownCloud/NextCloud user and I'm aware of the
| alternatives. With multiple android phones come and go in the
| past 8 years or so, the background upload seems to stand its
| ground.
|
| The real problem here is iOS and its lack of proper
| background tasks. See:
| https://github.com/nextcloud/ios/issues/215 -- they tried
| every possible way to persuade iOS into running background
| sync, but still hit and miss.
|
| I have to request access to my wife's iPhone and manually
| trigger some :)
|
| One small suggestion here -- PhotoPrism went with
| `tensorflow.js` to load up classification models, and I
| recommend a "real" TF or PyTorch installation to properly
| leverage the computation resources. The difference is huge
| even running cpu-only because it's wasm vs. proper BLAS
| library.
|
| I worked on a nodejs binding for native ONNX runtime (not
| publicly) so that's also a possible way out.
| hitovst wrote:
| Wanted to mention FreedomBox, LibreServer, Epicyon, and
| Retroshare. Any others worth mentioning?
| louison11 wrote:
| This article is a bit delusional and oblivious to market
| dynamics.
|
| 1. Privacy: Self hosting is not necessarily more private than
| cloud services. The security of self hosted services is only as
| good as the effort put into maintaining it. Who do you think
| invests more in security: the giant corporation or a free open
| source project? Even if the project is well maintained, there are
| many ways your server can be compromised. It's only as safe as
| you're willing to make it. The best way to be safe for me is not
| self hosting, but cloud hosting _with E2E encryption_.
|
| 2. Longevity: even though self hosting technically means nobody
| can discontinue your service, everything eventually gets
| discontinued. Your server will be out of date at some point. You
| will need to update it. You might be too busy to do it and your
| server will become a security risk. Again, middle path and ideal
| way for me here is: use cloud services, encrypted, AND save the
| data locally as well.
|
| 3. Usability & market dynamics: John Doe doesn't have the time or
| knowledge to self host, which makes self hosting dangerous for
| him for the reasons mentioned above. If you're going to self
| host, you need to know what you're doing. If you do it half way,
| you're better off staying with a cloud service. The cloud will
| always win because it's easier for everyday people. And because
| it wins, there will always be more money and development
| happening in it. We need more cloud services that use encryption
| by default, and provide data migration tools. The more this
| becomes a standard, the more the "big cloud giants" will have to
| step up and match this new standard. For me, THIS is the way not
| just nerds but _everybody_ benefits from a safer, more reliable
| Internet.
| superkuh wrote:
| Your response to this post is a bit oblivious to motivations
| other than profit and metaphors other than markets.
|
| Additionally, re: (1), static sites are more secure with no
| maintanence than using a browser with Javascript enabled. (2)
| HTML and files lasts forever. There is nothing to update. (3)
| You keep assuming the needs and complexity of a for-profit
| business and the risks associated with that. But human persons
| don't have those complex needs or the associated risk of
| complex, dynamic setups that enable entire teams of people to
| work on something and constantly move it around.
| pjerem wrote:
| 1. I don't understand why you conflate security with privacy.
| Or to be more precise, it depends on your threat model. A badly
| secured self hosting will make yourself vulnerable to targeted
| attacks over your privacy.
|
| While it's an issue you should consider, those attacks are
| pretty unlikely. However traditional cloud services will
| harvest every bit of what they get about you with a frightening
| efficiency but they'll never automatically scan your server for
| vulnerabilities to read your mails.
| louison11 wrote:
| I think there needs to be clarity about what is harvested and
| how. Most centralized services actually respect people's
| privacy to the extent that they're not asked to infringe it
| by law order.
|
| Most major tech cos have encryption at rest and highly
| regulated access checks. It's also not clear that they
| actually do harvest every bit of data they can. They might
| for the purpose of better UX within the service, but Google
| ads doesn't collaborate with gmail or Google photos for
| example. There are, however, botnets all around the world
| scanning the web for security flaws.
|
| This is why, in this sense, I argue that most people are
| actually better off using a safe, centralized service with
| encryption than try to reinvent the wheel at home and be more
| exposed.
| ziml77 wrote:
| Security is necessary to maintain privacy. If someone gains
| access to your systems, nothing you had on there is private
| anymore.
