I think we'll see some stratification in the self hosting community over the next few years. The current community, centered around /r/selfhosted and /r/homelab, is all about articles like this. The complexity and learning are sources of fun and an end in themselves. That's awesome.
But I think there's a large untapped market for people who would love the benefits of self hosting, without needing to learn much if any of it.
I think of it similar to kit car builders vs someone who just wants to buy a car to use. Right now, self hosting is dominated by kit cars.
If self hosting is ever going to be as turnkey as driving a car, I think we're going to need a new term. I've been leaning towards "indie hosting" personally.
I've wanted to do this for years, but trying to secure a server is the stuff of nightmares for me.
Are there resources out there about what I need to know about making sure my stuff is secure enough and I'm not just leaving my stuff wide open for people to hack it? I've always been interested in hosting my own email server, but the security parts have kept me from doing it.
Any resources you can point me to would be much appreciated.
I do self-host my mail, and I've done so since about 2005! It gets harder and harder to with every passing year. Some notable things that have changed since then:
Many ISPs now block inbound port 25, required to receive mail via SMTP. It's quite hard to get an ISP to unblock this. My university wouldn't at all, and I left a laptop under my parents' couch for four years to do it instead. Some time later, Comcast began blocking it as well, and the only way to get it unblocked was to call support, work your way up the phone tree to someone that realized you were talking about inbound rather than outbound (no, this is _not_ a misconfiguration in Outlook), and get them to push a special config to your cable modem, which would be reset whenever another config was auto-pushed, or your modem lost power. You may notice that implies extended downtime when Comcast, my electric service, or my physical operations (read: I unplugged it by accident) suffers a failure.
Many mail servers (e.g. Gmail) require you to have reverse DNS that matches your forward DNS. Getting your ISP to understand what they're asking you to do is... difficult. The last time I changed ISPs, it took about a week to get this done. Comcast batches these updates weekly, and support wanted to double, triple, and quadruple-check that what I was asking for was, indeed, what I was asking for.
There are a bunch of anti-spam measures in effect that use DNS: SPF and DMARC are table stakes for most mail servers (again, e.g. Gmail) to speak to you. I've so far managed to get by without setting up DKIM, but I suspect that's next.
The worst part, by far, is spam blacklists. Many blacklists will already have your IP address listed by policy - you're a _residential IP_, not to be trusted. The Spamhaus PBL, for instance, automatically blocks all Comcast residential IPs. There is nothing you can do about this, and many mail servers will refuse to speak to you if you're on a blacklist.
These days I am paying Comcast an arm and a leg for business-class service, which both gives me unbridled inbound port 25, and also a (luckily!) clean IP on block lists.
Thanks for the writeup. Very interesting.
What does this look like on a technical level, ie records and whatnot? I'm not super familiar with reverse DNS.
For reverse dns you’ll need the help of your isp (the owner of the IP address) to delegate naming of the IP or for them to set it up on their end
Why pay for business service?
$6/month gets you a cloud VM that can be used to proxy incoming connections to your home…
Many cloud provider IP ranges are on spam ban lists.
My coworkers house burnt down because of doing exactly this. Though don't think it was hosting anything just being put out of the way when not using it.
A Linux server (e.g. stock Debian) on a well-reputed VPS is pretty secure by default, in my experience. Use software packages from the Linux distribution whenever possible (certainly for email software) and configure unattended security updates.
Note that you generally can’t host email from a residential IP, so you’ll probably want to use a VPS. Making services on your home network publicly accessible (i.e. not just via VPN) obviously comes with more risks; personally I wouldn’t do that.
> Making services on your home network publicly accessible
Tailscale's private-overlay-on-public-internet has made it feasible to provide services to a few trusted clients, even behind NAT.
Tailscale app on Apple TV can be an exit node, e.g. travelers can access geo-restricted content via their residential broadband connection.
I would echo others here and just use a cheap VPS to experiment with. Then you have much less to worry about.
How technical are you?
I'm pretty adapt technically. I've been a front-end developer for about ten years so using Wordpress and Drupal and setting up sites either manually or via an ISP is pretty familiar. In that regard, using VPS is also pretty familiar so I will most likely start there.
The term is "managed vps" and/or some variation of "marketplace image", I think it's linode that has a particularly... Vibrant (not in an all positive way) selection. AWS' is pretty good, but not as diverse. I assume due to the increased technical aptitude of the average customer and the learning curve.
One thing I strongly agree with you here is being open to the cloud. Self hosting strongly favors running on your own hardware, but indie hosting focuses more about the tangible benefits, ie data ownership, mobility which breeds competition, etc.
That said, I think the VPS marketplace is still too complicated. What about updates, backups, TLS certs, domains, etc?
You are right that one has to take care of those individually. For domains, however, I would say that it’s important that you manage them separately from the VPS provider, because this lets you switch VPSs easily at any time. For TLS certs you use something like certbot, or a web server like Caddy that has it built-in. It’s generally straightforward. VPS providers usually also offer backup solutions. If you use software from a Linux distribution like Debian or Ubuntu, automated security updates are easy.
For me, but what about my grandma? I want her to be able to live in a world where she can use her old smartphone to run an Immich server by simply installing an app like any other, then going through a simple OAuth flow to create a tunnel to the net so her friends can access her photos from a link she gives them. That's the level of UX I'm pursuing.
Why does grandma need that level of UX and to self host it? Why doesn't any of her loving grandchildren run an unRAID server at their house and help her out?
What if she doesn't want any of us to have unfettered access to all her data?
> Self hosting strongly favors running on your own hardware
In comparison, tenant (storage, colocation, cloud, VPS) hosting contracts often encompass Terms of Service, metered quotas/billing, acceptable use definitions, and regulatory compliance.
