this post was submitted on 01 Aug 2023
142 points (96.7% liked)

Selfhosted

46677 readers
1001 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

For example, something that is too complex for your comfort level, a security concern, or maybe your hardware can’t keep up with the service’s needs?

top 50 comments
sorted by: hot top controversial new old
[–] floofloof@lemmy.ca 132 points 2 years ago* (last edited 2 years ago) (3 children)

Tor exit node, public Lemmy instance.

[–] Cqrd@lemmy.dbzer0.com 27 points 2 years ago

Weirdly for extremely similar reasons

[–] Reivax@lemmy.world 7 points 2 years ago

Yes these. Essentially anything that an unidentified user could push data to that would land me in regulatory trouble. I would want to host these things, but I don't want to become a distributor of anything that would get me a search warrant.

load more comments (1 replies)
[–] faethon@lemmy.world 89 points 2 years ago (5 children)

Hosting an email server is pretty sure a magnet for half the Chinese IP range.... So I would refrain from hosting that myself.

[–] Tinnitus@lemmy.world 11 points 2 years ago (2 children)

I figured email would be a common theme. I’m just starting to dip my toes into all of this, so an email server is not on my to-do list (and may never be).

[–] Cqrd@lemmy.dbzer0.com 14 points 2 years ago (1 children)

Google and other large scale providers have intentionally made it very difficult to self host your own email. It’s generally not considered a wise move these days and is very difficult to maintain.

[–] peregus@lemmy.world 3 points 2 years ago (1 children)

Why do you say so? I'm not an expert in the fields, but isn't a mail server pretty much the same as 20 years ago plus DKIM and SPF?

[–] ikidd@lemmy.world 7 points 2 years ago* (last edited 2 years ago) (1 children)

With DKIM and SPF, I've had zero problems in the last 15 years of selfhosting, most recently with Mailcow Docker on a residential IP. I don't even have a reverse PTR to my mailserver hostname, just a PTR provided by the ISP that can be resolved.

I've added a few fresh, un-reputed domains to the server and had no issues.

I think many people's problems with running email servers are self-inflicted. I remember even before there were things like blacklists, etc with large providers, many people had problems keeping mailservers running. It's just not an easy task for a variety of reasons completely unassociated with the mega's blacklisting you. I've been running mailservers at various scales for 20+ years so maybe it's just second nature to me now.

load more comments (1 replies)
load more comments (1 replies)
[–] chris@l.roofo.cc 6 points 2 years ago (1 children)

I did host my email, but the problem wasn't the spam but the bigger email providers. Best case was my mail was marked as spam. Worst case was that I was blocked until I jumped through hoops. Email hosting is unfortunately broken.

[–] metaStatic@kbin.social 5 points 2 years ago

what's that? a federated service isn't immune from a corporate take over? colour me shocked.

[–] Anafroj@sh.itjust.works 5 points 2 years ago* (last edited 2 years ago) (4 children)

Gladly, fail2ban exists. :) Note that it's not just smtp anyway. Anything on port 22 (ssh) or 80/443 (http/https) get constantly tested as well. I've actually set up fail2ban rules to ban anyone who is querying / on my webserver, it catches of lot of those pests.

load more comments (4 replies)
load more comments (2 replies)
[–] ruud@lemmy.world 84 points 2 years ago (2 children)

Anything that the family uses. Because when I cease to exist, my wife isn't gonna take over self-hosting! So e-mail, chat, documents etc.

[–] colebrodine@midwest.social 20 points 2 years ago (2 children)

I told my wife when I die, she's just going to have to throw it all away and start over.

We have separate email accounts and she knows how to get into my Keepass, so she should be able to get into whatever she needs to. I now have a daughter who is becoming interested in how these things work, so I'm hoping to slowly start training/handing off to her.

[–] freeman@lemmy.pub 3 points 2 years ago

I have a router, switch and older access point preconfigured and ready to just plug in.

I have some basic documentation and a short list of folks to call, along with admin creds should anything need untangling.