| erulabs wrote:
| We're not quite publicly launched yet, but I've been working on
| making self-hosting easier for several years now. People often
| ask "why would I self-host?" and it's hard to pin down one answer
| - instead the answer depends on your values - but there is an
| answer. This post is excellent because it's not "do it for
| security" or "do it to see fewer ads" or "do it to fight big
| tech" or "don't give photos of your infant to Facebook". It's all
| of those reasons, but it's also more broadly (and deeper in the
| kool-aid), because it helps fix the internet itself.
|
| > This engineering talent is supposed to be solving world's
| problems but instead they are ensuring how everyone wastes their
| time
|
| Agreed! If software was sold for its utility instead of its
| addictive properties - this might start to change. Self-hosted /
| open-source software does need plenty of "hosted" accoutrements
| though: backups, remote access, etc. Shameless self-promo: we're
| trying to solve this over at https://kubesail.com
| preseinger wrote:
| I explicitly do not want to be in control of my own data. I don't
| trust myself with it. A third-party is better equipped to manage
| it over time. This is both a common and rational position.
| tormock wrote:
| Can you trust yourself with passwords for true e2e encrypted
| traffic? that could work too...
| dmje wrote:
| Seems to me that there's a middle way. Self hosting is too hard,
| but making sure you've got local duplicates of all your stuff is
| less so.
|
| As a simple example: I use Dropbox and Google Drive extensively.
| I'd like not to but the utility and ease is hard to beat. But I
| have made an effort to only use Word and Excel (rather than
| gdoc/gsheet) and have hooked up my Synology so it backs up all my
| cloud services whenever there's a file change.
|
| So - I'm not strictly self hosting, because it's too hard, but if
| Dropbox doubled price or Google stopped doing GDrive, I'm safe.
| Same with photos and other critical assets.
| lbriner wrote:
| I feel that a lot of what the OP mentions is not really solved by
| self-hosting. Has does self-hosting solve Netflix problems? How
| does it stop Spotify changing your playlists? Sure, you can
| create your own jukebox of music files but the reason you pay for
| Spotify is unlimited access to a lot more music than you would
| ever buy and easy use between devices.
|
| There might be a few use-cases where self-hosting is a bit less
| risky than losing everything but I suspect for most people, the
| online services are just easier. That said, if you pay for stuff,
| you are more likely to get some proper support. I pay fastmail
| for my email because they provide me email and support in return
| for money. You can't use free GMail and then complain that they
| have broken something or locked you out.
| johndhi wrote:
| For those suggesting e2e encryption of data in Cloud services,
| how is that possible? How could you, for example, run Salesforce
| and have Salesforce only see encrypted data? Seems extremely
| complicated or impossible -- isn't the point of encryption that
| nothing can be done with it?
| TheBozzCL wrote:
| Been on this route for a while. Currently, I have:
|
| - My blog (Jekyll + Apache 2 + nginx)
|
| - An Invidious instance
|
| - My VPN (Wireshark)
|
| - A DNS server (Pi-hole + nginx for DNS-over-TLS)
|
| - My password manager, up to a point (KeePass + OneDrive for
| backups and sync, but I'm thinking of ways to self-host that)
|
| The big ones left are making my password manager self-hosted,
| email (not sure if I want to go beyond having my own domain yet)
| and code repo. I feel these need more reliable hardware and
| internet connections to be fully viable as self-hosted.
| bob1029 wrote:
| I've been thinking about buying rack space from a colo in my
| metro area.
|
| Hosting at home is something I used to do religiously for over a
| decade, but I really don't like all the hackarounds and shitty
| ISP/DNS/port problems anymore.
|
| It's definitely not cheap to do this, but there are a lot of fun
| upsides. Just having an excuse to get out of the house to badge
| in at a DC is a nice mix-up for me. Everything I do at work is
| cloud hosted, so I rarely get the visceral experience anymore.
| Havoc wrote:
| >I really don't like all the hackarounds and shitty
| ISP/DNS/port problems anymore.
|
| This is a not insignificant part of the reason why I'm in no
| hurry to move from my flawed apartment. Symmetric gigabit fibre
| with static ipv4 is a luxury not everyone appreciates but I
| sure do
|
| Moving would be such a pain since rental agents don't get this
| at all. "Yes it has fast broadband"...what they mean is it has
| 4G reception if you lean out the right window.
