this post was submitted on 02 Oct 2024
95 points (100.0% liked)

Selfhosted

39452 readers
548 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
95
Do you selfhost your own blog/website? (slrpnk.net)
submitted 1 day ago by Sunny@slrpnk.net to c/selfhosted@lemmy.world
37 comments fedilink hide all child comments
 

Hey there!

I'm thinking about starting a blog about privacy guides, security, self-hosting, and other shenanigans, just for my own pleasure. I have my own server running Unraid and have been looking at self-hosting Ghost as the blog platform. However, I am wondering how "safe" it is to use one's own homelab for this. If you have any experience regarding this topic, I would gladly appreciate some tips.

I understand that it's relatively cheap to get a VPS, and that is always an option, but it is always more fun to self-host on one's own bare metal! :)

top 37 comments
sorted by: hot top controversial new old
[–] EncryptKeeper@lemmy.world 3 points 13 hours ago* (last edited 13 hours ago)

There’s nothing wrong with just using a VPS for this. Despite what some mouth-frothing hobbyists will tell you, it’s still well within the realm of self hosting. There’s just no reason or difference for hosting a blog on your UnRAID server vs a VPS.

If you really want to be some kind of purist and only use your own hardware, then you could configure a web server that can reverse proxy on your UnRAID server and forward port 443 in your router to your UnRAID box, but you’d have to change your UnRAID access port to something else. You’d want to keep this web server docker container up to date, and preferably see if you can implement some kind of WAF with it or in front of it. You’d then forward the requests from this web server to your ghost container.

A better idea would be to use a different piece of hardware for this web server reverse proxy, like a raspberry pi or something, and put it on a different subnet in your house. Forward 443 to that, then proxy the connection back to UnRAID, in whatever port you bind the ghost container to. Then you can tighten access that raspberry pi has. Or hell, host the blog on that hardware as well and don’t allow any traffic to your main LAN.

There are half a dozen better ways to do this, but they all require you to rely on a third party service to some extent.

[–] sugar_in_your_tea@sh.itjust.works 3 points 15 hours ago* (last edited 15 hours ago)

I use a VPS and generate static sites using Hugo. Works fine.

I could host it in my network, but I don't see a point, and I'd really rather not have a power outage or loss of internet break my site (much more likely at home than at a datacenter). I host pretty much everything else within my network though.

[–] sntx@lemm.ee 3 points 17 hours ago

yes: sntx.space, check out the spurce button in the bottom right corner.

I'm building/running it the homebrewed-unconventional route. That is I have just a bit of html/css and other files I want to serve, then I use nix to build that into a usable website and serve it on one of my homelab machines via nginx. That is made available through a VPS running HA-Proxy and its public IP. The Nebula overlay network (VPN) connects the two machines.

[–] pythia@lemmy.dbzer0.com 5 points 21 hours ago (1 children)

could someone please point me to a "self-host-beginner-tutorial"? I had pretty good ICT-knowledge but when it comes to selfhosting my knowledge ends...

[–] Sunny@slrpnk.net 2 points 18 hours ago

Here is one of the top of my head; https://perfectmediaserver.com/.

I'd say it boils down to what you see yourself hosting, what do you need/want? There are many great YT content creators out there documenting their experiences, tips and guides. HardwareHaven, Raid Owl, Jeff Geerling, Christian Lempa, TechnoTim and Wolfgang to mention a few.

JupiterBroadcasting has a wide variety of Podcasts dedicated to both selfhosting and linux stuff if that should peak your interest.

If you need tips for what to selfhost, here is another great resource :) https://github.com/awesome-selfhosted/awesome-selfhosted

[–] Strit@lemmy.linuxuserspace.show 6 points 1 day ago

I host mine just like you want to do. Ghost running in a docker container on my homelab, with reverse proxy and domain pointing to it.

Haven't had any issues so far.

[–] dan@upvote.au 26 points 1 day ago* (last edited 12 hours ago) (2 children)

A VPS still counts as self-hosting :)

I host my sites on a VPS. Better internet connection and uptime, and you can get pretty good VPSes for less than $40/year.

The approach I'd take these days is to use a static site generator like Eleventy, Hugo, etc. These generate static HTML files. You can then store those files on literally any host. You can stick them on a VPS and serve them with any web server. You could upload them to a static file hosting service like BunnyCDN storage, Github Pages, Netlify, Cloudflare Pages, etc. Even Amazon S3 and Cloudfront if you want to pay more for the same thing. Note that Github Pages is extremely feature-poor so I'd usually recommend one of the others.

[–] JubilantJaguar@lemmy.world 1 points 13 hours ago (1 children)

This is a bit fuzzy. You seem to recommend a VPS but then suggest a bunch of page-hosting platforms.

If someone is using a static site generator, then they're already running a web server, even if it's on localhost. The friction of moving the webserver to the VPS is basically zero, and that way they're not worsening the web's corporate centralization problem.

I host my sites on a VPS. Better internet connection and uptime, and you can get pretty good VPSes for less than $40/year.

I preferred this advice.

