I've spent some time on exploring the current self hosting scene after I got frustrated about pricings on different platforms and how absurdly complex certain stuff became. I'm happy to share it with you guys!
Not to downplay the intent, but hosting static site is much simpler in something like github or netlify. Also in my area business internet with fixed IP is more expensive than what I would pay for decent enough cloud instance($50 vs $10).
Definitely simpler than setting up everything from group up. Though ATM I would argue that It would take me the exact same amount of time to get another app online :). Regarding IP, in the blog post further down I'm explaining that I also don't have fixed IP and how you can setup DDNS.
Thanks for reading!
With dynamic dns static IPs are not as critical. Most routers support them natively. What it does is quite simple - every time the router receives a new IP, it updates your dns entry.
Not to mention that most “dynamic” IPs change only while the router is offline and your lease is up. So as long you don’t power it off, it may not change for large intervals of time.
My home network also seems to have no problem holding an ip despite being dynamic. I usually have to change the mac on my router before I'll get a new ip. In 15 years, I think I've only had it change unintentionally 2 or 3 times.
Presumably you only need a fixed IP for email delivery. Public sites like blogs could be fronted by a CDN, and you can manage private sites behind a vpn like tailscale etc.
I think a design where you rent a cheap $5-$10 vps with a static IP that forwards SMTP messages both ways through a secure tunnel to your personal mail server in your home would be a good starting point for self hosting.
If you don't need all that cloud operations/deployment infrastructure, self hosting a website from home in 2023 is as easy as it was in 2003. Get a DDNS, do the NAT port forwarding, run some apache/nginx/whatever and push your files with sftp or similar to the server. In contrast to 2003, upstreams got better -- even Germany has average upstream speeds of 20mbit/second nowadays [1]. With 20mbit/sec you can do quite something with a page-only website and contemporary event based webservers. And thanks to SoC systems, energy consumption is a no brainer.
Definitely. I'm just so used to the git pipeline flow that it would break my usual flow a bit too much :). That's why those new tools just make it so amazing! Especially combined with better and better ISP
Even from the client side, CGNAT can break a lot of things. I'm very glad that my mobile provider gives me IPv6 as well - that allows me to get to my home systems without any NAT in the way. Even hotspot clients get an IPv6.
Of course, IPv6 is its own can of worms, but (cross my fingers) it's working for me.
CGNAT is both amazing and shocking. Amazing in that it kinda works. And shocking because the average person will never know why their shit is broken.
For me it broke online gaming. Luckily my ISP simply gives a static-ish IP to anyone who has an issue with CGNAT. But some ISPs force you to pay for a static IP, and some don’t even offer static IPs. I mean, I’d pay, but soon that won’t even be an option. It’s scary.
For me 2023 is exactly like 2003 from this point of view: a dynamic DNS account with inadyn/ddclient to refresh it when the IP changes, and it's almost like having a static IP.
Even better if you have e.g. a Linode or any server with a public IP that can run Wireguard or OpenVPN. Then you can run your own VPN server, configure your DNS, and connect to anything from anywhere.
Yggdrasil (https://yggdrasil-network.github.io/) is also another interesting IPv6-based solution - I have played with it a bit, but I still prefer to use my VPN, and do nginx reverse proxy from my Linode to my network over VPN when needed.
Those are not solutions to “I don’t know how to host”, those are solutions to “I don’t know or want to know anything about how websites work below the GUI layer”. The hosting (in terms of dns and serving the bits) is almost incidental to their business model of designing and managing.
Not _exactly_ as easy, you also need a valid https cert, and set up a cronjob to renew it. And for some other reply here, "as easy as it was in 2003" really doesn't mean "easy" :v
iOS won't let websockets work without https so I think you can't do things like self-host jitsi meet. Many appliance type devices won't allow adding self-signed certificates either.
Back to plain sites and not websockets, browsers didn't go through a missing https warning process in 2003 either so there are higher barriers and not just expectations.
> Not _exactly_ as easy, you also need a valid https cert, and set up a cronjob to renew it.
Web servers like Caddy automate this for you: you just indicate that you want HTTPS for a particular site and the rest is taken care of for you (in the case of public sites and HTTP-01 challenges, at least). Link: https://caddyserver.com/docs/quick-starts/https
Even Apache2 has mod_md which does pretty much the same thing (sans DNS-01 provider integrations, at least out of the box), so it's going to be good enough for most cases and similarly easy to Caddy. Link: https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdomain
Nginx integrates well with certbot, which does take a bit more work and configuration, but even that is passable: https://certbot.eff.org/
Things can get a bit tricky when you want to run your own CA or ensure mTLS, but in most cases neither will be necessary.
As for whether you even need HTTPS in the first place, I'd say that it won't hurt in most cases and will guard against MitM, the ISP included.
> Can't do http challenges because my ISP blocks port 80 inbound.
My ISP also put me behind CGNAT, which effectively meant that all of the inbound traffic got dropped. I worked around that by getting the cheapest VPSes that I could find and then setting up WireGuard and simply forwarding the traffic to my homelab servers. So I got all of the compute that I have available locally, all of the RAM and all of the cheap HDD storage, but a static IP address.
(note that you probably would only want to forward 80 and 443 ports in most cases, not everything; outside of testing boxes)
Personally, I opted for Time4VPS in the end, which I use for the rest of my hosting as well: https://www.time4vps.com/linux-vps/?affid=5294#annually (affiliate link, they do have good discounts at the moment for yearly billing, though)
For those not chasing after the savings of a few Euros, Hetzner is also going to be more than enough: https://www.hetzner.com/cloud (or DigitalOcean, or Vultr, or any other VPS provider out there)
"Not _exactly_ as easy, you also need a valid https cert, and set up a cronjob to renew it. And for some other reply here, "as easy as it was in 2003" really doesn't mean "easy" :v"
Super easy with the right DNS provider and something like go-acme/Lego. Add a crom job and done. Yeah, not zero effort but compared to early Let's Encrypt with HTTP-01 and such it's quote easy.
Use Cloudflare. Or, rent the cheapest machine you can with a public IP and use something like Rathole. I like Cloudflare because it’s fast and free, but they do MITM you.
Why do ISPs do this? Is there a legitimate reason or they just feel that their clients don’t host these services so they might as well block the ports for safety?
Not necessarily security. Maybe just not having to deal with reports for self hosted illegal content. They might be more than happy to let other companies deal with that. Their competitors are probably doing the same thing.
ISPs are media companies. They do not want regular people publishing content or having a voice unless they can get their commission.
The world would not have become just 5 websites with identical content if everybody had a server at their house.
I believe this to be true because in the usa they really are media companies, aka Comcast, and I don't have this problem in other countries where I lived where ISPs were ISPs and nothing else. They delivered internet and maybe also phone.
In Taiwan I get 1gbps down, no caps, and a bunch of weird networky config stuff I don't quite understand but apparently you don't get in the usa, for like 30 usd/month. It's awesome.
Plus I'm torrenting basically 24/7 and my isp just doesn't give a fuck. When I did that in the usa Comcast sent me an email for every single torrent lol. My download is in the tens of terabytes a month and uploads are at least a terabyte a month. ISP doesn't care. Love it.
Major reason will always be support burden. For http to work reliably you need to put clients into DMZ anyway. If you let computer illiterate end users operate in DMZ you will end up supporting them anyway, because in the your network will be at risk of depeering/blacklisting. Supporting http behind NAT is again significant support burden that costs actual money while your competitors offer service access cheaper. It makes sense to not only not support http behind nat but block ports altogether for retail and offer proper liability waived DMZ access under enterprise plans.
Do isps still do this? I've been using a business cable account for years, but when our local telco went fiber and wanted me to switch, they told me they didn't have such restrictions. I haven't made the switch because configuring pppoe is more complicated than plugging in a network cable and asking for an ip.
I would argue it is much easier now. There are a ton of distributions who are catering for this use case, yunohost is probably the most well known one, but there are a lot more if you look on the awesome selfhosted list.
I would also say that if you only want a static site the OPs setup is almost overkill. Just install caddy and a dyndns service. Takes care of the certificate for you and is super simple to setup.
FYI, Caddy has a DDNS plugin https://github.com/mholt/caddy-dynamicdns. Works with any DNS provider that has a Caddy DNS plugin which you'd typically use to solve ACME challenges, but instead it will set A/AAAA records.
This is new to me. I was going to run a separate DDNS for my homeserver, but given that the domain is only used in Caddy anyway, this reduce 1 place to configure stuff. Thanks
Honestly a basic VPS is a lot easier to me than running a physical home server. Dirt cheap, never have to worry about power failures, dust, heat, home ISP being shitty, etc.
Doing both makes a lot of sense for development as well... you don't want to pay for a VPS for something that isn't going to be developed to completion or run full time, save that for the real projects.
I run vpcs and homeserver
I avoid all the DNS and port forwarding issues by having a wireguard Server in obenbsd that also runs unbound, so i habe some internal DNS entrys for stuff i host at home linke Cale der and co tacts
I have only a static website with not too much content or traffic, I even use the free oracle VPS that they offer. It took some while to get the hang of ingress rules and opening ports in their interface in addition to the CLI but now it works and I’m not paying anything. Out of curiosity: where do you get your VPS?
On that note: with our (Australian) National Broadband Network (NBN), residential connections don't always have the best uptime.
For example, at my last house (Melbourne), a 100/40 FTTC connection... the NBN company kept on having multi-hour outages (booked ahead of time) every 2-3 months. Note that's not my ISP, it's the NBN itself. For "upgrades" in the area and similar.
So very much "not business grade". Not even startup grade really. :(
Yup. I have a gigabit fibre right up to my home, but the best speed available to me as an individual is 400/40. Gets really annoying from time to time when I need to upload like a couple of gigabytes.
On the bright side it's like €30/month, which also gets me cable and some streaming service subscriptions (HBO Max, Tidal, shit like that), which from what I can tell is a pretty good deal compared to more western countries.
Going from 1000/50 to 1000/1000 would cost me an 860€ premium right now (Germany) and this is a good offer, it can get more expensive without special promotion.
No idea where they got that data but I call bullshit. Most people I know are still on DSL which means 20mbit upstream is the usual maximum (sometimes 40), so not sure where this even amount of fibre users would live.
I use DDNS with Cloudflare, which offers free DNS. I built an open source Windows client for this (could be cross-platform, just haven't bothered yet).
This is amazing. More devs should build stuff like this for themselves. On the extreme one of the scale there is the amazing Andreas Kling building his own operating system. Building a whole system will give you unprecedented control and understanding. That is what being a hacker is all about.
It is. I still get awe inspired that some markup I type and put on this disk here can be accessed across the world. Like I can physically touch the tape if I want to. It reminds me of how wondrous this whole thing felt like when I first discovered the internet in the 90s.
Well, nothing to keep hidden. DNSMasq, Syncthing, a tool which I developed that sends e-mails when things go wrong, etc.
The resulting infra is hidden, because it doesn't flow through any popular services or something. You can argue that Syncthing is using public discovery servers, but you can put it on a small VPS, and you'll have a complete off-the-grid installation of it, too.
I host it on an OrangePi zero, so it's unobtrusively small. It just vanishes somewhere at home.
Yeah, I would decouple it from any residential ISP, but use a $4 VPS to still self-host. That also removes the need for a DDNS setup. Given some basic Linux skills, all you need is SSH plus nginx+certbot on Debian with unattended-upgrades or similar, that you can point your domain to.
Making it explicit: try to always use keys for ssh, avoid passwords. If you have to use passwords, make it very long (20+ chars) and random. Don't use dictionary words or reuse passwords from anywhere else.
Yep, and I always additionally just disable pw authentication altogether, and set PermitRootLogin to either No or without-password.
You can also do things like firewalld off (or with hosts.allow) 22 to just an ssh bastion/jumphost src (or your house IP), but I find that’s usually not necessary (although an excellent further step if you are a bit paranoid) as long you do what was mentioned in first paragraph.
I don't get it, wouldn't you use ssh keys and also just move it to a different port anyway to save the annoyance of random scriptkiddy pokes all the time?
Moving the port away from 22 changed my fail2ban logs from hundreds of lines a day to one every few weeks at most.
While you shouldn't skip on other security measures, there's no real downside to changing your SSH port and getting off the target list for a lot of botnets.
(As opposed to e.g. port knocking, which is stronger but makes it easy to lock yourself out and may create issues with some SSH clients.)
There's other reasons to use a different port. I move it to cut down on the failed login attempts (yes they'll never succeed given I only allow keys) but they clutter the log so I can't tell if I'm actually being targeted or not. On an obscure port if I do see attempts I know something serious is going on.
I'm not familiar with Tailscale, but you can easily use a different port than 22 for ssh if you want to; put a different port number in `/etc/ssh/sshd_config` on the server, and then set your `~/.ssh/config` to use that port on your clients. If you're going to be opening it up externally, you also can map a different port to the local one (which is necessary if you want to be able to ssh into two different servers with the same ssh port from the outside anyhow).
I was running a couple million page views/mo on a cluster of raspberry pis in my parents home a few years back. After some disruptions on my family's network I decided to setup a Wireguard VPN with Docker Swarm and a GCP instance to essentially route from GCP IP address -> Raspberry pi cluster such that my IP wouldn't get leaked and didn't have to worry about dynamic IP addresses
Very hard to do and finicky to setup but at the time was suitable for my needs
In order to be fair, threat models should be taken into account. People seem to be conflating nation state operations using advanced capabilities worth at least hundreds of thousands of dollars to compromise high value targets/infrastructure with "my pet project may get 0 day'd" which is the exact opposite of being fair. Moreover, if the argument is "zero days will always exist" you may as well stop using technology entirely.
Agree - an up-to-date system running only nginx and fail2ban is likely to be more secure than some vendor's who-knows-what's-on-it image which exposes various "services".
You don’t get perma-banned from your ISP for getting malware. That’s pure FUD.
Far more people (at least 2 orders of magnitude) end up infected with malware and become members of botnets from just clicking dumb shit. They don’t get banned from the ISP either.
I had my cable ISP call me a couple times about a business account a few times. I run my own mail server. A POP3/SMTP account got hacked and started sending out spam. They're very polite, professional, ask you to fix the problem and move on.
Heh. I've been running my own since the mid 90's. Originally I worked for some early ISPs, and continued it as a hobby of sorts. (My main personal email is on gmail.)
If you're running an email server that is running at full throughput to send spam (due to your clear negligence) from a residential ISP account then depending on what plan you've purchased it may violate your terms of service.
I know of friends who have been banned for doing exactly this.
