There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

From reddit selfhosted: What do you wish you knew from the start

I saw this post today on Reddit and was curious to see if views are similar here as they are there.

  1. What are the best benefits of self-hosting?
  2. What do you wish you would have known as a beginner starting out?
  3. What resources do you know of to help a non-computer-scientist/engineer get started in self-hosting?
jimmy90 ,

NixOS is awesome!

jimmy90 ,

although maybe not for beginners. for beginners use docker compose and do backups however you like

Landless2029 ,

Can you clarify on how NixOS is great for selfhosting? I was going to do mint.

Kaufman5000 ,

As far as operating systems goes, i would recommend Debian or Ubuntu. These are very wiedly used and there are many resources. And if you are brave, you can start without a Desktop.

jimmy90 ,

you configure your whole server in one file (including docker/podman services), installation and configurations is taken care of by the package manager, you pretty much only need to know one file to admin your system

and no extra stuff is installed only what you specify so you have a minimal resource usage.

i think this is awesome

possiblylinux127 ,

Not as good as Ansible although they are different tools

subtext ,

For #2 and #3, it’s probably exceedingly obvious, but wish I would have truly understood ssh, remote VS Code, and enough git to put my configs on a git server.

So much easier to manage things now that I’m not trying to edit docker compose files with nano and hoping and praying I find the issue when I mess something up.

SidewaysHighways ,

I know this is coming up on my radar, but I am not quite sure where to start. Might you have any resources on hand to point me in the right direction?

Especially once I have everything dialed in the way I want, I’d love to be able to pull from my own repo to get stuff running again/spin up a new instance

subtext ,

Honestly, I learned a ton from these guys: www.smarthomebeginner.com

I’ve diverged a good bit since then of the services I’ve added and the specifics of how I configure things (I still use Traefik whereas I think they’ve shifted to Nginx), but they have a great example of a GitHub repo and what it looks like to manage a self-hosted server.

traches ,
  • you do not need kubernetes
  • you do not need anything to be „high availability”, that just adds a ton of complexity for no benefit. Nobody will die or go broke if your homelab is down for a few days.
  • tailscale is awesome
  • docker-compose is awesome
  • irreplaceable data gets one offsite backup, one local backup, and ideally one normally offline backup (in case you get ransomwared)
  • yubikeys are cool and surprisingly easy to use
  • don’t offer your services to other people until you are sure you can support it, your backups are squared away, and you are happy with how things are set up.
EncryptKeeper ,

To piggy back on your “You don’t need k8s or high availability”,

If you want to optimize your setup in a way that’s actually beneficial on the small, self hosted scale, then what you should aim for is reproducibility. Docker compose, Ansible, NixOS, whatever your pleasure. The ability to quickly take your entire environment from one box and move it to another, either because you’re switching cloud providers or got a nicer hardware box from a garage sale.

When Linode was acquired by Akamai and subsequently renamed, I moved all my cloud containers to Vultr by rsyncing the folder structure to the new VM over SSH, then running the compose file on the new server. The entire migration short of changing DNS records took like 5 minutes of hands-on time.

mesamunefire ,

I just moved everything from vultr to self host because of their latest changes.

EncryptKeeper , (edited )

EDIT: As I suspected, the changes that u/mesamunefire is referencing are the ones that taken out of context awhile back and incorrectly assumed to apply to user VPS’ and the data on them, which is not the case. Those terms only apply to information posted publicly to their website, like the community forums.

What changes would those be

sugar_in_your_tea ,

Can’t speak for OP, but I bailed on Vultr because of how they handled the arbitration agreement change. Basically, I couldn’t access my containers without accepting the new TOS, so I “hacked” the website with Inspect Element so I could access support to close my account. For me, the arbitration change wasn’t the issue (my current host has similar policies), but being forced to accept a new TOS to use my account. I had no option do disagree or “remind me later,” I literally only had an “accept” button. I refuse to use any service that treats me like that.

I’m now with Hetzner, so we’ll see if they pull that nonsense. I only use the VPS to get around my ISP’s CGNAT (WireGuard VPN w/ HAProxy at the edge to route domains), so if they pull the same nonsense, I’ll copy my config to another VPS.

mesamunefire ,

How is Hetzner?

sugar_in_your_tea ,

Seems to work fine and meets my needs. I’m in the US though, and options are pretty limited. So far the only snag I’ve had was having to upload my ID, I guess their signup process is a little strict.

mesamunefire ,

Nice. I’m all about new providers

mesamunefire , (edited )

old.reddit.com/…/vultr_new_tos_claims_all_commerc…" You hereby grant to Vultr a non-exclusive, perpetual, irrevocable, royalty-free, fully paid-up, worldwide license (including the right to sublicense through multiple tiers) to use, reproduce, process, adapt, publicly perform, publicly display, modify, prepare derivative works, publish, transmit and distribute each of your User Content, or any portion thereof, in any form, medium or distribution method now known or hereafter existing, known or developed, and otherwise use and commercialize the User Content in any way that Vultr deems appropriate, without any further consent, notice and/or compensation to you or to any third parties, for purposes of providing the Services to you."

And you could not opt out. You had to click agree in order to login. That’s the biggest one.

It was later removed after the fact but there were other changes that sucked.

mesamunefire ,

I had customer data as well as some personal stuff on a couple of servers. It was low hanging fruit so I just started self hosting. It’s silly how much rights they suddenly wanted. Not worth the hassle, they just provide basic boxes to begin with.

They also would not let you login without accepting those new rights now were you able to opt out. So I just threw my infa on some local systems, deleted everything and then had to say yes to their TOS. Again silly and great way to lose business.

EncryptKeeper ,

That only applies to posts on their forums. Not the content on your VPS

mesamunefire ,

Nope. It’s the content.

EncryptKeeper ,

Incorrect. It applies only to the forums. It does not apply in any way, shape, or form to your VPS or the content on it. It’s one thing to be mistaken, but let’s not spread misinformation on purpose.

A Reddit post incorrectly took portions of our Terms of Service out of context, which only pertain to content provided to Vultr on our public mediums (community-related content on public forums, as an example) for purposes of rendering the needed services – e.g., publishing comments, posts, or ratings. This is separate from a user’s own, private content that is deployed on Vultr services.

Since our inception, Vultr has been committed to upholding and adhering to the strictest data privacy and protection standards across the world (including HIPAA, GDPR, and DPDPA). Our customers own 100% of their content.

mesamunefire ,

It appears after the controversy they removed the parts arstechnica.com/…/after-overreaching-tos-angers-u…

But when I read the tos, it was pretty clear it was not limited.

You also had to agree without an opt out which was scammy. There are better providers out there.

EncryptKeeper ,

I don’t think you read the TOS. I think you read the out of context snippet and assumed that it applied to your VPS. They removed that bit because it was confusing, not because it was not limited.

Being forced to agree to a TOS change without an opt out is scummy, but that’s not limited to Vultr. Companies are not out there with multiple versions of TOS based on what people agree to or not. At that point you’re better off not using a VPS.

mesamunefire ,

Welp I’m an anonymous person on the Internet so you can believe what you want. I could say that my job is literally mass deploying servers (devops) but if you don’t believe me that I said that I read it then I’m not sure what we can agree on.

Let’s just stop while we are both ahead. It’s a Thursday, good day for coffee yeah? Hope you have a good day.

dallen ,

Ansible is so simple yet so elegant.

UnityDevice ,

I’ve been in love with the concept of ansible since I discovered it almost a decade ago, but I still hate how verbose it is, and how cumbersome the yaml based DSL is. You can have a role that basically does the job of 3 lines of bash and it’ll need 3 yaml files in 4 directories.

About 3 years ago I wrote a big ansible playbook that would fully configure my home server, desktop and laptop from a minimal arch install. Then I used said playbook for my laptop and server.

I just got a new laptop and went to look at the playbook but realised it probably needs to be updated in a few places. I got feelings of dread thinking about reading all that yaml and updating it.

So instead I’m just gonna rewrite everything in simple python with a few helper functions. The few roles I rewrote are already so much cleaner and shorter. Should be way faster and more user friendly and maintainable.

I’ll keep ansible for actual deployments.

xinayder , (edited )

I have a k3s cluster for fun and I can admit that k8s is way too complicated.

I don’t want to dig hours through documentation to find what I’m looking for. The docs sometimes feel like they were written for software devs and you should figure part of the solution yourself.

I have a ExternalName service that keeps fucking up my cluster everytime it restarts, bringing down my ingresses, because for some reason it doesn’t work and I have no idea where to look at to figure out why it doesn’t work - I just end up killing the service and reapplying the yaml file and it works.