[–] dan@upvote.au 2 points 12 hours ago* (last edited 12 hours ago) (1 children)

You seem to recommend a VPS but then suggest a bunch of page-hosting platforms.

Other comments were talking about pros and cons of self-hosting, so I tried to give advice for both approaches. I probably could have been clearer about thay in my comment though. I edited the comment a bit to try and clarify.

I have some static sites that I just rsync to my VPS and serve using Nginx. That's definitely a good option.

If you want to make it faster by using a CDN and don't want it to be too hard to set up, you're going to have to use a CDN service.

Self-hosted CDN is doable, but way more effort. Anycast approach is to get your own IPv4 and IPv6 range, and get VPSes in multiple countries through a provider that allows BGP sessions (Vultr and HostHatch support this for example). Then you can have one IP that goes to the server that's closest to the viewer. Easier approach is to use Geo DNS where your DNS server returns a different IP depending on the visitor's location. You can self-host that using something like PowerDNS.

[–] JubilantJaguar@lemmy.world 1 points 11 hours ago (1 children)

I have some static sites that I just rsync to my VPS and serve using Nginx. That’s definitely a good option.

Agree. And hard to get security wrong cos no database.

If you want to make it faster by using a CDN and don’t want it to be too hard to set up, you’re going to have to use a CDN service.

Yes but this can just be a drop-in frontend for the VPS. Point the domain to Cloudflare and tell only Cloudflare where to find the site. This provides IP privacy and also TLS without having to deal with LetsEncrypt. It's not ideal because... Cloudflare... but at least you're using standard web tools. To ditch Cloudflare you just unplug them at the domain and you still have a website.

Perhaps its irrational but I'm bothered by how many people seem to think that Github Pages is the only way to host a static website. I know that's not your case.

[–] dan@upvote.au 1 points 7 hours ago

That's not Cloudflare-specific; you can use any CDN that supports origin pull in the same way :)

It's not ideal because... Cloudflare... but at least you're using standard web tools. To ditch Cloudflare you just unplug them at the domain and you still have a website.

Definitely agree with this! That's one of the pain points of "cloud" services - they really try to lock you in, making it impossible to swotch.

without having to deal with LetsEncrypt.

You still need encryption between your CDN and your origin, ideally using a proper certificate. Let's Encrypt (and other ACME services like ZeroSSL) are pretty easy to use, and can be fully automated. I'm using Let's Encrypt even for internal servers on my network, using a DNS challenge for verification instead of a HTTP one.

Perhaps its irrational but I'm bothered by how many people seem to think that Github Pages is the only way to host a static website

It's strange because out of all the possible options, Github Pages is the most basic. You have to store your generated files in a Git repo (which is kinda gross) and it barely supports any features. For example, it doesn't support server logs or redirects.

I guess it's popular because people already use Github and don't want to look for other services?

[–] Sunny@slrpnk.net 2 points 18 hours ago

This does seem like the way to go, thanks for the tips!

[–] cron@feddit.org 28 points 1 day ago (1 children)

No, with these reasons:

  • Bandwidth isn't plenty
  • My "uptime" at home isn't great
  • No redundant hardware, even a simple mainboard defect would take a while to replace

I have a VPS for these tasks, and I host a few sites for friends amd family.

[–] daddy32@lemmy.world 3 points 19 hours ago (2 children)

Weeeell, there's a school of though leaning towards the opinion that using VPS is still self-hosting ;)

[–] sugar_in_your_tea@sh.itjust.works 2 points 15 hours ago

And it's a school of thought I happen to agree with. :) But OP specifically called out homelab vs VPS.

[–] cron@feddit.org 2 points 16 hours ago

I agree, but I understood this question in the context of a homelab.

And for me, a homelab is not the right place for a public website, for the reasons I mentioned.

[–] jimmy90@lemmy.world 2 points 22 hours ago

yes, i have a few Rust framework based sites for mostly personal use

[–] wjs018@lemmy.world 15 points 1 day ago (1 children)

I have hosted a wordpress site on my unraid box before, but ended up moving it to a VPS instead. I ended up moving it primarily because a VPS is just going to have more uptime since I end up tinkering around with my homelab too often. So, any service that I expect other people to use, I often end up moving it to a VPS (mostly wikis for different things). The one exception to that is anything related to media delivery (plex, jellyfin, *arr stack), because I don't want to make that as publicly accessible and it needs close integration with the storage array in unraid.

[–] Sunny@slrpnk.net 2 points 1 day ago

Good points here, uptime is a factor I had not taken into consideration. Probably better to get a vps as you say.

[–] foster@lemmy.fosterhangdaan.com 13 points 1 day ago (1 children)

I self-host everything from my home network including my website. I like to keep all my data local. 😁

It's a simple setup: just a static site made with Lume, and served with Caddy. The attack surface is pretty small since it's just HTML and CSS files (no JavaScript).

[–] LunchMoneyThief@links.hackliberty.org 3 points 1 day ago (1 children)

I wonder sometimes if the advice against pointing DNS records to your own residential IP amounts to a big scare. Like you say, if it's just a static page served on an up to date and minimal web server, there's less leverage for an attacker to abuse.

I've found that ISPs too often block port 80 and 443. Did you luck out with a decent one?

[–] foster@lemmy.fosterhangdaan.com 3 points 22 hours ago* (last edited 22 hours ago)

I wonder sometimes if the advice against pointing DNS records to your own residential IP amounts to a big scare. Like you say, if it’s just a static page served on an up to date and minimal web server, there’s less leverage for an attacker to abuse.

That advice is a bit old-fashioned in my opinion. There are many tools nowadays that will get you a very secure setup without much effort:

  • Using a reverse proxy with automatic SSL certs like Caddy.
  • Sandboxing services with Podman.
  • Mitigating DoS attacks by using a WAF such as Bunkerweb.

And of course, besides all these tools, the simplest way of securing public services is to keep them updated.

I’ve found that ISPs too often block port 80 and 443. Did you luck out with a decent one?

Rogers has been my ISP for several years and have no issue receiving HTTP/S traffic. The only issue, like with most providers, is that they block port 25 (SMTP). It's the only thing keeping me from self-hosting my own email server and have to rely on a VPS.

[–] LainTrain@lemmy.dbzer0.com 5 points 1 day ago

Yes I host everything public with cloudflare tunnels. Everything more heavy is VPN with DDNS on invite basis to friends and fam. For the former it's Hassle-free HTTPS, no reverse proxy, no firewall, no nonsense.

[–] eric@lemmy.ca 9 points 1 day ago (2 children)

I have a Hugo site hosted on GitHub and I use CloudFlare Pages to put it on my custom domain. You don't have to use GitHub to host the repo. Except for the cost of the domain, it's free.

[–] IanTwenty@lemmy.world 1 points 14 hours ago

You can do the same with GitLab as another option, it supports custom domains too.

[–] ogarcia@lemmy.world 4 points 1 day ago (1 children)

You don't really need Cloudflare to have your own domain, you can do everything directly with GitHub.

[–] eric@lemmy.ca 2 points 18 hours ago

I didn't know this. Thanks for the info.

[–] just_another_person@lemmy.world 4 points 1 day ago (1 children)

Static site hosted by someone else for free is the way to go. I wouldn't invite that sort of pain upon my network.

[–] Sunny@slrpnk.net 1 points 1 day ago

Fair point

[–] nicgentile@lemmy.world 2 points 1 day ago

I self host a Grav site among other things on a 15 Euro VPS.

Also, I started with Ghost but the fact that they locked up the newsletter side of business to a single provider and were unwilling to rework things at the time made me walk away. Yes, I know you could go code side, and add others, but that was a complicated setup in itself. Grav works perfectly for me.

[–] Bishma@discuss.tchncs.de 3 points 1 day ago* (last edited 1 day ago)

My self-hosted stuff is intranet only apart from the VPN I used to access remotely. My blog is a Hugo site currently hosted on GitHub.

[–] stoy@lemmy.zip 2 points 1 day ago

Nah, I host it on a web hotel.

I am using a very generic ISP and they tend to have a dim view of running servers on their network.

I did have an RPi running SSH and a Mumble server directly connected to the internet years ago, but after a few years I realized that I was bringing needless attention to my network when I found my server on Shodan.

So I took it down....

[–] knowatimsayn@programming.dev 1 points 1 day ago

Yea depends on your website bandwidth/uptime requirements. I use a VPS running nginx and wireguard, and tunnel into that from a VM in my homelab, so no ports are open on my home firewall. nginx drops all random traffic at the VPS that isn't destined to a preconfigured service, expected traffic is forwarded through the wireguard tunnel to the right VM's, segregated from the rest of my home network by VLANs. I host a bit of web content where I'm not concerned with bandwidth or uptime really, as well as home assistant, file browser, a few dedicated game servers, etc.

[–] Retro_unlimited@lemmy.world 1 points 1 day ago* (last edited 1 day ago)

I self hosted many websites for about 20 years, but sadly I had to take it all down this year. In the process of moving to another state. Also going to really miss my 1gbps unlimited fiber connection.

I hosted my websites from windows server 2003, 2008, virtual machines, Linux, and other ways. It was fun times. I have very good up time using 2 servers and UPS battery backups.

[–] helenslunch@feddit.nl 1 points 1 day ago* (last edited 1 day ago)

I self-host a Ghost blog. It's about as safe as any other service exposed to the internet.

[–] schizo@forum.uncomfortable.business 1 points 1 day ago

Have some stuff on a VPS, some stuff hosted as static pages at Cloudflare, some stuff hosted at home too.

Depends on if 100% uptime is required, if they're just serving static content, or if they're in some way related to another service I'm running (I have a couple of BBSes, and the web pages that host the clients and VMs that host the clients run locally).

Though, at this point, anything I'm NOT hosting at home is kinda a "legacy" deployment, and probably will be brought in-house at some point in the future or converted to static-only and put on Cloudflare if there's some reason I can't/don't want to host it at home.

[–] Findmysec@infosec.pub -2 points 1 day ago

You should do it on a VPS so that even if it gets infected your home network is not compromised