Depends on your ISP. I use one of the biggest ones in the US, and they won't do any such thing. They don't care if you're running servers at all, unless you start getting a lot of incoming traffic -- then they'll ask you to upgrade to a commercial account or stop it.
I've been running servers used by family and friends from my home for about 20 years now. It's never been an issue at all.
The blog that you are currently reading has a perfect
PageSpeed score 100 / 100.
Unfortunately, no it doesn't. The page that has this blog post scored 95 in performance for mobile in one run and 86 in the next. It scored 91 for desktop.
They'd get a higher score by adding text compression and by serving static assets (all of them?) with an efficient cache policy.
Generally, you add mod_deflate, or a similar package, to .htaccess and add the mimetypes on a new AddOutputFilterByType line along with the algorithm. This is one page [1] that describes the process for apache or nginx, though there are millions of webpages that give various methods.
Wanted to clarify some of the points raised about Next.js:
> I’ve been using Next.js for a while and hosting the apps built with it on AWS with custom express servers. One day I’ve noticed that my servers are getting red-hot while doing almost nothing, and response times got huge.
OP mentions they're hosting a static website now but must have previously been rendering a server-rendered page. It's not clear whether they explored the static-site generation support in Next.js, which would have avoided any regressions in server-rendering performance, making this a non-issue.
> Long story short the library introduced a huge performance downgrade that was not caught by existing tests.
> Because benchmarks were using only Vercel’s (creators of NextJS) “Edge” infrastructure. And the bug was happening everywhere but not there.
Indeed, there was a regression, but it was not due to lack of tests as a whole. The linked threads point to issues both self-hosting (serverful) as well as on Vercel (serverless). There was a week between a fix being reported through the opened issue and a fix being placed on a canary release. Regressions will happen – the best thing is ensuring more tests are added and things are fixed quickly.
> We need alternative independent hosting to ensure that the community does not get stuck with a single provider.
You can (and will always be able to) host Next.js, both completely static (drop files in an S3 bucket) or on a server (Docker, EC2, whatever you want).
Just wanted to clarify those things. Your new site looks great, nice work.
Wow. Didn't expect a response directly from Next.js VP!
Before anything I wanted to say that I love Next.js and I'm using it in my projects daily. It's definitely the best solution right now at the market for the project types me and my company is producing :).
In regards to the inconsistencies in the article. Yes it was a server rendered page, not this particular blog. A much more complicated project.
Also I didn't want to sound as if the regression was handled badly. Quite the opposite, as soon as I've pinpointed the issue and was able to create a good Issue in the tracker the response was very swift!
And I understand that the regressions will keep on happening. I've been building apps for long enough to see waaaaay bigger problems slip into production. So no hard feelings!
I self host and use a RPi 3B+. Actually I have a total of 3B+ but only one is actually doing anything for the website. I have my database running on a RPi 4b with 4gb. I could easily consolidate to a single Pi but early on I had different plans for each one but just keep 'em running for no good reason.
I'm fortunate in that I have a static IP. Initially I was using NOIP and it worked great but then noticed my IP address never changes. Also, NOIP still exposes your actually IP which I didn't care for.
Now instead of NOIP I rent a cheap $4/month VPS with nginx to reverse proxy to my home. This does require me to open a port, which again I'm not a huge fan but it is what it is.
My next iteration will be where I close the port and do updates via SSH. I'm the only one who uses my website so it is more of a playground for me than anything.
Finally, I feel setting up a server - or just interacting with a remote computer, be it across town, across the country or in the other bedroom, is a good skill to have. When I got my 1st remote job that gave me access to a server I was more than comfortable to do what I needed to do.
how would noip work if it didn't expose your ip? This statement confuses me. It's funny how used laptops that are 10x faster than an rpi4 are about the same price. Obviously they use more power though :)
At the time I set it up I didnt know what I was doing or how it all worked, etc etc, so that is where the statement about it exposing my IP came from. It has been so long that when I first set it up I may have known it was exposed but didnt care. As time went on I just didnt like knowing it was exposed. Why? I just prefer it not be. Not that it couldnt be found I am sure
And you are absolutely right about the laptops and I have 2 right now that are just collecting dust. But currently I have no reason to change to a laptop. It is kind of like driving a nail in the wall with a sledge hammer, sad to say a laptop is more than I need in a server at this moment. The only benefit I get from a laptop for my current needs is a built in battery backup.
I do similar with the VPS and reverse proxy, but use a wireguard tunnel from my home device to the VPS to allow nginx to hit my local device instead of forwarding a port.
Avoids punching a hole in your local network, avoids issues when your home IP changes, and ensures nothing ends up going over the internet in the clear.
aye, is also what I do - tunnel to VPS. then I hit the VPS from wherever, which is nice if I get sent out of state for work (and sometimes out of country).
All Linux kernel livepatch stuff are paid services, as I understand it, the Linux kernel live patches aren't possible to just produce automatically, it requires a team with enough Linux kernel knowledge to make it work and usually such teams want to get paid.
Also, I think that the base Linux kpatch tools are open source, but the infrastructure that RedHat/SUSE/Canonical/etc use to provide them are not. However, I think the Gentoo folks do have some open infra code.
> KernelCare understands that hobbyists need protection too, so we offer this benefit to Raspberry Pi enthusiasts free of cost. The currently supported chips are the BCM2711 (Pi 4) and BCM2837 (Pi 3 and later models of the Pi 2), and we offer support for Ubuntu Focal Fossa for 64-bit ARM platform, and soon support for Debian and Raspbian.
I'm still not convinced that self hosting is cheaper though.
Where I live, both the electric grid and Fibre connections are unreliable, and the ISP charges about $3/month for a static IP. Assuming 2.5W for a RPi, it takes 1.8kWh a month, costing around $0.25 for electricity. This also has the downside of using residential IPs, having to deal with CGNAT/NAT if the ISP has no static IPs, exposing your home IP, slow disk speeds in SBCs, etc.
Services like Hetzner have private servers for almost the same amount, which gives you faster storage, server IP addresses (for email reputation), DDoS protection, and a whole lot more to sweeten the deal.
The only thing I self host today is a script that runs on my OpenWRT router, that uploads the probed data from my inverter and BMS to monitor my PV setup. I look forward to get rid of it too, once I get better BMS/Inverter.
As mentioned in the blog post. I wouldn't probably put a "real" production app on it so easily. You can replicate the same effect and more on a service like hetzner. But if you have a Raspberry Pi laying around and like 2-3 hours. At least a blog is enough! And the amount of hardware related things you'll learn is massive.
I've been running a few web bootcamps in the past. Explaining the hardware part through cloud admin panels is extremely hard. Having a physical thing right in front of you is spoko simple. Much easier for people to *click.
Self hosting can allow your budget to go much further. Tiny PCs like Intel NUCs or Lenovo Thinkcentres[1] are very light on power usage. I bought one that idles at 10 watts, which is $10.32/yr for me (assuming I never power it off). I bought it on Ebay and upgraded it to 32 GB memory for a total cost of $250. The cheapest comparable server on Hetzner costs around $36/mo so I break even in less than a year.
For production purposes, a public cloud has many benefits you can't get at home. But for hobby purposes, keeping the cost low is most important for me.
Costs for hosting a static site or something with minimal computation is down to 0 at this point using any one of a dozen cloud/edge providers, so it's hard to compete with them on the basis of cost. The arguments for self hosting are really about having full control over your service stack.
The problem with a lot of these solutions is they have a nearly vertical complexity curve as soon as you want to get past a static site or minimally dynamic site.