I had to diagnose why my SSL certificates would get stuck in “issuing” in cert-manager, had to dig through 4 or 5 different resources until I got to an actual, descriptive error message telling me that I configured my ClusterIssuer wrongly.

I wanted a k3s cluster to learn but every time I have issues with it I realize it’s a terrible idea.

I wish I had podman + compose but it does seem like a docker-compose is more complicated. Also, I wish I could do ansible but I have no idea where to start (nor how it works).

EDIT: oh yeah I also lost IPv6 support because k3s by default doesn’t enable v6 and I was planning on using Hetzner CCM to have a 2 node cluster until I realized Hetzner Networks don’t support v6.

vividspecter ,

I had a similar experience with NixOS-anywhere and a VPS issue. Reset the OS, setup SSH key access and ran NixOS-anywhere and within like 15 minutes was back up and running.

Findmysec ,

Not needing Kubernetes is a broad statement. It allows for better management of storage and literally gives you a configurable reverse-proxy configured with YAML if you know what you’re doing.

Nomecks ,

Yes, but you don’t need Kubernetes from the start.

Findmysec ,

Well I guess podman works fine for the first few months. Interestingly I still use build-ah heavily for building my custom images

Nomecks ,

I find a lot of stuff is using docker compose, which works with Podman, but using straight docker is easier, especially if it’s nothing web-facing

Findmysec ,

Funnily enough Docker compose has never worked for me on Podman. There always seems to be something that is incompatible (also due to me running on Debian). However, I feel like it should become a standard amongst homelabbers and professionals to use Kubernetes manifests going forward, since it is the most portable.

keyez ,

Heavy disagree on the storage statement from what I’ve used and seen but it works for lots of people so not going to detract. NFS is always a pain but longhorn seems to have advantages

Findmysec ,

NFS is a pain, no question about it. I used to use longhorn but these days since I’m doing a single node k3s I’m just doing hostpath. It’s that PVCs make intuitive sense to me, but I guess podman will likely work just fine for such cases other than canary deployments and OOTB service-meshes

multicolorKnight ,
  1. Control and privacy. The server does exactly what I choose, not somebody’s business model.
  2. Once you have other users, it’s not a hobby anymore. People are not amused by downtime.
  3. The w3schools.com tutorials have been good for me.
JustMarkov ,

2.What do you wish you would have known as a beginner starting out?

Caddy. Once you try Caddy there’s no turning back to Nginx or Apache.

poVoq ,
@poVoq@slrpnk.net avatar

That’s what everyone thinks for a while, and then they go back to Nginx.

lemmyvore ,

I’m currently in the process of separating the certificate renewal service from the reverse proxy completely.

But if you’re just starting out Nginx Proxy Manager makes it so easy.

ahal ,

Out of curiosity, what’s the benefit of splitting those?

lemmyvore ,

It lets you change reverse proxy or run a website with TLS completely independently of the certbot. The certbot deals with obtaining certs and leaves them in a dir, and the proxies or webservers just take them from that dir. If the proxy container breaks the certbot still does its thing etc.

It also makes it easier to do stuff like run different proxies in paralel for different things, chain proxies (for instance if you need to use a VPS because you can’t forward ports) and so on.

But it’s all for advanced setups, for basic stuff I’d still go with NPM.

ahal ,

Cool makes sense, thanks for the reply! And yeah, I don’t think I’m quite there yet.

kadotux ,

As someone who just learned about Caddy, could you elaborate?

poVoq ,
@poVoq@slrpnk.net avatar

You usually want less integration, not more. Simple self-contained things. Nginx is good at that. That’s also why you don’t want to use Nginx Proxy Manager or Certbot’s Nginx integration etc. It first looks like they make it easier, but there is too much hidden complexity under the hood.

Also, sooner or later you will run into some software that you would really like to try, which is only documented for Nginx and uses some sort of image caching or so, that is hard to replicate with Caddy etc.

Zeoic ,

Not sure I agree about proxy manager. Anything you need to access is in the gui. You can easily add advanced configs to the entries. Been using it for 5 or so years, and there hasnt been anything I was missing from using straight nginx before that.

towerful ,

The benefit of using config files is easy version management via git.
Makes it easy to rebuild from scratch and easy to rollback a change that breaks something

Zeoic ,

Fair enough. I manage the same by backing up the vm its on.

