[HN Gopher] Start Self Hosting ___________________________________________________________________ Start Self Hosting Author : quaintdev Score : 443 points Date : 2022-03-23 18:16 UTC (4 hours ago) (HTM) web link (rohanrd.xyz) (TXT) w3m dump (rohanrd.xyz) | dashwehacct wrote: | I used to produce and record music and used a website called | imeem to host my works. At some point it was bought out by | MySpace and all non-licensed music was removed (granted there was | a ton of stuff uploaded by individuals who did not own the rights | to the work they uploaded) including stuff uploaded by the | creators. | | My work was pretty sub-par at the time, but I felt the burn | pretty badly. Since then I've had very little faith in any site | that allows creators to upload their content. | | I still have work uploaded to SoundCloud, but also have backups | stored locally and on my self hosted nextcloud instance for this | reason. | | This is probably more along the lines of the current situation | with Vimeo than it is with Picaso, but I can still feel the burn | from time to time. | detcader wrote: | > It gives you the peace of mind by keeping you in control of | your data. | | I like the sentiment and the points made, but the author uses | this amorphous concept of "your data" throughout and I feel like | it simplifies things a lot and conflates many different issues. | | Most people shouldn't focus on self-hosting literally all the | data related to them. This is a sort of perfectionist mental | compulsion many of us on HN are familiar with. You have to decide | what data you actually really don't want to live without in the | rare event you lose access to it, and prioritize _that_. For most | people, this data is not very complex: family photos and videos, | an album by an obscure artist, a game you like to play every few | years or hope to show your children. | | If you are an activist, or someone creating dissident media, or | something like that, you should already be wary of the cloud -- | the incentives already drive you to use tools that are secure and | self-host when needed. | | If you truly don't like the ways the big tech companies are doing | things, you should find ways to organize with others and demand | change; otherwise you are just modifying your personal habits and | thinking you are sticking it to the Man with a one-person | boycott. | pSYoniK wrote: | Self hosting seemed so very daunting up until a year or so ago. I | decided to give it a shot while struggling to find a way to keep | my notes. OneNote isn't good (no Linux support), wasn't a fan of | Evernote, Nuclino was crawling on my old laptop and I ended up | finding BookStackApp. | | This led me to find a cheap VPS, install it using the install | script and then figure stuff out from there. It led me to setting | up a home server and working my way through the entire setup - | format and mount drives, automate backups, automate hdd health | checks, setup smb, docker, traefik, emby and so on. | | At this point I'm looking at experimenting with Proxmox as my | server is overkill (it also made me realize how few resources are | used in these setups... we end up needing 2-3000$ systems to just | run an OS... which is absolutely ridiculous). Linux showed me | that in order to do any meaningful work you don't need a 3k | machine. In any case, I'm in the process of arranging ALL my | notes in order and I plan on publishing a guide that walks a user | through the setup step by step. | | I know people are talking about a lot of the complexities, but | you can always share your knowledge. Help someone setup an old | linux box to use as an smb nas... get them to install jellyfin or | emby or plex on it and even there you have already massively | helped them in the right direction. I think it's our | responsibility to share our knowledge and empower people to | migrate or at least understand what's involved. | blenderdt wrote: | Self hosting is hard. You need to take care of security, backups, | software updates, software installation and so on. | | Even on something like a QNAP (which can be compared to managed | hosting) this can be hard. Flip the wrong switch and you expose | something to the world. Missed a security update: your device is | now vulnerable. | | While I host a lot of things myself I can understand self hosting | is not for everyone. | edgyquant wrote: | I used to love running my own servers with all the services | etc. I'd manually write beautiful bash scripts to keep it all | nice and easy to rebuild on the fly. My first job had 10 Ubuntu | servers (on site) and I was the only guy who used Linux at home | and had experience with sql. | | I have never volunteered to maintain servers since, it was | horrible and everything was always my fault (it kinda was, I | was a hobbyist at best with no real production Linux | experience.) | | I do still end up as the dev ops/infra guy at every place I've | worked but at this point I'm probably one of those stubborn | senior guys who wouldn't like the way the juniors went about | it. | Gigachad wrote: | Yeah I tried self hosting everything. Getting it actually | running is the easiest part. Its the maintenance, backups, | and security that are 90% of the job. You can get it working | pretty easily and forget about it and it will run for a while | until something goes wrong or it needs to be upgraded. | | Now I'd rather leave hosting to a someone dedicated to it who | has internalized the latest state of things for all the | relevant bits of software and is constantly keeping this | knowledge in their brain. Set and forget self hosting can't | work in the current environment we have where things require | constant security updates and complex security hardening. | chousuke wrote: | Sounds like you might've had an unusually bad experience. | Might've also been the distro; I don't like Ubuntu much | myself. :P | | Maintaining inherited environments is also much more painful | than ones you get to design from the ground up. I work with | varied environments, and one with ~250 RHEL / CentOS machines | has approximately the same level of maintenance burden as | another with a dozen or so Ubuntus because the first | environment has had configuration management from the | beginning and the second is a complete mess that I've slowly | tried to reverse-engineer and clean up. | | When your change management works, maintaining a dozen | servers isn't all that different from maintaining a thousand | or more; and the need for change management and automation | doesn't really go anywhere even when you _don 't_ self-host | things. | vorpalhex wrote: | For home hosting the trick is KISS. | | I used to backup to external drives. Now I use bare ones | since finding big externals got difficult. | | I use (and probably abuse) docker compose. K8s is great but | compose is easier. | | I use a single makefile. Kinda ugly but it's fine. | | Bunch of friends and family use my "services". They usually | chip in for hard drives and stuff. | | I have a few central points of failure but it keeps things | easy. My uptime still beats most big clouds - though I have | it easier. | | I accidentally took down my server for a few days from a | botched hardware install. It's a bit funny because now we | realize how critical the home server has become to us.. on | the other hand, already got the spouses blessing to build a | backup standby server. | tormock wrote: | > Self hosting is hard. You need to take care of security, | backups, software updates, software installation and so on. | | automation is not a thing? I'm pretty all cloud providers do | it... | Havoc wrote: | Docker has taken much of the pain out of it though. And if kept | on local network safety is largely a non issue. | | Drop in replacement while outside LAN are admittedly a little | harder and more at risk of mistakes | UncleSam wrote: | > Even on something like a QNAP (which can be compared to | managed hosting) this can be hard. Flip the wrong switch and | you expose something to the world. Missed a security update: | your device is now vulnerable. | | It doesn't even require actively flipping switches, but can be | from not knowing a vulnerable feature was enabled by default. | My QNAP got hit with ransomware because of a vulnerability in | the cloud access software that I wasn't even using. I've since | locked down all non-local traffic. | khalilravanna wrote: | Wanted to reply saying the same thing. I didn't really muck | with the settings on my QNAP NAS and then checked into my | files one day and everything was encrypted with some txt | files telling me to send BTC to some address. I just | formatted the disks, lamented not backing some stuff up, and | moved on. | | I'd say the point being: I'm a software engineer who knows | better about these sorts of things and still got caught with | my pants down. You have to be very judicious with respect to | security. You can't just plug and play and say "I'm too busy | to worry about that." | | Another thing I'll add is the amount of software tools they | have on these NAS machines strikes me as 1) very impressive | for a company their size and 2) a huge surface area rife for | being hacked. When it happened I wasn't surprised at all. | | I've since stopped using it because at the end of the day I'd | rather pay Dropbox to have peace of mind. | LAC-Tech wrote: | _Self hosting is hard. You need to take care of security, | backups, software updates, software installation and so on._ | | I'm pretty sure we all used to that and it was mostly fine. | | I get that the mainstream computer user has been lost to | techno-infantilism. But why should we? | z3t4 wrote: | You can use a popular Linux dist and turn on automatic updates, | and use Snap apps that update by themselves. But you still | would not have control - apps could update with breaking | changes. The only way to win is by choosing simple tools that | are either considered "infrastructure", or simple to build and | even patch yourself if needed. | dcchambers wrote: | > You need to take care of security | | Easiest solution is to just host stuff on a local network | without access to the wider internet. E.g. running on an old | laptop/raspberry pi/server in your basement. | | Sure, that means you can no longer access your self-hosted | stuff when you're out of the house, but the tradeoff is peace | of mind about your data leaking or worse. | jjnoakes wrote: | That helps for external threats breaking into buggy network | services, but it doesn't help for compromised | apps/images/dependencies exfiltrating your secrets. | asdff wrote: | A compromised app on a local network has no one to phone | home to. | jjnoakes wrote: | If it's an air-gapped local network, then sure, but how | useful is that? Are you disconnecting your phone/laptop | from the internet when you access the air-gapped network, | or do you use two network interfaces on every device? | | I assumed the GP was talking about a typical home "local | network", one behind a NAT - so no incoming traffic, but | usually, it allows any outgoing traffic. | spiffytech wrote: | > Sure, that means you can no longer access your self-hosted | stuff when you're out of the house, but the tradeoff is peace | of mind about your data leaking or worse. | | Lots of things I'd consider self-hosting are functionally | useless if I can't access them from my phone while out and | about. | | I could put my phone on a VPN, but that's just another layer | of complexity to add to the self-hosting process. | mynameisvlad wrote: | I do a split approach -- Most services are available | internally only, some are reverse proxied out. It used to | be caddy2, but after a recent issue and switching to | TrueNAS, I just use Traefik with k8s Ingresses and only set | it on the few containers I would like accessible. | simonw wrote: | Tailscale makes accessing a Raspberry Pi in your basement | from outside of the house genuinely easy, including from | mobile devices. | | I think Tailscale opens up all kinds of new opportunities for | self-hosting. | ngcc_hk wrote: | How about add a remote apple host. Not for the world but just | you? | denton-scratch wrote: | That's not really a solution if you want to self-host mail, | or a blog; those services only work if the wider internet can | see you. | nirvdrum wrote: | Setting up a VPN is pretty easy these days. If you don't want | to run it on your router, you can look at something like | Tailscale for remote access. | kjs3 wrote: | I'm amused by the implications here that 1) the outsourced | alternatives are better than you are at keeping up with the | 'hard stuff', and 2) that in an outsourced scenario you can't | "flip the wrong switch and you expose something to the world". | This thinking is why I can't tell you how many incident post- | mortems I've done where I have to once again hear "...but, but, | but...we outsourced this to them so this couldn't happen...". | treesknees wrote: | Depends on whether you're referring to a SaaS provider or | something more like a MSP. | | I'd like to believe the engineers running Google Photos or | iCloud are spending a lot more time on keeping my photos | secure and available than I would be willing to put into a | server running in my basement. | | In the case of a business hiring an MSP to manage something | complex like firewalls, Active Directory, server patching, | then sure it's reasonable to assume that if they made a | mistake, the impact would be equivalent to you making the | mistake yourself. | | It's possible you need to tell whomever you are reporting to | for these post-mortems, they should be outsourcing to | reputable service providers in order to free up time and man- | hours, not necessarily just to save financially. I suspect | that is the real problem. | brettermeier wrote: | I tried it but there are so many traps you can fall in, like | security settings as mentioned by you. When i had my server | online back then, it was hacked 1 week later :D | macinjosh wrote: | I hear a lot of stories like this. I've been self-hosting for | a few years out of my home. I have a symmetrical gigabit | fiber connection. My IP changes very frequently (DDNS and a | low TTL solves that problem for my use cases). | | _anyway_ | | I haven't been hacked.. yet. /me knocks on wood | | The precautions I take are basic: - Use | unique and secure credentials on each service I expose. | - I only expose ports 80 and 443 to the public. 80 HTTP | redirects to HTTPS/443 - I keep my software updated | (docker-compose pull) - Nightly backups to cloud | storage and local disk - I "airgap" my home network | from my hosting network. There is no shared hardware between | them including firewalss/routers, switches, etc. | | I figure cloud services and SaaS get hacked anyway. I can't | enumerate the breaches my data has been a part of. If my | self-hosted stuff gets hacked at least I can do the forensics | and actually see what happened and what was accessed. With a | 3rd party all I can hope for is what their PR department lets | out. | aimor wrote: | I'm interested in how you set up your home and hosting | networks without any shared hardware. I've been running my | own websites from home for awhile on their own machines, | but never considered they could be on a completely separate | network all the way up to the modem. | Gigachad wrote: | The first hack I noticed was that someone had set a | password on my redis server because the default was no | password and I had accidentally exposed it to the wider | internet. This was exposed for 6 months before this | happened. Who knows what else was accessed without me | knowing. | sgarman wrote: | IMO separate hardware for your self-hosted network puts you | into a whole new class of hosting at "home." | cersa8 wrote: | It has also gotten much easier. For instance running your own | full blown email server with docker-mailcow. There's a great UI | tool that helps to setup the required DNS records. I remember | doing the lengthy postfix + dovecot + SASL + MySQL + Auth + | this + that guides. No need for it anymore. | nirvdrum wrote: | To the extent permitted by the hosted service, you should still | backup your data. If you manage to accidentally delete all of | your hosted photos or if your account is compromised, I | wouldn't rely on most services going to their backups to | restore your data. Unless it's a site-wide issue, most places | will say "that's too bad" and send you directions on how to | protect your account. | aeturnum wrote: | I agree but I think about it in the reverse way: the hosting is | easy, what you get when you use another company's service is | the maintenance. Just like every other option where we choose | who will maintain something there are trade-offs. You can | maintain your own car if you want, but it'll involve things! We | all look at our lives and decide which is best for us for each | thing. | | Personally, I tend to self host the things whose maintenance I | at least find satisfying, and hopefully enjoy. Otherwise I pay | someone (through ads or my own money) to do it for me. | mrmattyboy wrote: | I'd love to see a blog post that says, this is how to setup X | (I dunno.. mediawiki, owncloud, whatever).. and then go fully | in-depth into _everything_ surrounding it.. security, backups, | logging, alerting, monitoring, backup testing/restoration etc.. | a blog post that really covers everything for a well-protected | 21st century hosted application that won't leave the owner in | tears after a year! | | There's honestly so many posts that make it look so easy, but | without everything else that would normally make it a job | position in a company :) | edgyquant wrote: | These are called instruction manuals and no one likes to read | them. | Moru wrote: | I realy hate the part when they say "But this is outside of | the scope of this manual." | unforswearing wrote: | I am certain you have spent the time to ask everyone if | they indeed do not like to read these, but I disagree. | core-utility wrote: | I think the hard part is that would be largely dependent on | specific implementation, which itself is very opinionated. I | could write a post on how I run, maintain, and secure Docker | Container X on Ubuntu Y using vSphere with Synology and get | 100 comments on why CentOS is better and I'm wasting | time/money with vSphere over Proxmox, etc. Cloud doesn't have | quite this problem. Once you've chosen a cloud provider, you | have significantly fewer options in each category, minimizing | this option-overload. | Moru wrote: | Write your howto on your private blog and disable comments. | Problem solved. You can thank me later :-) | cmroanirgo wrote: | It should start with how to make your system upgradeable too. | I've server that started on Ubuntu 16 and made a helluva mess | upgrading to 18. Due to php changes i've had to use ondrej's | packages for later php... but that will break on a (very | overdue) upgrade to 20... | | All these script kiddie tutorials are terrible at showing how | to maintain a server _for years_. | rsync wrote: | "Flip the wrong switch and you expose something to the world." | | One strategy for dealing with accidental misconfigurations is | to employ a "network slug"[1]: | | "A Network Slug, or "Slug", is a transparent layer 2 firewall | running on a device with only two interfaces. ... The purpose | of a Slug is to reinforce a security policy or to block | uninentional leaks of information." | | [1] https://john.kozubik.com/pub/NetworkSlug/tip.html | hosteur wrote: | I have never head this idea described in text before. | However, I have made firewalls this way for decades. They | were typically for stuff that ran in a datacenter so it would | be a 1U server with three NICs. | | I would really like to make such devices for home or office | use. What would be a good device to use for this? | Unfortunately, RaspberryPIs do not come with 2 or 3 NICs. Any | recommended alternatives? | egberts1 wrote: | Got one of those. It is hard. Very hard. Absolutely freakin' | hard to make a bump-in-the wire dynamic 5-tuple blocking | "hub". | | It also does "waterfall" egress packet delaying. | rsync wrote: | I'm not sure I understand what you're describing ... | | A slug should not need to be dynamic nor should it be | complicated in any way ... in fact, it is one of the | simpler systems I have ever deployed ... | egberts1 wrote: | Does it do Suricata, Zeek, Snort, Transparent Squid (with | valid signed CA cert), and a furtive SSH port in which to | monitor and API to block ports? | hosteur wrote: | I think all those are anti-features on a network slug. As | I understand it, the device is intentionally simple | because it is there to ensure some misconfiguration | cannot expose some port that should not be exposed. | | I have implemented firewalls similar to this in the past. | They typically had three network interfaces. Two of them | were configured as bridges and then I use | ebtables/iptables to filter traffic flowing through. | These two interfaces would have no IP address and would | not be visible on a traceroute, etc. | | The third interface would only be connected to a separate | admin network. Or it might not even be plugged in. In the | latter case, the admin needing to change anything on the | device would have to be physically present and bring a | "crossover" ethernet cable and plug their laptop directly | into the third NIC of the firewall. From there, they | would be able to ssh into the firewall and change config. | rsync wrote: | A network slug does not have an IP address. You cannot | connect to it over the network. I'm not sure you | understand what the device is and what it does. | | Let me give you an example - I have a "port 22 slug" and | what it does is block all traffic of all kinds except for | TCP22. That's it. It does nothing else and it does it | transparently without having an IP address of its own. If | I wanted to reconfigure it, I would connect with a serial | console. | | Make sense ? | fossuser wrote: | I'm biased because I now work on it, but I think Urbit is the | only way something like this will work for most people and at | scale. "Only" is probably too strongly worded, but it's the one | attempt I've seen where I think real success is among one of the | possible outcomes (other attempts I've seen don't fix deeper | issues and are DOA). | | The issues that caused the decentralized web to fail (and | incentivize centralization) are deeper and to get self-hosting to | work beyond the tiniest of niches requires rethinking some of the | computing constraints we find ourselves operating under from | first principles. | | People will never run their own servers if that means | administering linux. Identity will never be solved by PGP key | signing parties and spam will always be a problem on the current | web. Federated systems in their current state that require | everyone to run linux servers and keep them in sync/up to date | will not work. | | https://moronlab.blogspot.com/2010/01/urbit-functional-progr... | | https://urbit.org/understanding-urbit | | On the current web we're just serfs allowed account access on | company servers. I think it's admirable to make it easier to run | your own server, but I think decades have shown that it won't | work (beyond a narrow hyper-technical niche) without fixing some | of the larger issues: https://zalberico.com/essay/2020/07/14/the- | serfs-of-facebook... - the most exciting part of the web was what | people thought it would bring in the 90s. I think that isn't | impossible, but we're currently trapped in a local max. We can't | get out of that local max without acknowledging why we're in it - | why the centralized services are currently so much better and why | the dream of everyone self-hosting (even with decades of effort) | has been a failure. | deforciant wrote: | I self host a ton of things! :) it's really much less hassle than | people think. I started with Docker compose and eventually | started using my side project https://synpse.net/ for it as it | just helps to move things around and update things remotely. I | just wish more tools embraced 12 factor app style deployment :) | asim wrote: | If you really want mainstream adoption of self hosting then you | need to stop calling it self hosting and rebrand to "personal | cloud". The ease of use of cloud software includes zero install, | zero management and consumption based pricing. Desktop and mobile | had hardware packaged with software and a simple install | mechanism with ease of use as a staple for mainstream users. | | Self hosting has zero standardisation around hardware, software, | install mechanisms. It's a Dev led movement that has everything | to do with control and ownership over ease of use. You want | mainstream adoption of self hosting. Rebrand it, standardise it, | make it easy for non devs. | jart wrote: | That's what Western Digital does with their "My Cloud" product | line and honestly it makes me cringe. | asim wrote: | That's because its a product by western digital. No one wants | that. Let's put it like this. Cloud 1.0 was infrastructure, | Cloud 2.0 was services, Cloud 3.0 is personal/private. | jart wrote: | I respect Western Digital and think they're trying their | best to do a good thing. It's that word in general though. | Buzzword paradigms always make me feel unwell. As someone | who's usually a ahead of the herd in terms of adopting | tech, once the broader public catches on and starts making | up jargon, I always get a sense that it twists the meaning | I personally associated with these concepts and causes me | to feel negative emotion about parts of my work life once | tacitly normal. | kerblang wrote: | You know what would be kind of neat? Like, a web site you'd go to | called makemeoneofthose.com, and you'd click some buttons, and | then sometime later you'd have a hosting setup that you own with | some software, web server(s) and database(s) on it, and then you | can go hack on it yourself, add some features, whatever. Like | they send you some AWS keys and say "It's all yours. Good luck | and don't forget to pay your hosting bill." | | And now you have a blog, a picture-sharing thingie, a bulletin | board, a whatever. | | Maybe there could even be a version where you pick a datacenter | and somebody racks up a PC for you with the software on it. | anamexis wrote: | And we can call it cPanel ;) | boplicity wrote: | cPanel isn't "cool" so it doesn't get a lot of credit here, | but it is actually an amazing product that solves real | problems. It makes running a server -- even hosting email -- | almost effortless. Combined with a decent host, you don't | need to have much technical knowledge at all. It really does | make running your own server accessible to many, many people | who would otherwise be unable to do it. | ocdtrekkie wrote: | Additionally: Setting up PHP/MySQL applications on these | servers tends to be "upload files, load page" level simple, | and cPanel hosting is still generally a fraction of the | cost of modern "cool" cloud products. | | Sure, I have some neat modern things I'd like to do, but I | also have a shared hosting that's been doing it's job for | pennies since 2011. | andreyk wrote: | Seems like you could do this pretty easily with a Docker image | and a config file. Actually, I've done this with AWS (use a | pre-existing image to get some open source wiki software up and | running, which I then customized)+ | kevincox wrote: | But the hardest part of hosting anything is the maintenance | over time. | disqard wrote: | Yes! This is what experience has taught me too. | | We tend to underappreciate the importance of _time_ in | everything. A button click can instantiate something powerful | (and useful (and easy-to-use...)), but it _will_ degrade over | time, and eventually flat-out stop working. | | I had a stack that worked just fine for my own needs, but it | ran on _shudder_ Python 2.7 -- everyone knows how that worked | out (I chose to rebuild my stack on a different platform). | dragonwriter wrote: | > A button click can instantiate something powerful (and | useful (and easy-to-use...)), but it will degrade over | time, and eventually flat-out stop working | | Software doesn't degrade over time (other than, you know | things like cosmic ray bit flips, but in most realistic | situations that should be fully mitigatable.) | | The needs of the software user (including hardware and | software they want the piece of software to interact with) | may evolve, but that's different than software degrading | over time. | | > I had a stack that worked just fine for my own needs, but | it ran on shudder Python 2.7 -- everyone knows how that | worked out | | While there's no further first party support for that | version of Python, if it worked properly before, Python 2.7 | and the software running on it probably still works | properly now. | felixhammerl wrote: | This comment was brought to you by someone who never | produced/maintained software that had to withstand a 24/7 | onslaught of automated exploit kits and port scanners | over an extended period of time. | monkeyjoe wrote: | Sure, but my old Google cloud apps on python 2.7 will one | day get rug-pulled and forced to upgrade. It can only | stay working forever if the platform doesn't change | underneath it. | dragonwriter wrote: | > Sure, but my old Google cloud apps on python 2.7 will | one day get rug-pulled and forced to upgrade | | "Degradation over time" was being cited as a reason not | to self-host. Pointing out that _not_ self-hosting | exposes you to risk of others changing the environment so | it no longer supports your software is a diametrically- | opposed argument. | icedchai wrote: | If your software is not publicly accessible, it may be | possible for you to continue running on 10+ year old | dependencies indefinitely. For anyone else, other than a | hobbyist, it is just not practical. | | Otherwise, you are going to be influenced by external | factors (security vulnerabilities, wanting to use a | feature only available on a newer language version or OS, | etc.) If you are a business, you'll also run into more | practical concerns, like engineers not wanting to work on | a mountain of technical debt. | brimble wrote: | I would absolutely use "degrade" to describe what happens | to public-facing or Internet-connected software over time | --eventually you'll have to upgrade it for security | reasons, and you'll often find that this is _way_ more | involved than just upgrading the server-side package | itself, or even its immediate dependencies. The | alternative is even more work back-porting security | patches. All this is assuming someone 's actively working | on the software you're self-hosting, at least enough to | spot, advertise, and fix vulnerabilities. | | Ditto the average Rails/Python/Javascript project, as | anyone who's tried to resurrect one that's gone so much | as six months without being touched can attest. Which | might not matter except that a ton of the software people | might actually want to self-host are in one or more of | those high-entropy ecosystems. Extraordinary levels of | care and organization on the part of the creators and | maintainers can mitigate this, but that amount of taste | and effort is vanishingly rare. | | These are degradation due to _a changing environment_ , | sure, but I wouldn't describe it as due to evolution in | the _needs of the user_ (presumably "must not have any | well-publicized remote vulnerabilities" was a need from | the beginning). | FunnyLookinHat wrote: | I have thoughts but not a lot of time - so forgive the | terseness. I love the idea of this, but I'd take it further and | even have a category in upwork for getting services spun up and | maintained. | | But that's really the problem - maintenance. Right? Once | something goes wrong _for whatever reason_ the user is then | (for the immediate needs) just as stuck as with a cloud | provider who disabled their access. | | Thankfully there is a better course of action - e.g. find | someone to fix it for you. Maybe on upwork as well? | | But where are you hosting this? Is it AWS? Did _they_ suspend | your account? I guess my point is that unless you host on | hardware in your house (or another accessible place) you're at | the risk of losing access to your data for any myriad of | reasons. And even then, there have been warrants where devices | were collected and went into a years-long battle as evidence. | civilized wrote: | This, but they also manage all the updates for me too. | | Ideally the only difference between self-hosting and relying on | a cloud service would be, I own the servers and therefore the | maintainer has no legal right to bar my access. | qwertox wrote: | A lot of hosting providers do offer OSS applications which can | be installed with one click, like WordPress or Coppermine. The | latter is, I quote: | | > a multi-purpose fully-featured and integrated web picture | gallery script written in PHP using GD or ImageMagick as image | library with a MySQL backend. | | And SSL certificates are for free and automatically generated. | | An example: https://www.netcup.eu/hosting/#webhosting-details | | https://www.netcup.eu/hosting/webhosting-application-hosting... | Jerrrry wrote: | I am not related at all, but seems like a good dude: | | https://www.molecule.dev/ | marc_io wrote: | But then you have to know how to maintain it all yourself. This | is hard. If you already have the knowledge to maintain such a | tech stack, that allegedly neat tool would only be marginally | useful. | ad404b8a372f2b9 wrote: | A lot of cloud providers offer this. Cloud ocean for example, | you search for the application you're interested in, click | lauch and you've got it deployed in a docker container on a | remote machine. | [deleted] | Havoc wrote: | >you'd click some buttons, and then sometime later you'd have a | hosting setup | | Docker-compose comes pretty close to this. I had no idea wtf I | was doing when I got started and it resulted in a functional | thing surprisingly often | | Not quite the SaaS vision you describe, but point is you can | stumble into something functional pretty easily these days | molsongolden wrote: | The digitalocean marketplace is kind of like this. Also | sandstorm.io. | losvedir wrote: | I was so sad when sandstorm kind of fizzled out. I'm still | hoping Kenton is on a secret mission to somehow bring it to | life within Cloudflare. How cool would that be? One-click | installs of docs, email hosting, photo sharing, etc apps from | a server app marketplace, onto a cloud server you control. | (Insofar as you "control" anything on a cloud host, but I | feel like that's pretty far, still.) | orblivion wrote: | It's still slowly but surely chugging along. A small number | of people (myself included to a small extent) are working | on it. There's even a budget: | | https://opencollective.com/sandstormcommunity | | We've discussed the one-click install thing at some point | (not necessarily with Cloudflare), I imagine that's still | of interest. There were some issues with the setup process | that would need to be addressed first. | | Kenton is in the loop and he still has the keys. But, he's | busy with other things so he only does a few occasional but | vital things. | [deleted] | ocdtrekkie wrote: | > onto a cloud server you control | | Or a box in your house, which is where my Sandstorm server | lives. :) I think there's a lot of potential for actual | self-hosting, though servers like Sandstorm need to have | reasonable defaults and make it easy to manage domain setup | and backups and security updates, such that one can get a | box, plug it in, and reasonably quickly get to "don't need | to touch this ever" territory. | pkulak wrote: | We used to host our own software. It was called an application | and it ran on your personal computer. We just need that, but | running on some appliance instead, like a NAS. Package the | service up in something like docker-compose, have a way to sell | it, install it, update it and support it. Synology is pretty | close with their Docker support, but still pretty far. | edgyquant wrote: | The problem is you're fighting a battle against global | economies of scale for what is essentially a hobby or | personal project. This is not a winning battle and most | companies prefer to outsource the risk to someone else they | can point to shareholders and blame. | | People get caught up in the technical aspects of developing | for cloud but I'd bet those weren't anywhere near as | important as risk outsourcing for the executive. At that | point cloud was still new and the thought was we can run our | infra if we need to. | throwaway894345 wrote: | You also need stuff like networking, TLS/certs, and DNS which | aren't easily packaged, at least not in a way that doesn't | require you to make sketchy changes on every client device. | pkulak wrote: | Something like Cloudflare Argo tunneling would work great | for this. No certs at all for the user to mess around with, | it terminated on the public internet, not in your house. | erulabs wrote: | Not to advertise, but I'm building exactly that at | https://pibox.io - also solving other problems people have | identified in this thread like automatic valid certificates, | DNS, remote access, etc :) | robbomacrae wrote: | I want to run my servers from both AWS as well as my laptop. At | the moment the configuration and deployment of each is unique | which, apart form being a bit of a hassle, also means there might | be issues on one i cannot reproduce on the other. It would be | really cool if there was a way I could deploy to my machine with | awscli and self host my own beanstalk setup so I can test and | debug even offline safe in the knowledge it will work exactly the | same. | | Are there any projects that offer something like this? | romanzubenko wrote: | Self hosting can also be a great option to protect against | authoritarian regimes. After my family's VPN was banned in Russia | a few weeks ago, it took me an hour to set up Wireguard server | with Algo VPN on digital ocean. Now I'm supporting uncensored | internet access for 3 families back home, while Russian | authorities playing cat and mouse games with popular VPN | providers. | gunfighthacksaw wrote: | Dear Gods of OPSEC, I hope your username isn't your real name. | sgt wrote: | Good luck on that side. Russians are great people and not | everyone supports Putin. | CrazyPyroLinux wrote: | Great relevant podcast: https://selfhosted.show/ | davchana wrote: | Author; Unrelated to the topic but related to your blog; the | footer has a missing colon in address, in theme link. It is | | https://https//github.com/nodejh/hugo-theme-mini | | It should be | | https://github.com/nodejh/hugo-theme-mini | ajsnigrutin wrote: | Raspberrypi is solving self-hosting issues for most people (size, | power usage, simplicity). It's also bringing the price down, | because for 2 years of a paid dropbox plan, you can set up your | own nextcloud instance + another backup drive if needed... plus | all the bonus features (privacy, fast access at home, no ToSs to | break, etc.). | the_common_man wrote: | Can recommend https://cloudron.io for those looking to get | started with self-hosting and don't have a whole lot of time | figuring out how to install/update a variety of apps. | mmaunder wrote: | I agree with the issues raised, but I'd say there are costs and | risks associated with self-hosting, and those aren't factored | into the post. | | Self-hosting will have the same appeal as off-the-grid power: | It's expensive and technically complex to implement, comes with | it's own unique risks, and is way less convenient than sucking it | down through the same pipe everyone else is. But it does provide | a sense of empowerment. | epalm wrote: | When I hear "I have nothing to hide" my response of "OK, just | send me your browser history" is usually met with silence. | gkoberger wrote: | I understand this, but I also... really like the cloud. | | I can share, be social, get recommendations, not worry about | backups or a lost computer, not maintain anything, access from my | iPhone, etc. | | I have thousands of photos and music collections lost on old | laptops and hard drives that I'll never see again. | | I know there's huge tradeoffs (as articulated here), but there's | some really amazing things about the direction the web is going. | devmunchies wrote: | One thing I think would help the self-hosting community is a | standardized method for tapping into repositories of scripts and | functions. The next step is to build a UI on that platform and | then I can do admin things from a self-hosted UI but it just runs | several script for me behind the scenes. E.g. a button for check | upgrade for my email server, a button for upgrading my email | server, etc. | | If administrative configuration became standardized, then it will | become commoditized by hosting platforms. | cuillevel3 wrote: | What exactly is self-hosting? Are you just running services in | isolation? | | Updates come from a central place, I guess. With some appliances, | there is integrated federation, "cloud" access? Those can still | comprise you. | | Do you share hosting with your family and friends? Are they still | "self-hosted", or are you their provider? | maestroia wrote: | Irony. | | Hosting a list of applications for self-hosting on a SaaS | platform. | aborsy wrote: | The main problems with self hosting are securing the server for | remote access, and maintenance. | | If you can keep it local, Synology has good boxes that are | reliable and largely plug and play. They require little to no | maintenance. | alfiedotwtf wrote: | Flip-side: | | I self-hosted my blog and email for over 10 years, everything | automated - first with Perl and Bash scripts, then much later | with Ansible. It was beautiful. But last year I moved to | S3/CloudFront via CloudFormation for my blog and Migadu for | email. It's even more beautiful because it's now _somebody else | 's_ problem and also a hell of a lot cheaper. | anon23anon wrote: | imagine being at that beautiful place but on that shitty | computer. | mrmattyboy wrote: | I love promoting self-hosting.. self-host, self-host, self-host! | | Having said that, I'd say: Chose your battles wisely... | | You can run your hardware in X number of physical locations that | you have access to (personal house, family etc.). But that | doesn't always suffice for backups, so go with an additional | cloud provider for additional backups. | | Emails: Do you want to be hit with tonnes of spam traps because | you're an unknown IP (any individual doesn't send email emails to | 'warm-up' your IP). Do you want to lose emails because your | personal server had a power-cut or internet connection drop? | | Monitoring: I'd said for small-medium personal setups, to get the | level of monitoring, central logging and intrusion detection | detection that someone (at least for me) would be comfortable | with in the current age, a fair chunk of computing power goes to | this. Maybe you'd use an external vendor for monitoring, since | your home server monitoring itself won't detect if it goes out. | | Instant messaging: For IOS, at least, you need to jump through a | bunch of hoops to send notifications to devices - should you use | an external service for this? | | Honestly, I'm rambling, but.. I absolutely recommend self-hosting | everything.. but I think a foreword about the amount of effort | that needs to go into setting up services that you rely on a | daily basis is (or should be) pretty high. | | I.e. if I were wanting to setup a single service for myself that | I _heavily_ relied on.. I probably wouldn't do it. If I wanted a | bunch of applications.. serving 5 applications from a k8s cluster | and some additional work for monitoring, log management, backups | and other bits and pieces probably starts making sense. | | On another note, for me, hosting things on your own, especially | for data/services that you truly care about, sometimes can have a | keep-you-up-at-night feeling of "you don't know what you don't | know".. what if someone is in my network.. what if there's a | vulnerability in the VPN, firewall and X, Y Z that hasn't been | patched and someone is on my machine deleting/stealing my data. | There's also people at lot more clever than you in the world and | plenty of people writing scripts to automatically break into | services that require a little more knowledge than you have on | the subject (whatever the attack vector maybe). | kodah wrote: | Self-hosting is something that we should be constantly iterating | on making easier; it's really the path forward for privacy | centric folks. The main challenges are managing workload | scheduling (SystemD is complicated for a layperson). Networking | is another challenge; for instance, if you wanted _all_ or _part_ | of these services to remain offline or on a Mesh VPN there 's a | lot of knowledge required. | | There's some projects trying to tackle the workload orchestration | piece; CasaOS (https://www.casaos.io/) being one of my favorites | but there's also Portainer (https://portainer.io). TailScale and | and ZeroTier are great for Mesh VPN networking, where you may | need to run some workloads in the cloud but want them networked | with your home applications (or just to keep them offline). They | also allow you to access applications running on a home server | that doesn't have a static IP. Cloudflare Access is okay; I | haven't tried it because it deviates from the mesh VPN model | significantly. | Havoc wrote: | Quite surprised at seeing CasaOS mentioned so often here. It's | quite a young project & best as I can tell it was sorta a | sideproject of the guys sitting on their hands while trying to | ship Zimaboard kickstarter hardware during a ship shortage. | | Good for them that it is seeing traction :) | [deleted] | [deleted] | fknorangesite wrote: | > Self-hosting is something that we should be constantly | iterating on making easier | | I'm pretty sure that's exactly what we did and ended up where | we are today. Any sufficiently-advanced self-hosting is | indistinguishable from AWS? | | I'm not sure how joking I am. | lumost wrote: | Having started my career in hosting, I would suggest that this | world is unlikely to come back except for exceptionally small | applications with minimal business impact. What does self- | hosting provide which end-end encryption does not? | | Self-hosting means: | | - Needing to know how to configure your linux host across | firewalls, upgrades, backups. | | - Negotiating contracts with network service providers. While | verifying that you have the right kind of optic on the network | line drop. | | - Thinking through the order of operations on every remote | hands request, and idiot proofing them so that no one | accidentally unplugs your DB. | | - Making sure that you have sufficient cold spares that a | server loss doesn't nuke your business for 6-12 weeks depending | on how the hardware manufacturers view your business. | | - Building your own monitoring, notifications, and deployment | tools using both open source and in-house tools. | | - Building expertise in all of your custom tools. | | - A 6-20 week lead time to provision a build server. | | - Paying for all of your hardware for 3-5 years, regardless of | whether you will actually need it. | | - Over-provisioning memory or CPU to make up for the fact that | you can't get hardware fast enough. | | - Getting paged in the middle of the night because the hardware | is over-provisioned and something gets overwhelmed or a | physical machine died. | | - Dealing with the fact that an overworked systems engineer or | developer is never making any component the best. And | everything you touch will just passably work. | | - Everyone will have their own opinions on how something should | be done, and every decision will have long term consequences. | Get ready for physical vs virtual debates till the heat death | of the universe. | gz5 wrote: | tailscale is strong for network-centric use cases. | | openziti is strong for app-centric use cases - put the | (programmable, zero trust) network into your self-hosted app | (via SDKs for various languages), rather than putting the app | on the network. | | https://openziti.github.io/ (quick starts) | https://github.com/openziti | | disclosure: founder of company selling saas on top of openziti | Hendrikto wrote: | > SystemD is complicated for a layperson | | Is it? It has clean and logical abstractions, and consistency. | Services depending in each other isn't complex or difficult to | understand. | | I suspect that a nice GUI would make systemd quite usable for | non-expert users. | | BTW: It's called "systemd": | | > Yes, it is written systemd, not system D or System D, or even | SystemD. And it isn't system d either. [0] | | [0]: | https://www.freedesktop.org/wiki/Software/systemd/#spelling | spiffytech wrote: | Technologists have a very skewed idea of what's complicated | vs easy with computers. Things we think are absolutely | trivial are often insurmountable hurdles for laypeople. | | (This can, of course, happen if you put a technologist | outside their element, too) | zepearl wrote: | > _Services depending in each other isn't complex or | difficult to understand._ | | It is for me with Systemd - I had to spend hours (on two | different occasions, if I remember correctly on Debian & | Linux Mint) trying to understand how to set a dependency | against an NFS filesystem mount so that a DB would not be | started before that, and to make that work reliably => | Systemd's docs & behaviour (& special distro settings related | to systemD?) weren't that great for me. | kodah wrote: | > Is it? It has clean and logical abstractions, and | consistency. Services depending in each other isn't complex | or difficult to understand. | | For a technologist or engineer, yes. For a _layperson_ , no. | The average consumer who desires privacy is probably neither | a technologist or engineer, so the longterm target is | something that _just works_. | | Laypeople also aren't going to entertain the kind of pedantry | that is systemd vs systemD vs System D vs SystemD so making | systems that abstract further away from those communities is | beneficial. | | Edit: Thank you for your correction, as a systems engineer, | but I couldn't help but highlight this is a big hurdle even | in the Linux communities that I've been a part of as desktop | Linux as gained wider adoption by laypeople. | lnxg33k1 wrote: | I think it has come the time where the society starts to | advance without caring about laypeople, if some folks can | learn it, if there is documentation, then we can just go on | without caring about who doesn't know how to use it, | because that's fixable. And I speak considering the German | government who had to pull back from Linux because employee | didn't know how to use it | | Let's start treating tech as the world treats everything | else: Ignorance is not a justification | prox wrote: | It is about expendable time. I mean it might take you a | few hours or so do it, or even less. | | People working in other sectors, maybe with a family when | they come home, do not have that skill or luxury. | | And speaking from experience, documentation is often | greatly lacking. For example just today I had to thumb | down a couple of google docs because it was riddled with | inconsistencies and lacking crucial information. And | that's a company with near infinite money. And its like | that for most software, with great docs an exception | rather than a rule. | lnxg33k1 wrote: | I don't agree with you, only for the fact that right now, | in this age computers are everywhere, everything is | digital, it is not luxury to learn how things work, it's | survival, it's not expendable time, it's professional | time | ndiddy wrote: | Laypeople don't know that systemd exists. They will install | a webserver or something and the package manager will | automatically install and enable its unit file. | hotpotamus wrote: | You know, nothing is really ever that simple and this | comment makes me realize that. You actually hit on a | philosophical difference in package managers lol. Ubuntu | (not sure about Debian) will install, enable, and start a | package, But Red Hat only installs it, because they | expect you to configure the service first. | nobody9999 wrote: | >For a technologist or engineer, yes. For a layperson, no. | The average consumer who desires privacy is probably | neither a technologist or engineer, so the longterm target | is something that just works. | | In comparison to system V initd startup files, systemd unit | files are, arguably, less complicated. | | I'd say the "complexity" of systemd unit files is _mostly_ | irrelevant to end users. | | For a relatively non-technical user, implementing whatever | application/service one might want to use should be as | simple as installing