I’ve been around selfhosting most of my life and have seen a variety of different setups and reasons for selfhosting. For myself, I don’t really self host as mant services for myself as I do infrastructure. I like to build out the things that are usually invisible to people. I host some stuff that’s relatively visible, but most of my time is spent building an over engineered backbone for all the services I could theoretically host. For instance, full domain authentication and oversight with kerberized network storage, and both internal and public DNS.

The actual services I host? Mail and vaultwarden, with a few (i.e. < 3) more to come.

I absolutely do not need the level of infrastructure I need, but I honestly prefer that to the majority of possible things I could host. That’s the fun stuff to me; the meat and potatoes. But I know some people do focus more on the actual useful services they can host, or on achieving specific things with their self hosting. What types of things do you host and why?

  • ITGuyLevi@programming.dev
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 months ago

    I host way more than I probably should, but everyone should have some stuff like immich, vaultwarden, and nextcloud. I also like to host gitea and 30+ other things (check out netboot.xyz, it isn’t something everyone needs but why wouldn’t you want to be able to boot off the network), but that’s just what some people do as a hobby I guess lol.

  • MangoPenguin@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 months ago

    For sure anything with private data involved, aside from my email.

    So everything to do with images, videos, file/document storage, etc…

    Also game servers because they’re generally very easy to host at home, and due to generally high RAM and storage needs paying for hosting can be quite pricey.

    • Laser@feddit.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      Also game servers because they’re generally very easy to host at home, and due to generally high RAM and storage needs paying for hosting can be quite pricey.

      Really?

      I thought this was more the case with flexible providers like DigitalOcean. My current provider charges 5,36€ per month for 4 cores (though I assume this corresponds rather to 2 SMT-enabled cores), 6 GB of RAM and a 400 GB SSD. It offers better latency for most players (obviously not for myself) and in most cases has been sufficient regarding performance.

      • MangoPenguin@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        5 months ago

        Fair, it does depend on what games you’re hosting. I often have multiple servers for different games running and some can use upwards of 10GB of RAM each when in use.

        Highest I’ve had I think was an Avorion server that hit around 20GB of RAM usage with 5 or so players on.

        I find that VPS cores are often very low performance cores, since they want high core density in their servers vs fewer high performance cores, and for games like Arma 3, Minecraft, Enshrouded, etc they really need high single thread performance to work well.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    5 months ago

    At the moment I am only doing jellyfin but I am looking to expand into pihole, audiobook shelf and some arr stack.

  • Saiwal@hub.utsukta.org
    link
    fedilink
    arrow-up
    19
    ·
    5 months ago

    Public services: my social network(hubzilla), Email(mailcow), Matrix chat, Peertube.

    Private: my media (jellyfin, audiobookshelf, calibre, homeassistant.

    I enjoy the freedom that comes with this and its like having your own home on the internet. I have a very modest setup but its enough to host my friends and family so nothing fancy like k8s. Just a refurbished optiplex running docker :)

        • Laser@feddit.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          Nice until you’re at a hotspot that blocks most ports but the most common ones.

          I use HTTPS for all stuff, that has given me the best results overall. But of course, you can offer multiple options simultaneously

    • LifeBandit666@feddit.uk
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      Me too, except it’s Adguard for me.

      Came in handy yesterday actually. I have a friend who works for a University which was recycling some Chromebooks.

      He managed to grab 3 for me, one for myself and one for my kids.

      Problem is that one of my kids is being supervised through Google Family Link which means for some reason the Play Store won’t work.

      So he is now unsupervised in Family Link just to get the Chromebook working.

      So I’ve just given both my kids static IPs and pointed their Chromebooks at Adguard, then turned on Safe Search and adult content blocking.

      Now I’m fairly confident they’re protected from a lot of the bad shit on the internet.

      • Swarfega@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        I’ve configured my kids devices to use NextDNS, that way they are getting filtering no matter what network they use.

        AdGuard does what I need internally, it’s just external is the issue. VPN’s are not a solution, my kids are old enough to know they can just disable it to work around it. They don’t know about the Private DNS option that I have configured on their devices… Yet

        • Diurnambule@jlai.lu
          link
          fedilink
          English
          arrow-up
          3
          ·
          5 months ago

          Yeah hosting email as a company is a pain. I can’t imagine selhosting it. At least in a company people can search you online.

