Open in app

Sign in

Write

Sign in

Mastodon

Before you start Self Hosting, consider these things

Preamble

David Field
Published in
6 min readMar 31, 2024

--

The reasons for self-hosting your own tech stack are as varied as they are valid. Over many years of doing this in many guises, the reasons tend to go from the absolute security purist who wants nothing to do with the Hyperscalers and the cloud through to the tinkerer who is doing it to learn new skills and understand tech a little better.

Whatever the reason you want to go down this path, and those reasons will change over time, there are some things you need to be aware of before you do.

Decide how deep down the rabbit hole security vs convenience

As I said, there are several camps of individuals who run self-hosted environments, and none of them started off that way. For the most part many of the people I have spoken to started off as a place to learn new tech so they could maybe get a better job, or keep up with the one they had. However, this becomes an obsession very fast…

One of the biggest “pitfalls” many people start with is how secure do you want your self-hosted environment to be?

I have a simple observation here, it needs to be as secure as is convenient. There is no point in building Fort Knox only to lock yourself out of your kingdom, and if others are using the services you’ve painstakingly put up, needing 30 passwords to watch the TV is not conducive to a quiet life or needed.

So when you’re setting up authentication and authorisation, consider the systems people already use, and keep it simple, and effective.

Passwordless ssh keys

In addition to user security, the system to system is equally important and as such you’ll want to learn about passwordless security keys very quickly. These will ensure that traffic, especially SSH traffic, is run over your platform encrypted.

This is another great example of convenience vs security as using password-locked SSH keys with 32-character random passwords is great, if you forget that password or lose it, you’re locked out of the system.

Also, learn to not use the same passwordless keys everywhere, compromise one, and compromise all as they say if you go down that route. You don’t need a unique key for every service, just groups of them for groups of services.

Start with old kit

This hobby WILL end up costing you a fortune that’s a fact, with hardware, then more hardware, electricity bills and maintenance costs you’ll rack up a big bill quickly.

Remember, you don’t need the latest and greatest hardware, you’re learning, it’s just for you not a business of 200+ people.

There are plenty of £150 Thinkstation 16Gb servers with SSDs on eBay to run docker, ansible, terraform, plex or whatever system you’re setting up. Having a handful of these small cheap 8-year-old boxes which run Linux will allow you to spread the load across multiple hosts for much less than the price of a rack and some rack-mounted servers.

If you did get rack-mounted servers free from somewhere, how much electricity would they draw? Can you afford that right now?

Using old kit, refurbished kit will save you a fortune.

Some software just doesn’t work

Here is a fact no one will tell you, some self-hosted software just doesn’t work properly, it might have a pretty web interface, but under the hood, it’s just a pain in the rear to get set up, there are pages of Goole results of people having issues.

Be prepared to pivot, to search the dark corners of the web and to spend hours

If you do find yourself with issues, you need a plan of action when reaching out for support. The forums and Reddit subs are awash with people whining that x,y or z doesn’t work.

Don’t be that guy, remember, 90% of this stuff is written by small groups of people or individuals who can’t bug-test everything. Be constructive and provide logs, data and scenarios when you put in a bug report of a help request.

Annoying people get put to the bottom of the queue every time.

Tailscale/Headscale everything

If you’re doing this to find out about software, networking can be a right royal pain to set up, reverse proxies, bastion hosts, VLAN’s, VPN’s all get in the way of a good setup if you’re not sure how to set them up. and in some cases not doing so securely can let anyone into your home setup.

I’d fully recommend Tailscale or its opensource Headscale to mesh VPN all your servers together on a Tailscale network (Wireguard mesh VPN) use it to do the Single Sign-on for your SSH logins and put the app on your phone or laptop to access your home network hile away over 5G.

You can set up quickly and easily nodes which can be exit nodes inside your environment so the world thinks whats where you are.

Go look it up, read it up, and thank me later.

Partner Approval

Before and during your self-hosting experiments, if you are putting together things at home like a Plex server which others might use, you need partner approval.

Putting together a service which needs you to jump on the laptop and fix because a service crashed or an update caused a problem is ok once or twice, after that, you’ll get a talking to.

Be mindful, that your significant other may not care about the UDP packets dropping with the media stream and the hard disk latency causing their favourite show to stutter at 9pm on the TV. They may not care the mail server crashed and you need 2 days to fix it when they are waiting for a job offer.

Why are you doing it?

Understand why you are doing this, and have a task list, a set of goals and objectives as outcomes.

  • If you don’t this will just become a mess very quickly.
  • Be prepared to tear it all down, and rebuild it many many times.
  • If it starts to become a chore, step away, and set those objectives again.

Backup, backup, backup

I cannot say this enough, if your aim is to get your data out of the prying eyes of Google, Apple or Microsoft and you want it all at home, love it.

However have a backup strategy and test it once every 2 weeks, can you still store data, can you rebuild essential servers, do you have the configs you need, the keys, the tokens, and the software?

Back it all up locally, then back it up on the cloud.

If you don’t, you will lose everything

What do you do if it all goes wrong?

It is not if, it’s when it will, you’ll break it all, some things you wished you did

  1. Wrote down how you did this stuff
  2. Saved the config files with the tweaks somewhere
  3. Made a note of that command you kept using history to find on the bash shell

At the very least keeping this data in a git repo both at home and on gitlab in the cloud is a sensible idea.

The thing is not to panic. I’ve been up at 2am trying to get a Plex server working again. why? because I was insane.

If it does break, also learn why, and how, next time you can improve it so it doesn’t

What could you do better?

Have Fun

Having said all of this, have some fun. If like me, you are a total nerd self-hosting is great, you get to do your hobby as a job and to learn so much. there will be awful times however the satisfaction of getting something you thought difficult working and understanding it will not only give you a huge boost in self-confidence, it will also stand you in good stead in the job market too.

Self Hosted
Gui̇de
How To
Technology
Home Network

--

--

David Field
thesafewebbox

Written by David Field

3 Followers
Editor for

A 35+ year veteran of the IT industry, now as well as being an IT Manager, I like to tinker with technologies and projects and blog about them.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams