from irmadlad@lemmy.world to privacy@lemmy.ml on 28 Oct 17:09
https://lemmy.world/post/37994805
I’m just mildly curious. I know this isn’t the self hosting chan, but how many of you self host services as part of your efforts to retain your privacy, security, and anonymity?
I’ve been self hosting something for decades now. I got really started back in the PreNapster era. I ran an independent, selfhosted, fully licensed, internet radio outfit. That was back when music on the internet was a lot of cheap, tinny, geocities, midis. LOL I worked with a company called IM Radio Networks. They and Phillips, developed one of the world’s first bookshelf stereo, that was internet ready. Hook it up to the internet, and you could listen to AM/FM and IM radio. I’ve often mused that if it weren’t for Shawn Fanning, the music landscape on the internet might look a bit different as he forced the music industry to reevaluate how they did business.
Now, I self host a ton of stuff just for my own needs. It’s an enjoyable, purposeful, hobby, that keeps me busy. It’s also, so very educational, and I learn new things daily.
ETA: Man it does my heart good to meet and greet privacy minded users who also self host. It is an integral part of my privacy, anonymity, and security posture. If you aren’t already, or are thinking of self hosting, do it! You don’t need massive racks in the closet that dim the lights on reboot. A simple NUC or even RPi are quite capable of serving up services. You don’t need a Tier 1 feed from your ISP. Keep it simple and basic and work up from there to meet your needs.
Thanks again to all those who responded and shared their experiences.
threaded - newest
I do! I have a small kubernetes at home where I try to host everything I can.
Well, then you are more advanced than I. I haven’t got kubernetes figured out yet. I’m still plumbing the depths of Docker. I did provision a small server to test out kubernetes but haven’t got back to it.
To be honest kubernetes is probably overkill for most homelabs, but I learned a lot using it and it got me my current job so I think it’s worth it 😅!
So I’ve heard, but I’m still keen to learn it. You parlayed the experience into a positive cash flow, so that’s pretty awesome.
I’ve been self hosting for a few years now. One of my greatest enemies had been trying to get too fancy too soon. Depending on your personality type, I suggest just getting some crap working to the end goal first. Just a one service compose file or even just some docker cli command that you find in your bash history. Then go back and refine later.
Excellent observation for those just dipping into selfhosting and great advice. I tend to go overboard on security.
You could try learning podman as an intermediate tool. I recommend it for the user-controlled systemd services. There are so many systemd commands to fine tune your containers.
I don’t know if I’d call myself a privacy pioneer but I self-host some stuff and share/trade services with a few friends.
lol I just needed something for the alliteration. Rock on my brother.
I try to selfhost wherever possible. There are a few exceptions where it’s not practical (email for example), so I prefer not Google/Apple/Microsoft when that happens. In those cases, I also like to diversify so any potential enshitification is less painful to resolve.
Yeah, email is my kryptonite. I’ve run a couple packages in the past, but it is tedious. I use a EU service called mailo.com. Small, little company but in business for 20 years. Not a lot of gee whiz bells and whistles. Pretty much mail and a calendar, which is really all I need. I do make use of email aliases a lot.
There are very easy steps you can take here. It seems complicated, but there are tools for this and with a VPS/VDS, you can be up and running in under an hour if you are technically inclined. Moving to my own email, is by far, one of the best things I have done in my life.
It wasn’t the running it as much as the blacklisting.
So there is a bit of work you need to do, but if you manage your server well, do DMARC, DKIM, SPF etc and then nip it in the bud when you get warnings, its very easy to manage. Its about responsibility. Bad actors exist, but careful operators prevail.
Yeah, I might take a swing at it a few more times. That’s kind of my modus operandi. Do it, screw it up, restart. #$@$@ Do it, it works! Write that shit down! LOL
It took me 6 deploys to finally understand all the mechanisms. What I like about self-hosting and the open source mantra in general is that every failure is a lesson with field experience. So skills development and acquisition is fairly easy if you push for it and once you get it, its wash, rinse, repeat.
.
I’ve been self hosting since 1998. My first non-website service was a VCR hooked to a firewire capture card running QuickTime server so I could watch TV in the computer lab at school.
Your internet radio thing was neat. Mine was called Green Frog Radio. No, it didn’t go anywhere. Definitely not licensed whatsoever.
