--- Alias: ["Self host", "Self hosting", "Self-host", "Self-hosting"] Tag: ["Server", "Computer", "Security", "Privacy", "Web"] Date: 2021-08-26 DocType: "Personal" Hierarchy: "Root2" TimeStamp: location: [45.8714213, 2.3970385] CollapseMetaTable: Yes --- Parent:: [[@Networks|Networks]], [[@Computer Set Up|Computer Setup]] --- ^Top   ```button name Save type command action Save current file id Save ``` ^button-SelfHSave   # Self-hosting   > [!summary]+ > This note explores self-hosting through its infrastructure and associated services.   ```toc style: number ```   ---   ### Infrastructure [[#^Top|TOP]]   This section sums up required infrastructure for self-hosting online services.   #### Hardware An option is to look at a **Virtual Private Server** (VPS) service. This also solves the issue of the access to the Internet, that is more and more advised to not come from a home connection. > [!tip] > A good aggregator for low-cost VPS [here](https://lowendbox.com) Otherwise, **physical hardware** include: | Product | Type | Price range |--------|-------|----------- |<p style="color:green">**Synology (DS218/220+)**</p> | NAS | £250/300 |<p style="color:cyan">**Dell Poweredge Tower Server T30**</p> | Server | £300/400 |<p style="color:maroon">**HP Z420**</p> | Workstation | £400 ==WIP==   #### OS & Applications [[#^Top|TOP]] **Linux** is the most common OS for servers. **Ubuntu**, **Debian** or **CentOS** the most common distributions. **MacOS** would require a Virtual Machine to run properly.   #### Internet connection More and more literature point that a home Internet connection may not be the most appropriate way for a server to connect to the Internet. ISPs limit traffic to manage bandwidth and comply to legislations.   #### Domain [[#^Top|TOP]] > [!info] Privacy-friendly domain manager > [Njalla](https://njal.la/) Domain management is important for several reasons: email and email routine can only be defined once per domain. As such, email services (self-hosting, email aliasing) need to be run on separate domains. For self-hosting, the folllowing domain will be used: **mfxm.fr** > [!warning] > Sub-domains to be defined with **webhost**.   #### Security Security is paramount at the points of connection to the server. SSH protocols are secured but csn be intercepted. Two different ways of protection can be implemented:   ##### RSA Key [[#^Top|TOP]] > [!info] Documentation > [SSH Key Tutorial](https://www.linode.com/docs/guides/use-public-key-authentication-with-ssh/) [SSH Key Tutorial 2](https://upcloud.com/community/tutorials/use-ssh-keys-authentication/) All documentation to implement such control can be found [[VPS Console Dialogue#Securing Server access|here]].   ##### VPN > [!info] Documentation > [SSH VPN](https://openvpn.net/community-resources/how-to/) Not tested.   ##### Other security considerations Additional measures can be found below and are in majority described [[VPS Console Dialogue#Editing the Server's SSH config|here]]. > [!info] Documentation > [Securing SSH](https://www.redhat.com/sysadmin/eight-ways-secure-ssh)   #### Continuity & backups [[#^Top|TOP]] > [!info] Documentation > [Local backup](https://blog.ssdnodes.com/blog/vps-backups-simple-overthinking/) [Hot Copy](https://programmerbear.com/how-to-backup-your-entire-server-or-vps-while-its-running-using-linux-hot-copy/) Backups are managed through the **tar** command and dispatched over the network with **rclone**. Instructions can be found [[VPS Console Dialogue#Backing up a server|here]].   #### Server Monitoring [[#^Top|TOP]] > [!info] Documentation > [Monit](https://mmonit.com/) [Performance Co-Pilot](https://pcp.io/) [Nagios](https://nagios.org) Monitoring is implemented through a free and open-source tool called [[Configuring Monit|monit]]. Other Apps include: [dockprom](https://github.com/stefanprodan/dockprom) [CrowdSec - The open-source & collaborative IPS ](https://crowdsec.net/)   ---   ### Running multiple services on the same hardware [[#^Top|TOP]]   > [!tip] Considerations to start > [Tutorial](https://cyberhost.uk/getting-started/) [Caddy tutorial](https://cyberhost.uk/caddy-setup/) [Nginx Proxy Manager tutorial](https://cyberhost.uk/npm-setup/) In essence, to run multiple services on the same hardware, a few basic steps need to be taken to ensure that each service runs properly.   | Consideration | Tool | Description |---------------|------|------------ | <p style="color:cyan">**Compartimentalise services into containers**</p> | **[[Configuring Docker\|docker]]** | Creates containers that can be run independently | <p style="color:turquoise">**Simplify docker commands**</p> | **docker-compose** | Enables to create 'script' for docker commands | <p style="color:teal">**Route internet traffic appropriately**</p> | reverse proxy: **nginx**, **[[Configuring Caddy\|caddy]]** | Enables to route addresses to the appropriate containers and manage SSL certificates (and https forcing)   ---   ### Self-hosted services [[#^Top|TOP]]   A list of FOSS services can be found [here](https://github.com/awesome-selfhosted/awesome-selfhosted) | Service | OS | Technical reqs | Description |--------|----|----------------|-- <span style="color:orange">**Email service**</span> | Linux | 2GB RAM recommended | self-host an [[#Email service]] <p style="color:green">**Email aliases**</p> | Linux | 2GB RAM; ports: 22, 25, 80, 443 | an [[#Email alias service\|alias service]] like [SimpleLogin](https://simplelogin.io) **[[Nextcloud]]** | Linux | 500M RAM; MySQL & SQL Lite; PHP 8.0; Apache 2.4 with PHP or nginx with PHP | [[#Personal cloud syncing]] instance <p style="color:purple">**Instant Message**</p> | Linux | 2/4GB RAM; ports & other extensions | [[Element]] instance for [[#Instant Messenging]] <p style="color:violet">**VPN**</p> | Linux | 500MB RAM | Host a private [[#VPN]]   #### Email service [[#^Top|TOP]] Email service can be fully built but has many components to it: server, database, imap, caldav, carddav, DNS specificities, spam whitelisting as well as security (server access & spam filtering). It can therefore be tideous to build an email service from scratch. Pre-packaged solitions exist to manage all components: 1. [IRedMail](https://www.iredmail.org/) 2. [Mail-in-a-Box](https://mailinabox.email/) 3. [Docker-mailserver](https://hub.docker.com/r/tvial/docker-mailserver/) which is command-line-only and to be built more extensively than the two other alternatives > [!info] Documentation > [Reddit Documentation](https://reddit.com/r/selfhosted/comments/6h88qf/on_selfhosted_mail_servers/) > [Tutorial](https://github.com/ajgon/self-hosted-mailserver/blob/master/docs/nsa-proof-your-e-mail-in-2-hours.md)   #### [[Server Alias|Email alias]] service [[#^Top|TOP]] > [!info] Documentation > [Tutorial](https://github.com/simple-login/app)   #### Instant Messenging [[#^Top|TOP]] > [!info] Documentation > [[Element]]   #### Website > [!info] CMS > Open source CMS solution: [The world’s fastest framework for building websites | Hugo](https://gohugo.io/) > Or [Jekyll • Simple, blog-aware, static sites | Transform your plain text into static websites and blogs](https://jekyllrb.com/) > Or [Eleventy, a simpler static site generator.](https://www.11ty.dev/)   #### ShortURL [[#^Top|TOP]] Through Wordpres with [Thirsty Affiliates](https://thirstyaffiliates.com): free of charge.   #### Self hosting ideas [[#^Top|TOP]] ##### Photos > [!info] Photoprism > Self-hosted photo management solution: [here](https://photoprism.app/) > [!info] Piwigo > [Website](https://piwigo.org/)   ##### Tools [[#^Top|TOP]] | Tool | Self-hosted service | Link to tutorial | Sub-domain |------|---------------------|---------------|------- <p style="color:orange">Youtube with no ads</p> | **Piped** | [here]([](https://piped-docs.kavin.rocks/docs/self-hosting/)) | videos <p style="color:orangered">[[NextDNS\|DNS resolver]]</p> | **AdGuard Home** | [here](https://cyberhost.uk/adguard-setup/) | dns-resolver <p style="color:orange">Online identity</p> | **authentik**<br>**authelia** | [Welcome \| authentik](https://goauthentik.io/)<br>[GitHub - authelia/authelia: The Single Sign-On Multi-Factor portal for web apps](https://github.com/authelia/authelia) | identity | <a style='color:orange'>Online pantry</a> | Grocy | [grocy - ERP beyond your fridge](https://grocy.info/) | groceries   Database: MySQL, MariaDB, Postgres | App | Database |------|---------- | **AdGuard** | *none* > [!info] VPS Ideas > [Website](https://piwigo.org/) [[#^Top|TOP]]