Hello All,
I am really new to selfhosting, trying to learn the basics. I have a raspi 5 with docker installed and a domain. My question is, as I collect all my knowledge from all over the internet, is there a selfhosting guide for dummies? IT would be cool to have some guidance at hand to rfer to when i do dumb shit.
Thanks
For your media server setup.
Also this is a nice shopping list
https://github.com/awesome-selfhosted/awesome-selfhosted
Digital ocean also offers a bunch of guides from securing VMs to seeing up we servers.
Unfortunately not as self hosting is really just an amalgamation of a number of different technologies, concepts, groups of best practices, and there are nine and a half viable ways to do any given thing you’ll want to do. For my day job I manage several public systems that serve millions of requests a day and even I can’t really give you a “One definitive way of doing things”, but I have my preferences.
I think if you wanted a rough plan of what would be the most valuable things to learn in which order it would be
-
Docker, especially persisting your storage and also how its network works. Use containerized services only on your local network at first to get a feel for things, and give yourself the ability to screw things ip without putting yourself in any danger.
-
VPNs and how they work. You can start with a direct stupid simple VPN like WireGuard, or Tailscale if you want a mesh-VPN. This will allow you to reach your services remotely without having to worry too much about security and the micromanagement that can sometimes come with it.
-
Reverse proxies for things you’d like to expose to the public. At this point you want to learn as well about things like server hardening, have a system in place to automate software updates etc. there’s a common misconception that using a reverse proxy is innately much safer than port forwarding directly to your services. It can help by obscuring your home IP, and if you pair it with a WAF of some kind that’ll help you with much of the chaff attacks that get tossed your way, but at the end of the day in both cases you’re exposing the web services on your local network to the internet at large, so you have to understand the risk and reward of doing this.
Don’t expose things to the internet with port forwards. Anything you want to do like that can be done with a reverse proxy or preferably a VPN.
That is all.
But no ports only regards the home network, right? The proxy Server has to have open ports, and the home Server that connects to the proxy (how ever that’s done) needs to receive the forwarded packages on its ports, no?
Yes. The proxy will have 80 and 443 forwarded from the router. Everything else gets proxied through your reverse so you can set basic auth on anything likely to be a security risk. Generally, you don’t want regular login pages exposed directly, they should be behind basic auth.
It took me a while to learn that:
Reverse proxy= your page lives in your basement but only your DNS knows. From outside everyone goes to “my page is cool.com”
VPN= LAN but in WAN…go to Starfucks and you can still get your files from your basement’s NAS
I’m sure they got other meanings, but this frame helped me a bit. Hide your IP!
I learned about this book written by Adam who founded the SeaGL conference.
I’ve been self hosting for years and bought it to support him. I like the style of writing and how he explains the concepts.
It’s a pretty broad question and part of the adventure is learning what works for you.
I have found https://selfh.st/ a great resource of seeing the art of what’s possible and what is out there
Chatgpt is also helpful especially for fixing your yaml files which seems to be the main config format for most container based projects.
For remote access I have found tailscale the easiest way to access self hosted away from home.