Self-hosting becomes much cheaper when you need big machines. A system with, say, 64G RAM will cost to buy outright about the cost to rent such a system in the cloud for a couple of months. I run a few test boxes (that are used by my team) in my garage for this reason.
I deployed a GRE tunnel to a small box I rent from Hivelocity that has a /26 routed to it, to work around lack of proper connectivity from a "business" HFC connection to said garage.
I got a 15 watt Intel NUC for free as a business discard. It has an NVMe, 16GB DDR4, and a spinny 1TB SATA drive for backup. My ISP hasn't gone down or made me change addresses in years, but I'm waiting on that day so I can have Copilot write me a script to automatically update my DNS settings in Cloudflare (with DDOS protection) every 5 minutes via cron so I don't have to explore the world of DDNS again.
OTOH, if you have to deal with double NAT, good luck with that hot garbage.
I think self hosting may be cheaper for huge data volume stuff? Like I serve (legal) video, audio, audiobook, book, and photo content, it amounts to around 20TB of content. It cost me around... 1k in capital for all the components for it, most of which went to the harddrives? And according to the self hosting people on reddit I'll probably need to swap a drive every few years, around 150 bucks a pop. Beyond that though my only cost is electricity, for which I have no idea but our monthly electric bill total is like 80$/month anyway so I'm not stressed about it.
Anyway I'm not paying in/out costs or costs for static hosting. Looking at hetzner's offerings it apears to be 536.58 euros/month for 10tb of storage? That's block storage on SSD, maybe they have cheaper HDD storage somewhere?
Point is I think my server setup may have "paid for itself" (not that it makes me money) after one month. And that's for 38TB total of RAIDZ1 space, I'm only filling 20TB so far of it. In actually it's like 60 something TB of space lol I just wanted RAID so I could lose a drive. I've got plenty of room to grow and swap components as needed.
It's cheaper for me. I do pay for a DDNS service, but that's very cheap. The machine doing the serving is one that would be running 24/7 anyway, so there's no additional electricity.
> Assuming 2.5W for a RPi, it takes 1.8kWh a month, costing around $0.25 for electricity.
Note that it's virtually free in winter (or cheaper if you have a heat pump or only heat during off-peak hours) as the energy used by the RPi is that much energy not consumed by heaters
And you don't need to pay for a static IP adddress. Just front it with Cloudflare and have a cron job to update your A record regularly via the Cloudflare API.
I'd never heard of Coolify, but it looks like what I've been searching for, i.e. an all-in-one solution for hosting stuff on a VPS (or Pi). But the docs [1] say it requires a minimum of 30 GB of disk space.
Does anyone know if that is accurate? What could possibly be taking up that 30 GB if all I want to do is host a static site and maybe Deno or Node? I'm fairly certain I set something similar up in the past on a much smaller MicroSD card...
I have a 32 GB SD card it's running on it no problem. It currently takes like 4 GB (it can store previous docker images for speeding up builds and allowing auto rollback).
Linux is really bloated these days. I am confident you could self host a decent website on OpenBSD with less than a GB of disk space and several GB of RAM. It is really incredible to me how in 2023 we are doing basically nothing that could not be done in 2013 but it takes an order of magnitude more computing power. Serving a medium size website is not really that complicated unless you are hosting a bunch of videos or whatever.
Stories like these just go to show me how much fat there is in Tech. The sector is in for a sharp reality check. You don't need 10s of gigs of RAM and 20 cores to host your blog or small business e-commerce site. But if you use the latest bullshit framework then maybe you do...
If you don't need/want a UI then Dokku is another option. It is more mature with things like built-in backups for the database. I've been a happy user for many years now. Coolify seems nice as well though.
Does anybody know how you’d do this if your ISP uses carrier grade NAT? (Eg mobile dongle). My limited understanding is that with CGNAT there isn’t a unique public IP that points to you, (even if only temporarily). So presumably DDNS is out?
You are correct that a CGNAT doesn't give you a unique IP address, and you have no control over port forwarding. My ISP put me behind a CGNAT right while I was working on adding letsencrypt support to ZitaFTP Server (which requires the server to be internet accessible). They would have given me a static IP address if I paid them a lot more...
The solution is a tunnel between your machine and an external server with a static IP address. The external server will forward requests to your machine.
Cloudflare tunnel is an option (thanks watchdogtimer), and there's also a service called Ngrok. I took the most complicated option: setting up a reverse ssh tunnel to a VPN that I already had.
I really wish someone could convince me self hosting is worth it but more often than not it just seems like busywork. Do you really need to self host your static website? There is no real privacy gained and probably some security lost. Then you get into hosting more complicated apps, email, etc, and making sure you can access them from anywhere at any time and it just doesn't seem worth it to me.
I had a huge paragraph in the article about decentralization and how important it's in my mind for the future of internet but I've scrapped it because it felt like I was a blockchain guy even without mentioning it. So I'll make it simpler.
Honestly I just feel awesome seeing those blinking lights in my room and thinking it's sending packets to other people.
It can be as difficult or hard as you make it. If you want just nginx serving static files or k3s with multiple services on a tiny cluster is up to you. The benefit for me is that I can be confident that my data is mine. But mainly because it's fun and great for learning.
In my experience it's not much harder than navigating the AWS interface, where I often feel very lost. But of course YMMV.
> There is no real privacy gained
Why not? Other than I can't be sure that my device and browser doesn't spy on me I don't see your point?
One (or more) less service(s) to give your e-mail. If you want to see usage you can just check the page loads instead of having to add analytics because github pages doesn't share any stats. The visitors get the same benefits because it's one less site behind cloudflare. The big providers can't figure out (and possibly sell) your interests based on the sites you host.
Not my reason to self host (static) but more a welcome side effect.
If you live in a country like the United States with strong legal protections then they cannot make you unlock your devices to gain incriminating evidence as it's a fifth amendment violation. Depends on the jurisdiction. As long as you don't do any biometric Id and limit it to passwords they cannot make you verbalize or write down the password to unlock the device.
Moreover, no one can seize or examine your data without being a criminal. On the other hand, Google et al do this every day.
I don't find it much work at all, actually. I run a webserver, a VPN, a mailserver, and a few other odds and ends. I probably spend a couple hours a month maintaining it.
Self hosting is really cool. However when it comes to static hosting, apart than keeping your data at home and having fun setting up servers, I don't really see the point when there's so many free good options. I use CloudFlare Pages for my blog, their integration with GitHub is flawless and you get to host your website at edge for free.
When I need to host dynamic content, another good option is CloudFlare Tunnels (I promise I'm not sponsored by them, their products are good is all :)), so you don't have to do shenanigans updating DNS records on the fly, and more importantly you don't have to compromise your network opening up and forwarding ports.
I have lost count of how many sites Cloudflare has interfered with, insisting on proving myself human yet again, during the past three months. This is about the time I started using the LibreWolf browser (even disabling adblocker). When I open up Chromium, the problems stop.
> if you want to Dockerize it, then Docker related stuff is required i.e. Kubernetes
Yeah... I'm not surprised the author gave up on it, but you absolutely do not need to use k8s if you're dockerizing something like a blog. I'm a little baffled at this sentiment.
Ah, gotcha! Even then, I've found i've gotten a pretty decent distance with docker-compose before k8s sounds like an attractive (or least bad) proposition
Once you get into dozens of pods with multiple services with complex configuration, need to reliably orchestrate the order in which those services come up and need to use shared nothing secrets, Kubernetes starts to pay off these days, thanks to the number of handy recipes and playbooks available after searching through all the spam and marketing fluff.