But mostly it’s a rip and replace network. Ditch plex and get cable.

Google workspace is basically just gmail. You can pay someone to migrate it or abandon.

load more comments (1 replies)
[–] bearfootbees@lemmy.ca 6 points 2 years ago

This guy has a good financial planner.

[–] Karcinogen@discuss.tchncs.de 70 points 2 years ago (3 children)

Password manager like Bitwarden. I'd rather they take care of it for me. The consequences would be too great if I messed it up.

[–] ChrislyBear@lemmy.world 8 points 2 years ago (2 children)

Oh man, that's actually really good advice! I recently switched to Vaultwarden, but you're right: If my server goes down, I can't even restart it, because the password for my account is in there! Damn! Close call!

[–] Limit@lemm.ee 16 points 2 years ago

Well with bitwarden/vaultwarden you can have a copy of your entire vault on your phone or computer or both... so even if your server was totally dead, you'd have access to your passwords. Solid backups is a must, I follow the 3-2-1 rule on super critical systems (like vaultwarden) and test that you can actually recover. Something as simple as spinning up a VPS, testing a restore, testing access, see if that could work in a pinch until you get your server back online, then tear it down. Linode is very cheap for this kind of testing, it'd only cost you a few pennies to run a "dr" test of your critical systems. Of course you still want to secure it, I'd recommend wireguard or tailscale instead of opening access to your DR node to the internet, but as a temporary test it's probably fine if your running patched up to date versions of docker, vaultwarden, and I'd always recommend putting a reverse proxy in front like nginx.

[–] newIdentity@sh.itjust.works 11 points 2 years ago

Usually the password are also stored locally.

I can definitely access all my passwords offline with bitwarden

load more comments (2 replies)
[–] placq@lemmy.world 43 points 2 years ago (1 children)

Mail, Bitwarden and Joplin. Too important stuff for my Raspberry Pi setup.

[–] daFRAKKINpope@lemmy.world 7 points 2 years ago (8 children)

Second. I used to self-host Bitwarden. Then I realized it'd be too devistating to lose all my passwords, even with backups. So I moved to their cloud service and paid for my families accounts too.

Joplin tho, Joplin stays on the server with no backup. I should really, really make a backup this weekend.

[–] cmhe@lemmy.world 15 points 2 years ago

I am hosting bitwarden myself (on a VPS) and I am not that concered about losing my passwords, because every device syncs all passwords locally regulary so that you don't need internet to access them.

So to loose all your passwords not only do you have to loose your bitwarden server and all the backups, you also have to loose access to all your bitwarden clients synchroniously.

load more comments (7 replies)
[–] moist_towelettes@lemm.ee 32 points 2 years ago

Bitwarden actually. I was really split on this but ultimately I trust Bitwarden, the company, to run a secure server than myself.

Who has time to track CVE's and react to them in a timely manner? I don't. If something happened, I probably don't have the infrastructure or know-how to even realize I had been breached.

[–] emhl@feddit.de 31 points 2 years ago (1 children)
  • My own search engine (a meta search engine like searx-ng would be fine though)
  • a tor exit node, because don't want to deal with the legal hassle (i run snowflake on multiple machines though)
  • a SMTP relay (recieving email is easy. Sending email is a pain in the ass)
[–] VanillaGorilla@kbin.social 5 points 2 years ago

Sending email is super easy as well. Making sure everyone can receive it is such a pain though.

[–] poVoq@slrpnk.net 22 points 2 years ago (1 children)

A public Matrix server. Its just a never ending black-hole of ever increasing storage requirements and the software is too buggy to not become a maintenance hassle.

I do run a Synapse server for bridging purposes, so I am not just talking in theory.

[–] ellipse@lemmy.dbzer0.com 8 points 2 years ago (1 children)

XMPP is safer and lighter anyway

load more comments (1 replies)
[–] DeltaWhy@lemmy.world 21 points 2 years ago (5 children)

Backups. Cloud services like Backblaze B2 are so cheap for the durability they offer, it just doesn’t make sense for me to roll my own offsite solution with a Raspberry Pi at my parents’ house or something. Restic encrypts everything before it leaves my machine.

Password manager- it’s too important and it’s the thing that has to work for me to recover when I break something else. I’m happy to support Bitwarden with a few bucks a year.

Email- again, it’s mission critical and I have a habit of tinkering with things and breaking them. And it’s just no fun. The less I need to think about email, the happier I am.

[–] hempster@lemm.ee 7 points 2 years ago* (last edited 2 years ago)

That's what "1" in the "3-2-1" backup strategy stands for, a true offsite backup (preferably continent where you do not reside) For "2" I would still deploy a local offsite at someone's house for quick disaster recovery.

Downloading your 10TB data from B2 (or even requesting a tarball HDD from them) is costlier than recovering from an offsite backup facility within an hour's reach.

load more comments (4 replies)
[–] mojo@lemm.ee 21 points 2 years ago (1 children)

Email. Way too complicated and lots of maintenance. Not to mention it you mess it up, there are huge downsides.

[–] aard@kyu.de 6 points 2 years ago (2 children)

I find it funny that a bunch of the simple basics are nowadays considered complicated. I've been doing my own mail and DNS for over two decades now, and don't see a reason for stopping. It is pretty low maintenance, and generally less headache than having someone else do it.

load more comments (2 replies)

A social media platform where you can post or view images. I don't wanna deal with CSAM.

[–] kameecoding@lemmy.world 12 points 2 years ago* (last edited 2 years ago)

not complicated or hard, just don't care enough: music, spotify is fine, especially on the family plan.

[–] shrugal@lemm.ee 9 points 2 years ago* (last edited 2 years ago) (1 children)

I tried getting a music setup to work, but I couldn't find a good solution for generated playlists with new song recommendations. The self-hosted music service just can't add songs it doesn't have yet, so it's not really feasible. Plus I still have a very cheap YouTube Music subscription from the GPM days.

[–] chiisana@lemmy.chiisana.net 5 points 2 years ago (1 children)

You can use Lidarr to subscribe to artists’ new album/singles. But you’d still need to have a workflow to add new artists every now and then to incorporate them into your library.

[–] shrugal@lemm.ee 5 points 2 years ago (1 children)

I want to be able to pick a song and say "give me a playlist of similar songs I don't know yet", and have that play immediately. That's just not something a self-hosted setup can do. :/

[–] chiisana@lemmy.chiisana.net 3 points 2 years ago

Yeah I think the closest thing I’m aware of is Plex and album/track mood on smart playlist, and even then that’s kind of janky (ie: cannot shout into smart assistants to creat one on the fly). Music is so cheap now, even the free Amazon Music I get from Prime serves my needs, so I don’t even bother with it.

[–] tok3n@lemmy.world 9 points 2 years ago (5 children)

Minecraft. When I started out it was fine but when I began to get regular visitors I got DDOSed for days on end and people poking me for ssh access. Never again.

load more comments (5 replies)
[–] ShittyBeatlesFCPres@lemmy.world 7 points 2 years ago (1 children)

I don’t self-host Nextcloud. I have a cheap cloud instance running it and it’s essentially my off-site backup for important documents. I don’t put just anything up there but I live in New Orleans so I feel like I should assume my home server won’t necessarily be online when I most need insurance documents and shit like that.

load more comments (1 replies)
[–] h3ndrik@feddit.de 6 points 2 years ago

Nothing really. I'm comfortable hosting mail, chat, my passwords and important documents. However:

Hosting personal/important data for other people is a bit intimidating because you kind of guarantee for safety and availability.

And services that are likely to be misused for illegal stuff and would be too bothersome. Otherwise i might host an anonymous spam eating email-forwarder, maybe a tor exit-node and a forum where adults can practise free speech. But that kind of stuff just attracts the wrong kind of idiots.

[–] Fizz@lemmy.nz 4 points 2 years ago (4 children)

A video hosting service. I cant be bothered collecting and storing all that media.

load more comments (4 replies)
load more comments
view more: next ›