| weystrom wrote:
| I self-host everything but my email.
|
| Hosting email is just too much. Big providers just treat you as
| guilty of spam, unless proven otherwise. Just too many hoops to
| jump through.
| rglullis wrote:
| For those that avoid it on the grounds of "it is too hard to
| self-host", may I suggest a much simpler alternative? It takes
| two simple steps:
|
| 1) buy a domain name
|
| 2) Foment/patronize SMBs that can provide hosting for open source
| software alternatives.
|
| That's it. By demanding open source alternatives, you are
| ensuring that the service vendor can not lock you in. By using
| your own domain, you get the freedom to port your services to
| anyone that offers better price/better support/better
| performance.
| johndhi wrote:
| For those advocating e2e encryption instead, is that even
| possible with most cloud services? How can you encrypt Salesforce
| data, for example, and still have Salesforce perform all of the
| necessary operations on that data, if they can't even see it?
| api wrote:
| The main barrier is the difficulty of doing it, and there is
| currently an economic _disincentive_ to fix this.
|
| For software companies the cloud is DRM, and the only kind that
| works. Rent access to software and you can easily charge a
| recurring fee for it. This is incredible on the business side,
| especially because recurring revenue is valued higher by finance
| types than non-recurring revenue (due to perceived lower risk).
|
| For makers of software you can self-host, money is often made
| through support. This creates a disincentive to make things too
| easy or you cut into support profits.
|
| If you try to make a living making endpoint applications, life is
| hard. The FOSS movement has educated the market that software
| should always be free (as in beer, not freedom). People will pay
| $10 for a Starbucks drink but not $5 for an app they use every
| day.
| paulcole wrote:
| >Whenever I bring this up people are like "I don't care, I have
| nothing to hide".
|
| My feelings on this are similar but different, I do have things
| to hide, but I just don't care.
| mtoner23 wrote:
| The examples he gives are all the small downsides of cloud
| hosting but the huge upsides are clear to consumers and is the
| reason we all use them. Dont tell me that you really want to self
| host your youtube playlists, the market of people who want that
| is incredibly small.
| mholt wrote:
| This is why I'm building Timelinize [1]. It's a follow-up to my
| open source Timeliner project [2], which has the potential to
| download all your digital life onto your own computer locally,
| and projects it all onto a single timeline, across all data
| sources (text messages, social media sites, photos, location
| history, and more).
|
| It's a little different from "self hosting" but it does have a
| similar effect of bringing all your data home and putting it in
| your control. We have to start somewhere, might as well start
| with bringing in all the data we've put out there. (It's not a
| replacement for self-hosted media servers, for example.)
|
| The backend and underlying processing engine is all functional
| and working very well; now I'm just getting the UI put together,
| so I hope to have something to share later this year.
|
| [1]: https://twitter.com/timelinize (website coming eventually)
|
| [2]: https://github.com/mholt/timeliner
| olah_1 wrote:
| Have you considered using something like hypercore[1] for the
| timeline sharing? Or maybe you don't plan on making timelines
| shareable?
|
| [1]: https://twitter.com/HypercoreProto
| metadat wrote:
| This sounds very cool, please submit a "Show HN" once the
| basics are working!
| mholt wrote:
| Oh I will, for sure! I will need a lot of feedback.
| BonoboIO wrote:
| Sounds nice.
|
| Do you know some tool, to have all your feeds in one place. I
| hate having to use Instagram, but a few friends post nice
| things. Like timeline but with your own feed with only the
| things i want to see from the sources i want.
|
| Like a daily "You missed this posts, images and ..."
| badhombres wrote:
| I would love to self host, but the time and effort I would have
| to put into doing, maintaining, and convincing my spouse (which
| is a whole effort by itself) is so significant it will take away
| from my other goals in life.
| pansinghkoder wrote:
| Genuine question: does it make sense to go even more paranoid
| with self hosting?
|
| 1. buy a box at home
|
| 2. run on onion: https://medium.com/axon-technologies/hosting-
| anonymous-websi...
|
| 3. access media using onion browser
|
| I believe electricity cost of hosting at home would be expensive
| and accessibility will be a problem 2000 miles away without cdn.
| One might have to consider having this box on a separate network.