I bought an Onkyo NetTunes amp that had Internet streaming built in, but it sucked and didn’t have any of the cool stations I liked. I got together with other nerds and we wrote a simple NetTunes proxy running mono that inserted our list of stations into the NetTunes server response. I hosted that for a while. All users had to do was configure their IP settings to add my address. It was a fun little project. Actually, I guess that was my first open source collaboration. Haha.
I’m not a pioneer - but I selfhost.
Awesome bro. What kind of things do you selfhost?
My e-mail, on my own domain names, my server with a homepage, a bulletin board, and cloud… on the cloud (NextCloud) I also host a note taking server…
I don’t do streaming (yet) in any way bigger than I can stream video and audiobooks and music from my cloud if need be, but not with any special app for that.
Sweet!
I just launched a business to help non technical people identify and selfhost their business tools. I faced such problems when I lived in a fascist country and now that I live in a fascist country again, I figured its a good way to go.
That’s super cool. I’ve always thought that every household should have a server as we live very digitally dependent lives now. Back when Microsoft released their homeserver edition, I thought that was going to be a good angle, however, it didn’t take off. If I were a younger man, I’ve often thought about assembling small, closet servers that could sit on a shelf and be used by the household members. I also see a lot of ‘mini’ server layouts using Lenovo ThinkCenters, which are surprisingly pretty snappy servers.
Self hosting is not always about hosting at home. A private VPS/VDS, co-located server that you own/lease and operate is essentially that. I take self hosting as not turning to big tech for the very same solutions I can spin up myself on a private server.
That being said, self hosting also involves servers at home that run personal services.
My line of work is mostly in business. Getting people to operate their businesses with open source tools on private servers, local, in the country and abroad, as they wish.
Absolutely. I’m not one to split hairs in the definitions. Old computer at home, paid for VPS, hell even an old laptop.
That’s great to hear you’ve made it into a business. I’d been thinking of creating a “biz in a box” side hustle for small businesses. I’m not very business-savvy, though.
*Raises hand*
I see ya bro.
I only p2p but I can’t do much, NAS is so expensive in my country :(
In the early days, I selfhosted on an old raggedy laptop
I self-host my own Monero node and I self-host my password manager and my files
Hmm. I’m pretty confident in my defences but selfhosting passwords and financials keeps me awake at night. LOL
I just make deterministic passwords based on what I’m using. It’s a hard to break pattern.
I self-host a decent bit of stuff. My setup has been to rent rack space in a datacenter to put my own storage server in, plus a second server at my house that I mirror backups between. I run my own VPN, “Cloud” storage, lemmy instance, game servers, websites, CI build systems, media streaming, etc… You can find some cheap server hardware on eBay that’s only a generation or two old, which you’ll need if you’re running in a datacenter, but for home servers it’s super easy to just set up an old desktop with a battery backup.
I’ve always wanted to implement something like that.
There’s a few different services you can use to set it up. I quite like Buildkite since they’ve got a pretty easy setup for running jobs on your own hardware, but I think several other CI services have a self-hosting option.
The best part about it for me is I can run GPU tests and do automatic screenshot diffs for my game engine. Normally renting a GPU server is super expensive, but it’s basically free to run myself using my old hardware.
I put it on the list. Got to check it out.
Have a NAS, Jellyfin server, and LLM on my LAN so far. Next step is to make them available outside my home, but I’ve been procrastinating.
I’ve relied on a Wireguard VPN for remote access until recently, I’m now playing with Pangolin via a VPS. I question why I need public (private) access, but it seems cool to operate that way and allows family members easier access.
Pangolin covers a wide swath of implementations that you’d normally have to connect together to get the same coverage, all in one package. I use it on a test VPS.
I know a lot of people have ‘concerns’ about Cloudflare, but the Cloudflare Tunnel/ZeroTrust free tier works like a charm. You don’t have to punch holes in your server to route services/ports, no exceptions in UFW or similar. No port forwarding or NAT concerns on your router/firewall. The only caveat is that you need a proper domain name which you can pick up at NamesCheap for less than $5 USD. Overlay Tailscale on your server, and Jack’s a doughnut, Bob’s your uncle.
There are alternatives to Cloudflare like Pinggy, ngrok, LcalXpose, Zrok, Localtunnel, localhost.run, serveo, Inlets, and Frp. ngrok seems to be the more popular of the options.
I too am using a Cloudflare tunnel for my public facing services (such as WordPress), and that also allows you to put the WP login page behind another auth login as well which is great for security, so I do also vouch for Cloudflare.
I’m using Pangolin for private services on a VPS.
Plus, I have one service that is direct to my home IP for file sharing to one particular remote IP that is the only service directly through my firewall.
