Hello All,
I am really new to selfhosting, trying to learn the basics. I have a raspi 5 with docker installed and a domain. My question is, as I collect all my knowledge from all over the internet, is there a selfhosting guide for dummies? IT would be cool to have some guidance at hand to rfer to when i do dumb shit.
Thanks
For your media server setup.
Also this is a nice shopping list
https://github.com/awesome-selfhosted/awesome-selfhosted
Digital ocean also offers a bunch of guides from securing VMs to seeing up we servers.
What do you want to do? You could try to Ppick a problem and then find a service to solve it. Maybe a pi hole ad blocker, or homeassistant for home automation. Both of these run well on a pi. Then follow the guide to deploy those services.
Also, I started with a pi, added a synology (a NAS is a game changer), and then moved almost all services off the synology to a Beelink S12 pro. Recently upgraded the S12 to 32GB of memory, and I have a 2tb ssd upgrade I have to do soon. All of this is over the past 2-years.
Don’t expose things to the internet with port forwards. Anything you want to do like that can be done with a reverse proxy or preferably a VPN.
That is all.
It took me a while to learn that:
Reverse proxy= your page lives in your basement but only your DNS knows. From outside everyone goes to “my page is cool.com”
VPN= LAN but in WAN…go to Starfucks and you can still get your files from your basement’s NAS
I’m sure they got other meanings, but this frame helped me a bit. Hide your IP!
But no ports only regards the home network, right? The proxy Server has to have open ports, and the home Server that connects to the proxy (how ever that’s done) needs to receive the forwarded packages on its ports, no?
Yes. The proxy will have 80 and 443 forwarded from the router. Everything else gets proxied through your reverse so you can set basic auth on anything likely to be a security risk. Generally, you don’t want regular login pages exposed directly, they should be behind basic auth.
What i dont quite understand: If I use something like a next cloud client app or file manager integration, how would the authenticator work? I thought the app or program would nee d direct access to the service, without anything in front of it
Two sites that really helped me get the basics of docker compose were Marius hosting and Dr Frankenstein’s docker guides. Both are focused more on synology, but the docker stuff works anywhere.
ETA: linuxserver.io is pretty handy, too.
usually I get a lot of my info from youtube channels I like to watch; just seeing what they’re up to and if it’ll be relevant to me or just entertainment. some channels I enjoy are hardware haven, raid owl, techno tim, and christian lempa. I’m not super knowledgeable and also pretty new to self hosting but these guys have helped me a lot so I figure I pass em on and hope you gain from their knowledge as well!
I learned about this book written by Adam who founded the SeaGL conference.
I’ve been self hosting for years and bought it to support him. I like the style of writing and how he explains the concepts.
Unfortunately not as self hosting is really just an amalgamation of a number of different technologies, concepts, groups of best practices, and there are nine and a half viable ways to do any given thing you’ll want to do. For my day job I manage several public systems that serve millions of requests a day and even I can’t really give you a “One definitive way of doing things”, but I have my preferences.
I think if you wanted a rough plan of what would be the most valuable things to learn in which order it would be
-
Docker, especially persisting your storage and also how its network works. Use containerized services only on your local network at first to get a feel for things, and give yourself the ability to screw things ip without putting yourself in any danger.
-
VPNs and how they work. You can start with a direct stupid simple VPN like WireGuard, or Tailscale if you want a mesh-VPN. This will allow you to reach your services remotely without having to worry too much about security and the micromanagement that can sometimes come with it.
-
Reverse proxies for things you’d like to expose to the public. At this point you want to learn as well about things like server hardening, have a system in place to automate software updates etc. there’s a common misconception that using a reverse proxy is innately much safer than port forwarding directly to your services. It can help by obscuring your home IP, and if you pair it with a WAF of some kind that’ll help you with much of the chaff attacks that get tossed your way, but at the end of the day in both cases you’re exposing the web services on your local network to the internet at large, so you have to understand the risk and reward of doing this.
-