[HN Gopher] Gentle Guide to Self-Hosting
___________________________________________________________________
Gentle Guide to Self-Hosting
Author : kn81198
Score : 225 points
Date : 2024-09-18 08:16 UTC (14 hours ago)
(HTM) web link (knhash.in)
(TXT) w3m dump (knhash.in)
| asar wrote:
| Love self-hosting and really got into it over the last couple of
| months. I run a bunch of services for my company now and also in
| my home lab. I use a Hetzner VPS and provision things either via
| ansible + docker compose files or via
| https://github.com/coollabsio/coolify/.
|
| The awesome-selfhosted repository is also a great place to find
| projects to self-host but lacks some features for ease-of-use,
| which is why I've created a directory with some UX improvements
| on https://selfhostedworld.com. It has search, filters projects
| by stars, trending, date and also has a dark-mode.
| b_shulha wrote:
| Any chance to get my SaaS into "Heroku alternatives" section as
| well?
|
| https://ptah.sh
| asar wrote:
| Just added it!
| b_shulha wrote:
| That was quick. Means a lot for the tiny startup. Thank
| you. <3
| user_7832 wrote:
| Since you seem knowledgeable on this topic I'd like to ask -
| how risky is it to expose a computer on your network to the
| internet, if you're somewhat tech-savvy but not very familiar
| with networking? Is it relatively "safe" with modern tools and
| VMs or do you need to stay on top and (for eg) always ensure
| you're updating software weekly?
|
| I've thought of setting up and running a server for a long time
| and finally have a spare laptop so I'm thinking of actually
| running a NAS at least.
| voidUpdate wrote:
| You'll want to make sure everything stays up to date in case
| someone finds a vulnerability in whatever software you're
| currently using. If you have to expose stuff to the outside
| world, only open the ports you need to. Only allow access to
| a specific user with a non-default username (or at the very
| least disable root ssh access), and use long passwords or ssh
| keys. I think that's generally the bare minimum, but there
| are online guides to harden your stuff further like using
| wireguard and fail2ban and stuff
| asar wrote:
| The approach most people use is to tunnel into the server.
| You install a daemon on your computer which establishes a
| tunnel to log-into from outside your network. Cloudflare and
| Tailscale have solutions for this that are very popular among
| the self-hosted crowd.
|
| https://developers.cloudflare.com/cloudflare-
| one/application...
|
| https://tailscale.com/kb/1151/what-is-tailscale
| conradklnspl wrote:
| A god option is to setup a wireguard connection between
| workstation and servers. All traffic has to go through
| wireguard.
|
| Because wireguard is UDP and only responds to valid requests,
| there isn't any open port from the outside. Not even ssh.
| jimvdv wrote:
| Additionally you can use Tailscale for added convenience.
| Tailscale is a payed service, for a simple home server you
| can get away with the free plan and their mobile apps work
| rather well.
|
| Not affiliated with Tailscale at all just shouting them out
| because they do make things very easy and I often recommend
| them to hobbyist.
| packetlost wrote:
| I've been doing it for about 13 years now with HTTP/s (80,
| 443), SSH (22), MOSH (lol idk), and IRC (6697) exposed to the
| internet. You don't _need_ it, but something like fail2ban or
| crowdsec is a good idea. You _will_ get spammed with attempts
| to break in using default passwords for commodity routers
| (Ubiquiti 's `ubnt` is rather popular), but if you're up to
| date and take a few minor precautions it's not all that hard
| and/or dangerous. That being said, there _are_ alternatives
| such as Tailscale that are strictly more secure but far less
| flexible. I 've heard of people using Cloudflare tunnels as
| well, but I'd rather not rely on big players for stuff like
| that if I'm going through the effort to self host (and don't
| have any real risk of DDoS).
|
| I would try to set up automatic updates for critical security
| patches or update about weekly. I know people that self host
| and do it monthly and they seem fine too. Most anything super
| scary vulnerability wise is on the front page here for
| awhile, so if you read regularly you'll _probably_ see when a
| quick update is prudent. I personally use NixOS for all of my
| servers and have auto-updates configured to run daily.
|
| An old laptop is exactly how I got started 13 years ago,
| they're great because they tend to be pretty power efficient
| and quiet too.
| clvx wrote:
| On top of this, having ipv6 configured makes things harder
| to discover but not impossible (As long as you don't use
| ${ipv6_subnet}::xxxx for your hosts). You can avoid NAT and
| just expose the nodes you need. Most ISP assign /56 or /64
| which is a humongous amount of ips. It's nice if you are
| just using a flat virtual network in your home lab. The
| amount of scanners I see for my subnet are non existent at
| the moment.
| packetlost wrote:
| That's if your ISP supports IPv6. My current one does,
| but my last one did not.
| scubbo wrote:
| > I've heard of people using Cloudflare tunnels as well...
|
| As a Cloudflare Tunnels user who only recently discovered
| Tailscale - just go with Tailscale straight off the bat.
| It's magic, and smooth as butter.
| packetlost wrote:
| Tailscale Funnel [0] is limited to TLS-based protocols
| (maybe even just HTTPS) which is a non-starter for many
| cases.
|
| [0]: https://tailscale.com/kb/1223/funnel
| Larrikin wrote:
| Which cases? Tailscale has eliminated all my fears I had
| about self hosting and I've been using it a ton. The only
| issue I've run in to has been a single service (Withings)
| that uses a web hook to trigger updates for my sleep mat.
| Their server isn't on my tablet so I would need to expose
| atleast one service to the wider Internet.
| packetlost wrote:
| I'm talking specifically about Tailscale Funnel which
| gives ingress access to services on the tailnet from
| outside (ie. on the general internet). Any case that
| doesn't use TLS for a transport won't work. SSH being a
| notable one, but I can think of several others.
| tasuki wrote:
| My stuff is always out of date and hasn't gotten hacked
| yet.
|
| I don't see why you'd want to run ssh on port 22. I run it
| on a different port and never get login attempts. Yes, if
| someone targeted me specifically of course they'd find out,
| but I guess that hasn't happened yet.
| johndough wrote:
| > I don't see why you'd want to run ssh on port 22.
|
| I run ssh on port 22 because I like wasting the time of
| those script kiddies. Also I like to brag about half a
| million "hacker attacks" on my server per month.
| cutler wrote:
| Just add `sudo apt update && apt upgrade` to your crontab.
| jayknight wrote:
| A better solution is probably:
| https://wiki.debian.org/UnattendedUpgrades
| the_gastropod wrote:
| I sat on the fence for a long time wanting to do this, and
| finally pulled the trigger and picked up a Synology NAS last
| year. I've had a blast setting up a handful of handy little
| self-hosted services on the thing. Highly recommend giving it
| a go!
|
| I haven't had any security issues yet (knock on wood). But it
| seems pretty low-risk if you follow basic best practices. The
| only thing I have exposed to the internet is a reverse proxy
| that proxies to a handful of docker containers.
| diggan wrote:
| > Is it relatively "safe" with modern tools and VMs or do you
| need to stay on top and (for eg) always ensure you're
| updating software weekly?
|
| First step to figure out if you actually need to be able to
| access it from the outside at all. If you just want a NAS,
| chances are you can put it on a separate VLAN/network that is
| only accessible within your LAN, so it wouldn't even be
| accessible from the outside.
|
| If you really need it to be accessible from the outside, make
| sure you start with everything locked down/not accessible at
| all from the beginning, then step-by-step open up exactly
| what you want, and nothing else. Make sure the endpoints
| accessible is run by software you keep up to date, at least
| weekly if not daily.
| unethical_ban wrote:
| Keep things up to date and ideally, having your public facing
| servers in a DMZ/their own VLAN (separate network from your
| private stuff).
|
| Administrative things like SSH and RDP are best accessed with
| a VPN but you can configure SSH in particular to be key-based
| authentication only, which is very secure.
| 0xfeba wrote:
| I've been at it for over a decade. Home router has firewall
| exceptions for SSH (not port 22 though), TLS IRC, and 80/443,
| which are forwarded to my home server with fail2ban.
|
| I run SSH (requires PKI outside local network), IRC,
| nextcloud, and ampache (though don't really use ampache
| anymore :( ).
|
| Home server is encrypted RAID6 Arch Linux. If I had to do it
| again I'd forego rolling releases and use something more
| stable, like Debian.
|
| Encrypted backups are done to backblaze once a month. I also
| have a backup drive that I plug in on occasion, encrypted of
| course.
|
| Which reminds me my RAID6 drives are getting old now... I'm
| tempted to move to a VPS.
| ang_cire wrote:
| It is very service-dependent. If you are wanting to run a NAS
| for e.g. a media server, you may want to look into Cloudflare
| Tunnels or Tailscale.
|
| I set up Jellyfin and Kavita, and those are internet-exposed,
| but also Nextcloud, and Portainer, and Calibre, and those are
| behind github SSO auth, via Cloudflare. Basically, before you
| can hit the nextcloud login page, you have to auth to github
| (as me) with 2FA first, so no one can sit there and try to
| brute-force my nextcloud login.
| bongobingo1 wrote:
| Hm, is there a name for the type of software that Coolify is,
| where it presents a management plane for _other_ servers, vs
| Dokku where it runs _on_ the server?
| b_shulha wrote:
| Coolify and others mentioned on that website can run on the
| server itself as well.
|
| It happened that Coolify provides the paid option to sponsor
| the development, but it is not mandatory.
| apitman wrote:
| This is pretty nice. I see sish and inlets. I have a lot more
| similar tools on my list here:
| https://github.com/anderspitman/awesome-tunneling
|
| For auth, I also made a comparison of OIDC servers here:
| https://github.com/lastlogin-net/obligator#comparison-is-the...
| leosanchez wrote:
| Miniflux is very good. It even has a telegram integration which
| will send you notification whenever a new article is published
| loremm wrote:
| in general, it's worth noting telegram bots are easy (free) to
| make and messages can be sent with one cURL command. Very
| useful, you can even set it up to send after long terminal
| commands so you know to check back
| leosanchez wrote:
| I am aware. I use it with my backup scripts. But I felt it
| was cool integration
| Havoc wrote:
| But then someone whispers K8S into your ear...
| jasonjayr wrote:
| That reminds me ... I have to go feed my homelab K3S cluster
| some updated CRDs to plan for the next upgrade window ...
| infogulch wrote:
| k8s was born from devs unconscious desire for another
| tamagotchi pet
| arrty88 wrote:
| I'm a big fan of self hosting. I have learned a lot on a small
| hobby project.
|
| for those who are curious about my setup, I bought a used Dell
| R630 on ebay for cheap. 1tb raid 1 on ssds, 32gb ram, 32 cores,
| and i am enjoying running a few small hobby apps with docker,
| virsh, and minikube (yes i learned all 3). I have a 1gbps fiber
| connection. I use a 1m cronjob to detect if my IP changes, and i
| use the linode api to change my DNS A records.
| chadsix wrote:
| I am part of a company that promotes self hosting and provides
| external routing for self hosting [1]
|
| We made Cloud Seeder [2] an open source application that makes
| deploying and managing your self-hosted server a 1-click issue!
|
| Hope this comes in handy for someone! :-)
|
| [1] https://ipv6.rs
|
| [2] https://ipv6.rs/cloudseeder
| https://github.com/ipv6rslimited/cloudseeder
| DanAtC wrote:
| I like the concept, but only 5 IPs? With IPv6 you should be
| offering at least a /64 per tunnel.
| chadsix wrote:
| Great point!
|
| We offer 5 because we're geared toward helping people host
| appliances as opposed to raw network setup! We also offer
| automatic RDNS with this as well as the Cloud Seeder
| appliance!
|
| Thanks again for your comments and as well thoughts!
| xiconfjs wrote:
| From the FAQ: * Q: "What about IPv4?"
|
| * A: "While IPv4 is still widely used, its necessity is
| diminishing as the world transitions to IPv6. (...)"