Deemo ,

Certbot’s Nginx integration etc

How do you obtain ssl certs then?

poVoq ,
@poVoq@slrpnk.net avatar

I switched to Dehydrated (with dns-01 challenge), but Certbot itself is fine, the problem is the Nginx integration that tries to automatically change your Nginx config files.

Deemo ,

Do you manually update the config every 3 months?

poVoq ,
@poVoq@slrpnk.net avatar

??? The location and the file name of the certificates don’t change, so why would I have to do that?

On the contrary, before I disabled the certbot’s Nginx integration, every three months certbot would “manage” to break my Nginx and I had to manually repair it.

I think we are not talking about the same thing. I mean the Certbot extension that automatically modifies the Nginx config files. A telltale sign are usually the comments " by certbot” that it likes to leave behind all over your config files.

Deemo ,

I’ve only really use caddy and my only experience with ngnix is ngnix proxy manager (which isn’t really true ngnix).

I wasn’t sure if hot swapping certs (even with same name was possible, kinda thought you would to reload it upon cert change).

Also regarding cert bot I have only used it in manual mode so it’s managed mode is a bit foreign.

sugar_in_your_tea ,

Eh, my main reason for switching is that Caddy builds in LetsEncrypt. My Caddyfile is really simple, it’s just a reverse proxy that handles TLS and proxies regular HTTP to my services. I don’t have it serving any files or really knowing anything about the services. Here’s my setup:

  1. HAProxy - directs subdomains to devices (in VPN) based on SNI
  2. Caddy - manages TLS and LetsEncrypt and communicates w/ services over HTTP
  3. Nginx - serves files for things like NextCloud, if needed (most services have their own HTTP server)

Each of these are separate Docker containers, which makes it really easy to manage and diagnose problems. The syntax for Nginx is more complex for 1&2, and the performance benefit of managing it all in one service just isn’t relevant for a self-hosted system, so I use this layered approach that makes each level as simple as possible.

keyez ,

I went from NGinx to HAProxy for 5 years, now on Caddy for 2 and loving it. So much simpler and efficient.

farcaller ,

Apparently traefik might be better if you run docker compose and such, as it does auto-discovery, which reduces the amount of manual configuration required.

Passerby6497 ,

LOL, as a noob I went with caddy, then traefik before settling on NPM. Ironically, all the “QoL” features people brag about just made base configs harder and lead to shit randomly failing.

NPM has been solid as a rock, even if I have to do slightly more work, it’s more reliable and does what I want quicker and easier than the alternative.

Deemo ,

Silly question how safe are caddy plugins? (especially dns challenge modules like cloudflare, duckdns, etc).

github.com/caddy-dnsgithub.com/caddy-dns/cloudflare/tree/master

Not sure if those plugins are covered by caddy’s security disclosure policy

github.com/caddyserver/caddy/security

xinayder ,

I maintain the DNS plugin for Vultr and I can say that it’s “safe”, but if you’re worried you should check their source code.

I believe it’s easier to have a vulnerability in the external provider’s API (for example, caddy-dns/vultr uses govultr) than Caddy. But I wouldn’t take things for granted if I was skeptical about these plugins.

ahal ,

I’ve been meaning to try Caddy, but I just can’t even imagine something simpler than NginxProxyManager.

VitabytesDev ,
  1. Not having to give up my privacy for everything.
  2. GUIs are not needed when self-hosting. (I mean when deploying services)
  3. Learn Linux and start simple with a Raspberry Pi or laptop. That’s how I started.
UselesslyBrisk ,
  1. Things like changes to TOS or services can be seriously mitigated by hosting it yourself. WHat happens if Spotify changes the music they host or inserts ads into everything. Well for me, nothing. On the flip side, if some of my stuff goes down, kids and wife will bark. But honestly its mostly set it and forget it.
  2. KISS is a thing that applies to many things in life. Anything “smart” in your home should ideally function without your “smart” features working. Ie: light switches should be dumb light switches if something breaks etc etc. Also dont get caught in using rack or enterprise gear. You can learn just as much using smaller, fatter desktops with bigger fans and air cooling over a power hungry rack servers with 80mm fans that blow your eardrums out. My entire lab runs on old dell workstations and raspberry pis’
  3. www.servethehome.com -
ikidd ,
@ikidd@lemmy.world avatar

That sex isn’t love.

invisiblegorilla ,

And love isn’t sex

Presi300 ,
@Presi300@lemmy.world avatar

Benefits:

  • Cheap storage that I can use both locally and as a private cloud. Very convenient for piracy storing all my legally obtained files.
  • Network wide adblocking. Massive for mobile games/apps.
  • Pivate VPN. Really useful for using public networks and bypassing network restrictions.
  • Gives me an excuse to buy really cool, old server and networking hardware.