the relevant package(s) and | dependency(ies) via existing, well managed package | management systems. | | That said, too many developers encourage self-hosting, but | don't provide appropriate packages and defaults for most | popular distributions. | | If developers spent just a little more time creating | buildable packages (supporting the creation of binary and | source .rpm, .deb, etc. packages) with sane | defaults/startup files could make the inclusion of such | apps into the standard/extras repositories of a broad | swathe of Linux distributions much simpler and, for the | non-technical user, easy to install and configure. | | Matrix Synapse[0] and Diaspora[1] both come to mind in this | respect. Installation and configuration of these platforms | requires the installation of several software development | frameworks and separate (from the standard system package | managers, e.g., DNF, apt, dpkg, etc.) package management | tools for the language dependencies. | | Requiring installation of software dev environments and | building the software/databases/admin tools for such "self- | hosted" solutions just confuses non-technical users. | | As a professional with decades of Unix/Linux implementation | and management experience, I find implementing such | platforms simple enough. Just read the docs, install the | dependencies and compile/install/configure the software. | | For a non-technical person, that's likely a non-starter | unless there's a UI that will do so automagically. | | Fortunately, there is such a UI for _most_ Linux /Unix | distributions -- it's called the system package manager. | | Unless and until developers provide distribution | developers/maintainers with appropriate packageable sources | (or even separate repositories with binaries!) to be added | to the default repositories, self hosting many apps will | only be the purview of technical users. | | This annoys me. A lot. Not because I, personally, mind a | complicated set up process for such applications, but | because it limits the ability of both Linux/Unix | distributions and self-hosted applications/platforms to be | used more broadly by non-technical users. | | Especially with tools like Diaspora, Matrix/Synapse and | others which have the potential to overturn centralized | hell holes like Twitter, Facebook, Instagram, WhatsApp, | etc. | | It's been _at least_ five years since I first installed a | Diaspora pod and a year since I installed Synapse and a | STUN server. In both cases, had I not been a long-time user | /manager/implementor of Unix/Linux and associated sw dev | environments, the install would have been nightmarish. | | For both platforms, installation pretty much _requires_ | knowledge of software development tools and practices, as | well as more than a passing familiarity with Unix /Linux | shells and environments. | | I can't imagine my 64 year-old sister in-law (a reasonably | well educated and smart cookie with decent problem-solving | skills) taking the time to learn how to use git, clang/gxx | or even docker to install this "self hostable" stuff. | | That should be the target audience for such self hosted | tools, not devs and other technical people. | | Taking the time to make one's application/platform easily | installable/configurable (and building from git repos | and/or Docker-compose aren't "easy" for non-technical | folks) by non-technical end users could make a _huge_ | difference in this space. | | [0] https://matrix.org/docs/projects/server/synapse/ | | [1] https://en.wikipedia.org/wiki/Diaspora_(social_network) | GrayShade wrote: | I swear, writing it as SystemD isa shibboleth of systemd | haters. | kodah wrote: | For the record, I actually like and use it. I'm just at | work and didn't put much thought on how to spell it. I also | didn't really expect someone to care that much in a | general, high-level discussion. | cozzyd wrote: | they are all in favor of SystemE | bqmjjx0kac wrote: | More like SystemSh | cozzyd wrote: | SystemS? | teekert wrote: | What lay person does anything with systemd though? I have all | my services in a docker-compose.yaml... Sure, I remember the | days before systemd, I remember upstart, Gentoo's rc.conf. I | still think it's useful I can find my way trough the | internals of a Linux box, but for me all that stuff is far in | the past. This is how it goes nowadays: Install the system in | 20 min, clone the infra as code, put the data back, start the | infrastructure... Where does the init system still play a | role? | 0xdeadb00f wrote: | I'm certainly not a layperson, but systemd frequently | confuses me. | | I want to edit a service to harden it for example. Oh, wait I | shouldn't edit it directly with vi? Because it gets | overwritten by package updates. Okay, makes sense, I need to | use systemctl edit instead. But that opens a file that has | everything commented out. Do I uncomment the [Unit] heading? | What do I need to keep and where do I add my additions? I | recall there being a comment at the start of this file, but | unless I'm misremembering it doesn't answer that. | | All I ask of it to do one thing - start something.service | after other.service. yet it just refuses to order them this | way. Why? I have no idea. I also have no idea where to start | debugging a problem like this. There's a billion ways to try | and do this after all: do I add Before=something to | other.service? Do I add After=other to something.service? | Both? Wants=something? | bmn__ wrote: | > it gets overwritten by package updates | | This doesn't happen. The package manager installs the new | configuration under a different name so that you do not | lose your changes and can merge them easily. | johnny22 wrote: | what they are saying is that they edited the file in | /usr/lib , which definitely would get overwritten. You're | supossed to copy it into /etc/systemd/ for the | appropriate service type. | lvass wrote: | systemctl edit --full does what you want. | | I wish package managers would make patching packages easy, | this kind of thing is so much more manageable on Nix. | evantahler wrote: | The world of Synology products is fascinating in this regard. | | Take photos - They've got iOS and android apps that replace your | photo app; a truly self-hosted server you run in your home with | pretty easy to use DNS support tools. Even shared albums work | without much fuss. I think they've invested in the UX in recent | versions, and it shows. | | https://www.synology.com/en-global/DSM70/SynologyPhotos | viburnum wrote: | I've had a Synology raid for a few years but I'm completely | baffled by it. There seem to be three options for everything | (Photo Station, Moments, Photos. Similar situation for video). | Nothing ever seems to work and it's very slow. It's never clear | exactly where you're supposed to put your files either. | Constantly doing security updates isn't very reassuring either. | I feel like I'm going to get hit with ransomeware all the time. | Forge36 wrote: | Definitely pro-sumer, I think professionals are the primary | audience, though as an individual this cuts most of the effort | out of the process for me. | evantahler wrote: | Exactly! I guess above by "UX" I meant far more than the | screens you interact with - running the app, storage, | integrating with mobile and home ecosystems, etc. Sure it's | fun to learn how all of that works, but for a few 100$, you | can really move a family to fully self-hosted (content) in a | day. | CommanderData wrote: | Photos is great but lacking. It seems like all of the other | iterations of Synology's attempts to make a photos app. | | It starts off great and then never receives any attention. I | bet their working on Gallerys next. | | Photos can be great but the facial recognition is extremely | poor and not there yet.. | DrSiemer wrote: | How would that work, self hosting Spotify and YouTube? | | In theory you could probably find ways to rip and download | everything you want to save, but it would require a massive | amount of storage space just to be sure you never lose things | that have a tiny chance of being missed. | mcdermott wrote: | Agreed, we've given up too much control, privacy and sense of | ownership. | patientplatypus wrote: | zelon88 wrote: | I love self hosting. I made my own cloud platform [1] with app | launcher [2] and add-on games [3], file conversion server | application [4], and anti-virus server application [5]. | | I'm currently working on the third iteration of the Cloud and app | platform [6] which features completely noSQL and cookieless user | and session management features. They are my passion projects. | | [1] https://github.com/zelon88/HRCloud2 | | [2] https://github.com/zelon88/HRCloud2-App-Pack | | [3] https://github.com/zelon88/HRCloud2-Game-Pack | | [4] https://github.com/zelon88/HRConvert2 | | [5] https://github.com/zelon88/HRScan2 | | [6] https://github.com/zelon88/HRCloud3 | gregmac wrote: | Like so many things, this is just all about trade-offs. Self-host | is not a silver bullet, it just swaps in a different set of | problems. | | Risk is part of it. Cloud service disappearing, discontinuing, | failing, changing pricing, or modifying product, vs fire/flood, | theft, hardware failure or software update breaking things. | | Responsibility for maintenance is a whole thing, too. Maybe you | like that sort of thing, but is still a time suck and for most | people it eventually gets boring (especially if it's similar to | your day job). Do it less often and eventually you will find | yourself upgrading something through major versions with all | kinds of breaking changes. | | Security is a constant concern, and it's unfortunately not as | simple as "it's firewalled on my LAN with no inbound access" | | Media disappearing from a cloud service is incredibly irritating, | but you know what else is bad? Trying to watch a movie with your | spouse but instead spending your evening diagnosing why your NAS | refuses to boot. | stathibus wrote: | The author mentions but doesn't address the Picasa problem, which | incidentally is the one I care most about. | | What do I do when all the useful software is cloud based and | requires me to store my data with the service provider in order | to use it? Self hosting is not a solution. | quaintdev wrote: | Good point. I use Photoprism to manage my pictures. | | https://photoprism.app/ | Isthatablackgsd wrote: | Self-hosting is not always the answer for a lot of people. | | Self-hosting are not easy for laypeople (someone who are not | familiar with it) to try to get their feet wet with it. For | myself, I am on the level of beginner and I do struggle to stay | on self-hosting path. When I set it up, I learn there is more | steps that I have to do because the documentations and guides did | not bother to explain those step and expect me to research more | to find the information about it. | | My biggest beef with self-hosting is that they expect us to set | up the SSL/TLS certificate without explaining the step to set it | up. Some guides does have section about it but never provide the | details about creating CA for my self-hosting needs. I turn to | Google/DDG to find information about it and they are all over the | place or leading into dead-end. | | There are few others thing I have gripes with self-hosting. I | like self-hosting and they are pleasing for me as I don't need to | rely on third party solution. The gripes I have is the | documentations that are over the place or sparse information | about it. | mhitza wrote: | > My biggest beef with self-hosting is that they expect us to | set up the SSL/TLS certificate without explaining the step to | set it up. Some guides does have section about it but never | provide the details about creating CA for my self-hosting | needs. I turn to Google/DDG to find information about it and | they are all over the place or leading into dead-end. | | If you have your own domain pointed at your server, the Let's | Encrypt certbot can automatically pull in a certificate and | configure your apache/nginx webserver (alternative webserver | caddy has this feature built in as far as I know). | | If you don't have your own domain, don't go with self-signed | certificates. Get a free https://desec.io/ subdomain, and they | have their own certbot plugin to generate automatic | certificates. | bsder wrote: | > If you have your own domain pointed at your server, the | Let's Encrypt certbot can automatically pull in a certificate | | Yeah, but don't have a mistake too many times, or Let's | Encrypt will block you for a week until your rate limit times | out. | | I hit this. I understand why Let's Encrypt has to do this, | but it's very annoying and you have no choice but to _do | nothing_ for a week. | | There needs to be something in between Let's Encrypt (free) | and a couple thousand a year (other CAs). | quesera wrote: | Use the LetsEncrypt staging server for testing. When you | have a process that works, switch to prod. | bsder wrote: | That's a tautology saying "Don't make mistakes." | | A DNS misconfiguration can cause your Let's Encrypt to do | weird things on a configuration that was (and still is) | perfectly correct. | | That was how I hit it. I eventually figured out what | people screwed up in DNS. But certificates still didn't | clear. So I spent an extra couple hours staring at DNS | trying to figure out what I missed when the issue was | that we bumped into the rate limit at Let's Encrypt | (which is _REALLY_ low--I think 5 failures is enough to | trip it) while the DNS was bad and the only thing we | could do was sit around for a week with dead | certificates. | | Not fun. | quesera wrote: | Sorry, quick comment, didn't mean to be glib. | | I've hit the problem you describe, and I feel your pain. | I also respect LetsEncrypt's choice to rate limit | failures. I renew a couple dozen domains at a time, so | one error can quickly cascade into being blocked. IIRC | the block timeout starts at 24 hrs and goes up from there | if you keep trying -- this is easy to do if you don't see | the raw response error message! | | After being bitten by this a couple times, I added a dry- | run step to my autorenewal script. If the dry-run exits | with success and generates a good new cert for the | domain, I repeat by pointing to the LE prod server. This | works every time (so far, but for years now). | | I'm suggesting that any LetsEncrypt certificate | automation system (or docs) targeted at relatively low- | sophistication users (i.e. not you or me) should include | this sort of dry-run check so that the user doesn't paint | themselves into a corner with a somewhat persnickety, but | essential, service. | | Also of course, it should attempt to renew after 60 days, | so that if things go badly wrong, there are a few block- | timeout retries available before the 90 day expiration. | francislavoie wrote: | If you use Caddy, you'll almost never run into rate limits | from Let's Encrypt, because Caddy rate limits itself, and | will fallback to ZeroSSL instead of Let's Encrypt, and even | fallback to LE's staging for additional retries against LE | before trying the live one again if it works with staging. | See https://caddyserver.com/docs/automatic-https#errors | ryandrake wrote: | I think the whole "self hosting isn't easy" meme gets repeated | so much that people just take it as given now and default to | managed software. Or, someone might argue "Well, my grandmother | who knows nothing about tech cannot self-host, so it's not | viable!" ignoring there is a huge spectrum of competence | between grandma and a seasoned Linux sysadmin. People aren't | morons, and there's enough info out there on how to do it. I | agree it's not organized very well, but it's not like setting | up a web server is dark wizardry. | | With all the tools out there and easy access to VPS services | and even bare metal for your basement, there's never been a | better time to self host. And not just web servers, but E-mail, | git, photos and media, and so on, it's very accessible. | lbriner wrote: | The complaint is fair though. Trying to find a complete or | the "correct" guide to something is very difficult even when | you already know roughly what you are doing. | | I took me ages to work out how to setup postfix properly from | about 10 slightly different "guides". The Postfix book wasn't | even that helpful. There are also lots of very out-of-date | guides that might have been OK for 2015 but not anymore. They | don't get deleted because "link juice" | | It is sad but true but you get one little bit wrong and you | potentially leave a door wide-open. | plainnoodles wrote: | Postfix is a special kind of hell though, in that getting a | good setup requires wading though decades of legacy stuff | and patching together a bunch of non-default stuff to get, | for instance, dkim signing and stuff working right. I've | done this before myself, and agree it was super annoying | and not fun, but I also think it is potentially _the_ | biggest outlier in self-hosting difficulty I 've | encountered. | | Lots of services are barely more than - apt install, | systemctl enable --now, ufw allow 8080 (if you even | firewall within your network). | Karrot_Kream wrote: | I actually found Postfix fairly easy to configure once | you have a solid understanding of Email (which took me a | good while at first). Dovecot on the other hand... | Yhippa wrote: | I'm skeptical that your layperson would be able to keep self- | hosted applications secure constantly. Hell, huge | corporations have a difficult time with it. | Isthatablackgsd wrote: | I have this issue too. When I tried to set up self-hosting, | I assumed that there are steps that requires me to expose | it to the internet. Turn out that it already exposed and | didn't (or barely) provided the information of how to close | it off securely and keep it private network only. When I | tried to find information about it, there was always guides | that are not consistent with it. Some will say I have to go | in php.ini to do this, then go to SQlite to do that, then | go to other files do there, then adding 20 steps to keep it | secured. I'm just wondering why there are not any | centralized options to do this. I just want a option that I | can tick in the software and left it off as that. | | I understand those documentations are not for laypeople for | me. However it is annoying when people out there kept | pushing the self-hosting for beginners narrative without | providing the necessary tools for laypeople to keep | themselves secured and reliable. | nobody9999 wrote: | >I understand those documentations are not for laypeople | for me. However it is annoying when people out there kept | pushing the self-hosting for beginners narrative without | providing the necessary tools for laypeople to keep | themselves secured and reliable. | | And that, in a nutshell, is the problem. | | A few clicks, a configuration form and integrated tools | to set up external dependencies (i.e., LetsEncrypt | certs), et voila! You're running a self-hosted | application. | | AFAICT, this is more about developers not creating the | packaging/configuration/management tools necessary for | effective use by non-technical users. | | Sure, I can write a sql query to modify the schema of an | applications' database, but my highly educated and | intelligent physician brother would just throw up his | hands in disgust. | | Make self hosting easy and people will use it. And | Docker-compose isn't "easy" for a lay person. | plainnoodles wrote: | I agree it's overblown. It's amazing how robust of a setup | (more than sufficient for residential use!) you can get with | little effort given how easy things are nowadays. | | I've been self-hosting a lot of load-bearing household stuff | (I have stuff on the "wife-critical" path: if it goes down, | "the internet goes down" and I get a text from her) for | almost 10 years and I've only had 2 incidents of particular | reputational-risk note: | | 1) a routine reboot of the main server triggered a BTRFS bug | that blocked mounting it again. This took an evening and a | reboot into an arch linux ISO to fix (arch had a new-enough | version of the btrfs tools that had the ability to | fsck/repair the fs). | | 2) my proxmox setup was initially installed with zfs and zfs- | on-root. This exploded and the "on root" part stopped working | one day. This was the most annoying thing to fix so far | because I ended up dumping any interesting data to an | external HDD and just re-paving the server, this time | reinstalling with just ext4 and lvm (which is admittedly a | setup I'm much more comfortable debugging). No issues since | then. | | Both these events are from over 3 years ago, so it's been | smooth sailing in recent times. | Isthatablackgsd wrote: | Majority of the documentations I came across usually have the | mantra of "Do this and you are golden". I know it is not dark | wizardary, it just the documentations are aiming for someone | who have the experience and the technical knowledge of this. | Whereas there are people who are pushing "self-hosting is the | answer! Even your tech-inept grandma can do it!" without | providing documentations for inexperienced people like me. | Annoyingly that some guides have parts that have a links to | other guides that barely provide information about this. It | is like "I know how to set it up but I am not gotta tell you | how to do it, so here the link that might help" and it didn't | help at all. | adrian_b wrote: | When I have begun to install and manage servers, more than | 20 years ago, I did not have any kind of prior experience | and I did not have anyone whom I could ask. | | So I have just read the handbook, but I have read it | completely, which needs more than a day. | | It is likely that there are also other operating systems | and Linux distributions that have good documentation, but I | can testify only about those that I have used in the | beginning, the FreeBSD handbook and then the Gentoo Linux | handbook. | | Both handbooks were good enough to convert anyone into a | system administrator. | | Unfortunately, both handbooks are not as good in 2022 as | they were e.g. in 2002, because they have not always been | updated after every change, or the updates have not been as | detailed as the original parts of the handbooks. | | Even so, both handbooks remain reasonably good today. | | Especially the FreeBSD handbook is good for someone who | lacks experience, because FreeBSD is much more self- | contained, i.e. there are a lot of choices that have | already been made for you and you do not have to worry | about them. | | So for someone who is inexperienced, I believe that the | fastest way to managing a server remains to read the | complete FreeBSD handbook and install and configure a | server based on that. | | There are programs which are available only on Linux, but | the administration of a Linux server requires much more | work than for a FreeBSD server (even if much less than for | a Windows server), so for a beginner I think that FreeBSD | with its more complete documentation and less possible | choices is easier to try. | capdeck wrote: | To do this right you should also think of backups, updates, and | monitoring. Self-hosting is true freedom but doing it right for | things like email is akin to running a small business. On the | positive side docker makes many things a breeze. | Isthatablackgsd wrote: | I tried with Docker before and it is not a breeze as you | think it is. I tried to use Docker for Calibre-Web and it is | a pain to make it work. Because Calibre-Web required to | access their database in the filesystem outside of Docker. | Docker provided minimal (more of lacking) information of how | to expose the filesystem for Calibre-Web to use their | database. Calibre-Web cannot create their own database, it | relies on Calibre, standalone app, to generate the library | that it need to have access to. It took me ages to finally to | find a way to expose the filesystem and only provide | permission to access that particular library. | beenpola wrote: | ShowalkKama wrote: | If you find self hosting too annoying you could always try | Yunohost to have one click deploys for the most common | services. | | https://yunohost.org | wolpoli wrote: | It sounds like part of the difficulty has to do with the | general poor quality of online tutorials. There is a need for | properly written guide books and magazines, but unfortunately, | it seems like there is no way to pay for people to write them. | andrewallbright wrote: | I wish self hosting was a bit easier. Right now it seems you need | to know so much. I've always wondered if there was a way of | making self hosting products that were easy to set up and secure | by default. | | I'd love to spend $100 for a mail server that I just plug into my | router, as an example. | chipgap98 wrote: | The irony of an article titled "Start Self Hosting" having its | site go down | ct0 wrote: | You're missing the point if you think uptime is the number 1 | priority. | themodelplumber wrote: | That's a good post on the topic, thanks. Like a lot of others I'm | a hybrid-self-hoster. I do rely on some third-party, third-party- | hosted or other cloud services, but I also spend a lot of time | bringing things back home when I can. | | It's tricky to be in that hybrid-box since the conversation in | this area is very dichotomous--cloud things OR my own thing--but | overall I like keeping my options open and swimming with the herd | ;-) in making sensible use of cloud services when it seems | appropriate. | ndneighbor wrote: | I think the granularity of control is just as important as | where the app is hosted imo. Its perfectly valid to make a fair | compromise on ease of management vs. being able to vendor your | own versions. And especially with how great Tailscale/Wireguard | networking is nowadays, you really can make that line blur | between your own network + a cloud provider. | dlivingston wrote: | Follow-up question: | | Should someone interested in self-hosting do it from a literal PC | in your basement, configured as a server? | | Or is self-hosting on AWS / DreamHost / whatever good enough? | | I ask because I like self-hosting a lot, especially when market | solutions don't _really_ do what I need them to. | | But security, man, that worries me. I can't tell you what a | three-way handshake truly is, or what a signed certificate | _really_ means: so self-hosting my own email / web server / etc. | from my basement gives me a fear that someone, somewhere will | take advantage of a vulnerability in some system component that | I've never even heard of. | rpdillon wrote: | I self-host entirely on a Dreamhost VPS, precisely because of | the issues you mention. I'm fairly experienced with many of the | more technical aspects, but Dreamhost is more diligent than I | am, and they stay abreast of issues I'm unaware of. So I handle | the app layer (Nextcloud, FreshRSS, Fossil, etc.) and they | handle the OS, web server (Apache, PHP, etc.), and certs | (through Lets Encrypt). This balance has worked really well for | me. No affiliation, just a customer since 2004. | adrian_b wrote: | I would not encourage someone who completely lacks experience | in server/network management to do self-hosting, as it is easy | to make mistakes. | | Nevertheless, if someone is willing to dedicate some time for | study and experimentation in the beginning, this is not an | insurmountable problem. | | I have been using self-hosting on "a literal PC in my basement" | for about 20 years, without any problems whatsoever, and with | negligible costs (the main cost being that I have a set of | public IPv4 addresses and a fixed IPv4 address on my router | connected to the ISP, which implied a more expensive monthly | fee for the ISP). | | After the first few months, during which I have made frequent | changes in the configuration, while I understood better and | better how it should work, the time wasted with server | management during the next years has been negligible, i.e. just | a few hours per year, used mainly for software or hardware | upgrades. | | Configuring and managing services just for personal needs or | for the needs of a small number of users, e.g. a family, is | much simpler than in an enterprise setting. | | For reliability, it is good to have a second spare computer and | a second image of the root SSD/HDD used on your server, to be | able to replace the active server in case of failure. As others | have already mentioned, periodic backups should be done and | they should preferably be stored in a different location. | | While I believe that self-hosting is not difficult, unless | someone has already done such management work as a | professional, it is necessary to learn many things. | | For security, the first thing needed is to understand well what | a firewall does, which are the firewall rules needed by | whatever services you want to host and how to configure and | monitor whatever firewall program you choose. | | For this, some knowledge about how the main IP protocols for | networking work is necessary. | | The management of keys and certificates is also important, as | you have mentioned, but what you need to learn for this is much | less than what you need to learn about networking protocols, in | order to both make a correct server configuration in the | beginning and to diagnose any problems that might appear later | (usually because someone at your ISP makes some changes in | their configuration, which break yours, but nobody who answers | the support call has any idea that they have changed anything, | so you should better be able to identify yourself what they | might have done, if you want a quick solution). | ozim wrote: | Even better do you really need "self hosting" many people will | be good enough with external drive. | | You can also setup something like Synology which is good enough | for layman and if you keep it in your local network it is | basically easier than configuring some old PC. | inetknght wrote: | > _Should someone interested in self-hosting do it from a | literal PC in your basement, configured as a server?_ | | It's a good place to start/test. But don't open your firewall: | do all of your testing on your internal network. You really | _don 't_ want to open your network to the kind of problems that | can occur while you're learning. | | When you're ready to really host things then you should rent a | cheap shared instance, or maybe a low-priced dedicated server. | You can pick up something decent for $10/mo. That's not much if | you're skilled enough (eg, employable enough) to learn how to | self-host. | | For your internal network you can use a pi-hole to set up all | of your DNS entries so you can even visit "http://example.com" | and have it point to an IP on your LAN. | vbezhenar wrote: | If you need mail, you need VPS with good reputation. Otherwise | hosting from your basement is an option if you've got | accessible IP address. | dna_polymerase wrote: | For some things your local network is enough, like personal | pictures and other private files. E-Mails I would suggest to | host in a datacenter. Not necessarily in AWS but a local | company offering hosting. | | For those who feel unable top securely self host I'd suggest | looking into smaller providers of hosted E-Mail solutions. A | large number of federated services is better than everyone | being on Google Workspace or MS360. | alexk307 wrote: | Self-host in your basement, use nginx as your reverse proxy and | add tls with letsencrypt. I'd argue this is more secure than | most modern applications. | simow wrote: | em3rgent0rdr wrote: | > "But if you cannot wait, head over to r/selfhosted" | | The irony of this blog post is telling me to visit a non-self | hosted cloud service to get started self-hosting. | dmitriid wrote: | I'd love to self-host something like Picasa or Google Photos. | Alas, there are not too many choices that can replicate the | experience. | xwdv wrote: | Although I once loved the idea of self-hosting, my opinion | nowadays is that life is too short to self-host. Yea platforms | will come and go and sometimes it sucks, but what we really need | is easy ways to move data from one place to another, more than we | need self-hosting. | holri wrote: | https://freedombox.org/ can make this easier. It is based on | Debian and has a nice Web GUI. One can also order an appliance: | https://www.olimex.com/Products/OLinuXino/Home-Server/Pionee... | symkat wrote: | I've been working on https://markdownsite.com/ - the "Git Repo -> | Website" type of hosting platform, and have completely opened | sourced it so others can run it themself. | | The installation and on-going configuration management are first | class things, with documentation and graphs: | https://github.com/symkat/MarkdownSite/tree/master/devops | simow wrote: | 750$ GiftCard | | To win : | | REGISTER : https://bit.ly/3ilBacs | u2077 wrote: | I don't need a reason _why_ to self host, I need nice, clear, up- | to-date tutorials on _how_ to self host various services. | | Self hosting should be easy enough for everyday people. Perhaps | preconfigured servers that treat services just like apps. Once I | have a server setup, I should be able to install (and uninstall) | services in a single click. The OS can handle permissions and | containers. | kesslern wrote: | Unraid can do something extremely similar to this. There's a | plugin that provides a repository of Community Applications | that are essentially docker configuration templates designed | specifically for Unraid. You can search for say, HomeAssistant | and install it with just a few clicks. | pixelN wrote: | https://www.cloudron.io/ or https://yunohost.org/ might be | interesting. | mxuribe wrote: | I'm guessing the "why" eventually can trigger experts to craft | mechanism and associated tutorials/docs to show the "how". That | is, i think people should understand the compelling reasons why | self-hosting could be important...and maybe there will be much | more incentive to get experts to create more things - and | easier - for lay people to adopt them...For example, if tons | more people start demanding that easier self hosting options | exist (both mechanism AND how to docs), then we would have many | more entities - both commercial and private - incentivized to | generate better/easier on-ramsp for self hosting. But of | course, you're right that ultimately, eventually, the "how" to | get to such a nirvana is essential too. That is my guess | anyway. | olah_1 wrote: | I am with you. I think the future is something like Umbrel[1]. | | Because frankly, I would rather have the server running on a | little device in my home than having to mess around with things | like SSH and a VPS. An app that is running on a little computer | in my house is both more understandable and easier for me to | maintain. | | [1]: https://getumbrel.com/ | Gigachad wrote: | There are numerous projects which have attempted to create | this. | | https://sandstorm.io/ was the biggest one but as far as I can | tell its largely unmaintained and most of the apps are outdated | | https://yunohost.org/ probably has the best "just works" | experience but I didn't like that it wasn't using any kind of | containerization which has caused them issues with shared | libraries like PHP being difficult to update. As well as | security concerns about one insecure app giving access to the | whole server. | | Ultimately the problem is just extremely difficult / high | maintenance. And no one wants to pay for this work. | BonoboIO wrote: | YES! | | I think the single most important thing of any software is "how | do i install this". Thats the first thing i search for on a | github repo. | | And please no outdated tutorials, that sucks so bad ... that i | give up and don't use it. | moonbas3 wrote: | Most things offer a docker image, so maybe learn how to work | with those. | Gigachad wrote: | It's not as easy as "just run the docker image". Maybe it | is if you just want to run a single one. But as soon as you | want to run multiple it becomes a very complex job of | configuring nginx and lets encrypt. It took me several | hours to work out how to host nextcloud and get the nginx | config working. | judge2020 wrote: | What self hosting stories don't seem to focus enough on is backup | and encryption, as these are the main issues with server-in-your- | house hosting. Even disregarding fire/water damage it's not | uncommon to have hard drives die outright, which is a problem if | you didn't think to (or had the money to) set up zfs for data | redundancy purposes. | gen220 wrote: | I agree coming up with a good backup strategy is an essential | ingredient to long-term-sustainable self-hosting. | | Speaking for myself, I don't have the goal of 100% detaching | myself from "the grid", so to speak. I still want to pay an ISP | to act as a gateway to the internet, and want to pay the local | electric company to power my house. | | To me, "backups" are a commodity service, like internet service | and electricity. | | Dumb file servers are offered by any number of places for a | price lower than the cost of in-housing that service, and with | a negligible switching cost at for my workload. | | I'm personally OK with having one relatively shitty local | mirror, and a background task that rsync's to backblaze. If BB | makes noises about going under, I can migrate aws s3, | rsync.net, digital ocean, whatever entity wants to charge me | the least for my workload. | | I don't think NAS's or ZFS are strict requirements, although | playing with them can be fun. | ndneighbor wrote: | This is an important call to action, in a world where your user | experience of an application is determined by a Product Manager | who may be stat-maxxing a graph, I hope that we can see a | resurgence of self-hosted apps. | | Selfishly speaking, I work at Railway and our community maintains | a list of self-hosted apps (we call them starters) that people | can deploy to our platform. You can checkout the list of apps | here: https://railway.app/starters and we even accept submissions | via our GitHub repo: https://github.com/railwayapp/starters (Just | reply to me here and we can get it reviewed for ya.) | [deleted] | cube2222 wrote: | No thank you. | | I'll have to take care of backups, security, availability, | updates, etc. I prefer to use a managed solution. | | If you don't want to lose data on being banned, just do your own | backups, which are by themselves much less time consuming to | handle than full-blown self-hosting. | | I'm fine with the occasional service being axed, I'll just | migrate to another one. Often, somebody writes a migration script | and open sources it, making that even easier. | | It is good though to promote and vote with your wallet for | services that give you good and dependable support. | Kenji wrote: | fareesh wrote: | Anyone know of a good YouTube channel that reviews self-hosted | programs? I don't mind self-hosting but I don't have the time to | install, configure and deploy 50 different video library products | and then decide which one works for me. I'd rather watch a video | and listen to someone who has done that exercise, because it | saves me a lot of time. | rcarmo wrote: | I've gone down this path a while back and self-host Gitea and | other things: https://taoofmac.com/space/blog/2022/02/12/1930 | | I will be moving my KVM/LXD setup to Proxmox eventually (probably | when I get new hardware) and am looking into low-wattage servers | (ARM would be nice, to continue the grand tradition of running | services on an NSLU2 a few years back, but there just aren't any | good ARM server boards with lots of RAM and NVME storage). | mendelmaleh wrote: | > I will be moving my KVM/LXD setup to Proxmox eventually | | How come? I'm running proxmox currently but I'm considering | just using a regular distro with lxd because I'm almost only | using lxc containers... | uhtred wrote: | Syncthing, baby. | [deleted] | Karrot_Kream wrote: | Philosophizing on your blog seems to be the new way to tilt at | windmills. If you're actually interested in self-hosting, | https://github.com/awesome-selfhosted/awesome-selfhosted is a | great resource for self-hosted apps. Roll up your sleeves, get | prepared to get lost in documentation, and have some fun! You'll | realize the tradeoffs of what to self-host and what not-to | quickly as you start playing around with actual technologies. | Just remember that your life is production and if you're self- | hosting XMPP for your family, you may want to be confident you | know how to run XMPP before pushing everyone onto it, so maybe | setup a lab or staging environment. But that's fine, it's part of | the process! Stop writing screeds and start actually self- | hosting. | | EDIT: Since I'm mostly just reposting the link that OP links in | their post, I'll add a couple fun things that I use a lot with | self-hosting. | | https://hoppy.network/ lets you setup a Wireguard tunnel to have | your own static IPv4 /32 and /128 IPv6. | | https://freerangecloud.com/ gives you similar products but also | lets you do things like colocating a Raspberry Pi or getting a | VPS at an IX | | https://www.zerotier.com/ can effortlessly setup a private | network between hosts | | There's more I'm sure, but I like these. | dvtrn wrote: | _Philosophizing on your blog seems to be the new way to tilt at | windmills._ | | not the first time I've seen such comments or sentiments close | to it regarding the content of developer blogs, when one gets | shared here. | | I ask most sincerely: isn't that just one of the many reasons | people chose to launch a personal blog in the first place? | Karrot_Kream wrote: | It surely is. I prefer less of it which is why I made my | comment. | [deleted] | [deleted] | yewenjie wrote: | That blog post literally mentions that link. | Karrot_Kream wrote: | I know. Now I made a comment that helps self-hosters just as | much as the OP with much less text and much less moralizing. | haswell wrote: | One of the most important aspects of choosing a solution is | understanding the problem first. | | There's a place for both: | | 1. Blogs that moralize and talk about a much larger | philosophical underlying problem. These help the reader | understand a problem that they may not have fully | understood. Before, the problem was: "I need a place to | host my photos". If that's your only problem, there's no | reason not to choose something easy like Google Photos. | | Only by digging deeper does one start to understand that | there's more to it than this, and choosing certain | solutions bring with those solutions a whole set of new | problems. Now, you realize "I need a place to host my | photos and I need it to provide a certain level of privacy, | and a certain degree of predictability..." etc. A set of | problems that can be solved by self hosting. | | 2. Blogs that are solution oriented. You already know what | you want, now go do it. | | If all you ever present are solutions, the reader is left | to wonder why they'd ever invest the time and effort in | doing something that is much easier elsewhere. An | investment that does start to make sense if you have | problems with the implications of hosting elsewhere. | Karrot_Kream wrote: | If you're trying to frame the problem in your mind like | that, I suggest doing an HN search like https://hn.algoli | a.com/?dateRange=all&page=0&prefix=true&que... to give | you a good idea why people self-host. There's lots of | prior art. | haswell wrote: | As a person who self hosts quite a few things, I'm | intimately familiar with why people self host. That was | not my point. | | The point is that there exist people who do not | understand why self hosting can be valuable, nor should | we assume that they will come to HN, do a "self-host" | query, and then comb through the myriad of results to | back into why this is an interesting topic. | | You were criticizing the blog post...essentially for | existing in its current form...and I pointed out that | there are legitimate reasons for such posts to exist. | | The post was probably not meant for you or I. | JoshTriplett wrote: | Your comment doesn't convince anyone to self-host who isn't | already doing so, unlike this blog post. It's absolutely | possible to write more concisely if you have a narrower | target audience of people who already agree with you. | sekou wrote: | I'm not affiliated but I came across some software called | Yunohost (https://yunohost.org/) recently, a Debian-based OS that | tries to be user-friendly for self-hosting applications. Not sure | how much it's being maintained. | NelsonMinar wrote: | Self hosting also implies building (or using) your own self | hosted product. That's a significant requirement, particularly if | you want social features. | | I'm going through this dilemma with books. Goodreads lost my | account of nine years. I've managed to recover most of the data | from a backup and set up my own blog. I'm self hosting! But my | blog is very spare and is not backed by a database of books, book | covers, etc. Also it has no social features, no easy way to see | other people's reviews or find related books or... I could | imagine building all those things but that's like building a | whole product! I could also imagine some self hosted book product | I could just use (analagous to Picasa in the story) but it | doesn't happen to exist. | | Meanwhile there's a pretty great product for books in Goodreads, | other than the crippling disaster of losing a user's account. | Also some good cloud competitors like The StoryGraph. So maybe I | should just use their product and hope my data is safe. | | PS: I was at Google when Picasa was acquired. My memory is that | the plan was always to focus on the hosted version. Maintaining a | desktop standalone product was very much not in the Google | business model. | aww_dang wrote: | Try this, I think they have some covers as well as other meta | data. It has been years since I used it. | | https://openlibrary.org/developers/dumps | NelsonMinar wrote: | Maybe I didn't explain myself well. Yes, I could get a data | dump from many sources. It is a lot of work to turn that dump | into a product that I self host. | zozbot234 wrote: | You don't have to write that stuff. There is a fairly well- | known project licensed under AGPL3, that's fine for self- | hosting if perhaps not commercial use. Just search around. | yewenjie wrote: | What are you all self-hosting? For me - | | - Gitea (git forge) | | - Maddy (email) | | - Calendso (scheduling) | | - Vaultwarden (password manager) | | - linx (filesharing) | | - Syncthing (file syncing) | | - Wireguard (VPN) | | - a couple of metasearch engines | | I am not mentioning all the tools and services for monitoring and | management. | | Self hosting is easy for me cause I am managing all of this with | NixOS. | TwoNineA wrote: | - Vaultwarden (passwords) | | - FreshRSS (RSS reader) | | - Homebridge (gets some non homekit devices into Homekit) | | - Minecraft Server (kids) | | - Valheim Server (me and my buds) | | - Syncthing Discovery and Relay servers (I am paranoid, for | file sync) | | - PiHole (network adblock) | | - Wireguard (all our devices have it installed, combined with | PiHole = adblock on the go) | | - Grafana + InfluxDB (to monitor system health) | | All this is running in a 16 GB space eating VM that's backed up | offsite. Maintenance is not too bad, if something goes wrong | I'll roll back in a flash and investigate later. | sccxy wrote: | - Wireguard (VPN) | | - Pi-hole (Adblocking and works with VPN) | | - Plex (Media collection) | | - Plausible (Web analytics) | | - Home assistant (Smart home) | | - Uptime Kuma (Monitoring) | | - Traccar (GPS tracking) | | - 5 nodejs web apps | | Wireguard and nginx ports are only opened to internet. | pronoiac wrote: | I run Caprover on a $5 Linode VPS, and it makes it easy to spin | up new apps from a curated selection or from a Docker Compose | file. I checked out Dokku, but the learning curve out of the box | was harder. | BonoboIO wrote: | I HATE the Spotify podcast player. | | It is the worst UI for pretty much anything: music, video, | podcast, lyrics ... | | I selfhost ... i download the spotify exclusive podcasts and host | them myself to use the with overcast. They come as OPUS files, | but ffmpeg to the rescue. | v-yadli wrote: | PhotoPrism[1]+NextCloud is a potential solution to the Picasa | problem. I run them on my personal NAS. | | The devops experience is fine -- I can wrap up PWAs for all the | devices (PCs and phones) in the family. Need to set up a few | systemd timers to synchronize data, build indices and check for | PhotoPrism app updates but that's not too bad. Docker makes | deployment super easy. | | The user experience, hmm, modern, minimalism, tolerable. | | Modern = it knows about iPhone live photos and all sorts of photo | metadata; has machine learning for classification. Recognizes | faces. etc. | | Minimalism = just a viewer, no photo editing (Picasa photo | editing and the ability to put an album together into one picture | totally rocks) | | Tolerable = meh classification precision, slow geotagged map | (dreaming of Picasa + Google Earth), NextCloud iOS autoupload | constantly breaks (you want non-iCloud cloud on iOS and you're | not a megacorp huh? good luck) etc. | | Conclusion? It has been a decade since Picasa is gone. I'd expect | a lot more improvements to happen, but in reality, the best thing | we have now is just that. Some good, some bad, some ugly. | | [1]: https://photoprism.app/ | mceachen wrote: | I'm writing PhotoStructure, which you might be interested in. | It's self-hosted, but also runs on Windows and macOS without | docker, libraries are portable, and photo and video | deduplication is robust. Photoprism had a couple features I | haven't built out yet, but I'm getting there. More details are | here: https://photostructure.com/faq/why-photostructure/ | | Also, if nextcloud gives you attitude (I had scaling issues | with it), know that there are several other alternatives to | background phone syncing with your server: | https://photostructure.com/faq/how-do-i-safely-store-files/#... | v-yadli wrote: | Very interesting project, and nice landing page! Will | definitely check it out. | | I'm a long time ownCloud/NextCloud user and I'm aware of the | alternatives. With multiple android phones come and go in the | past 8 years or so, the background upload seems to stand its | ground. | | The real problem here is iOS and its lack of proper | background tasks. See: | https://github.com/nextcloud/ios/issues/215 -- they tried | every possible way to persuade iOS into running background | sync, but still hit and miss. | | I have to request access to my wife's iPhone and manually | trigger some :) | | One small suggestion here -- PhotoPrism went with | `tensorflow.js` to load up classification models, and I | recommend a "real" TF or PyTorch installation to properly | leverage the computation resources. The difference is huge | even running cpu-only because it's wasm vs. proper BLAS | library. | | I worked on a nodejs binding for native ONNX runtime (not | publicly) so that's also a possible way out. | hitovst wrote: | Wanted to mention FreedomBox, LibreServer, Epicyon, and | Retroshare. Any others worth mentioning? | louison11 wrote: | This article is a bit delusional and oblivious to market | dynamics. | | 1. Privacy: Self hosting is not necessarily more private than | cloud services. The security of self hosted services is only as | good as the effort put into maintaining it. Who do you think | invests more in security: the giant corporation or a free open | source project? Even if the project is well maintained, there are | many ways your server can be compromised. It's only as safe as | you're willing to make it. The best way to be safe for me is not | self hosting, but cloud hosting _with E2E encryption_. | | 2. Longevity: even though self hosting technically means nobody | can discontinue your service, everything eventually gets | discontinued. Your server will be out of date at some point. You | will need to update it. You might be too busy to do it and your | server will become a security risk. Again, middle path and ideal | way for me here is: use cloud services, encrypted, AND save the | data locally as well. | | 3. Usability & market dynamics: John Doe doesn't have the time or | knowledge to self host, which makes self hosting dangerous for | him for the reasons mentioned above. If you're going to self | host, you need to know what you're doing. If you do it half way, | you're better off staying with a cloud service. The cloud will | always win because it's easier for everyday people. And because | it wins, there will always be more money and development | happening in it. We need more cloud services that use encryption | by default, and provide data migration tools. The more this | becomes a standard, the more the "big cloud giants" will have to | step up and match this new standard. For me, THIS is the way not | just nerds but _everybody_ benefits from a safer, more reliable | Internet. | superkuh wrote: | Your response to this post is a bit oblivious to motivations | other than profit and metaphors other than markets. | | Additionally, re: (1), static sites are more secure with no | maintanence than using a browser with Javascript enabled. (2) | HTML and files lasts forever. There is nothing to update. (3) | You keep assuming the needs and complexity of a for-profit | business and the risks associated with that. But human persons | don't have those complex needs or the associated risk of | complex, dynamic setups that enable entire teams of people to | work on something and constantly move it around. | pjerem wrote: | 1. I don't understand why you conflate security with privacy. | Or to be more precise, it depends on your threat model. A badly | secured self hosting will make yourself vulnerable to targeted | attacks over your privacy. | | While it's an issue you should consider, those attacks are | pretty unlikely. However traditional cloud services will | harvest every bit of what they get about you with a frightening | efficiency but they'll never automatically scan your server for | vulnerabilities to read your mails. | louison11 wrote: | I think there needs to be clarity about what is harvested and | how. Most centralized services actually respect people's | privacy to the extent that they're not asked to infringe it | by law order. | | Most major tech cos have encryption at rest and highly | regulated access checks. It's also not clear that they | actually do harvest every bit of data they can. They might | for the purpose of better UX within the service, but Google | ads doesn't collaborate with gmail or Google photos for | example. There are, however, botnets all around the world | scanning the web for security flaws. | | This is why, in this sense, I argue that most people are | actually better off using a safe, centralized service with | encryption than try to reinvent the wheel at home and be more | exposed. | ziml77 wrote: | Security is necessary to maintain privacy. If someone gains | access to your systems, nothing you had on there is private | anymore. | erulabs wrote: | We're not quite publicly launched yet, but I've been working on | making self-hosting easier for several years now. People often | ask "why would I self-host?" and it's hard to pin down one answer | - instead the answer depends on your values - but there is an | answer. This post is excellent because it's not "do it for | security" or "do it to see fewer ads" or "do it to fight big | tech" or "don't give photos of your infant to Facebook". It's all | of those reasons, but it's also more broadly (and deeper in the | kool-aid), because it helps fix the internet itself. | | > This engineering talent is supposed to be solving world's | problems but instead they are ensuring how everyone wastes their | time | | Agreed! If software was sold for its utility instead of its | addictive properties - this might start to change. Self-hosted / | open-source software does need plenty of "hosted" accoutrements | though: backups, remote access, etc. Shameless self-promo: we're | trying to solve this over at https://kubesail.com | preseinger wrote: | I explicitly do not want to be in control of my own data. I don't | trust myself with it. A third-party is better equipped to manage | it over time. This is both a common and rational position. | tormock wrote: | Can you trust yourself with passwords for true e2e encrypted | traffic? that could work too... | dmje wrote: | Seems to me that there's a middle way. Self hosting is too hard, | but making sure you've got local duplicates of all your stuff is | less so. | | As a simple example: I use Dropbox and Google Drive extensively. | I'd like not to but the utility and ease is hard to beat. But I | have made an effort to only use Word and Excel (rather than | gdoc/gsheet) and have hooked up my Synology so it backs up all my | cloud services whenever there's a file change. | | So - I'm not strictly self hosting, because it's too hard, but if | Dropbox doubled price or Google stopped doing GDrive, I'm safe. | Same with photos and other critical assets. | lbriner wrote: | I feel that a lot of what the OP mentions is not really solved by | self-hosting. Has does self-hosting solve Netflix problems? How | does it stop Spotify changing your playlists? Sure, you can | create your own jukebox of music files but the reason you pay for | Spotify is unlimited access to a lot more music than you would | ever buy and easy use between devices. | | There might be a few use-cases where self-hosting is a bit less | risky than losing everything but I suspect for most people, the | online services are just easier. That said, if you pay for stuff, | you are more likely to get some proper support. I pay fastmail | for my email because they provide me email and support in return | for money. You can't use free GMail and then complain that they | have broken something or locked you out. | johndhi wrote: | For those suggesting e2e encryption of data in Cloud services, | how is that possible? How could you, for example, run Salesforce | and have Salesforce only see encrypted data? Seems extremely | complicated or impossible -- isn't the point of encryption that | nothing can be done with it? | TheBozzCL wrote: | Been on this route for a while. Currently, I have: | | - My blog (Jekyll + Apache 2 + nginx) | | - An Invidious instance | | - My VPN (Wireshark) | | - A DNS server (Pi-hole + nginx for DNS-over-TLS) | | - My password manager, up to a point (KeePass + OneDrive for | backups and sync, but I'm thinking of ways to self-host that) | | The big ones left are making my password manager self-hosted, | email (not sure if I want to go beyond having my own domain yet) | and code repo. I feel these need more reliable hardware and | internet connections to be fully viable as self-hosted. | bob1029 wrote: | I've been thinking about buying rack space from a colo in my | metro area. | | Hosting at home is something I used to do religiously for over a | decade, but I really don't like all the hackarounds and shitty | ISP/DNS/port problems anymore. | | It's definitely not cheap to do this, but there are a lot of fun | upsides. Just having an excuse to get out of the house to badge | in at a DC is a nice mix-up for me. Everything I do at work is | cloud hosted, so I rarely get the visceral experience anymore. | Havoc wrote: | >I really don't like all the hackarounds and shitty | ISP/DNS/port problems anymore. | | This is a not insignificant part of the reason why I'm in no | hurry to move from my flawed apartment. Symmetric gigabit fibre | with static ipv4 is a luxury not everyone appreciates but I | sure do | | Moving would be such a pain since rental agents don't get this | at all. "Yes it has fast broadband"...what they mean is it has | 4G reception if you lean out the right window. | weystrom wrote: | I self-host everything but my email. | | Hosting email is just too much. Big providers just treat you as | guilty of spam, unless proven otherwise. Just too many hoops to | jump through. | rglullis wrote: | For those that avoid it on the grounds of "it is too hard to | self-host", may I suggest a much simpler alternative? It takes | two simple steps: | | 1) buy a domain name | | 2) Foment/patronize SMBs that can provide hosting for open source | software alternatives. | | That's it. By demanding open source alternatives, you are | ensuring that the service vendor can not lock you in. By using | your own domain, you get the freedom to port your services to | anyone that offers better price/better support/better | performance. | johndhi wrote: | For those advocating e2e encryption instead, is that even | possible with most cloud services? How can you encrypt Salesforce | data, for example, and still have Salesforce perform all of the | necessary operations on that data, if they can't even see it? | api wrote: | The main barrier is the difficulty of doing it, and there is | currently an economic _disincentive_ to fix this. | | For software companies the cloud is DRM, and the only kind that | works. Rent access to software and you can easily charge a | recurring fee for it. This is incredible on the business side, | especially because recurring revenue is valued higher by finance | types than non-recurring revenue (due to perceived lower risk). | | For makers of software you can self-host, money is often made | through support. This creates a disincentive to make things too | easy or you cut into support profits. | | If you try to make a living making endpoint applications, life is | hard. The FOSS movement has educated the market that software | should always be free (as in beer, not freedom). People will pay | $10 for a Starbucks drink but not $5 for an app they use every | day. | paulcole wrote: | >Whenever I bring this up people are like "I don't care, I have | nothing to hide". | | My feelings on this are similar but different, I do have things | to hide, but I just don't care. | mtoner23 wrote: | The examples he gives are all the small downsides of cloud | hosting but the huge upsides are clear to consumers and is the | reason we all use them. Dont tell me that you really want to self | host your youtube playlists, the market of people who want that | is incredibly small. | mholt wrote: | This is why I'm building Timelinize [1]. It's a follow-up to my | open source Timeliner project [2], which has the potential to | download all your digital life onto your own computer locally, | and projects it all onto a single timeline, across all data | sources (text messages, social media sites, photos, location | history, and more). | | It's a little different from "self hosting" but it does have a | similar effect of bringing all your data home and putting it in | your control. We have to start somewhere, might as well start | with bringing in all the data we've put out there. (It's not a | replacement for self-hosted media servers, for example.) | | The backend and underlying processing engine is all functional | and working very well; now I'm just getting the UI put together, | so I hope to have something to share later this year. | | [1]: https://twitter.com/timelinize (website coming eventually) | | [2]: https://github.com/mholt/timeliner | olah_1 wrote: | Have you considered using something like hypercore[1] for the | timeline sharing? Or maybe you don't plan on making timelines | shareable? | | [1]: https://twitter.com/HypercoreProto | metadat wrote: | This sounds very cool, please submit a "Show HN" once the | basics are working! | mholt wrote: | Oh I will, for sure! I will need a lot of feedback. | BonoboIO wrote: | Sounds nice. | | Do you know some tool, to have all your feeds in one place. I | hate having to use Instagram, but a few friends post nice | things. Like timeline but with your own feed with only the | things i want to see from the sources i want. | | Like a daily "You missed this posts, images and ..." | badhombres wrote: | I would love to self host, but the time and effort I would have | to put into doing, maintaining, and convincing my spouse (which | is a whole effort by itself) is so significant it will take away | from my other goals in life. | pansinghkoder wrote: | Genuine question: does it make sense to go even more paranoid | with self hosting? | | 1. buy a box at home | | 2. run on onion: https://medium.com/axon-technologies/hosting- | anonymous-websi... | | 3. access media using onion browser | | I believe electricity cost of hosting at home would be expensive | and accessibility will be a problem 2000 miles away without cdn. | One might have to consider having this box on a separate network. | | So anonymity here might not be worth the price? | cjlm wrote: | Dismayed with the brittleness of Pinboard and the bloat of most | alternatives I turned to self-hosting an excellent bookmark | server called linkding[0] on a Raspberry Pi. Very happy with the | result. | | [0] https://github.com/sissbruecker/linkding | throwaway684936 wrote: | Not quite self- _hosting_ , but in the same spirit I've slowly | been working on a simple local archival system for anything I | don't want to lose. It's changed my life. | | Even across years of content, it's required less storage space | than I expected. The more I archive, the less I need to rely on | online search engines or worry about linkrot. It's also helped me | cut down on how many tabs I keep open in fear of losing | information. | | If I can't recall some piece of information, I can do a fuzzy | global search through the text of all articles I've saved in a | specific category, for example. If I find some obscure fix for | something deep in an old reddit or HN thread, you bet I'm | archiving that so if I run into the same issue a year later I can | easily fix it again without trawling through 50 Google results. | axlee wrote: | What do you use to organize all of this unstructured data in a | way that is searchable and retrievable? | throwaway684936 wrote: | It's somewhat structured; I use both broad categories and a | tag system. I can also add additional comment text to | archived pages. It's all patched together with shell scripts | and some Lua (since that's what I'm familiar with). `ripgrep` | is the utility used for searching. It's fast enough for me | even when I don't use any kind of category filtering, but I | have a beefy computer and use NVMe drives, so YMMV. | teekert wrote: | I love selfhosting. Right now I have this in my personal docker- | compose.yaml: NextCould (3 installs, each their own MariaDB | instance), HomeAssistant, Mosquitto, Vaultwarden, an Nginx served | static website, Unifi controller, nzbget, Samba, librespeed, | Wireguard, 4 MineCraft servers, AdGuard home, FoundryVTT and | Traefik as reverse proxy for https (it's all 1 yaml file, | everything! At least, excluding the HA config etc). All on a 16 | GB RAM, corei3 based server. Home Assistant tells me it is | consuming about 30 W right now (and generally stays between | 30-35W). That's about 70 eur a year for multi-terabyte personal | cloud, and docker-compose makes managing it very easy (docker- | compose pull, docker-compose up -d). Over the past 2 years I had | only one issue (I had to pin Mariadb to 10.5 or NextCloud | complains). | | Oh, the initial costs are of course quite high, including all | disks I'd say about 1000 eur, so it's quite the hobby (I have a | nice Fujitsu motherboard (3 y/o) and Fractal Design case (12 | y/o), it saw 3 builds now, I started with a super cheap atom | based board, then a Pentium dual core, and now the corei3 system | that can handle a lot more disks, the nvme root drive makes it so | fast.) I wonder about my next system. I also have a corei3 based | Nuc (as htpc) and that thing is also very fast, silent and energy | efficient. And it has nice and fast external I/O. Not sure yet, | but my current system will last at least another 5 years. | | My father has a Synology NAS and for some time I thought that | would be my next system because I'd get tired of the associated | sys-admin tasks at some point (I started with a Gentoo system and | there were no containers, meaning you have to set up php-fpm, | then mariadb, then download Next(Own)Cloud, then update it | regularly, pff and the migrations to other systems...). But | docker-compose really changed that for me, I think the Synology | would be more work. | | Btw, a nice podcast on Selfhosting where I got a lot of | inspiration from: [0] | | [0]: https://selfhosted.show | psYchotic wrote: | My hosting stack seems to be similar to yours. In addition to | the services themselves, I run a watchtower container to check | for new images for me, which then notifies me through yet | another selfhosted solution: gotify. I have watchtower setup | not to automatically recreate the containers (I've been bitten | by postgres updates a few times too many). | | Speaking of Wireguard: I've been looking for a web-based | management interface to define Wireguard networks with (using | the server it runs on as a sort of central "hun"), but haven't | yet found anything I really like and/or found simple enough to | use. What does your Wireguard setup look like? | | Watchtower: https://github.com/containrrr/watchtower Gotify: | https://github.com/gotify/server | teekert wrote: | I use this image: ghcr.io/linuxserver/wireguard [0]. Under | environment I can set the number of peers and it simply spits | out that number of peerX.conf files and QR-codes (as PNG), | which I then manually set up on the different devices. Not | really simple but also not complicated. I hear a lot of good | things about tailscale and I feel like I have to start | playing with that... | | Oh, gotify looks really nice, I'm still looking for something | like that. I'd love to be able to receive notification for | events in my house (as detected by Home Assistant for | example). | | [0]: https://docs.linuxserver.io/images/docker-wireguard | buzzert wrote: | > Btw, a nice podcast on Selfhosting | | Ironically, not self-hosted (served from fireside.fm). | teekert wrote: | In the podcast they talk a lot about when to self host. | Sometimes it makes sense, sometimes it doesn't. For example | this podcast's community is on Discord, but for their other | podcasts they maintain a Matrix server. It's interesting to | hear them talk about the joys and pains that both solutions | bring. | | I used to run an email server from my basement, now I also | know that that is not something I want to self host anymore | :) | buzzert wrote: | Ah yeah, I figured it was for a good reason. I just thought | it was funny. | spansoa wrote: | I haven't tried it, but Piwigo[0] looks promising for photo | albums & management. That or Ente[1] although Ente doesn't have a | self-hosting option like Piwigo. | | If you really want _true self hosting_ you would run it off your | own on-prem machine and use your ISP to push & pull content. | Putting things on a VPS is not really 'self' hosting as you're | entrusting a third party to not get their datacenter burned down, | or the hard-drives corrupted, etc | | That said, the only caveat to hosting in your own house is it | could suffer a fire, and your data is wiped, so having /BOTH/ a | VPS and an in-house on-prem solution means you're not putting all | your eggs in one basket and you have a contingency plan in place, | which one day may be worth it. It buys you peace of mind because | of the redundancy. | | [0] https://piwigo.org/get-piwigo | | [1] https://ente.io/ | cubesnooper wrote: | > That said, the only caveat to hosting in your own house is it | could suffer a fire, and your data is wiped | | Well, there are other reasons to prefer using external hosting. | Home connections are typically port-filtered, have dynamic IP | addresses, and have a low IP reputation, and your ISP selection | is very limited. Whereas if using a VPS there are so many | options that it's easy to shop around. | | But you can still self-host while getting the benefits of a | VPS. Just forward ports from the VPS over a WireGuard tunnel to | your real machine. Then all the actual infrastructure is on | hardware you control, and the cloud provider has no access to | your TLS private keys. | ptman wrote: | Yes, and you can even do this quite cheaply. Oracle cloud | free tier has a nice traffic allowance: | https://paul.totterman.name/posts/free-clouds/ . Add | tailscale/cloudflare tunnel/plain wireguard for connecting | your home server to the cloud instance. | mohaine wrote: | IANAL but I believe another reason to true self host, at least | in the US, is that rules for things inside your house have | extra protection. Sure they can still get a warrant, but this | is a totally different level than what they need to get the | same data off of a VPS. | | Do you really have any search and seizure protections on a VPS? | spansoa wrote: | > Do you really have any search and seizure protections on a | VPS? | | I'm aware of this, which is why I do full disk encryption of | any VPS instance I operate. See the Third Party Doctrine[0] | which applies to the US only AFAIK. | | [0] https://en.wikipedia.org/wiki/Third-party_doctrine | LeSaucy wrote: | I am comfortable re-building my self hosting setup from | scratch/backup. I enjoy the sense of agency being able to fix | something myself vs wait for a cloud service to return. As I | rely on my self hosted setups more, I also build in the | appropriate amount of high availability features required. You | will learn a TON of skills that are sideways related to | software engineering. It's very empowering to be nearly | entirely self sufficient with your profession. I can | write/test/deploy software (ie pay the bills) and never have | some critical service or infrastructure carpet pulled out from | underneath you(ie dockerhub,github) and prevent you from doing | your work. | | This is such a niche attitude/market but it has been | _incredible_ to see the surge of self-hosted applications | /services over the last 5 years. | | It is also relatively easy these days with modern ci/cd tools | to have a "portable" enough stack that in the event of an | emergency you could purchase a few linode instances and be | migrated to a vps environment in an afternoon. | billiam wrote: | Great fun to make, a lifetime to maintain. | gcommer wrote: | Lots of good points about the challenges of self-hosting | throughout this thread, especially maintenance, security, and | time-investment. | | Here's my solution to all of them: | | Invest in your common infra. Docker provides stable images | configured primarily with env vars. I have a docker-compose host | with logging/monitoring/alerting. All service-specific files are | mounted from a NAS that has backups. All network access is closed | by default, but exposed via a central login proxy (tailscale | would be an easier alternative, but my Beyondcorp-esque system | lets non-technical family members use my services easily from | anywhere by tapping a yubikey). | | That's 3 pieces of infra to maintain (docker host, NAS, login | proxy) but I can check all the boxes for self-hosting 15+ | services. O(n) services with O(1) infra. | | I regularly spin up new services in under 10 minutes, while only | having to touch 3 files that I am already familiar with (docker- | compose.yml, dnsconfig.js, nginx.conf). I've run stable services | for years on this stack. The only painful issues have been | upgrades to the docker host, docker ipv6, and hardware issues. | | This is all on a recycled computer in the basement, with a cheap | VPS as a stable public entrypoint. | ziml77 wrote: | But then you're adding even more parties to trust as it's often | the case that Docker images are not provided by the same people | that are maintaining the project. | nfriedly wrote: | I've been pretty happy with my local Unraid server. I have a few | things running on it, including Plex for my music library and | Nextcloud for notes, file storage, and automatic photo uploads | from my phone. | | The software and Nextcloud data are all on an SSD, but the | Nextcloud data gets a nightly backup to a mechanical hard drive. | The music doesn't have any backup, but I could always re-rip the | CDs if I had to. | mertd wrote: | The post is conflating two separate things as if they are the | same. | | 1) Personal stuff that you created and own. For example photos on | Google Photos. If Google decides to remove a random photo from my | collection, that would be a big problem for me. But they don't. | On the upside, the probability of Google losing my photos is an | order of magnitude lower than my personal hard disk failing and | me having forgotten to back it up. | | 2) Stuff that others created like movies and songs. I really | don't care if a show that I was watching drops off of Netflix. I | don't have the same emotional investment to it as the stuff in | #1. I'll just find something else to watch. | hkon wrote: | Yes, completely valid to treat it as the same when it's | something you want to have access to without any third party | denying/removing that access. | | That you have no attachments to movies, music or tv shows is | just you. Others may want to continue enjoying the media long | after it has been removed from online services. | ngcc_hk wrote: | Google issue is whether they will pull the plug of the whole | service, change name or what. Then you will ask what. And if | you are not looking in that several months ... it is really | what. | sylware wrote: | Bringing self hosting to lambda users is _REALLY_ hard and Big | Tech won't let you do it too easily. | | Many corp email smtp servers will IP block your email server (big | thanks to spamhaus), or won't support no-DNS email address and | servers (which is RFC from the start) or won't have the decency | to handle grey listing or will send all your emails to their spam | boxes (gogol) even though ppl did remove your emails from their | spambox. | | IAPs won't provide a stable public IPv4 address or IPv6 prefix. | UPNP NAT port redirection (IPv4) will have bugs on the IAP | router/modem. | | Buying a DNS and configuring a domain is a pain. So few DNS | registrars support automatic domain configuration via the | standard dynDNS protocol (is this even a thing?). | | The self-hosting devices on user domestic LANs will be pown by | very "smart" hackers pushing those very users towards big tech (I | wonder who is pay... pushing such hackers to do that...). | | The path of least resistance will win, always, even if it means | giving way to much power to some corps: | | Lambda users _will use_ comfy centralized services mostly, and | those centralized services, once big, will try to zap away any | alternatives or interop (which most used in the first place to | get there). | | Like lambda users _will use only_ the pre-installed OS on the | computer (or mobile phone) they bought, same idea. | | I am talking about nearly everybody else who is not "us", the | 0.1% (ironical). | denton-scratch wrote: | > Many corp email smtp servers will IP block your email server | (big thanks to spamhaus) | | Nope. | | Spamhaus doesn't block self-hosted email servers. Spamhaus just | publishes a number of lists, which postmasters can use or not, | whether for filtering or just for scoring. The PBL in | particular is likely to catch people self-hosting from a retail | connection, because it lists most residential IP address-space. | | But it's the receiving mailserver that does the blocking, not | Spamhaus. | | And it's down to the policies of the receiver's postmaster what | lists are used and how they are used. That requires judgement | and research, and some postmasters lack the former or don't | have time for the latter. | patmorgan23 wrote: | Also I believe you could use a paid public relay service | (like mailgun) to get around those blocks. | p_j_w wrote: | GP never said Spamhaus blocks anything. | denton-scratch wrote: | True. but he did say that the blocking is "thanks to | spamhaus". That is not true. | roydivision wrote: | "lambda users"? I've not heard that term before. | mxuribe wrote: | Same here. Is that a synonym for a lay person? | rank0 wrote: | I run a few services from my home but still have to rely on | aws/fly.io for some portions of my infrastructure. | | I really want is to learn how to rent rack space from a | colocation. The documentation available does not make it easy to | learn. Can I just buy an old 1U blade, throw xen on it and show | up at my nearest colo? What do I need to preconfigure to ensure I | have remote access without giving remote access to the colo as | well? Do I get physical access to the data center? | | Wish I could find some guides on this topic. 95% of blog post | tutorials are just ads for the latest trendy cloud | startup/language framework. | eddieroger wrote: | I did this once. Don't overthink it too much - yes, it is as | simple as finding a rack with sufficient space, power and | network, plugging it in and going. You'll most likely get a | public IP and have no access to your neighbors, so they won't | really care what you do with it as long as it's not illegal or | against the Terms of Service for your host. So yeah, if you | want to do it, just do it. Get an OS you know, install an SSH | server or Remote Desktop, and rack it up. If you can get to it | on your LAN, you'll be able to get to it on the public | Internet. Also, quickly learn about good auth and firewalls and | fail2ban. | | That all said (and said with the clarity of age and knowing I | was a stubborn kid who did things "because I could"), the | experience of spinning up a VPS today on Linode or Digital | Ocean is effectively the same, infinitely cheaper, and a lot | more fun than racking a server somewhere. I can script up a | fleet of servers from my bed at 1am just because, and can't | tell the difference between SSH'ing to them versus that one box | I did 15 years ago. If you want to do it, go nuts and have fun, | but you really aren't really missing much over conventional | VPSes these days. | rank0 wrote: | Thanks for the response! | | I gotta disagree with you though on cost. You can get a beefy | refurbished dual Xeon blade for a couple hundred bucks. Rack | space where I live is like $50/month for 1U and gets much | cheaper/machine as you scale up. $50 on aws will get me maybe | 1 medium ec2 instance and an s3 bucket. With a used blade I | get 20x the compute for the same price. | landemva wrote: | If you have a cabinet, and neighbors are caged to prevent your | access to those, then you may get physical access. Call a small | provider near you and ask. | lbriner wrote: | Sadly the answer is, as often, it depends! | | Many rack space rentals will not permit you to just install | whatever PC you fancy because it is potentially a risk to the | neighbours in terms of fire or bad hardware, most will happily | quote you to buy one their approved ones! | | It is pretty easy to get a rack space provider where the | provider cannot access the machine but this can be good or bad. | In some cases, I would rather they could shutdown the host if, | say, the RAM is broken and replace it but if you would prefer | to do this yourself, that is fine. | | In most cases, you will be given a public IP address directly | mapping to your machine via a router/nat lookup so whatever | services you open on your machine are open on that public IP | address so pretty easy to setup RDP/ssh/whatever. | | Probably the biggest issue though is the extra work or hassle | if something goes wrong. I remember at a previous company where | some guy would frequently have to drive for 30 minutes each way | to go to a data centre to perform certain updates that couldn't | be done remotely. | | YMMV | vel0city wrote: | > Many rack space rentals will not permit you to just install | whatever PC you fancy because it is potentially a risk to the | neighbours in terms of fire or bad hardware, most will | happily quote you to buy one their approved ones! | | I have _never_ experienced this. The only restrictions I've | seen on colo contracts I've gone after were related to UPSes | and things with large batteries in them. So a big stack of | laptops would be a no, but if I wanted to put Atari ST's or | Dell PowerEdges or white box builds or bitcoin miners it | doesn't matter. I guess I've always done things at at least a | half or full cab, never single Us at a time. | kjs3 wrote: | I've never worked with a colo vendor that once you contacted | them didn't have exhaustive support for "how to we get to the | point where we can start billing you", usually including an | actual human that you can ask questions. | benedikt wrote: | you're not all that far off | | * you'd have to sign up with a colo provider first. since data | centers in physical buildings, this just depends on where you | live | | * when you sign up with them they provide you with info like ip | addresses or how to connect to their network (they might have | dhcp, or you might have to configure static ips). usually there | is a initial setup fee, around 1 month of rent. | | * if you just rent a a 1U space you usually can get physical | access to it while accompanied by someone working for the data | center. usually this is during business hours, but each data | center will have its own rules. if you rent larger units, such | as a full rack (42U) or half a rack you usually get a key card | and can access it 24/7 (this usually involves a phone call for | them to remotely open a lock) | Moru wrote: | With the ones I have used you just click around on the homepage | selecting what you want on the server and then pay. Some sell | second hand repurposed servers on auction that they will set up | for you. A while later you get an SSH login on the server and | that's it, your server is running somewhere in a | basement/bunker/old mine and you can go visit it if you want | but in general you can do everything remote. There is even | stuff that can let you see the bootup in bios from remote | (Called KVM I believe). Some help you set up backups on the | server and help you with setting up programs on the server but | then it starts to get expensive. | | You can also just rent a space to place your own server but I | haven't tried that. | rank0 wrote: | In your experience did you have to sign up with a partner ISP | at the colo? Or is that done for me and just part of my colo | bill? | | Is power use included as well? | procombo wrote: | Colocation provider will bring the circuits to provide | best-path connectivity based on packet destination. There | shouldn't be an additional charge for this. They are | incentivized to manage their bandwidth so data transfers | fast, as they are likely charged wholesale for fiber | availability. | | You will likely be charged 95th percentile mbps based on | your usage. (Again, "pipe space required" to your needs.) | Basically, whenever you're busiest -- 4pm-9pm are popular | times for us in the USA. | | Some customers limit their bandwidth themselves (like, only | allow max 12mbps file downloads, etc.) especially when they | have the hardware to support huge bandwidth. Or your | colocation provider can perhaps limit max connection to | 100mbs or 1gbps if you want. | | Power is usually leased in amps. If you go over amps the | circuit will break -- at worst case scenario. But typically | they get in touch with you and tell you to upgrade. | | Also, they do want to know vaguely what your service is. | Because you'll likely lease their IPs, they will question | you if you do a lot of email (caution for spam), or run a | Tor exit node (legal hassles for them in many cases). | QuikAccount wrote: | Couple weeks ago I made this post about self-hosting | https://news.ycombinator.com/item?id=30618577 | | My conclusion coming out of that thread was self-hosting is not a | thing I'm going to do. I don't have the time or energy to | essentially take up the part-time job of managing my own self- | host. | goatcode wrote: | Site is down. I guess we've learned the limit of this self- | hosting advocate's self-hosted setup. ___________________________________________________________________ (page generated 2022-03-23 23:00 UTC)