Therefore I have 3 ways my services are accessed and this has been the game changer for me recently, as previously I tried to run all this through one Caddy reverse proxy directly to my router and it gets painfully fragile mixing public/private services through one bottleneck when you’re tinkering as a selfhoster. So splitting it up has helped massively.
Good tip with the Cloudflare alts though!
Doesn’t cloudflare think you’re a bot when you remove tracking portions of urls? Cloudflare prevents me from seeing sites, but I am not a bot. Maybe the answer is I shouldn’t go to shitty sites to begin with.
You might have to unpack that for me as the caffine and morning meds haven’t quite yet soaked in and I’m not up to operating temps yet. Are you talking about Cloudflare verification checks? Like, you click to a site, it asks you to verify if you are a bot or not? If so, with the Cloudflare Tunnel/ZeroTrust, no it doesn’t ask for verification. Now, in the options for the Cloudflare/ZeroTrust tunnel, there is a section where you can set that up, but out of the box, you don’t get verification checks.
Full disclosure, it took me a few tries to wrap this noodle around it. That’s usually par for the course tho. Some things just stump me for some reason. Caddy was like that until I kept pursuing it seriously. Then one day I read a tut online and lifted one paragraph that was essential, and ding! The lights came on, the clouds separated, and it was so clear. Now, to me, Caddy is very easy and I am embarrassed that it took me so long. But, that’s part of the journey.
Yeah, Caddy was working fine, but the issue was me tinkering with it meant having to reload Caddy for the updated config to work, and that would break any connections people were using for file transfers etc. Also, it isn’t as quick for reverse proxying file transfers.
Therefore trying to run private and public services through it was limiting when I was also trying to tweak it constantly for my homelab.
I’ve found Traefik to be better in that it auto reloads the config live as you edit it, and it’s been faster for file transfers on my 1Gbps fibre.
And now I’ve split my services to separate public/private reverse proxies, that takes the pressure of having to keep one proxy always live. Pangolin uses Traefik, and so do I for my direct services through my firewall, and that makes life easier when only dealing with one type of proxy service.
Messed around with it a bit. It’s another one of those things I have to do and fail at a few times which is why I have a little cheap VPS to test on.
NAS, Jellyfin/Plex, Copyparty (Google Drive replacement), Kiwix (Wikipedia), Joplin, Searxng, Ollama (LLM). Plus all the various searching tools, the maintenance tools, etc. I have pretty strong compartmentalization of my storage into separate media pools that all have their own RAID setups, plus an external backup.
It’s a bit of work to get all set up, but I use docker compose and autoheal / watchtower to keep the services going. I use Caddy and my own domain to make the services I want available externally to my network.
Do you find that Watchtower sometimes screws up the update? I know I was plagued with that issue enough to drive me out to search the webs. OG Watchtower hasn’t been updated in 2 years and shows no real sign of activity. I went searching for a fork:
watchtower.devcdn.net
Haven’t had any issues since.
Thanks for that! I have struggled with watchtower from time to time, so knowing there is a good fork out there is great. I’ll try it out.
I’ve been selfhosting for about 4 years now. I wanted to break away from services like Google and find tools I could control on my own hardware.
I went from bare-metal Jellyfin and Nextcloud on my NAS to running the NAS with an NFS share and a Raspberry Pi as a pod orchestrator through quadlets. That little sucker is running pods for:
It’s also running instances of:
I’ve only opened a few services for family usage, but everything else is VPN-accessible.
Also, no more Nextcloud. Syncthing balances everything out, and I can use sftpgo’s webdav option to host my own seedvault backups. Now Google is collecting dust.
I am keen to know how you keep Invidious operational? YT is on a killing spree to make it impossible to view videos unless you submit to their platforms. Ban hammering IPs happens constantly. I got frustrated and just use LibRedirect to access already established instances. I just don’t want to jump through all the YT hoops, listen to back to back un-skipable ads just to find out the tutorial I thought I was interested in was crap.
I just have it in a pod with the companion app. They auto update and auto restart at night. I’ve also kept my subscriptions fairly low. Most of the time, that’s all I need.
Self hosting looks interesting, but I’d generally rather keep things offline. Even as a software developer, I value simplicity, and most online “services” I find entirely superfluous ; self hosted or no.
Jellyfin ? How about a big external drive with movies on it, just plug it into your viewing device of choice.
Hosting my notes ? I take my notes on physical paper. (Loose sheets, because notebooks have the same scaling issues computer notes have. Sometimes I just want to splay everything out on the table and do big picture work. That’s also why I only use one side of the sheet.)
Music streaming ? I dont even know if you can self host this one (probably yes) but I’d rather just copy the file over ; even a huge library doesn’t take that much space.
Photos ? I just have folders on an encrypted drive, with some backups elsewhere. Though I guess Immich looks interesting…
Documents ? Okay, I should self-host this one. For now it’s all local, on-disk (encrypted of course, there’s no good reason not to), but it can be quite inconvenient if my only copy is at home on my desktop.
So no, I don’t self-host yet, and when I do (hopefully soon) it will be only in a limited capacity ; mostly out of a convenience concern, privacy being a distant second.
Totally understandable
I recently got the homelab going and plan on expanding to a few family members as well.
12 nodes (some new Epycs for encrypted memory, some centreon ewaste for cold storage and background tasks, and a few in-between) so far. All Harvester HCI and Rancher. I run game servers, Ollama, and NFS for storing my encrypted back ups on it mostly at the moment, with a sync to send encrypted to Proton for that off-site.
I can only get so erect
DNS, Jellyfin and game servers mostly; occasionally will tinker with other stuff but those are the ones that have lasted
Self-hosting for a bit less than 10 years. My main pain is that my setup is now stable and I have nothing left to tinker with.
Stack recommendations?
Immich, Vaultwarden, Radicale, Cozy, FindMyDevice, Ejabberd, Hauk, Memos, Beszel, Docker-Mailserver, Crowdsec,…
Blasphemy! LOL Congrats on the stable stack.
I was running a server hosting a Gutenberg mirror at home 30+ years ago. And no, it’s not public.
That’s pretty awesome!
Working on jellyfin and Nextcloud right now. I have not used NGinx or Tailscale, so now I have to figure out how to set those up to work outside of my house without getting hacked. Next I might try SearXNG or maybe host my own email again.
Tailscale super easy and a self-solving problem.
Searxng is rock solid.
I do. Nextcloud + Immich
I hear raves about Immich. How is that working for you?
Really well other than one major complaint, which is that the search function has no timeline order and everything is jumbled together. That’s the one issue I have, though.
I might give it a whirl. I have a fair collection of pictures.
services
meta
also locally (and beyond thanks to WireGuard)
Damn son…leave some bandwidth for the rest of us. LOL
Ah, worry not only PeerTube takes bandwidth basically and that’s hopefully mostly distributed back per people watching!
PS: making this list (via
docker ps) made me think I should generate the visuals of fabien.benetou.fr/Content/MyCloudTransition programmatically. Right now it’s done manually via fabien.benetou.fr/…/GraphReverseProxyNewShell as GraphViz as you can see fabien.benetou.fr/…/GraphReverseProxyNewShell?act… but it could be generated on every update instead.Thanks for forcing me to stop back. I’ll consider it.
Quite an impressive set up there bro. Seriously. I see you have isolated your business from play. That’s good. I need to update my network map, just for the fun of it and it does help when I’m scratching my head trying to figure out why something isn’t working.
I have a couple Minecraft servers using pterodactyl :3
I probably will self host a lot more when I have my own place and money tho
I used to be heavy into Minecraft. I had a really nice set up on a VPS. Ran shaders and a ton of add ons. Fun stuff.
I’m currently running 2 Proxmox hosts with 3 LXC containers and 3 VMs between them, and on my NAS - 2 VMs and… 50 docker containers.
I reeeeeally don’t like centralized services. 😂
I really love my Proxmox server. For a freemium product, it covers a lot of ground. Personally, I think it out performs VM Ware, and is very straight forward. I’m sure you’ve checked out the Helper Scripts? Lots of good stuff there.
I think I may have you bested. LOL Why not right? I mean, self hosting is a wide field and I can’t think of a lot that I need that I can’t self host. For a rather small entry fee, and some time, patience, and learning, it’s all achievable. I have never done a cost analysis but, if you were to add up all those subscription fees to all those centralized services, I think I am coming out on top. As long as you don’t try running enterprise grade, legacy stuff, and your equipment is relatively current, you’re golden.
100% agree with you re: Proxmox. I’ve recently migrated my gaming PC to a Proxmox setup with a Win10 gaming / VR VM, and a Debian 12 VM solely dedicated to serving, quantizing, and optimizing LLM (with full 3090FE vfio passthrough 😁). The other one I have is a super old mini-ITX tiny box with an i3-4130 in it, and I use it for a Plex LXC b/c my NAS has a CPU that doesn’t support hardware transcoding (even though I’ve literally showed all my clients how to disable transcoding completely so they all get direct streams / direct plays at original quality to their devices), just in case some transcoding needs to be done.