          • Neshura@bookwormstory.social
            link
            fedilink
            English
            arrow-up
            4
            ·
            5 months ago

            The worst part really is just getting off the damn spam lists. There is almost no documentation anywhere for do’s and dont’s. I ultimately had to setup a sending relay for the mail on my status monitoring VPS because my residential IP triggered most spam filters, but I only found out that that was the problem from forum posts investigating the same problem. I check with stuff like mail-tester, get back perfect scores and yet most of my outgoing emails have a good chance to land in the spam folder anyway (but at least they get delivered so that’s a plus I guess)

            As others in other threads have said: Google and Microsoft have killed the ability to self-host email simply by black-boxing their spam filters. As a user you have no real way to fix your mail server such that your emails get delivered into the inbox reliably.

            • Diurnambule@jlai.lu
              link
              fedilink
              English
              arrow-up
              2
              ·
              5 months ago

              I feel ya. And this doesn’t take in account users who put one of you mail in spam and it blacklist you for the whole org…

  • SolidGrue@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 months ago

    I used to selfhost more, but honestly it started to feel like a job, and it was getting exhausting (maybe also irritating) to keep up with patches & updates across all of my services. I made decisions about risks to compromise and data loss from breaches and system failures. In the end, In decided my time was more valuable so now I pay someone to incur those risks for me.

    For my outward facing stuff, I used to selfhost my own DNS domains, email + IMAP, web services, and an XMPP service for friends and family. Most of that I’ve moved off to paid private hosting. Now I maintain my DNS through Porkbun, email through MXroute, and we use Signal instead of XMPP. I still host and manage my own websites but am considering moving to a ghost.org account, or perhaps just host my blogs on a droplet at DO. My needs are modest and it’s all just personal stuff. I learned what I wanted, and I’m content to be someone else’s customer now.

    At home, I still maintain my custom router/firewall services, Unifi wireless controller, Pihole + unbound recursive resolver, Wireguard, Jellyfin, homeassistant, Frigate NVR, and a couple of ADS-B feeders. Since it’s all on my home LAN and for my and my wife’s personal use, I can afford to let things be down a day or two til I get around to fixing it.

    Still need to do better on my backup strategies, but it’s getting there.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    4 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DHCP Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network
    DNS Domain Name Service/System
    Git Popular version control system, primarily for code
    HTTP Hypertext Transfer Protocol, the Web
    HTTPS HTTP over SSL
    IMAP Internet Message Access Protocol for email
    IP Internet Protocol
    LAMP Linux-Apache-MySQL-PHP stack for webhosting
    NAS Network-Attached Storage
    NFS Network File System, a Unix-based file-sharing protocol known for performance and efficiency
    NVR Network Video Recorder (generally for CCTV)
    PiHole Network-wide ad-blocker (DNS sinkhole)
    Plex Brand of media server package
    SMB Server Message Block protocol for file and printer sharing; Windows-native
    SSD Solid State Drive mass storage
    SSL Secure Sockets Layer, for transparent encryption
    SSO Single Sign-On
    Unifi Ubiquiti WiFi hardware brand
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)
    XMPP Extensible Messaging and Presence Protocol (‘Jabber’) for open instant messaging
    k8s Kubernetes container management package
    nginx Popular HTTP server

    23 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

    [Thread #871 for this sub, first seen 15th Jul 2024, 16:35] [FAQ] [Full list] [Contact] [Source code]

  • 0x0@programming.dev
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 months ago

    The actual services I host? Mail

    What do you use for that?

    What types of things do you host and why?

    Self-hosting as in at home, nothing to the outside world and i’m still sorting a local NAS; i have a VPS with a few websites but that’s not self-hosting category i guess.

    I’d locally-host media stuff but not even that is that important to me atm. Next on my list is 3-2-1 backups so i can reorganize my setup and eventually selfhost a wiregard VPN to access some data.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      5 months ago

      What do you use for that?

      Because emails can have a boatload of sensitive information (especially when collected en masse, think years and years of emails)… In the day of AI bullshit. Minimizing all that data being directly attached to an account associated with you and owned by google or some other corp seems like a sane desire. If you primary a gmail account… and they start (they probably already are) training on that dataset. Shit is going to get real testy.

      • tburkhol@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        If you email to people on gmail or outlook, won’t Google and Microsoft still end up with copies of most of your mail?

        • Saik0@lemmy.saik0.com
          link
          fedilink
          English
          arrow-up
          5
          ·
          5 months ago

          Yes, but at the very least they have to do queries to build that profile out across dozens or hundreds of recipients… And they only get what I explicitly sent to them/their users.

