--- cssclass: recipeTable Alias: ["Self host", "Self hosting", "Self-host", "Self-hosting"] Tag: ["Server", "Computer", "Security", "Privacy", "Web"] Date: 2021-08-26 DocType: "Personal" Hierarchy: "Root2" TimeStamp: location: [45.8714213, 2.3970385] CollapseMetaTable: Yes --- Parent:: [[@Networks|Networks]], [[@Computer Set Up|Computer Setup]] --- ^Top   ```button name Save type command action Save current file id Save ``` ^button-SelfHSave   # Self-hosting   ```ad-abstract title: Summary collapse: open This note explores self-hosting through its infrastructure and associated services. ```   ```toc style: number ```   ---   ### Infrastructure [[#^Top|TOP]]   This section sums up required infrastructure for self-hosting online services.   #### Hardware An option is to look at a **Virtual Private Server** (VPS) service. This also solves the issue of the access to the Internet, that is more and more advised to not come from a home connection. ```ad-tip title: Tip A good aggregator for low-cost VPS [here](https://lowendbox.com) ``` Otherwise, **physical hardware** include: | Product | Type | Price range |--------|-------|----------- |

**Synology (DS218/220+)**

| NAS | £250/300 |

**Dell Poweredge Tower Server T30**

| Server | £300/400 |

**HP Z420**

| Workstation | £400 ==WIP==   #### OS & Applications [[#^Top|TOP]] **Linux** is the most common OS for servers. **Ubuntu**, **Debian** or **CentOS** the most common distributions. **MacOS** would require a Virtual Machine to run properly.   #### Internet connection More and more literature point that a home Internet connection may not be the most appropriate way for a server to connect to the Internet. ISPs limit traffic to manage bandwidth and comply to legislations.   #### Domain [[#^Top|TOP]] ```ad-info title: privacy-friendly domain manager [Njalla](https://njal.la/) ``` Domain management is important for several reasons: email and email routine can only be defined once per domain. As such, email services (self-hosting, email aliasing) need to be run on separate domains. For self-hosting, the folllowing domain will be used: **mfxm.fr** ```ad-warning title: Warning Sub-domains to be defined with **webhost**. ```   #### Security Security is paramount at the points of connection to the server. SSH protocols are secured but csn be intercepted. Two different ways of protection can be implemented:   ##### RSA Key [[#^Top|TOP]] ```ad-info title: Documentation [SSH Key Tutorial](https://www.linode.com/docs/guides/use-public-key-authentication-with-ssh/) [SSH Key Tutorial 2](https://upcloud.com/community/tutorials/use-ssh-keys-authentication/) ``` All documentation to implement such control can be found [[VPS Console Dialogue#Securing Server access|here]].   ##### VPN ```ad-info title: Documentation [SSH VPN](https://openvpn.net/community-resources/how-to/) ``` Not tested.   ##### Other security considerations Additional measures can be found below and are in majority described [[VPS Console Dialogue#Editing the Server's SSH config|here]]. ```ad-info title: Documentation [Securing SSH](https://www.redhat.com/sysadmin/eight-ways-secure-ssh) ```   #### Continuity & backups [[#^Top|TOP]] ```ad-info title: Documentation [Local backup](https://blog.ssdnodes.com/blog/vps-backups-simple-overthinking/) [Hot Copy](https://programmerbear.com/how-to-backup-your-entire-server-or-vps-while-its-running-using-linux-hot-copy/) ``` Backups are managed through the **tar** command and dispatched over the network with **rclone**. Instructions can be found [[VPS Console Dialogue#Backing up a server|here]].   #### Server Monitoring [[#^Top|TOP]] ```ad-info title: Documentation [Monit](https://mmonit.com/) [Performance Co-Pilot](https://pcp.io/) [Nagios](https://nagios.org) ``` Monitoring is implemented through a free and open-source tool called [[Configuring Monit|monit]]. Other Apps include: [dockprom](https://github.com/stefanprodan/dockprom) [CrowdSec - The open-source & collaborative IPS ](https://crowdsec.net/)   ---   ### Running multiple services on the same hardware [[#^Top|TOP]]   ```ad-tip title: Considerations to start [Tutorial](https://cyberhost.uk/getting-started/) [Caddy tutorial](https://cyberhost.uk/caddy-setup/) [Nginx Proxy Manager tutorial](https://cyberhost.uk/npm-setup/) ``` In essence, to run multiple services on the same hardware, a few basic steps need to be taken to ensure that each service runs properly.   | Consideration | Tool | Description |---------------|------|------------ |

**Compartimentalise services into containers**

| **[[Configuring Docker\|docker]]** | Creates containers that can be run independently |