So I decided to set up the Cluster/Node bit a few days ago, and it is SO awesome to have instant access to both servers at one URL and interface to manage all my VMs/LXCs. I’ve only had one problem with Proxmox since I started using it a couple years ago, and I’ve loved everything else about it!
In the spirit of “why not right?”, here’s one of my favorite random services I run: github.com/jordan-dalby/ByteStash I love being able to save little snippets that I know in the moment I will hit myself later if I have to look it up again.
Oh you’re preaching to the choir. You ought to see the copious amounts of notes I take. Endless, detailed, step by step, EILI5 style. It’s not only nice to have, but it is quite essential. When I find something that works, I write that shit down and back it up.
Still shopping around for a cheap enough Optiplex or ThinkCentre that has bare minimum encoding (HEVC 10-bit) and RAM (16 GB), but once I find my baby I’ll be running Nextcloud, Immich, and Jellyfin in Proxmox. I want to leave Google behind very badly, especially for my files and photos I got in the cloud, but also for music streaming since I’m a daily YT Music user.
I’ve seen some really nice rack set ups for ThinkCenter. Small, unobtrusive, and quite capable.
<img alt="" src="https://lemmy.world/pictrs/image/79328316-b4f8-48d3-a54f-923b1b8d6a98.jpeg">
Oh god, where do I start?
3 node proxmox setup:
Net node:
Compute node:
Storage node:
Oh and a monitoring node made out of a rpi 4b with an nvme hat,running dietpi, prometheus, grafana and homepage (gethomepage.dev)
Thats about it plus automations and stuff, wireguard so I can access it from anywhere. Not separated properly, no network zones, just a few vlans for now, work in progress.
<img alt="" src="https://lemmy.world/pictrs/image/541b4f0d-e045-43c9-9f08-e1a40e182c70.jpeg">
It gets to be an obscession, no?
Yes. But its my outlet, its keeping me sane. Looking at the worlds nowadays, this is my happy place. More therapy than anything.
I think it’s very important for us humans to have something in our daily lives that distracts up for couple hours or so. A release. I like to get out and touch grass too. Balance.
.
Yep! I just started self hosting a lossless music and 1080p movie server for my dad and I! It goes online soon. I’d say self hosting is an integral part of gaining true digital sovereignty.
Absolutely! 100%
Me, hi
Awesome!
Me too, hellos!
I have a local network for sharing files between my devices but I don’t open anything up to remote access. I might change my mind once I’m more skilled at networking but right now I don’t trust myself to be able to set up something secure. If I’m on the road I just plan what I’ll need and manually sync it across before I go
That’s totally understandable. I will admit, the first server I tried to stand up got ransacked in an hour. I received a nastygram from the VPS saying that my server was attacking other servers which can have serious consequences. Of course I shut it down right away. I had just the OS, nothing else on there, so at worst it caused a some other servers to implement a block on my IP.
So I sat down and started reading, and testing, ad nauseam. Learned about hardening a Linux server. Learned about UFW and Fail2ban, and other security deployments. Learned how to bash. It’s been a learning process that still thrives. I thoroughly enjoy the experience.
But yes, it can be daunting at first, I totally get that. Of course, you have a much broader resource to tap than I did at the time, but that’s what I really dig about the internet. It is the sum total of the world’s knowledge. Not necessarily wisdom, but vast repositories of information.
Have a blast bro.
How did you get into it? Any resources you’d recommend for a noob who wants to get into setting up servers?
Oh gosh… Well, first you should get a subscription to Byte magazine. LOL J/K but that’s how far back it goes. I’ll pull some bookmarks here in no particular order.
And of course right here
ETA: Me Skuzi…I did not answer your first question. I got into computers back with the original Altair kit. I saw recently there has been a revival of the old 8000. Wasn’t much you could do with it at the time, but it was super cool and I was addicted. After that, if memory serves correctly, I had a Timex/Sinclair. Had a cassette tape drive you’d use to load up an app. The TI 99 & 994a were probably my first real complete computer setups with drives, memory expansion, etc. You needed something like a kitchen table to lay it all out on. It sprawled all over the place, but was a decent platform for it’s time. After that, I’ve had at least everyone there after. LOL