|
| So anonymity here might not be worth the price?
| cjlm wrote:
| Dismayed with the brittleness of Pinboard and the bloat of most
| alternatives I turned to self-hosting an excellent bookmark
| server called linkding[0] on a Raspberry Pi. Very happy with the
| result.
|
| [0] https://github.com/sissbruecker/linkding
| throwaway684936 wrote:
| Not quite self- _hosting_ , but in the same spirit I've slowly
| been working on a simple local archival system for anything I
| don't want to lose. It's changed my life.
|
| Even across years of content, it's required less storage space
| than I expected. The more I archive, the less I need to rely on
| online search engines or worry about linkrot. It's also helped me
| cut down on how many tabs I keep open in fear of losing
| information.
|
| If I can't recall some piece of information, I can do a fuzzy
| global search through the text of all articles I've saved in a
| specific category, for example. If I find some obscure fix for
| something deep in an old reddit or HN thread, you bet I'm
| archiving that so if I run into the same issue a year later I can
| easily fix it again without trawling through 50 Google results.
| axlee wrote:
| What do you use to organize all of this unstructured data in a
| way that is searchable and retrievable?
| throwaway684936 wrote:
| It's somewhat structured; I use both broad categories and a
| tag system. I can also add additional comment text to
| archived pages. It's all patched together with shell scripts
| and some Lua (since that's what I'm familiar with). `ripgrep`
| is the utility used for searching. It's fast enough for me
| even when I don't use any kind of category filtering, but I
| have a beefy computer and use NVMe drives, so YMMV.
| teekert wrote:
| I love selfhosting. Right now I have this in my personal docker-
| compose.yaml: NextCould (3 installs, each their own MariaDB
| instance), HomeAssistant, Mosquitto, Vaultwarden, an Nginx served
| static website, Unifi controller, nzbget, Samba, librespeed,
| Wireguard, 4 MineCraft servers, AdGuard home, FoundryVTT and
| Traefik as reverse proxy for https (it's all 1 yaml file,
| everything! At least, excluding the HA config etc). All on a 16
| GB RAM, corei3 based server. Home Assistant tells me it is
| consuming about 30 W right now (and generally stays between
| 30-35W). That's about 70 eur a year for multi-terabyte personal
| cloud, and docker-compose makes managing it very easy (docker-
| compose pull, docker-compose up -d). Over the past 2 years I had
| only one issue (I had to pin Mariadb to 10.5 or NextCloud
| complains).
|
| Oh, the initial costs are of course quite high, including all
| disks I'd say about 1000 eur, so it's quite the hobby (I have a
| nice Fujitsu motherboard (3 y/o) and Fractal Design case (12
| y/o), it saw 3 builds now, I started with a super cheap atom
| based board, then a Pentium dual core, and now the corei3 system
| that can handle a lot more disks, the nvme root drive makes it so
| fast.) I wonder about my next system. I also have a corei3 based
| Nuc (as htpc) and that thing is also very fast, silent and energy
| efficient. And it has nice and fast external I/O. Not sure yet,
| but my current system will last at least another 5 years.
|
| My father has a Synology NAS and for some time I thought that
| would be my next system because I'd get tired of the associated
| sys-admin tasks at some point (I started with a Gentoo system and
| there were no containers, meaning you have to set up php-fpm,
| then mariadb, then download Next(Own)Cloud, then update it
| regularly, pff and the migrations to other systems...). But
| docker-compose really changed that for me, I think the Synology
| would be more work.
|
| Btw, a nice podcast on Selfhosting where I got a lot of
| inspiration from: [0]
|
| [0]: https://selfhosted.show
| psYchotic wrote:
| My hosting stack seems to be similar to yours. In addition to
| the services themselves, I run a watchtower container to check
| for new images for me, which then notifies me through yet
| another selfhosted solution: gotify. I have watchtower setup
| not to automatically recreate the containers (I've been bitten
| by postgres updates a few times too many).
|
| Speaking of Wireguard: I've been looking for a web-based
| management interface to define Wireguard networks with (using
| the server it runs on as a sort of central "hun"), but haven't
| yet found anything I really like and/or found simple enough to
| use. What does your Wireguard setup look like?
