I’ve been doing small hosting off and on for a while. Mainly for accessing files at home and the occasional Minecraft server. Not smart, as I’ve never used a specialized router. I used to use ddwrt, but now it’s impossible to flash most consumer grade routers.
id like to learn more stuff about cyber security, host other stuff, maybe host a website, but I’m just a guy who lives in an apartment. I’m stuck with 1 Internet service that claims it will terminate my service if they find me to be hosting anything. They must be semi-lax with that rule, because i haven’t gotten terminated for using ssh and cockpit.
Do you guys own a house, or are just fortunate enough to have access to an ISP that will let you host your own stuff?
I have a house with a basement and a fiber connection I run my stuff in. I also have a pair of vps I use for things from racknerd that were black Friday deals (160 a year for 8 core 12 gb ram)
My ISP (Fios) doesn’t seem to care what I do. I can even open ports 80 and 443, which I have done. I host my website on an Orange Pi 5 and have a Cloudflare Tunnel securing it. The rest of my exposed services are proxied by Nginx Proxy Manager.
I use Proxmox and set up various virtual machines and containers, then Docker containers within a VM for my services. Some of the stuff I don’t want Fios seeing is masked behind a VPN container (Gluetun).
I have a yearly vps subscription with 16GB ram, 160 GB ssd and 8 cores, including 5TB network limit. It is some Lithuanian company (time4vps). I don’t have a static ip at home, and if I want to get one I have to pay pretty much the same amount, so why bother?
It has Debian 11, and ufw as the only security measure, together with Caddy as reverse proxying everything so only a handful of ports are open (80,8080, 443, and one for syncthing and one for dot).
I have the following services running:
- Nextcloud (for office tools, calendar, to do, boards)
- firefly iii for self accounting
- technitium dns server for doh and dot with blocking
- grafana, prometheus and node exporter foe monitoring
- libreddit for, well, you know
- searcxng
- trilium for private knowledge base
- tailscale for tunneling and VPN
- syncthing for file syncing and password sync together with keepassxc
- my personal page, auto updating with github actions over sftp.
I have partially documented most of my work in my blog, so you can take a look if you wish https://mustafacanyucel.com/#blog .
Your blog looks nice , how did you made it?
Thank you. It is only css and html, but since my creative skills are no better than a potato’s, I am using a designer-made template for css 😅.
I have a salvaged desktop in a closet which I use for:
- pihole (adblock and local dns)
- unbound for upstream dns (no more 8.8.8.8 dns for me)
- VPN to access my home network and for some security on public wifi
- NAS (only via sshfs, want to try nextcloud) where data is stored on a software raid array
- a couple SQL databases for a hobby project
Since I have ports exposed (I know), I have it configured for no root login, some default ports are set to non default ports, and I have fail2ban installed.
I’m pretty proud of my setup and it’s made my life and work flow pretty awesome and simplified, especially with the WFH/hybrid stuff.
I want to try nextcloud so I can consolidate my calendar(s?), and get rid of trello as a service, in addition to serving my NAS files. But i want to test drive it first and I dont have a system to do that properly at the moment.
Also, you don’t need a crazy router to get started. Mine is a crappy $100 router. Most will have port forwarding if you need to expose ports, or ddns if you want a domain name. There are some things you’d want a slightly more powerful router for (like maybe a media server serving most of your house). But you can always upgrade your router.
An alternative to Pihole is Adguard and so far the latter has been a lot better for me personally.
I’ll check it out! Appreciate the suggestion
I host Nextcloud and it is huge life saving tool. I use it for backuping photos, hosting calendars, tasks, contacts and RSS. I use Nextcloud Deck as Trello replacement. Nextcloud can also replace Google Docs.
I originally thought it was overkill for me, who just needed to access files, until I read about deck, calendar, and chat. Now I’m ultra sold. I’m tired of slack, trello, email, calendar all being in different places.
My self hosted setups have evolved over the years. I started out with a Raspberry Pi hosting a Drupal site flying under my ISPs radar with a dynamic IP address I had to adjust my DNS settings to point to pretty frequently. In time I had 3 Pis running hosting websites. Then I learned about apache virtual hosts and put all the sites on one Pi. These days I use a ODroid H3+ to host a Nextcloud instance. It sits on the back of my desk collecting dust. Glamour pic for reference. I have it propped up on some junk for better cooling. I love it for it’s low power consumption and relatively good performance for a single board computer.
I started with a Raspberry Pi 4 4GB running Home Assistant with a bunch of add-ons. Moved on to a mini PC running Proxmox with some VMs (one for Home Assistant) and LXCs (NGINX Proxy Manager, Docker, AdGuard Home, Jellyfin and more). With a 4-core 8-thread Intel CPU and 16GB of RAM, it’s got enough power for my usage so far.
My router is a regular consumer-grade router, but it’s been pretty good at reassigning the same IP address to each of my services. My ISP doesn’t restrict my uploads and hasn’t complained about my self-hosted services, but there’s not much traffic as I’m the only one using them.
I’m also adding a NAS to the mix soon for more storage!
You can use things like Tailscale or Cloudflare Tunnel for hosting things inside your home network. I’d use Tailscale if only you or a couple of people need access to your internal network and services, or Cloudflare Tunnel if you want to expose your self-hosted services to the outside world.
I personally have the luxury to have 2 internet connections available to me. I live in an apartment where ISP connection A is shared among the residents (they all have their own router connected, so using double-nat, which is not great but it works), and I managed to negotiate with the landlord that I could use a dedicated fiber connection since it does not disrupt the rest of the residents, and my work pays that bill. It’s small virtual ISP, so I was also able to request a static public IP.
For my network at home, I’m using a Unifi stack: UDM-Pro and USW-Pro. For running services on my network, I have a server running Unraid where I mostly host services in containers of which I expect a lot of data to be stored on. Rest of my services I run on 6 thinclient grade hardware ( 4 Lenovo ThinkCenter M73 Tiny, 1 HP ProDesk 600 G3 and 1 Shuttle XH61V) using Nomad for the container clustering, docker as the runtime engine, and Consul for service discovery.
My router port-forwards a select number of ports (80 and 443 among things) to my reverse proxy (Traefik) which then routes the connections to the correct services based on the URL and other rules.
But, if your ISP is being difficult… renting a VPS these days is a viable option.
For me it’s simple: my ISP has crippled the upload to 30mbps making it impossible to host something from my home publically (download is 300mbps or more) but I do selfhost on unraid … it’s just for stuff in my house or for my privately with vpn outside. I run a TON of apps this way… I just don’t need them to be … public they are just for me to use at home mostly.
That for me is also selfhosting.
Now that said: I still ask the same question to my isp when they want to upsell me something: and what about the upload? The sales persons mostly don’t know what I mean or how it matters 🤦♀️… anyway I’ve been doing this for 20+ years now…… kinda lost hope? But nah not yet 😏 … “hoop doet leven” we tell or selves over here (translates to: hope is live)
Same here. I have multiple servers between unraid and proxmox. Everything I have set is for local use. I used to have a few things accessible externally but now revert to using WireGuard if I need to access things locally. Only exception is that I have Nextcloud publicly accessible.