|
| ;)
| cutler wrote:
| 1.5Gb RAM/10Gb disk? Hetzner's basic cloud VPS comes with 4Gb RAM
| and 40Gb disk for E4.51.
| Ringz wrote:
| Do you have an eye on the (potential) price difference?
| massysett wrote:
| I'm an old-timer, I'm surprised that paying for shared hosting is
| now "self-hosting." Nothing wrong with that, but that would never
| have been called self-hosting ten years ago.
|
| I guess it's like how "cooking from scratch" evolved. A cookbook
| from the nineteenth century might have said "1 hog" as an
| ingredient and instructed you to slaughter it. Now of course you
| buy hog pieces on foam trays.
| diggan wrote:
| Seems to me the term "self-hosting" tends to auto-adjust its
| position based on the other end. So if "not self-hosting" is
| hosting on a shared VPS, then self-hosting is hosting on a
| computer at home. But "not self-hosting" has now become "hosted
| in cloud" so self-hosting moved to "shared VPS" instead, as the
| other end moved.
|
| Kind of makes sense, but kind of also makes historical texts
| more difficult to understand. In the year 2124, who know what
| "self-hosting" meant in 2054? I guess it's up to future
| software archeologists to figure out.
| icedchai wrote:
| Yes, the goalposts move. When I started w/the internet 30+
| years ago, self hosting meant your own 56K leased line.
| kayson wrote:
| There are definitely plenty of people who would say that using
| a hosting provider doesn't count, even if you're deploying the
| software yourself.
|
| The one generally accepted exception to this is network
| protection. You don't want to expose your home ip address to
| the outside world if you can help it, so a lot of people use
| tailscale, cloud flare tunnels, or a vps as a proxy.
| Cyph0n wrote:
| A VPS that proxies traffic over Tailscale is another neat
| option. I use this approach to serve self-hosted services
| that I want to be accessible over the internet.
| bauruine wrote:
| Why use Tailscale if you can just setup a WireGuard tunnel?
| freedomben wrote:
| Tailscale is far, far less work to set up and maintain.
| Not to use a cliche, but it reminds me of Dropbox vs.
| rsync.
|
| If you know Wireguard well enough to set up your own and
| you're willing, you'll have a lot more control and less
| dependency, which is a win IMHO. But if you are limited
| by time and/or knowledge, Tailscale is great
| darkwater wrote:
| Aren't we talking about self-hosting, tinkering with your
| software for fun and hobby instead of going the SaaS way?
| Arguing about WG instead of TS in this context is
| perfectly fine
| freedomben wrote:
| Indeed, if you got the impression from my comment that I
| didn't think a debate on WG vs. TS was fine, then I
| apologize. I think it's a great (and important) thing to
| debate. My opinion is as stated. I think it's a different
| cost-benefit analysis for each person depending on time
| and/or knowledge.
| darkwater wrote:
| Don't worry!
|
| Staying on the topic, I wonder how easy/complicated is to
| self-host Head scale, which is the opensource
| implementation of the TS server.
| al_borland wrote:
| Some people want the control without it becoming a full
| time hobby.
|
| I wanted a NAS. I could do it with Linux and ZFS, rolling
| my own with full control. However, I didn't want to sink
| that much time into it, and figured when something needed
| to be done, I would have forgotten so much I'd need to
| relearn over and over again.
|
| Instead I went with a Synology. I get my NAS, I'm in
| control of my data, I can run some stuff with Docker on
| it... but I don't really have to spend any time playing
| sys admin on my weekends.
| aae42 wrote:
| i self-host TS (headscale), so maybe not mutually
| exclusive
| Saris wrote:
| Just ease of use mostly, Tailscale works even behind
| CGNAT and automatically manages things for you.
| apitman wrote:
| I think you're unlikely to have a very good experience
| with Tailscale behind CGNAT if you're doing anything high
| bandwidth like video streaming from a Plex/Jellyfin
| server.
|
| AFAIK Tailscale only supports 2 modes of connection:
| direct connect or relayed over WebSockets with their DERP
| protocol. CGNAT is going to limit you to DERP, which is
| not designed for transmitting a lot of data. For one
| thing, that could get rather expensive for Tailscale.
| Saris wrote:
| Oh yeah it's not going to be very fast, but for general
| usage that doesn't involve large transfers it's fine.
| icedchai wrote:
| I have a VPS configured for BGP peering, using my own
| ASN, tunneling an IPv4 block and a couple of IPv6 blocks
| back to my home network over a wireguard tunnel. These
| wind up on their own VLANs, exposing a few VMs directly
| to the Internet.
|
| It took a bit of time to set this up (and I fortunately
| had the V4 block already registered from back in the
| 90's.) I also had experience with BGP from previous jobs
| at early ISPs, which helped. Proxying is easier.
| ang_cire wrote:
| In my case I am just interested in the software I'm
| running behind the proxy. I use CF tunnels to expose my
| internal services, and spend my tinkering time on the
| actual services, rather than (to me) wasting the time to
| bother with worrying about updating IPs or setting up
| custom auth schemes (I keep a lot of my services locked
| down entirely behind github SSO, so you can't even reach
| my e.g. Jellyfin login page without first being auth'd to
| github as me, which basically prevents all brute-force
| attempts on my services).
| stuckkeys wrote:
| Cloudflare?
| hoosieree wrote:
| Yeah, my list of requirements for self-hosting starts with:
|
| 1. battery backup
|
| That said, I'm not zealous about it. "Perfect is the enemy of
| good" and I like ecosystem diversity in general. Better to have
| a few dozen shared hosting providers than 2 or 3 monopolies.
| eximius wrote:
| Every time this sentiment comes up I'm reminded that it's a
| spectrum.
| m463 wrote:
| I agree with you.
|
| and so does the author, kind of...
|
| "And so, here is a gentle introduction to self-hosting that is
| not "true self-hosting", but whatever. Sue me."
|
| :)
| transpute wrote:
| _> Sue me_
|
| Or read an HN thread on "true self-hosting",
| https://news.ycombinator.com/item?id=41440855#41460999
| _heimdall wrote:
| I must be becoming an old timer too, I only really consider it
| self hosting if its on my own hardware.
|
| In case that doesn't make me an old timer, I also actually have
| pork and home cured bacon in the freezer from hogs we raised
| and processed. "An old soul living in a new world" feels pretty
| fitting here.
| apitman wrote:
| There are other issues with the terminology as well. The self
| hosting community (centered at /r/selfhosted) has a very
| technical vibe. These people enjoy tinkering with computers.
| They're like kit car builders.
|
| But there's a whole market of people who could benefit from
| self hosting, but shouldn't be required to understand all the
| details.
|
| For example, you can get many of these benefits by using a
| managed service with your own domain. Things like data
| ownership, open source software, provider competition, etc.
|
| I think we need a broader term. I've been using "indie hosting"
| lately.
| simcop2387 wrote:
| This is the kind of thing I've been watching unfold with some
| home "NAS" boxes over the past couple of years. It started
| much earlier but it's started to become more of a
| differentiating factor in some of the lines lately because
| the NAS side of things is basically entirely a solved problem
| for 99% of people, so the manufacturers (Synology, QNAP,
| Terramaster, U-Green, etc.) have been adding support for
| doing what looks a lot like turn-key installation of things
| like NextCloud, Plex, and a bunch of other services that the
| self-hosting community has been talking about for years.
|
| I think one of the big drivers of it has been the serious
| increase in performance and capability of the low power
| embedded processors from Intel and AMD (and in the last year
| or so some ARM based ones), like supporting more than 2GB of
| ram and having multiple cores that can meaningfully do work
| even with a 15W TDP.
| Dalewyn wrote:
| I am of the impression that Synology is pivoting away.
|
| >Starting from this version, the processing of media files
| using HEVC (H.265), AVC (H.264), and VC-1 codecs will be
| transitioned from the server to end devices to reduce
| unnecessary resource usage on the system and enhance system
| efficiency.