I'm all for self-hosting and run a few services on my LAN, but would never allow HTTP traffic from the internet to enter my network. If you've ever seen a public nginx log, you'll know it constantly gets hit by all kinds of bots and vulnerability scanners. No matter how secure and isolated I make the web server, I just don't want to see that traffic, nor expose my home IP to further scrutiny.
It's trivial to host a static site on someone else's infrastructure for very cheap or free, and you get to benefit from CDNs if you need it. I don't see what you would gain from doing this from your home network.
I think an alternative you can use a cheap VPS (there are very inexpensive options for this[1] for like $15/y) and tunnel traffic from your home server. If you're only serving static content, that might be enough to host everything as well (or $20/y for a kvm slice; for anything more complicated, I think 1GB might be advised).
edit: this way, you get a free IPv4 (static) address as well, as well as security and avoiding DDoS on your home connection.
Random http traffic seems about as harmless as it ever was, if you just host static pages, or your own scripts/software and nothing generic.
What's a bit iffy is the privacy aspects. If you host anything that can identify you, your identity is just a HTTP request away for anyone who sees traffic from your IP address.
But these concerns can be somewhat mitigated by making the server drop connections unless a known Host header or SNI is sent.
Wholly recommended if you host stuff on your hope IP!
Easily done with nginx by ensuring all server {} blocks have a proper server_name and a separate default server {} block just having return 444. So unless someone already knows the domain name of your home server, they'll not be able to access it with just an IP address. You'll stop many bots this way, too.
Not sure why I'd let some US company see all the traffic, if the same goal can be achieved other way and the goal is privacy...
DDoS is probably mitigated at residential ISP level. At least I never had to deal with it with the current ISP I had for 14 years, and I had like 10 MBit/s upstream bandwidth most of that time.
> would never allow HTTP traffic from the internet to enter my network
The security aspect is a struggle. Something like shellshock [1] needs to be patched immediately, which really requires automation. With shellshock, even self-hosted static hosting could be impacted. Similar vulnerabilities be discovered in the future.
I'd want to isolate anything external facing from the rest of my home network for that reason.
> a cheap UPS to keep it running in case of power outage (which happened once in the past year, so it might be a bit overkill).
I don't think this is overkill, I think it's necessary. A UPS is pretty cheap compared to the completely-uncontrollable chance of losing power in the middle of working on something. Sure, there's autosave and most things are relatively recoverable, but this is just such a cheap investment (at least, for most people who will be reading this forum, I understand it isn't for everyone) compared to such a scary reliance on something that is not very reliable (which makes me very upset about income disparity, it's something everyone should be able to have).
My power is extremely unreliable so maybe I'm a little biased - we get brown-outs (power drops for maybe 2 seconds and comes back) maybe 3-4 times a year, which is wild imo for what should be a very well-developed area (relatively wealthy suburb of Chicago) but it's a pretty old building so not too surprising I guess. That said I will NEVER have a desktop setup with a UPS, and I encourage absolutely everyone to do the same.
I also have a wireless card so that in an emergency I could tether my pc to my phone for internet if need be, and I highly recommend this as well. It's enough to reconnect and send a couple Slack messages quickly and then disconnect again and wait out an outage, without driving up your data bill. (Just use your phone? Maybe, but I don't have everything installed, and I can't type for shit on my phone keyboard anyway)
Here in Western NJ, ash trees have been decimated by the emerald ash borer. The big impact is in communities with lots of ash trees are now getting constant power outages from dead trees coming down on lines. The power company is supposed to trim back dead trees near the lines (ever since Hurricane Sandy), but the ash decimation has overwhelmed them.
Our little town of 6,000 or so loses power 3-4 times a year. One road with lots of ash trees loses power 10x a year.
"I don't think this is overkill, I think it's necessary. A UPS is pretty cheap compared to the completely-uncontrollable chance of losing power in the middle of working on something."
I'm using a laptop as a server and will buy a UPS for my modem/wifi. That combo will offer many hours of uptime without power.
I think a UPS a good idea for Raspberry Pis. They are rather sensitive to power transients, and anything that causes a crash and leaves the SD in a not-happy state means it won't boot! (A known issue with the Pi.)
I use a UPS and log2ram (which moves the most active directories to a RAM-disk) and have found the Pis to be perfectly fine home servers:)
UPSs also have other benefits in power outages as well, once you've shut the computer down. You can use it to keep LED lighting on at night. Charge phones and tablets. Moreover, if your power is out, you might still have 5V on your cable line -- so if you can deliver the 8-9W the modem wants (and likely similar to your router) you can still have your normal internet service.
If you have a beefy enough one (we're talking $200+ UPSs here), you can use it to power a modest refrigerator for a bit, getting temps back down to proper levels to prevent food spoilage if you end up with a long term outage that spans 48-72 hours. Most fridges only pull 120-180W when they run, and depending on the temp and time of year, only run the compressor for 15 to 20 minutes at a time. Plugging the fridge into it once or twice on the 2nd and 3rd day of an outage can save you a TON of grief and food spoilage.
Have the feeling this is definitely more of an American problem. I'm from a European country and the last time I have had any sort of power outage is more then 10 years ago (can't even remember it to be honest). Even with the current surge in prices the production and transmission system is still reliable as ever.
I used to use UPSes at home, which protected me from a handful of power outages.
However, those lead acid batteries don't last forever, and when they fail you're worse off than using a dumb regular surge protector. Now you have to replace and responsibly recycle the battery.
For me that e-waste became impossible to justify. A couple of power outages a year is completely acceptable for most home servers.
Title would be better corrected as "website hosting". Self-hosting became a term for a much more ambitious scene to provide all kinds of services usually offered by FAANG/"big players", mostly in opposition to them.
Disagree, I hear people use the term self-hosting all the time referring to this same thing. I hear your scenario called de-googling (or whichever your big co of choice is).
Not sure why you'd self-host a public site from home when you can get a VM from https://www.hetzner.com/cloud for € 4.81 /mo (1vCPU / 2GB RAM / 20 TB bandwidth) with much better internet access. Residential internet connections are more unreliable, have poor upload speeds and requires running a server 24/7 with ongoing electricity running costs.
Or if it's a static rendered website you can publish on GitHub Pages for free and use a CNAME to use a custom domain which is what we do for our docs https://docs.servicestack.net created with https://vitepress.vuejs.org that uses GitHub Actions to automatically build and publish the site on commit.
I run a basic commercial site on my home because after 2 years, my co-op owned fiber ISP has never had so much as a blip of downtime. If they did, I can spin up a cloud server, pop the backup down there, and redirect via Cloudflare in probably less than hours.
You don't control a VPS, uptime doesn't matter, and even my 5 Mb/s upload is just fine. Electrical costs are marginal. But most importantly there is nothing more convient than $ cp photo.jpg ~/www/ and sending someone the link example.com/photo.jpg. Plus you have tons of space.
That's not to say that a VPS in addition isn't useful or fun. https://indieweb.org/POSSE and all. It just isn't at all required.
It’s strange to compare self hosting and GitHub pages.
In most case the main factors to choose self hosting are independence, fun and learning by tinkering. That’s three items that GitHub Pages doesn’t provide.