          Google collects 100% of the emails you’re getting on gmail and it’s already sent directly to you… so they see it completely… including emails being sent to other sources since it originates from their server (so collecting information that would be going to an MS Exchange server as well…).

          Self hosting this means that you’re collecting your own shit… And companies can only get the outgoing side to their users. And never the full picture of your systems/emails.

          This matters a lot more than you think. Lots of systems for automation sends through systems like Mailchimp, PHPmailer, etc… So those emails from your doctor likely never originated from MS or Google to begin with. When it hits your inbox on Gmail or Outlook… Well now it’s on their system. Now they can analyze it.

      • 0x0@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        I meant what software stack do you use to host your email.

        Btw have you encountered issues with receiving/sending mail through that account, considering the ongoing cartelization?

        • Saik0@lemmy.saik0.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          5 months ago

          Mailcow.

          Personally. No. The hardest part is getting a clean IP and to setup PTR records for a static IP. The rest has been easy for me personally… but I do this shit for a living so I might be biased.

    • The Stoned Hacker@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 months ago

      I set up a mail stack on Rocky Linux with Postfix, Dovecot, and rspamd. I don’t need a database because it’s all LDAP on the backend, and I don’t have webmail setup right now because I’m lazy. It’s a bit of a hassle to get up and running well but it’s pretty solid and I’m careful about managing my domain reputation so I don’t have any issues with my mail being delivered.

  • Swarfega@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    Jellyfin Plex (I wanted to get rid of it but I found my son’s TV has no Jellyfin client available so I have to keep Plex up for him) Nginx Caddy Ddclient to Cloudflare for my home dynamic IP Syncthing (such an underrated app) Wireguard HomeAssistant Some other stuff that isn’t all that interesting

  • Presi300@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 months ago

    The main things for me are: Wireguard, NextCloud and an NFS/SMB share and a torrent client (Deluge)

  • tburkhol@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 months ago

    pihole, in front of my own DNS, because it’s easier to have them to domain filtering.

    mythtv/kodi, because I’d rather buy DVDs than stream; rather stream than pirate; but still like to watch the local news.

    LAMP stack, because I like watching some local sensor data, including fitness equipment, and it’s a convenient place to keep recipes and links to things I buy regularly but rarely (like furnace filters).

    Homeassistant, because they already have interfaces to some sensors that I didn’t want to sort out, and it’s useful to have some lights on timers.

    I also host, internally, a fake version of quicken.com, because it lets me update stock quotes in Quicken2012 and has saved me having to upgrade or learn a new platform.

    • Snot Flickerman@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      Do you have any input on whether running your Pi-Hole as your DNS service versus how you have it, with pi-hole in front of a standalone DNS server, as to which is functionally “more better?”

      I had been toying with making my pi-hole into a full DNS server using Unbound, but I had been debating if it would be better to have that service running seperately.

      • Encrypt-Keeper@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        5 months ago

        Unbound is incredibly lightweight. There’s no reason not to just have it running on the same box as your pihole.

      • tburkhol@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        I have isc-bind running behind pihole so network clients can register their own hostnames, and as near as I can tell, that’s outside the scope of pihole’s DHCP and dnsmasq. Pihole alone is probably fine if you only want to name static hosts, but (I understand) Unbound doesn’t support ddns, either.

        • SolidGrue@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 months ago

          Unbound will take updates via API. You could either write exit hooks on your clients, or use the “on commit” event on isc-dhcp-server to construct parameters and execute a script when a new lease is handed out.

  • node815@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    5 months ago

    I’ve seen a few mentions of PiHole and AdguardHome, I started on PiHole, then moved to AdguardHome for adblocking. Then I heard about and have been using TechnitiumDNS server which is sort of overkill for our needs, but with the right ad-lists, it is fantastic at blocking advertisements on my home network. Super fast install too, even on a Raspberry Pi 2 :) I run that along with Proxmox-VE (Protected behind OIDC Login) and several other containers on my cranky old Dell Desktop server.

    Mostly Vaultwarden, and a few other services for home private use such as PairDrop for inter system sharing and a self destructing file sharing server for when we need to send documents to our Attorney’s (rarely but sometimes we need to) office via Pingvin.