> data ownership, mobility which breeds competition
Historically, the buyers of commodity "web hosting" and IaaS have benefited from many competing vendors. Turnkey vertical SaaS often have price premiums and vendor lock-in. If "indie hosting" gains traction with easy to deploy and manage software, there may be upward pressure on pricing and downward pressure on mobility.
Great points.
This is one reason I think it's important to build on protocols. It's attempt to "lock things open" and foster competition from the beginning. For example, my product TakingNames[0] builds on a simple, open OAuth2 protocol for delegating authority over domains. Anyone could implement a competing service in a matter of days, forcing me to compete on quality/price/etc.
Another project I have is focused on bringing tunneling a la ngrok or Cloudflare Tunnel to the masses. There are many[1] tunneling services. This will be the first one built on a simple, open protocol for both auth and transit.
[0]: https://takingnames.io
[1]: https://github.com/anderspitman/awesome-tunneling
As someone mentioned, regarding TLS, Caddy makes that REAL easy, as in pretty much touchless and the most dead simple config file you’ve ever seen
I use Caddy every day. My grandma, not so much.
If Apple ships a Home Intelligence competitor to $15K Tinybox, it could be called "lux hosting".
[1] https://tinygrad.org/#tinybox
Hard to take this product/company seriously when every piece of copy on their site feels toxic, condescending, or dismissive.
What's an alternative server for self-hosted AI with comparable price/performance?
Oh, I truly have no idea, but that wasn't my point. Their product could be best (or the only) in class for all I know.
Umbrel[0] maybe? I posted a list of related services here[1] as well, though most of them are cloud based.
[0]: https://umbrel.com/
[1]: https://forum.indiebits.io/t/open-identities/500/12
I love this idea. Personally, I would love to self-host, but don't due to not being technical enough to use a command line.
I am from a non-technical background but learnt loads of technical stuff over the years, to the extent that I can describe many complex topics, present, or write stuff for technical people. But my non-computer science background means I am not familiar with the command line. I have used it and understand, but have not 'learnt its language'.
Does any 'turnkey' self-hosting solution exists which provides an abstraction, so that I can just deal with GUIs and not command line to start (and learn on the way)??
In fact, that would be a great way to learn.
In case you're interested in resources for this: I think _Learn Enough Developer Tools to Be Dangerous_ is a great start. I've been guiding my roommate through it as he studies, a chapter a week. If you do pick it up, just skim the chapters on editors— their examples are overly specific to a choice of editor of few outstanding strengths, and if you prefer a different editor you may struggle to find equivalents for some of the hokey examples the book uses.
https://www.oreilly.com/library/view/learn-enough-developer/...
Special editions/compilations of Linux magazines can also be a very good source of high-quality tutorials, including for CLI stuff. These are nice because while they include general introductions, they're mostly comprised of bite-sized tutorials that you can pick and choose according to your interest. I also like them because they're available in print, colorful, and shiny, and thoughtfully laid out, plus there are no ads— very pleasant compared to the web in many ways. Linux Pro Magazine did one on shell topics this year, back in February: https://www.linuxpromagazine.com/Resources/Special-Editions/...
Such magazines also include step-by-step guides for setting up services that I was able to follow (with some trepidation!) when I was just a kid who was new to Linux and still honestly a bit scared of the command line. Linux Format is really good for this because it's targeted at desktop Linux and computer hobbyists broadly rather than rather than programmers or IT professionals. Their guides assume little to no familiarity with the command line, so they often include reminders of little bits of command line basics rather than just assuming you share that context with the authors: https://linuxformat.com/
Besides web-based management interfaces for servers, like Proxmox, you might consider getting started by just running some services on a spare desktop computer. openSUSE has a long history of emphasizing GUI administration tools, so many relatively 'advanced' tasks for it do not require the command line, which is somewhat different from other distros. (If you give it a try, its GUI configurator, YaST2, will strike you at first glance as having a dated look. This is intentional— continuity is a priority for YaST, so GUI-based tutorials from many years ago will still be accurate.) It's also a distro with good guts and nice CLI tools, so you won't necessarily outgrow it after you get your feet wet with the command line.
Yes there are. I would suggest going through the subreddit mentioned /r/selfhosted. There are GUI tools and NAS products that would let you host docker images. As for CLI ask an LLM, for simple common commands you are going to be dealing with they are pretty good at it.
Definitely worth just sitting down and learning how the command line works. Its not as scary as it looks.
No need to have any fancy comp-sci background, hell I have an arts degree!
As far as turnkey solutions go coolify.io is the one I’ve seen floating around recently.
Absolutely. I got my wife hooked on self hosting too.
I am currently writing a new web server to solve for this space that is ridiculously simple to configure for dummies like me, has proxy and TLS built in, serves http over web sockets, and can scale to support any number of servers each supporting any number of domains provided port availability. The goal is maximum socket concurrency.
I am doing this just for the love of self hosting demands in my own household. Apache felt archaic to configure and my home grown solution is already doing things Apache struggles with. I tried nginx but the proxy configuration wasn’t simple enough for me. I just want to specify ports and expect magic to happen. The best self hosted solutions ship as docker compose files that anybody can install within 2 minutes.
Fascinating! What didn't you like about caddy?
I have not tried caddy. I will look that up.
You're going to be like 'Oh' once you do try it. It's worth it.
Isn’t that what devices like My Cloud are aimed at?
Freedom Box is(was?) a pretty good system for making self hosting things accessible and easy. A couple of clicks was usually all it took.
https://freedombox.org/