Hey there!
Iām thinking about starting a blog about privacy guides, security, self-hosting, and other shenanigans, just for my own pleasure. I have my own server running Unraid and have been looking at self-hosting Ghost as the blog platform. However, I am wondering how āsafeā it is to use oneās own homelab for this. If you have any experience regarding this topic, I would gladly appreciate some tips.
I understand that itās relatively cheap to get a VPS, and that is always an option, but it is always more fun to self-host on oneās own bare metal! :)
No, with these reasons:
- Bandwidth isnāt plenty
- My āuptimeā at home isnāt great
- No redundant hardware, even a simple mainboard defect would take a while to replace
I have a VPS for these tasks, and I host a few sites for friends amd family.
Weeeell, thereās a school of though leaning towards the opinion that using VPS is still self-hosting ;)
A VPS still counts as self-hosting :)
I host my sites on a VPS. Better internet connection and uptime, and you can get pretty good VPSes for less than $40/year.
The approach Iād take these days is to use a static site generator like Eleventy, Hugo, etc. These generate static HTML files. You can then store those files on literally any host. You can stick them on a VPS and serve them with any web server. You could upload them to a static file hosting service like BunnyCDN storage, Github Pages, Netlify, Cloudflare Pages, etc. Even Amazon S3 and Cloudfront if you want to pay more for the same thing. Note that Github Pages is extremely feature-poor so Iād usually recommend one of the others.
This is a bit fuzzy. You seem to recommend a VPS but then suggest a bunch of page-hosting platforms.
If someone is using a static site generator, then theyāre already running a web server, even if itās on localhost. The friction of moving the webserver to the VPS is basically zero, and that way theyāre not worsening the webās corporate centralization problem.
I host my sites on a VPS. Better internet connection and uptime, and you can get pretty good VPSes for less than $40/year.
I preferred this advice.
You seem to recommend a VPS but then suggest a bunch of page-hosting platforms.
Other comments were talking about pros and cons of self-hosting, so I tried to give advice for both approaches. I probably could have been clearer about thay in my comment though. I edited the comment a bit to try and clarify.
I have some static sites that I just rsync to my VPS and serve using Nginx. Thatās definitely a good option.
If you want to make it faster by using a CDN and donāt want it to be too hard to set up, youāre going to have to use a CDN service.
Self-hosted CDN is doable, but way more effort. Anycast approach is to get your own IPv4 and IPv6 range, and get VPSes in multiple countries through a provider that allows BGP sessions (Vultr and HostHatch support this for example). Then you can have one IP that goes to the server thatās closest to the viewer. Easier approach is to use Geo DNS where your DNS server returns a different IP depending on the visitorās location. You can self-host that using something like PowerDNS.
I have some static sites that I just rsync to my VPS and serve using Nginx. Thatās definitely a good option.
Agree. And hard to get security wrong cos no database.
If you want to make it faster by using a CDN and donāt want it to be too hard to set up, youāre going to have to use a CDN service.
Yes but this can just be a drop-in frontend for the VPS. Point the domain to Cloudflare and tell only Cloudflare where to find the site. This provides IP privacy and also TLS without having to deal with LetsEncrypt. Itās not ideal becauseā¦ Cloudflareā¦ but at least youāre using standard web tools. To ditch Cloudflare you just unplug them at the domain and you still have a website.
Perhaps its irrational but Iām bothered by how many people seem to think that Github Pages is the only way to host a static website. I know thatās not your case.
https://greencloudvps.com/billing/store/budget-kvm-sale
https://lowendtalk.com/discussion/191501/real-deals-here-win-big-with-thousands-in-prizes-racknerds-new-year-offers-new-year-2024/ (New Year 2024 deals but I think theyāre still available)
Also, there are a LOT of sales during Black Friday. HostHatch usually have great Black Friday deals. Keep an eye on Lowendtalk.com forums.
Iāve got a few VPSes at GreenCloudVPS (in San Jose, California) and HostHatch (in Los Angeles, California) and theyāre both pretty good. I live near San Jose so I get <10ms ping to those VPSes :)
HostHatch is a bit better (their control panel is more powerful) but youād have to wait for them have a sale, whereas GreenCloudVPS usually has good deals year-round.
Iāve used RackNerd in the past. Theyāre good too, although I prefer GreenCloud and HostHatch.
I wonder sometimes if the advice against pointing DNS records to your own residential IP amounts to a big scare. Like you say, if itās just a static page served on an up to date and minimal web server, thereās less leverage for an attacker to abuse.
Iāve found that ISPs too often block port 80 and 443. Did you luck out with a decent one?
I wonder sometimes if the advice against pointing DNS records to your own residential IP amounts to a big scare. Like you say, if itās just a static page served on an up to date and minimal web server, thereās less leverage for an attacker to abuse.
That advice is a bit old-fashioned in my opinion. There are many tools nowadays that will get you a very secure setup without much effort:
- Using a reverse proxy with automatic SSL certs like Caddy.
- Sandboxing services with Podman.
- Mitigating DoS attacks by using a WAF such as Bunkerweb.
And of course, besides all these tools, the simplest way of securing public services is to keep them updated.
Iāve found that ISPs too often block port 80 and 443. Did you luck out with a decent one?
Rogers has been my ISP for several years and have no issue receiving HTTP/S traffic. The only issue, like with most providers, is that they block port 25 (SMTP). Itās the only thing keeping me from self-hosting my own email server and have to rely on a VPS.
I have hosted a wordpress site on my unraid box before, but ended up moving it to a VPS instead. I ended up moving it primarily because a VPS is just going to have more uptime since I end up tinkering around with my homelab too often. So, any service that I expect other people to use, I often end up moving it to a VPS (mostly wikis for different things). The one exception to that is anything related to media delivery (plex, jellyfin, *arr stack), because I donāt want to make that as publicly accessible and it needs close integration with the storage array in unraid.
I have a Hugo site hosted on GitHub and I use CloudFlare Pages to put it on my custom domain. You donāt have to use GitHub to host the repo. Except for the cost of the domain, itās free.
You donāt really need Cloudflare to have your own domain, you can do everything directly with GitHub.