    I also run:

    • Home Assistant
    • Transmission Dockerized so I can help contribute to the Linux community and share the ISO’s.
    • For some of my externalized sites, I run Authentik It acts sort of like a Reverse Proxy if you configure it to do so. I love that I can simply identify myself with my WebAuthn device skipping any passwords. :)

    With Authentik setup, I can login to things like my Fresh Tomato Router TechnitiumDNS (Both use HTTP Auth headers) and Memos which uses OIDC/SSO. It’s meant to replace our Google Keep notes.

    • Tailscale is installed and I connect to it from my phone when away from home to always stay on my network. Sometimes, hotspots block it so I generally avoid those as much as possible.
    • Wallos to help keep track of our re-occuring subscriptions.
    • Grafana and Promethus - both are staged and ready for configuration and one of those I will get around to eventually.
    • InfluxDB - I plan on moving Home Assistsant logging soon to that which should tie nicely into Grafana later.
    • Ben Phelps’ Homepage - it’s my main server dashboard my wife and I use to access our server. Quite simply one of the best dashboards IMHO.
    • Wyze Cam Bridge - One of the better services in which you can log into your Wyze cams and convert their streams to RTSP, RTMP or HLS streams easily. I have that feed to my Home Assistant Security Dashboard.
    • Baserow It’s a good Airtable alternative and I use it to keep track of my Static IP assignments, Sleep tracker (I suffer from insomnia), and other data points. It’s pretty amazing. I even created a pain logging for for my wife so she just accesses it and answers basic questions about her pain levels and it pushes it to the database for later retrieval.
    • Joplin Server - Sorry, I don’t have the link, but it’s installed via compose. I use Joplin Notes on my phone and computer for keeping my code snippets. I’ve tried Obsidian and it didn’t really meet my needs and Also Anytype, but that’s not self-hosted. Joplin server is for me and that’s become handy a time or two when on the road.
    • Bookstack - my grand plan for that is to build a Wiki for my family to use in the event something should happen to me, they can know how to manage the server with nice screenshots and instructional steps. I have that protected behind Authentik’s OIDC logins.
    • IT-Tools - hands down one of the coolest self hosted tool sets you can use.
    • Webcheck - All-in-one OSINT tool for analyzing any website https://web-check.xyz/ is their demo site. :)
    • Stirling PDF - Kind of like a Swiss-army knife for PDF’s. :)
    • Dozzle - For those times with you really need to see what your Docker logs and too lazy do run a docker logs -follow command.

    I still use Portainer-CE and am happy there, I may try Dockage or the others, but it’s fine for what I need it for (It’s also protected by OIDC)

    I’m sure I may have missed a few, but this post has gone on long enough. :)

    • 486@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      IT-Tools - hands down one of the coolest self hosted tool sets you can use.

      Looks similar to Cyberchef. Any reason to use that one over Cyberchef?

      • node815@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        Cyberchef, I’ve looked at but honestly for me, IT Tools works best for my needs so it’s all good on my end.

    • λλλ@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      5 months ago

      A bunch of people recommend dozzle in this thread… I’ve been using Dockge. I wonder how they compare. I’ll have to check that out later.

      • node815@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        Dozzle is just log viewing plain and simple. Dockge shows more that’s all I know. I tested Dockge earlier on in development and haven’t been back since, I know it’s grown a lot more since.

        • Voroxpete@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          It’s not so much that Dockge shows more, and more that it does more. Log viewing in Dockge is actually pretty bad; it’s honestly the one thing that really needs more work. But Dockge is a full management plane; it allows you to deploy, modify, bring up and bring down entire compose stacks. Dozzle is only a log viewer, nothing else. Given that log viewing is the one thing Dockge does badly, they’re actually a perfect complement to each other, and I’d strongly recommend running both.

  • Kalcifer@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    5 months ago

    All of the services that I host are for private use:

    • Nextcloud
    • FreshRSS
    • Immich
    • Jellyfin
    • RSSBridge

    And they are all behind Caddy, which reverse proxies and handles HTTPS. I’m not sure if it really counts as self-hosting, but I also use my server as a host for my backups with Borg. I also use it as a sort of central syncing point for Syncthing.

    I did have a Pi-Hole at one point, but I kept running into issues with it — I may look into it again in the future.

    At some point I’d like to try implementing some ideas that I’ve had for Homeassistant (a camera server with Frigate and some other automation things). Once federation has been implemented, I would like to host a Forgejo instance. I may also host a Simplex relay server, depending on how the app progresses. I’ve been considering hosting a Matrix instance, but I’m not sure yet.