|
| https://www.synology.com/en-us/releaseNote/DSM
|
| They say it's to "reduce unnecessary resource usage" and
| "enhance efficiency", I say it's the start of a race to the
| bottom of the barrel now that the market is saturated and
| BOMs start weighing heavier.
| apitman wrote:
| If my device supports the native format of the content, I
| definitely want it decoded there rather than transcoding
| on the server. Assuming said format isn't significantly
| more power hungry than the transcoded codec.
| immibis wrote:
| I call it self-hosting when it's on your server, and hosting
| at home, if we want to be specific that the server is at
| home.
| apitman wrote:
| What would you call it if it's hosted on someone else's
| server, but using open source software under your domain,
| and you have a complete backup of all the data so you could
| move it home or to another provider whenever you want?
| transpute wrote:
| For the last 30 years, that's been called "web hosting"
| [1]: Shared custody No
| confidentiality Portable domain identity
|
| [1] https://www.webhostingtalk.com
| apitman wrote:
| If someone thinks to themselves: "I really don't like the
| ways twitter is changing. I'm leaving, but is there
| anything I can do to avoid the same thing happening with
| some other app/company?"
|
| If they search around for an answer to that question,
| pretty soon someone is going to tell them to "self-host a
| Mastodon instance" or in the near future "self-host an
| ATProto instance".
|
| My point is that the term "self-hosting" is unlikely to
| get them what they want, unless they happen to be
| interested in learning about DNS, IP addresses, ports,
| port forwarding, routers, firewalls, NAT, CGNAT, TLS,
| TCP, HTTP, web servers, Linux, updates, backups, etc,
| etc.
|
| I don't think "web hosting" is going to help them much
| either.
|
| What most people want is something like a Mastodon
| instance from masto.host[0] that integrates with a
| service like TakingNames[1] (which I own) to delegate DNS
| with OAuth2. I think we need a new term for this sort of
| setup. I think the term should also include self-hosting
| solutions, as long as those solutions focus on the
| outcomes (having a car to drive), not the implementation
| (building a kit car).
|
| [0]: https://masto.host/
|
| [1]: https://takingnames.io/blog/introducing-takingnames-
| io
| transpute wrote:
| _> don 't like the ways twitter is changing. I'm leaving_
|
| Has there been work to quantify relative network effects
| in Twitter vs Mastodon, either generally or in specific
| communities? e.g. if person A was following N people on
| Twitter (e.g. in a list), what subset or superset of N
| could be followed on Mastdon?
|
| If a user requested all their data from Twitter,
| including people being followed, is there any tooling to
| map user identity/handles from Twitter to member names on
| decentralized alternatives?
|
| _> someone is going to tell them to "self-host a
| Mastodon instance.. from masto.host_
|
| Wouldn't that be masto-hosted rather than self-hosted?
|
| In that scenario, Masto.host would be a trusted
| _custodian_ of a social media identity, somewhat like a
| bank.
| nielsole wrote:
| "digital souvereignity" maybe?
| dylan604 wrote:
| Hosting from home was always subject to home ISP ToS limits on
| doing that very thing. When I self-hosted in the early days, it
| was still paying someone to mount my system in their rack and
| use their network. So whether that was hardware that I rented
| from them, built the box myself, or using a VM they provide,
| it's still the same amount of work to maintain it. That's still
| different from using Wix/Squarespace, geocities, or using a
| social media platform.
| ang_cire wrote:
| > was always subject to home ISP ToS limits on doing that
| very thing
|
| Every ISP prohibition on self-hosting that I have seen
| specifies commercial use, not just hosting services (since
| obviously that could technically prohibit tons of normal and
| authorized uses like co-op games).
| bityard wrote:
| I have always understood self-hosting to mean being in charge
| of your applications and data instead of delegating it to a
| company. An example might be, setting up Nextcloud instead of
| Dropbox. Or Taiga instead of Trello.
|
| WHERE and HOW it is hosted, is less important to me. Because if
| you self-host your own tools, you can freely pick them up and
| move them to any hosting provider, a cloud provider, or a
| Raspberry Pi in your basement. Self-hosting FREES you from
| infra/vendor lock-in.
| al_borland wrote:
| But isn't using a 3rd party web host giving up some of that
| control. Hopefully a reputable hosting company won't shutdown
| at a moments notice, but could. Or if they go down, you're
| stuck sitting there waiting for them to come back online with
| no access to your services.
|
| Hosting from home has its own challenges, so I get why people
| would go to a hosting provider, but I do think some control
| is given up in the process.
| immibis wrote:
| You retain most of the control. You have actual laws
| protecting you from them snooping on your database. If it
| goes down, then you have a backup, right? so redeploy the
| backup onto any other provider or at home.
| user01010 wrote:
| What of the event that your SSDs, HDDs, Discs, home
| devices, etc... stop working? Fire up Torrents or go back
| to Usenet? Just asking, but you still have online backups
| and they can't check your database right.
| hk1337 wrote:
| I'm not sure what your classification of "old-timer" is with
| how it compares to me but I would think of myself as an old-
| timer as Gen X.
|
| I feel like there's another term for what you're thinking of
| but I cannot come up with what it is.
|
| Self-hosting definitely was locally hosted on your own hardware
| back when hosting providers like Linode, Digital Ocean, AWS,
| etc existed or were as customizable.
|
| Even corporations "self-host" GitHub Enterprise or Gitlab when
| they set it up on AWS. Self-host just means you're not reliant
| on creator of the application to host it for you and manage the
| server.
|
| There are certainly advantages and disadvantages to self-
| hosting on your own hardware, as there are to using a hosting
| provider.
| user01010 wrote:
| You reckon you could even use Github to archive some small
| things? If Github or GitLab suffers, then some parts of the
| internet will also have problems, correct? Legitimately
| asking, is there any way for Github to go around searching
| for "no-code" content through countless private repositories?
| hk1337 wrote:
| I don't think Github could read your self-hosted Github
| instance unless there's some code in there that calls back
| home or provides home the ability to search code in your
| instance.
|
| In the beginning, self-hosting was seen as completely local
| partially because there were no good options for hosting on
| a server, so that's probably where it sort became
| synonymous with hosting it in your home.
| lelanthran wrote:
| > I'm an old-timer, I'm surprised that paying for shared
| hosting is now "self-hosting." Nothing wrong with that, but
| that would never have been called self-hosting ten years ago.
|
| Depends, maybe? Was the speaker talking about hardware or
| software 10 years ago?
|
| Because, when I was given the 'self-hosting' option by some
| SaaS vendor, it meant that I could host it on whatever I want
| to independent of the vendor, whether that is a rack in my
| bedroom or a DO droplet.
|
| When I was given the 'self-hosting' option by some computer
| vendor (Dell, HP, Sun, etc), it meant that I can put the unit
| into a rack in my bedroom.
|
| Context was always key; in my mind, nothing has changed.
| ang_cire wrote:
| If you are using a hosting provider, you are by definition not
| "self hosting", since you are in fact, not hosting (unless you
| happen to own the hosting provider company).
|
| I _actually_ self-host tools, and that involves having (in my
| case) a couple of rackmount servers in my spare bathroom, and
| an rPi5 with a 4x m.2 hat on my desk. Hell, even just running
| stuff on your own desktop /laptop is self-hosting.
|
| But PaaS and SaaS are just as not-self-hosted as IaaS is. It's
| literally cloud hosting.
| bankcust08385 wrote:
| Renting space in a colo and running EBGP on leased dark fiber
| to HE is real self hosting. VPSes while more convenient are
| definitely nothing like running metal.
|
| For a lot of stuff that doesn't need constant public network
| connectivity, I choose to run a home lab.
| from-nibly wrote:
| > Practically, it is foolishness, for what you save in money you
| lose in time and sanity.
|
| Kubernetes gets a lot of side eyes in the self-hosted community.
| That's all of self hosting though. So why not go all in?
|
| I've got 3 dell r720XDs running nixos with k3s in multi master
| mode. It runs rook/ceph for storage, and I've got like 12 hard
| drives in various sizes. My favorite party trick is yoinking a
| random hard drive out of the cluster while streaming videos. Does
| not care. Plug it back in and it's like nothing happened. I've
| still got tons of room and I keep finding useful things to host
| on it.
| kayson wrote:
| Plenty of people use k8s or k3s for self hosting. But for most,
| the added complexity doesn't buy enough for the trade-off to be
| worth it. Keep in mind most people have a single node, so
| docker does everything they need.
|
| Personally, even with a 4 node setup (of tiny desktops; the
| hardware you have would easily cost me $200/mo in power bills),
| I use docker swarm. Old and unloved, but does everything I need
| for multi node deployment and orchestration with only a sliver
| more complexity than vanilla docker.
| from-nibly wrote:
| Yeah don't ask me about my power bill, It's definitely in the
| vanity realm. I have cheap power where I live so it's not
| anywhere near $200. Still too high though. One day I'll get
| solar to offset it.
| Cyph0n wrote:
| I just use NixOS as a VM and run services as containers
| directly. Self-plug: I wrote a tool that makes it easy to run
| Docker Compose projects on NixOS [1].
|
| This way, I get the advantages of NixOS config, while also
| being able to run arbitrary applications that might not be
| available on nixpkgs.
|
| As far as storage goes, I just use ZFS on the hypervisor
| (Proxmox) and expose that over NFS locally.
|
| [1] https://github.com/aksiksi/compose2nix
| ed_mercer wrote:
| Once you graduate from this guide, be sure to check /r/homelab
| and /r/homedatacenter ;)
| meonkeys wrote:
| And https://lemmy.world/c/selfhosted , and
| https://www.reddit.com/r/selfhosted/ . There are a few useful
| Matrix chat rooms related to self-hosting, too:
| #selfhosted:matrix.org , #self-hosted:jupiterbroadcasting.com ,
| #steadfast:matrix.org
| meonkeys wrote:
| The author nails it here:
|
| > It is 2024, and I say it is time we revisited some of the
| fundamental joys of setting up our own systems.
|
| Self-hosting really is joyful. It's that combination of learning,
| challenge, and utility.
|
| +1 to Actual Budget
|
| +1 to Changedetection.io
|
| -1 for not mentioning threat modeling / security. The author uses
| HTTPS but leaves their websites open to the public internet.
| First-timers should host LAN-only or lock their stuff way down. I
| guess that's tricky with shared hosting without some kind of IP
| restriction or tunneling, though. No idea if uberspace offers
| something like that.
|
| For folks getting past the initial stages of self-hosting, I'd
| really recommend something like Docker to run more and more
| different apps side by side. Bundled dependencies FTW. Shameless
| plug for my book, which covers the Docker method:
| https://selfhostbook.com
| w10-1 wrote:
| OK: This has not been a detailed step by step
| walkthrough on how to do things, by design. You are
| meant to go and explore; this is simply a way pointer to
| invigorate your curiosities
|
| Sorry, but because I came looking for solutions, I found the
| invigoration aggravating, but then helpful in focusing my
| attention.
|
| Scalable services and sites I can build, 10 different ways.
|
| My enduring, blocking need is for dead-simple idiot-proof network
| management to safely poke a head out on public IP from home. And
| to make secure peer-to-peer connections. Somehow that process
| never converges on a solution in O(available) time.
|
| </complaining>
| transpute wrote:
| _> dead-simple idiot-proof_
|
| Recent thread:
| https://news.ycombinator.com/item?id=41440855#41460999
|
| _> network management to safely poke a head out on public IP
| from home_
|
| For remote access to private services, would
| Tailscale/Wireguard be an option? It can even use Apple TV as
| an exit node.
|
| _> secure peer-to-peer connections_
|
| Which protocols would you consider secure for P2P use, e.g.
| which solutions have you tried previously which failed to
| converge?
| transpute wrote:
| "Why I self host my servers and what I've recently learned", 130+
| comments, https://news.ycombinator.com/item?id=41440855
___________________________________________________________________
(page generated 2024-09-18 23:00 UTC)