**Simplify docker commands**

| **docker-compose** | Enables to create 'script' for docker commands |

**Route internet traffic appropriately**

| reverse proxy: **nginx**, **[[Configuring Caddy\|caddy]]** | Enables to route addresses to the appropriate containers and manage SSL certificates (and https forcing)   ---   ### Self-hosted services [[#^Top|TOP]]   A list of FOSS services can be found [here](https://github.com/awesome-selfhosted/awesome-selfhosted) | Service | OS | Technical reqs | Description |--------|----|----------------|--

**Email service**

| Linux | 2GB RAM recommended | self-host an [[#Email service]]

**Email aliases**

| Linux | 2GB RAM; ports: 22, 25, 80, 443 | an [[#Email alias service\|alias service]] like [SimpleLogin](https://simplelogin.io) **[[Nextcloud]]** | Linux | 500M RAM; MySQL & SQL Lite; PHP 8.0; Apache 2.4 with PHP or nginx with PHP | [[#Personal cloud syncing]] instance

**Instant Message**

| Linux | 2/4GB RAM; ports & other extensions | [[Element]] instance for [[#Instant Messenging]]

**VPN**

| Linux | 500MB RAM | Host a private [[#VPN]]   #### Email service [[#^Top|TOP]] Email service can be fully built but has many components to it: server, database, imap, caldav, carddav, DNS specificities, spam whitelisting as well as security (server access & spam filtering). It can therefore be tideous to build an email service from scratch. Pre-packaged solitions exist to manage all components: 1. [IRedMail](https://www.iredmail.org/) 2. [Mail-in-a-Box](https://mailinabox.email/) 3. [Docker-mailserver](https://hub.docker.com/r/tvial/docker-mailserver/) which is command-line-only and to be built more extensively than the two other alternatives ```ad-info title: Documentation [Reddit Documentation](https://reddit.com/r/selfhosted/comments/6h88qf/on_selfhosted_mail_servers/) [Tutorial](https://github.com/ajgon/self-hosted-mailserver/blob/master/docs/nsa-proof-your-e-mail-in-2-hours.md) ```   #### [[Email alias]] service [[#^Top|TOP]] ```ad-info title: Documentation [Tutorial](https://github.com/simple-login/app) ```   #### Personal [[/Nextcloud|cloud]] & syncing [[#^Top|TOP]] ```ad-info title: Documentation [Tutorial](https://nextcloud.com/athome/) [Tutorial2](https://blog.ssdnodes.com/blog/installing-nextcloud-docker/) ``` ```ad-tip title: Build your own [Web interface](https://github.com/mickael-kerjean/filestash) ```   #### Instant Messenging [[#^Top|TOP]] ```ad-info title: Documentation [[Element]] ```   #### VPN Easy service to set-up through [WireGuard](https://www.wireguard.com/) [[#^Top|TOP]] ```ad-info title: Documentation [Tutorial](https://www.makeuseof.com/how-host-own-vpn/) ``` ```ad-note title: VPS plans [Cheap single-location VPN VPS](https://my.webhorizon.in/order/config/index/nat/?group_id=24&pricing_id=282) [With multi jurisdiction option](https://natvps.net/) ```   #### ShortURL [[#^Top|TOP]] Through Wordpres with [Thirsty Affiliates](https://thirstyaffiliates.com): free of charge.   #### Self hosting ideas [[#^Top|TOP]] ##### Photos ```ad-info title: Photoprism Self-hosted photo management solution: [here](https://photoprism.app/) ``` ```ad-info title: Piwigo [Website](https://piwigo.org/) ```   ##### CMS ```ad-info title: Hugo Open source CMS solution: [here](https://gohugo.io/) ```   ##### Tools [[#^Top|TOP]] | Tool | Self-hosted service | Link to tutorial | Sub-domain |------|---------------------|---------------|-------

Youtube with no ads

| **Piped** | [here]([](https://piped-docs.kavin.rocks/docs/self-hosting/)) | videos

[[NextDNS\|DNS resolver]]

| **AdGuard Home** | [here](https://cyberhost.uk/adguard-setup/) | dns-resolver

Online identity

| **authentik**
**authelia** | [Welcome \| authentik](https://goauthentik.io/)
[GitHub - authelia/authelia: The Single Sign-On Multi-Factor portal for web apps](https://github.com/authelia/authelia) | identity Database: MySQL, MariaDB, Postgres | App | Database |------|---------- | **AdGuard** | *none* ```ad-info title: VPS ideas [MikroVPS - FR](https://my.mikrovps.net/cart.php?a=checkout&gid=34&language=English&pid=584&promocode=LEB2021LXC50&utm_source=lowendbox&utm_medium=display&utm_campaign=lbpromo2021) ``` [[#^Top|TOP]]