As for things I wish I knew… Don’t use windows for servers. Just don’t.

SMB sucks, try NFS.

Use docker, managing 5 or 10 different apps without containers is a nightmare.

Bold of you to assume I’m a computer scientist or engineer or that I have a degree lmao. I just hate ads, subscriptions and network restrictions, so I learned how to avoid those things. As for resources to get started… Look up TrueNAS scale. It basically does all of the work for you.

rekorse ,

How’s the network wide ad blocking work, that would solve a big issue with my kids.

icedterminal ,

You either set the DNS settings per device to the system running PiHole / AdGuard Home, or if your router allows, set the DNS there. It’s ideal to set it on the router.

Any time a device makes a DNS request to a domain, it’s checked against the list. If found, it’s stopped. If not found, it gets sent upstream to your choice of a public DNS configured during setup. I use Cloudflare (1.1.1.1, 1.0.0.1).

UnityDevice ,

Podman quadlets have been a blessing. They basically let you manage containers as if they were simple services. You just plop a container unit file in /etc/containers/systemd/, daemon-reload and presto, you’ve got a service that other containers or services can depend on.

rekorse ,

Is containers here used in the same context as docker? I’m not familiar with podman.

mesamunefire ,

Just about but it’s more experimental.

sugar_in_your_tea ,
  1. Our internet goes out periodically, so having everything local is really nice. I set up DNS on my router, so my TLS certs work fine without hitting the internet.
  2. I wish someone would’ve taught me how to rip blurays. It wasn’t a big deal, but everything online made it sound super sketchy flashing firmware onto a Bluray drive.
  3. I’m honestly not sure. I’m in CS and am really into Linux, so I honestly don’t know what would be helpful. I guess start small and get one thing working at a time. There’s a ton of resources online for all kinds of skill levels, and as long as you do one thing at a time, you should eventually see success.
poVoq ,
@poVoq@slrpnk.net avatar

For 2.: use dns-01 challenge to generate wildcard SSL certs. Saves so much time and nerves.

ShortFuse ,

My open-source, zero dependency JS library for requesting and generating certs with dns01: github.com/clshortfuse/acmejs

I only coded for name.com but it is compatible with anything really. Also can run in the browser, which could be useful in a pinch.

ItTakesTwo ,
@ItTakesTwo@feddit.org avatar
  1. less is more, it’s fine to sunset stuff you don’t use enough to afford them using cpu cycles, memory and power
  2. search warrants are a real thing and you should not trust others to use your infrastructure responsibly because you will be the one paying for it if they don’t.
Flax_vert ,

Is there a story attached to no. 2?

ItTakesTwo ,
@ItTakesTwo@feddit.org avatar

Well, turns out that when you host a private service that allows others to share files, they might share files that they are not allowed to share. But in return your door gets kicked in in the morning and suddenly no one wants to take credit for the actual upload anymore.

Darkassassin07 ,
@Darkassassin07@lemmy.ca avatar

Yeah… Becoming a public-facing file host for others to use seem rather irresponsible.

If/when a user’s given a means of uploading files to my server, there’s no method/permissions for them to share those files with others; it’s really just for them to send files to me. (Filebrowser is pretty good for that)

That and almost nothing is public access; auth or gtfo.

gamermanh ,
@gamermanh@lemmy.dbzer0.com avatar

For me #2 would be “you have ADHD and won’t be able to be medicated so just don’t”

I’ve mentioned elsewhere my server upgrade project took longer than expected.

Just last night I threw it all into the trash because I just can’t anymore

wagesj45 ,
@wagesj45@kbin.run avatar

It is much easier to buy one "hefty" physical machine and run ProxMox with virtual machines for servers than it is to run multiple Raspberry Pis. After living that life for years, I'm a ProxMox shill now. Backups are important (read the other comments), and ProxMox makes backup/restore easy. Because eventually you will fuck a server up beyond repair, you will lose data, and you will feel terrible about it. Learn from my mistakes.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •