I want to get into self-hosting. I’ve done a bit of self-hosting before using a Raspberry Pi (pi-hole and Discord bots) but I really want to start self-hosting almost everything I can like I’ve seen many people here doing.
However, I’m not sure what kind of machine I should build which would be suitable for these purposes. I’ve never even built a PC before though my fiancee has and he will be able to help me…
Here are some services I’m thinking of self-hosting to start with:
- AdGuard
- OpenMediaVault
- Bitwarden
- Mastodon
- Matrix
Eventually I would also like to host PeerTube, Kbin, Plex, and many other things…
What are the most important things I’ll need to consider with a self-hosting machine, and what I will need to upgrade over time as I self-host more services? Ideally I’d like a machine which is as energy efficient as possible too.
Also, is it a good idea to host so many services, both publically-accessible websites as well as services only available on my home network, from the same machine? What are the security considerations when self-hosting?
Any links/articles for me to read would be appreciated too!
The first consideration is always your internet speed. If you’re building a pc then you’re self hosting from house. In many countries the internet is ADSL meaning the upload is very slow but the download is fast. However for hosting you need fast upload. You’ll need a fibre connection to stream video from home.
I rent a server in the cloud to do self-hosting due to the subtle difference in my definition of hosting, being that I control the services and data they hold, not that they are literal hosted at home.
Beyond that consideration I’d say everything else is trial and error and you should experiment.
The very first consideration should be power consumption.
I personally use Dell SFF 7040/7050’s. They can have up to 64 GB of ram, use NVME, and have PCIe slots for expansion while still being lower power and profile.
That said, for a lot of public stuff, like this very instance, I use Linode.
+1 for SFF/USFF computers. £100 will get you a compact and reliable refurbished machine that is easy to upgrade too, and if you use software like Proxmox and outgrow the box it’s easy to slide over to something bigger.
Yes, it’s a great idea. And I also do it myself. In fact, I’m not only self host all my services. I also host them at my home.
https://server.melroy.org including all the sub domains are all hosted on the same server.
You can just use a good ryzen computer with enough ram (start with 32 gb or something). With enough storage. Redundancy via raid. I personally use Proxmox with an Ubuntu 22.04 VM. However bare metal may be also fine.
Have fun!
Do you not have issues with people attacking you? I find I have to block everything and then use a VPN to access them.
Use fail2ban. Here you have a good starting point: https://gitlab.melroy.org/-/snippets/612
Cheers boss man!
BUT WAIT. There is more: https://gitlab.melroy.org/dashboard/snippets
What application did you use for the server page?
While https://melroy.org is using Jekyll https://gitlab.melroy.org/melroy/melroy-site. And my blog https://blog.melroy.org is using Hugo https://gitlab.melroy.org/melroy/melroy-blog
I’ll look at those, do you suggest selfhosting webpages over something like GitHub?
I do. I love to self host everything I can. I like to have control over my own data. I host my own GitLab instance. I host my own Nextcloud instance. Running Mastodon, Kbin, Matrix, you name it… All my DNS records point to my server IP.
ps. I’m also a contributor to kbin.
How do you feel about Cloudflare Zero Trust?
I don’t like that the whole world need Cloudflare to be honest. My vision of a free and open WWW should not include a big centralized corporation like Cloudflare. Instead of fixing the Internet and DDoS attacks, we just move all to Cloudflare?
Whether it’s zero trust or WAN, CDN or firewall solutions. I want everyone to be able to participate in the internet, to run their own infrastructure ideally without Cloudflare or cloud services in general. In fact, that is why I also try to create https://libreweb.org. The world needs a better internet, whatever that may look like.
I do want to move closer and closer to completely selfhosted for anything possible, but the knowledge required seems to never end, so I settle for things like Cloudflare Zero Trust to fill in the gaps.
You mean server.melroy.org? It’s called HTML :)
I know HTML, I’ve known basic HTML since the 90’s, I’ve just been looking for an application to make something that is above my low level skills.
server.melroy.org is purely written in static HTML and CSS. Just like the 80’s and 90’s.
One think you need to check before is your upload speed. Without a good one, it will essentially be useless outside of your home.
As for the computer, definitely buy something that can do virtualization, I’ve heard that some motherboard can’t (never seen one, maybe it’s an old thing).
And last, even an old computer can be good for self-hosting, except the plex / jellyfin video, almost everything is static webpages with databases. You can upgrade later just by changing the components, add more storage… You can even copy your entire system to a new computer if you change entirely.Is it a good idea to host so many services, both publically-accessible websites as well as services only available on my home network, from the same machine?
You can use Caddy’s reverse proxy to have easy https + not opening ports from your router and have something like plex.mydomain.com / mastodon.mydomain.com. And you’ll have no trouble hosting differents services from the same machines. I believe it is not a problem to have multiples services on the same computer.
What are the security considerations when self-hosting?
I’m not an expert, but never use the default password when installing a service. And keep your stuffs up to date. https is important too, but is often automatic when using a reverse proxy.
If you have more question no problems :)
Wait, that’s awesome. I moved and my net network is CG/NAT so I have no port forwarding without a VPN. Will caddy allow me to get around that and actually use Plex remote?
I’m not sure about Plex, it is not really 100% self hosting, because authentication come from their server. You should try and see if it works. But their is no reason it should not. It’s just an addition in your caddyfile :
plex.mydomain.com { reverse_proxy 192.168.0.123:32400 (your address:port) }
However, i can assure you it works with Jellyfin.
Thank you kindly! I’ll have to look into it and see but it sounds like it may be exactly what I’ve been looking for.
If you want it only for testing, breaking things… Buy some POS office PC, lot of companies is always getting rid of these.
I am not self hosting, but I will probably buy few of these from my work and try it (at least it’s my plan).
Others have commented on things aside from hardware, so I’ll throw my hat in on that matter.
I have a machine at home running an i5-4670, and 16gb of ram.
This is enough to host up to about 3 or 4 video game servers for the titanfall northstar client.
The actual self-hosted services I run barely even register in comparison, the only thing that significantly hits the CPU to any real extent, is when Jellyfin in transcoding something for one of my users.
You mention energy efficiency, and for this using desktop CPUs like me is not ideal, I did invest in a high quality PSU, which helps. You can also look into T variant intel chips, which are less powerful but FAR mor efficient variants of their normal chips.
Used availability on older gen parts is fantastic however. I had my previous CPU, an i3, fail. I was able to track down a seller with the used i5 I have now, going for 10 bucks, the same day.
Then there are options like all-in-one motherboards, that come with really efficient, but quite weak, CPUs soldered onto the board. These are often the same chips you’ll see in off the shelf NAS boxes, and are in many cases enough to host a good few things, if you don’t mind things potentially running a tad slow sometimes.
None of the services you mention are particularly resource heavy, nor memory intensive.
I’ll note you’d benefit from SSD storage for UI responsiveness, for mastodon and matrix.
I don’t think you need to build a computer for this. Just run Docker on whatever computer you have. A laptop is fine.
Use docker, I’m running 25 docker containers on my Nas, 6 of them which are internet accessible with 8gb RAM. You don’t need a massive server/machine that costs 300$ a year to run. Somw co tainera are Adguard, Emby, Guacamole, firefly, etc Learn docker and have fun!
I ran a few things on an Odroid for years, which is like a Pi, and I wanted to upgrade. I shopped for an SBC with more RAM and found the prices getting high pretty quickly. I went with a mini PC made by Beelink- and have been very happy. There are many price points, based on RAM and drive: https://www.amazon.com/s?k=bee+link+pc
Aside from getting much more memory and storage for your money, I much prefer this hardware over an SBC because I can use any normal distro. With the Odroid I was stuck with the distros provided by the vendor.
Also, is it a good idea to host so many services, both publically-accessible websites as well as services only available on my home network, from the same machine? What are the security considerations when self-hosting?
Generally speaking - no, it is not a good idea. It is definitely doable, but not very wise from security perspective.
Vulnerabilities in the public facing services are also threats to your private services, because the attacker that leverages exploit in public service potentially gains access to your home network and machine.
A lot can be done using proper separation of applications (separate internal networks, virtual machines, containers etc) but a single mistake can cost you a lot.
If you’re talking media then drive space with a resilient storage setup is important. Some form of raid where you have the ability to lose a drive without losing the data. It’s also nice to keep bulk storage separate from running/compute storage in my book. IE: Keep the movies on one remote space with cheap storage and the movie player on the local drive. That way multiple services can selectivlely access it without affecting the high speed drives running the DB and other active processes run on.
Security is a whole separate thing that I could write a book on, but on a baseline a firewall, IPS, and some sort of dynamic reputational filtering should be a given. Monitoring is big too, graylog or security onion are good places to observe from for free.
If you want to have services on the internet just rent a VPS. Keep in mind though plan to keep anything on the internet very updated, secure, and maintained. Linode is one such provider. There are many others.
If on your LAN then frankly the lowest power thing you can live with as electric cost will be a major part of the cost. I actually have a fairly substantial Media Center computer but also host my services that in my LAN since it needs to be always on anyway. I would not call my my solution low power but it is on already any way. I just made the system capable of both uses.
Agreed with everyone saying to use what you have.
If you need to put together a new machine, I’d get a Bee-link SER5 (~260), 64 GB RAM (~140), and a 2TB SSD (~125) for ~525-550 all in. Install Proxmox and that would support several VMs running docker to do whatever you wanted for a while, and you could scale horizontally in the future if you outgrow it.