|
| Watchtower: https://github.com/containrrr/watchtower Gotify:
| https://github.com/gotify/server
| teekert wrote:
| I use this image: ghcr.io/linuxserver/wireguard [0]. Under
| environment I can set the number of peers and it simply spits
| out that number of peerX.conf files and QR-codes (as PNG),
| which I then manually set up on the different devices. Not
| really simple but also not complicated. I hear a lot of good
| things about tailscale and I feel like I have to start
| playing with that...
|
| Oh, gotify looks really nice, I'm still looking for something
| like that. I'd love to be able to receive notification for
| events in my house (as detected by Home Assistant for
| example).
|
| [0]: https://docs.linuxserver.io/images/docker-wireguard
| buzzert wrote:
| > Btw, a nice podcast on Selfhosting
|
| Ironically, not self-hosted (served from fireside.fm).
| teekert wrote:
| In the podcast they talk a lot about when to self host.
| Sometimes it makes sense, sometimes it doesn't. For example
| this podcast's community is on Discord, but for their other
| podcasts they maintain a Matrix server. It's interesting to
| hear them talk about the joys and pains that both solutions
| bring.
|
| I used to run an email server from my basement, now I also
| know that that is not something I want to self host anymore
| :)
| buzzert wrote:
| Ah yeah, I figured it was for a good reason. I just thought
| it was funny.
| spansoa wrote:
| I haven't tried it, but Piwigo[0] looks promising for photo
| albums & management. That or Ente[1] although Ente doesn't have a
| self-hosting option like Piwigo.
|
| If you really want _true self hosting_ you would run it off your
| own on-prem machine and use your ISP to push & pull content.
| Putting things on a VPS is not really 'self' hosting as you're
| entrusting a third party to not get their datacenter burned down,
| or the hard-drives corrupted, etc
|
| That said, the only caveat to hosting in your own house is it
| could suffer a fire, and your data is wiped, so having /BOTH/ a
| VPS and an in-house on-prem solution means you're not putting all
| your eggs in one basket and you have a contingency plan in place,
| which one day may be worth it. It buys you peace of mind because
| of the redundancy.
|
| [0] https://piwigo.org/get-piwigo
|
| [1] https://ente.io/
| cubesnooper wrote:
| > That said, the only caveat to hosting in your own house is it
| could suffer a fire, and your data is wiped
|
| Well, there are other reasons to prefer using external hosting.
| Home connections are typically port-filtered, have dynamic IP
| addresses, and have a low IP reputation, and your ISP selection
| is very limited. Whereas if using a VPS there are so many
| options that it's easy to shop around.
|
| But you can still self-host while getting the benefits of a
| VPS. Just forward ports from the VPS over a WireGuard tunnel to
| your real machine. Then all the actual infrastructure is on
| hardware you control, and the cloud provider has no access to
| your TLS private keys.
| ptman wrote:
| Yes, and you can even do this quite cheaply. Oracle cloud
| free tier has a nice traffic allowance:
| https://paul.totterman.name/posts/free-clouds/ . Add
| tailscale/cloudflare tunnel/plain wireguard for connecting
| your home server to the cloud instance.
| mohaine wrote:
| IANAL but I believe another reason to true self host, at least
| in the US, is that rules for things inside your house have
| extra protection. Sure they can still get a warrant, but this
| is a totally different level than what they need to get the
| same data off of a VPS.
|
| Do you really have any search and seizure protections on a VPS?
| spansoa wrote:
| > Do you really have any search and seizure protections on a
| VPS?
|
| I'm aware of this, which is why I do full disk encryption of
| any VPS instance I operate. See the Third Party Doctrine[0]
| which applies to the US only AFAIK.
|
| [0] https://en.wikipedia.org/wiki/Third-party_doctrine
| LeSaucy wrote:
| I am comfortable re-building my self hosting setup from
| scratch/backup. I enjoy the sense of agency being able to fix
| something myself vs wait for a cloud service to return. As I
| rely on my self hosted setups more, I also build in the
| appropriate amount of high availability features required. You
| will learn a TON of skills that are sideways related to
| software engineering. It's very empowering to be nearly
| entirely self sufficient with your profession. I can
| write/test/deploy software (ie pay the bills) and never have
| some critical service or infrastructure carpet pulled out from
| underneath you(ie dockerhub,github) and prevent you from doing
| your work.
|
| This is such a niche attitude/market but it has been
| _incredible_ to see the surge of self-hosted applications
| /services over the last 5 years.
|
| It is also relatively easy these days with modern ci/cd tools
| to have a "portable" enough stack that in the event of an
| emergency you could purchase a few linode instances and be
| migrated to a vps environment in an afternoon.
| billiam wrote:
| Great fun to make, a lifetime to maintain.
| gcommer wrote:
| Lots of good points about the challenges of self-hosting
| throughout this thread, especially maintenance, security, and
| time-investment.
|
| Here's my solution to all of them:
|
| Invest in your common infra. Docker provides stable images
| configured primarily with env vars. I have a docker-compose host
| with logging/monitoring/alerting. All service-specific files are
| mounted from a NAS that has backups. All network access is closed
| by default, but exposed via a central login proxy (tailscale
| would be an easier alternative, but my Beyondcorp-esque system
| lets non-technical family members use my services easily from
| anywhere by tapping a yubikey).
|
| That's 3 pieces of infra to maintain (docker host, NAS, login
| proxy) but I can check all the boxes for self-hosting 15+
| services. O(n) services with O(1) infra.
|
| I regularly spin up new services in under 10 minutes, while only
| having to touch 3 files that I am already familiar with (docker-
| compose.yml, dnsconfig.js, nginx.conf). I've run stable services
| for years on this stack. The only painful issues have been
| upgrades to the docker host, docker ipv6, and hardware issues.
|
| This is all on a recycled computer in the basement, with a cheap
| VPS as a stable public entrypoint.
| ziml77 wrote:
| But then you're adding even more parties to trust as it's often
| the case that Docker images are not provided by the same people
| that are maintaining the project.
| nfriedly wrote:
| I've been pretty happy with my local Unraid server. I have a few
| things running on it, including Plex for my music library and
| Nextcloud for notes, file storage, and automatic photo uploads
| from my phone.
|
| The software and Nextcloud data are all on an SSD, but the
| Nextcloud data gets a nightly backup to a mechanical hard drive.
| The music doesn't have any backup, but I could always re-rip the
| CDs if I had to.
| mertd wrote:
| The post is conflating two separate things as if they are the
| same.
|
| 1) Personal stuff that you created and own. For example photos on
| Google Photos. If Google decides to remove a random photo from my
| collection, that would be a big problem for me. But they don't.
| On the upside, the probability of Google losing my photos is an
| order of magnitude lower than my personal hard disk failing and
| me having forgotten to back it up.
|
| 2) Stuff that others created like movies and songs. I really
| don't care if a show that I was watching drops off of Netflix. I
| don't have the same emotional investment to it as the stuff in
| #1. I'll just find something else to watch.
| hkon wrote:
| Yes, completely valid to treat it as the same when it's
| something you want to have access to without any third party
| denying/removing that access.
|
| That you have no attachments to movies, music or tv shows is
| just you. Others may want to continue enjoying the media long
| after it has been removed from online services.
| ngcc_hk wrote:
| Google issue is whether they will pull the plug of the whole
| service, change name or what. Then you will ask what. And if
| you are not looking in that several months ... it is really
| what.
| sylware wrote:
| Bringing self hosting to lambda users is _REALLY_ hard and Big
| Tech won't let you do it too easily.
|
| Many corp email smtp servers will IP block your email server (big
| thanks to spamhaus), or won't support no-DNS email address and
| servers (which is RFC from the start) or won't have the decency
| to handle grey listing or will send all your emails to their spam
| boxes (gogol) even though ppl did remove your emails from their
| spambox.
|
| IAPs won't provide a stable public IPv4 address or IPv6 prefix.
| UPNP NAT port redirection (IPv4) will have bugs on the IAP
| router/modem.
|
| Buying a DNS and configuring a domain is a pain. So few DNS
| registrars support automatic domain configuration via the
| standard dynDNS protocol (is this even a thing?).
|
| The self-hosting devices on user domestic LANs will be pown by
| very "smart" hackers pushing those very users towards big tech (I
| wonder who is pay... pushing such hackers to do that...).
|
| The path of least resistance will win, always, even if it means
| giving way to much power to some corps:
|
| Lambda users _will use_ comfy centralized services mostly, and
| those centralized services, once big, will try to zap away any
| alternatives or interop (which most used in the first place to
| get there).
|
| Like lambda users _will use only_ the pre-installed OS on the
| computer (or mobile phone) they bought, same idea.
|
| I am talking about nearly everybody else who is not "us", the
| 0.1% (ironical).
| denton-scratch wrote:
| > Many corp email smtp servers will IP block your email server
| (big thanks to spamhaus)
|
| Nope.
|
| Spamhaus doesn't block self-hosted email servers. Spamhaus just
| publishes a number of lists, which postmasters can use or not,
| whether for filtering or just for scoring. The PBL in
| particular is likely to catch people self-hosting from a retail
| connection, because it lists most residential IP address-space.
|
| But it's the receiving mailserver that does the blocking, not
| Spamhaus.
|
| And it's down to the policies of the receiver's postmaster what
| lists are used and how they are used. That requires judgement
| and research, and some postmasters lack the former or don't
| have time for the latter.
| patmorgan23 wrote:
| Also I believe you could use a paid public relay service
| (like mailgun) to get around those blocks.
| p_j_w wrote:
| GP never said Spamhaus blocks anything.
| denton-scratch wrote:
| True. but he did say that the blocking is "thanks to
| spamhaus". That is not true.
| roydivision wrote:
| "lambda users"? I've not heard that term before.
| mxuribe wrote:
| Same here. Is that a synonym for a lay person?
| rank0 wrote:
| I run a few services from my home but still have to rely on
| aws/fly.io for some portions of my infrastructure.
|
| I really want is to learn how to rent rack space from a
| colocation. The documentation available does not make it easy to
| learn. Can I just buy an old 1U blade, throw xen on it and show
| up at my nearest colo? What do I need to preconfigure to ensure I
| have remote access without giving remote access to the colo as
| well? Do I get physical access to the data center?
|
| Wish I could find some guides on this topic. 95% of blog post
| tutorials are just ads for the latest trendy cloud
| startup/language framework.
| eddieroger wrote:
| I did this once. Don't overthink it too much - yes, it is as
| simple as finding a rack with sufficient space, power and
| network, plugging it in and going. You'll most likely get a
| public IP and have no access to your neighbors, so they won't
| really care what you do with it as long as it's not illegal or
| against the Terms of Service for your host. So yeah, if you
| want to do it, just do it. Get an OS you know, install an SSH
| server or Remote Desktop, and rack it up. If you can get to it
| on your LAN, you'll be able to get to it on the public
| Internet. Also, quickly learn about good auth and firewalls and
| fail2ban.
|
| That all said (and said with the clarity of age and knowing I
| was a stubborn kid who did things "because I could"), the
| experience of spinning up a VPS today on Linode or Digital
| Ocean is effectively the same, infinitely cheaper, and a lot
| more fun than racking a server somewhere. I can script up a
| fleet of servers from my bed at 1am just because, and can't
| tell the difference between SSH'ing to them versus that one box
| I did 15 years ago. If you want to do it, go nuts and have fun,
| but you really aren't really missing much over conventional
| VPSes these days.
| rank0 wrote:
| Thanks for the response!
|
| I gotta disagree with you though on cost. You can get a beefy
| refurbished dual Xeon blade for a couple hundred bucks. Rack
| space where I live is like $50/month for 1U and gets much
| cheaper/machine as you scale up. $50 on aws will get me maybe
| 1 medium ec2 instance and an s3 bucket. With a used blade I
| get 20x the compute for the same price.
| landemva wrote:
| If you have a cabinet, and neighbors are caged to prevent your
| access to those, then you may get physical access. Call a small
| provider near you and ask.
| lbriner wrote:
| Sadly the answer is, as often, it depends!
|
| Many rack space rentals will not permit you to just install
| whatever PC you fancy because it is potentially a risk to the
| neighbours in terms of fire or bad hardware, most will happily
| quote you to buy one their approved ones!
|
| It is pretty easy to get a rack space provider where the
| provider cannot access the machine but this can be good or bad.
| In some cases, I would rather they could shutdown the host if,
| say, the RAM is broken and replace it but if you would prefer
| to do this yourself, that is fine.
|
| In most cases, you will be given a public IP address directly
| mapping to your machine via a router/nat lookup so whatever
| services you open on your machine are open on that public IP
| address so pretty easy to setup RDP/ssh/whatever.
|
| Probably the biggest issue though is the extra work or hassle
| if something goes wrong. I remember at a previous company where
| some guy would frequently have to drive for 30 minutes each way
| to go to a data centre to perform certain updates that couldn't
| be done remotely.
|
| YMMV
| vel0city wrote:
| > Many rack space rentals will not permit you to just install
| whatever PC you fancy because it is potentially a risk to the
| neighbours in terms of fire or bad hardware, most will
| happily quote you to buy one their approved ones!
|
| I have _never_ experienced this. The only restrictions I've
| seen on colo contracts I've gone after were related to UPSes
| and things with large batteries in them. So a big stack of
| laptops would be a no, but if I wanted to put Atari ST's or
| Dell PowerEdges or white box builds or bitcoin miners it
| doesn't matter. I guess I've always done things at at least a
| half or full cab, never single Us at a time.
| kjs3 wrote:
| I've never worked with a colo vendor that once you contacted
| them didn't have exhaustive support for "how to we get to the
| point where we can start billing you", usually including an
| actual human that you can ask questions.
| benedikt wrote:
| you're not all that far off
|
| * you'd have to sign up with a colo provider first. since data
| centers in physical buildings, this just depends on where you
| live
|
| * when you sign up with them they provide you with info like ip
| addresses or how to connect to their network (they might have
| dhcp, or you might have to configure static ips). usually there
| is a initial setup fee, around 1 month of rent.
|
| * if you just rent a a 1U space you usually can get physical
| access to it while accompanied by someone working for the data
| center. usually this is during business hours, but each data
| center will have its own rules. if you rent larger units, such
| as a full rack (42U) or half a rack you usually get a key card
| and can access it 24/7 (this usually involves a phone call for
| them to remotely open a lock)
| Moru wrote:
| With the ones I have used you just click around on the homepage
| selecting what you want on the server and then pay. Some sell
| second hand repurposed servers on auction that they will set up
| for you. A while later you get an SSH login on the server and
| that's it, your server is running somewhere in a
| basement/bunker/old mine and you can go visit it if you want
| but in general you can do everything remote. There is even
| stuff that can let you see the bootup in bios from remote
| (Called KVM I believe). Some help you set up backups on the
| server and help you with setting up programs on the server but
| then it starts to get expensive.
|
| You can also just rent a space to place your own server but I
| haven't tried that.
| rank0 wrote:
| In your experience did you have to sign up with a partner ISP
| at the colo? Or is that done for me and just part of my colo
| bill?
|
| Is power use included as well?
| procombo wrote:
| Colocation provider will bring the circuits to provide
| best-path connectivity based on packet destination. There
| shouldn't be an additional charge for this. They are
| incentivized to manage their bandwidth so data transfers
| fast, as they are likely charged wholesale for fiber
| availability.
|
| You will likely be charged 95th percentile mbps based on
| your usage. (Again, "pipe space required" to your needs.)
| Basically, whenever you're busiest -- 4pm-9pm are popular
| times for us in the USA.
|
| Some customers limit their bandwidth themselves (like, only
| allow max 12mbps file downloads, etc.) especially when they
| have the hardware to support huge bandwidth. Or your
| colocation provider can perhaps limit max connection to
| 100mbs or 1gbps if you want.
|
| Power is usually leased in amps. If you go over amps the
| circuit will break -- at worst case scenario. But typically
| they get in touch with you and tell you to upgrade.
|
| Also, they do want to know vaguely what your service is.
| Because you'll likely lease their IPs, they will question
| you if you do a lot of email (caution for spam), or run a
| Tor exit node (legal hassles for them in many cases).
| QuikAccount wrote:
| Couple weeks ago I made this post about self-hosting
| https://news.ycombinator.com/item?id=30618577
|
| My conclusion coming out of that thread was self-hosting is not a
| thing I'm going to do. I don't have the time or energy to
| essentially take up the part-time job of managing my own self-
| host.
| goatcode wrote:
| Site is down. I guess we've learned the limit of this self-
| hosting advocate's self-hosted setup.
___________________________________________________________________
(page generated 2022-03-23 23:00 UTC)