Just recently I linked my home LAN with my VPS with WireGuard. I needed to configure queues on my home router because I got consistent 100MBps on the wire and this is a bit too much for my VPS provider (too much to pay, not to handle).
Some people have symmetric gigabit (or faster) home internet these days.
Renting slices of someone else's shared HW hardly compares in terms of price to owning the full machine. Expected lifetime of some cheap SBC you'd use for hosting your personal projects is ~10 years. It can cost say EUR 50-100 to run it that long these days. 10 years of that hetzner VM is EUR 577. That's 500 EUR I can do something else with per machine.
Whenever I try calculating HW ownership vs renting in the "cloud" for personal usecases it at worst comes up to paying off in a year, and usually sooner.
There are also many other benefits of having physical access to the HW.
Just right now about 7 SBCs I run have total cost of ownership at $20 on average each and I've been running them for 5-7 years...
I want to self-host a public site because I can be fully in control of the stack. It gives satisfaction to distribute a website to the entire world without depending on third parties other than your utilities company and internet connection. It's fun and I learn a lot from it. But from a business perspective, your solution is ofcourse better, just not as fun.
He said it’s a static page too… don’t even need a VM. He can just dump it into Amazon S3 and put cloudfront on top of it. Unlimited scaling across the globe, 1TB free of data transfer, free SSL.
> if it's a static rendered website you can publish on GitHub Pages for free
Reminder that if you are going to do this, then it has to lie within the subset of uses deemed acceptable by the GitHub terms, which forbids hosting on GitHub Pages for e.g. e-commerce or any other business reasons; GitHub Pages is not a 1-to-1 substitute for e.g. Cloudflare Pages or Netlify.
I find it easier with Nginx. Certainly feels easier than I remember back around 1999 with Apache. Also there's way more information out there on how to configue and set up than there was twenty years ago.
More people should try to self host things again. Seems that people are forgetting how things work and instead use services that does it for them at some cost.
Self hosting is rarely complicated. It's also easy to achieve better performance and lower cost in many situations.
For someone who knows nothing about self-hosting, where should I start? I'm a self-taught junior dev but haven't had a chance to dabble with any aspect of deployment yet... willing to learn though.
Set up a basic web server, then try something like WordPress/Drupal (with some database backing it)... then maybe SMTP/IMAP with spam/av filtering and a web frontend (roundcube/squirrelmail)... that will probably keep you busy for a few months :)
Setting up your own DNS like pihole and a personal vpn to enable you into your home network when outside is usually a good starting point. Or even simpler and potentially useful setup your own gitea instance, it's easy just use the sqlite backend.
306 comments
[ 2.0 ms ] story [ 299 ms ] threadNot to mention that most “dynamic” IPs change only while the router is offline and your lease is up. So as long you don’t power it off, it may not change for large intervals of time.
I think a design where you rent a cheap $5-$10 vps with a static IP that forwards SMTP messages both ways through a secure tunnel to your personal mail server in your home would be a good starting point for self hosting.
[1] https://www.statista.com/statistics/1338657/average-internet...
Did they have CGNAT in 2003? Because that breaks everything.
Of course, IPv6 is its own can of worms, but (cross my fingers) it's working for me.
For me it broke online gaming. Luckily my ISP simply gives a static-ish IP to anyone who has an issue with CGNAT. But some ISPs force you to pay for a static IP, and some don’t even offer static IPs. I mean, I’d pay, but soon that won’t even be an option. It’s scary.
Even better if you have e.g. a Linode or any server with a public IP that can run Wireguard or OpenVPN. Then you can run your own VPN server, configure your DNS, and connect to anything from anywhere.
Yggdrasil (https://yggdrasil-network.github.io/) is also another interesting IPv6-based solution - I have played with it a bit, but I still prefer to use my VPN, and do nginx reverse proxy from my Linode to my network over VPN when needed.
Web servers like Caddy automate this for you: you just indicate that you want HTTPS for a particular site and the rest is taken care of for you (in the case of public sites and HTTP-01 challenges, at least). Link: https://caddyserver.com/docs/quick-starts/https
Even Apache2 has mod_md which does pretty much the same thing (sans DNS-01 provider integrations, at least out of the box), so it's going to be good enough for most cases and similarly easy to Caddy. Link: https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdomain
Nginx integrates well with certbot, which does take a bit more work and configuration, but even that is passable: https://certbot.eff.org/
Things can get a bit tricky when you want to run your own CA or ensure mTLS, but in most cases neither will be necessary.
As for whether you even need HTTPS in the first place, I'd say that it won't hurt in most cases and will guard against MitM, the ISP included.
My ISP also put me behind CGNAT, which effectively meant that all of the inbound traffic got dropped. I worked around that by getting the cheapest VPSes that I could find and then setting up WireGuard and simply forwarding the traffic to my homelab servers. So I got all of the compute that I have available locally, all of the RAM and all of the cheap HDD storage, but a static IP address.
I actually wrote about the process a few years ago: https://blog.kronis.dev/tutorials/how-to-publicly-access-you...
(note that you probably would only want to forward 80 and 443 ports in most cases, not everything; outside of testing boxes)
Personally, I opted for Time4VPS in the end, which I use for the rest of my hosting as well: https://www.time4vps.com/linux-vps/?affid=5294#annually (affiliate link, they do have good discounts at the moment for yearly billing, though)
Then again, something like Scaleway Stardust instances could also be a really good fit, when they are available: https://www.scaleway.com/en/stardust-instances/
For those not chasing after the savings of a few Euros, Hetzner is also going to be more than enough: https://www.hetzner.com/cloud (or DigitalOcean, or Vultr, or any other VPS provider out there)
Also, if I have a VPS, why not just serve from the VPS?
Took me 15 minutes.
https://developers.cloudflare.com/cloudflare-one/connections...
https://github.com/go-acme/lego
An ISP I've used in the past hasn't allowed self hosting on a standard plan but has allowed on a plan you need to ask for specifically.
In Taiwan I get 1gbps down, no caps, and a bunch of weird networky config stuff I don't quite understand but apparently you don't get in the usa, for like 30 usd/month. It's awesome.
Plus I'm torrenting basically 24/7 and my isp just doesn't give a fuck. When I did that in the usa Comcast sent me an email for every single torrent lol. My download is in the tens of terabytes a month and uploads are at least a terabyte a month. ISP doesn't care. Love it.
I would also say that if you only want a static site the OPs setup is almost overkill. Just install caddy and a dyndns service. Takes care of the certificate for you and is super simple to setup.
Also, for those that don't know, Caddy also automates SSL certs (unlike nginx) and can render markdown files using templates [0].
[0]: https://caddyserver.com/docs/caddyfile/directives/templates
I also use a VPS for services intended for the general public.
Is it common for EU countries to not have symmetric gigabit fiber?
For example, at my last house (Melbourne), a 100/40 FTTC connection... the NBN company kept on having multi-hour outages (booked ahead of time) every 2-3 months. Note that's not my ISP, it's the NBN itself. For "upgrades" in the area and similar.
So very much "not business grade". Not even startup grade really. :(
Yup. I have a gigabit fibre right up to my home, but the best speed available to me as an individual is 400/40. Gets really annoying from time to time when I need to upload like a couple of gigabytes.
On the bright side it's like €30/month, which also gets me cable and some streaming service subscriptions (HBO Max, Tidal, shit like that), which from what I can tell is a pretty good deal compared to more western countries.
I'm in the US and have never not had something or other being served on public facing ports
https://github.com/drittich/DnsTube
I don't host my pages myself, but the server(s) I have power the invisible infrastructure which accelerates my life a lot.
The resulting infra is hidden, because it doesn't flow through any popular services or something. You can argue that Syncthing is using public discovery servers, but you can put it on a small VPS, and you'll have a complete off-the-grid installation of it, too.
I host it on an OrangePi zero, so it's unobtrusively small. It just vanishes somewhere at home.
The last you want is for your setup to be compromised, be used to send spam/botnets and then getting perma-banned from your ISP.
I would argue it's a lot less risky just to put your static site on S3/Github etc.
Really easy to setup/use and means you don't have to open up ports like 22 which are constantly being port scanned.
You can also do things like firewalld off (or with hosts.allow) 22 to just an ssh bastion/jumphost src (or your house IP), but I find that’s usually not necessary (although an excellent further step if you are a bit paranoid) as long you do what was mentioned in first paragraph.
While you shouldn't skip on other security measures, there's no real downside to changing your SSH port and getting off the target list for a lot of botnets.
(As opposed to e.g. port knocking, which is stronger but makes it easy to lock yourself out and may create issues with some SSH clients.)
This was merely weeks after telling him to switch to Tailscale, but it was a great learning experience.
Very hard to do and finicky to setup but at the time was suitable for my needs
And are basically free.
they just have more staff on hand to respond, run updates, and do the due diligence of checking and implementing patches.
Far more people (at least 2 orders of magnitude) end up infected with malware and become members of botnets from just clicking dumb shit. They don’t get banned from the ISP either.
I know of friends who have been banned for doing exactly this.
I've been running servers used by family and friends from my home for about 20 years now. It's never been an issue at all.
They'd get a higher score by adding text compression and by serving static assets (all of them?) with an efficient cache policy.
PS I get 100 consistently for your home page, so maybe you have an optimization there that can be replicated?
[1] https://blog.hubspot.com/website/gzip-compression
> I’ve been using Next.js for a while and hosting the apps built with it on AWS with custom express servers. One day I’ve noticed that my servers are getting red-hot while doing almost nothing, and response times got huge.
OP mentions they're hosting a static website now but must have previously been rendering a server-rendered page. It's not clear whether they explored the static-site generation support in Next.js, which would have avoided any regressions in server-rendering performance, making this a non-issue.
> Long story short the library introduced a huge performance downgrade that was not caught by existing tests. > Because benchmarks were using only Vercel’s (creators of NextJS) “Edge” infrastructure. And the bug was happening everywhere but not there.
Indeed, there was a regression, but it was not due to lack of tests as a whole. The linked threads point to issues both self-hosting (serverful) as well as on Vercel (serverless). There was a week between a fix being reported through the opened issue and a fix being placed on a canary release. Regressions will happen – the best thing is ensuring more tests are added and things are fixed quickly.
> We need alternative independent hosting to ensure that the community does not get stuck with a single provider.
You can (and will always be able to) host Next.js, both completely static (drop files in an S3 bucket) or on a server (Docker, EC2, whatever you want).
Just wanted to clarify those things. Your new site looks great, nice work.
Before anything I wanted to say that I love Next.js and I'm using it in my projects daily. It's definitely the best solution right now at the market for the project types me and my company is producing :).
In regards to the inconsistencies in the article. Yes it was a server rendered page, not this particular blog. A much more complicated project.
Also I didn't want to sound as if the regression was handled badly. Quite the opposite, as soon as I've pinpointed the issue and was able to create a good Issue in the tracker the response was very swift!
And I understand that the regressions will keep on happening. I've been building apps for long enough to see waaaaay bigger problems slip into production. So no hard feelings!
I'm fortunate in that I have a static IP. Initially I was using NOIP and it worked great but then noticed my IP address never changes. Also, NOIP still exposes your actually IP which I didn't care for.
Now instead of NOIP I rent a cheap $4/month VPS with nginx to reverse proxy to my home. This does require me to open a port, which again I'm not a huge fan but it is what it is.
My next iteration will be where I close the port and do updates via SSH. I'm the only one who uses my website so it is more of a playground for me than anything.
Finally, I feel setting up a server - or just interacting with a remote computer, be it across town, across the country or in the other bedroom, is a good skill to have. When I got my 1st remote job that gave me access to a server I was more than comfortable to do what I needed to do.
And you are absolutely right about the laptops and I have 2 right now that are just collecting dust. But currently I have no reason to change to a laptop. It is kind of like driving a nail in the wall with a sledge hammer, sad to say a laptop is more than I need in a server at this moment. The only benefit I get from a laptop for my current needs is a built in battery backup.
Avoids punching a hole in your local network, avoids issues when your home IP changes, and ensures nothing ends up going over the internet in the clear.
Hopefully I didn't just miss it in the article, but... how?
https://tuxcare.com/patch-raspberry-pi-systems-without-a-reb...
Also I think you can use Ubuntu PRO on the pi, which includes Livepatch.
Also, I think that the base Linux kpatch tools are open source, but the infrastructure that RedHat/SUSE/Canonical/etc use to provide them are not. However, I think the Gentoo folks do have some open infra code.
https://github.com/dynup/kpatch https://wiki.gentoo.org/wiki/Elivepatch https://wiki.gentoo.org/wiki/Live_patching https://github.com/gentoo/elivepatch-server https://github.com/gentoo/elivepatch-client
Where I live, both the electric grid and Fibre connections are unreliable, and the ISP charges about $3/month for a static IP. Assuming 2.5W for a RPi, it takes 1.8kWh a month, costing around $0.25 for electricity. This also has the downside of using residential IPs, having to deal with CGNAT/NAT if the ISP has no static IPs, exposing your home IP, slow disk speeds in SBCs, etc.
Services like Hetzner have private servers for almost the same amount, which gives you faster storage, server IP addresses (for email reputation), DDoS protection, and a whole lot more to sweeten the deal.
The only thing I self host today is a script that runs on my OpenWRT router, that uploads the probed data from my inverter and BMS to monitor my PV setup. I look forward to get rid of it too, once I get better BMS/Inverter.
I've been running a few web bootcamps in the past. Explaining the hardware part through cloud admin panels is extremely hard. Having a physical thing right in front of you is spoko simple. Much easier for people to *click.
For production purposes, a public cloud has many benefits you can't get at home. But for hobby purposes, keeping the cost low is most important for me.
1. https://forums.servethehome.com/index.php?threads/lenovo-thi...
This is why I do the portion I host at home. That, and keeping the data on machines I actually own and control.
I deployed a GRE tunnel to a small box I rent from Hivelocity that has a /26 routed to it, to work around lack of proper connectivity from a "business" HFC connection to said garage.
OTOH, if you have to deal with double NAT, good luck with that hot garbage.
Anyway I'm not paying in/out costs or costs for static hosting. Looking at hetzner's offerings it apears to be 536.58 euros/month for 10tb of storage? That's block storage on SSD, maybe they have cheaper HDD storage somewhere?
Point is I think my server setup may have "paid for itself" (not that it makes me money) after one month. And that's for 38TB total of RAIDZ1 space, I'm only filling 20TB so far of it. In actually it's like 60 something TB of space lol I just wanted RAID so I could lose a drive. I've got plenty of room to grow and swap components as needed.
Note that it's virtually free in winter (or cheaper if you have a heat pump or only heat during off-peak hours) as the energy used by the RPi is that much energy not consumed by heaters
Does anyone know if that is accurate? What could possibly be taking up that 30 GB if all I want to do is host a static site and maybe Deno or Node? I'm fairly certain I set something similar up in the past on a much smaller MicroSD card...
[1] https://docs.coollabs.io/coolify/requirements
Stories like these just go to show me how much fat there is in Tech. The sector is in for a sharp reality check. You don't need 10s of gigs of RAM and 20 cores to host your blog or small business e-commerce site. But if you use the latest bullshit framework then maybe you do...
https://dokku.com/
(developer of Coolify here)
I guess IPv6 could/would solve this one day?
The solution is a tunnel between your machine and an external server with a static IP address. The external server will forward requests to your machine.
Cloudflare tunnel is an option (thanks watchdogtimer), and there's also a service called Ngrok. I took the most complicated option: setting up a reverse ssh tunnel to a VPN that I already had.
Honestly I just feel awesome seeing those blinking lights in my room and thinking it's sending packets to other people.
In my experience it's not much harder than navigating the AWS interface, where I often feel very lost. But of course YMMV.
> There is no real privacy gained
Why not? Other than I can't be sure that my device and browser doesn't spy on me I don't see your point?
Not my reason to self host (static) but more a welcome side effect.
Moreover, no one can seize or examine your data without being a criminal. On the other hand, Google et al do this every day.
You may not care but these are real privacy gains
When I need to host dynamic content, another good option is CloudFlare Tunnels (I promise I'm not sponsored by them, their products are good is all :)), so you don't have to do shenanigans updating DNS records on the fly, and more importantly you don't have to compromise your network opening up and forwarding ports.
Yeah... I'm not surprised the author gave up on it, but you absolutely do not need to use k8s if you're dockerizing something like a blog. I'm a little baffled at this sentiment.
It's trivial to host a static site on someone else's infrastructure for very cheap or free, and you get to benefit from CDNs if you need it. I don't see what you would gain from doing this from your home network.
edit: this way, you get a free IPv4 (static) address as well, as well as security and avoiding DDoS on your home connection.
[1] https://buyvm.net/openvz-vps/
What's a bit iffy is the privacy aspects. If you host anything that can identify you, your identity is just a HTTP request away for anyone who sees traffic from your IP address.
But these concerns can be somewhat mitigated by making the server drop connections unless a known Host header or SNI is sent.
Wholly recommended if you host stuff on your hope IP!
Easily done with nginx by ensuring all server {} blocks have a proper server_name and a separate default server {} block just having return 444. So unless someone already knows the domain name of your home server, they'll not be able to access it with just an IP address. You'll stop many bots this way, too.
run it behind Cloudflare
DDoS is probably mitigated at residential ISP level. At least I never had to deal with it with the current ISP I had for 14 years, and I had like 10 MBit/s upstream bandwidth most of that time.
The security aspect is a struggle. Something like shellshock [1] needs to be patched immediately, which really requires automation. With shellshock, even self-hosted static hosting could be impacted. Similar vulnerabilities be discovered in the future.
I'd want to isolate anything external facing from the rest of my home network for that reason.
[1] https://en.m.wikipedia.org/wiki/Shellshock_(software_bug)
I don't think this is overkill, I think it's necessary. A UPS is pretty cheap compared to the completely-uncontrollable chance of losing power in the middle of working on something. Sure, there's autosave and most things are relatively recoverable, but this is just such a cheap investment (at least, for most people who will be reading this forum, I understand it isn't for everyone) compared to such a scary reliance on something that is not very reliable (which makes me very upset about income disparity, it's something everyone should be able to have).
My power is extremely unreliable so maybe I'm a little biased - we get brown-outs (power drops for maybe 2 seconds and comes back) maybe 3-4 times a year, which is wild imo for what should be a very well-developed area (relatively wealthy suburb of Chicago) but it's a pretty old building so not too surprising I guess. That said I will NEVER have a desktop setup with a UPS, and I encourage absolutely everyone to do the same.
I also have a wireless card so that in an emergency I could tether my pc to my phone for internet if need be, and I highly recommend this as well. It's enough to reconnect and send a couple Slack messages quickly and then disconnect again and wait out an outage, without driving up your data bill. (Just use your phone? Maybe, but I don't have everything installed, and I can't type for shit on my phone keyboard anyway)
Our little town of 6,000 or so loses power 3-4 times a year. One road with lots of ash trees loses power 10x a year.
People are beyond UPS here and into generators.
I'm using a laptop as a server and will buy a UPS for my modem/wifi. That combo will offer many hours of uptime without power.
I use a UPS and log2ram (which moves the most active directories to a RAM-disk) and have found the Pis to be perfectly fine home servers:)
If you have a beefy enough one (we're talking $200+ UPSs here), you can use it to power a modest refrigerator for a bit, getting temps back down to proper levels to prevent food spoilage if you end up with a long term outage that spans 48-72 hours. Most fridges only pull 120-180W when they run, and depending on the temp and time of year, only run the compressor for 15 to 20 minutes at a time. Plugging the fridge into it once or twice on the 2nd and 3rd day of an outage can save you a TON of grief and food spoilage.
However, those lead acid batteries don't last forever, and when they fail you're worse off than using a dumb regular surge protector. Now you have to replace and responsibly recycle the battery.
For me that e-waste became impossible to justify. A couple of power outages a year is completely acceptable for most home servers.
Or if it's a static rendered website you can publish on GitHub Pages for free and use a CNAME to use a custom domain which is what we do for our docs https://docs.servicestack.net created with https://vitepress.vuejs.org that uses GitHub Actions to automatically build and publish the site on commit.
That's not to say that a VPS in addition isn't useful or fun. https://indieweb.org/POSSE and all. It just isn't at all required.
In most case the main factors to choose self hosting are independence, fun and learning by tinkering. That’s three items that GitHub Pages doesn’t provide.
Renting slices of someone else's shared HW hardly compares in terms of price to owning the full machine. Expected lifetime of some cheap SBC you'd use for hosting your personal projects is ~10 years. It can cost say EUR 50-100 to run it that long these days. 10 years of that hetzner VM is EUR 577. That's 500 EUR I can do something else with per machine.
Whenever I try calculating HW ownership vs renting in the "cloud" for personal usecases it at worst comes up to paying off in a year, and usually sooner.
There are also many other benefits of having physical access to the HW.
Just right now about 7 SBCs I run have total cost of ownership at $20 on average each and I've been running them for 5-7 years...
Reminder that if you are going to do this, then it has to lie within the subset of uses deemed acceptable by the GitHub terms, which forbids hosting on GitHub Pages for e.g. e-commerce or any other business reasons; GitHub Pages is not a 1-to-1 substitute for e.g. Cloudflare Pages or Netlify.
It sucked. Cost a lot of time, and really, fiddling with firewalls and Apache configuration didn't teach me much.
All hail PaaS and the like. I'm not looking back.
One file and I can recreate my multi box self hosting setup. Why would I bother with a platform with a bunch of state?
Most PaaS type offerings for Web dev separate state and code. I can destroy and redeploy a whole cluster in two commands
Self hosting is rarely complicated. It's also easy to achieve better performance and lower cost in many situations.
https://www.reddit.com/r/selfhosted/
Setting up your own DNS like pihole and a personal vpn to enable you into your home network when outside is usually a good starting point. Or even simpler and potentially useful setup your own gitea instance, it's easy just use the sqlite backend.