‣ Gianmarco Gargiulo  ⁣⁣
September 3, 2021

Why you should selfhost stuff
It's a matter of control, flexibility and also fun!

At home I have two computers acting as servers (I hope you like fish themed nicknames): “Tadpole” which is an old Raspberry Pi 2 running Ubuntu 20.04 that runs my website, a USB hard disk shared via SMB so that my dad can do things from his office and a bunch of reverse proxies to redirect my subdomains (e.g.: dl.gianmarco.ga) to the other server called “Sunfish” which is an HP Proliant MicroServer N36L (basically an x64 box with a door and 4 hard drive bays) that I got at a flea market for just €10 which runs Debian 10 and has the downloads repo, a “staging” version of my website, my Nextcloud instance and I’m currently working on a Git server too.

Tadpole

Sunfish

Back in 2019 or something like that I used my old HP 550 as a server for my website running Windows 7, then I moved to some Compaq laptop that my aunt didn’t use anymore and installed Zorin OS (because I still was a noob at the command line), and then I went straight to the Pi and now also the MicroServer.

Selfhosting is the way I can do all of these things, I can have these servers always running 24/7 onto the network and accessible from the outside thanks to port forwarding on the router side, a dynamic DNS service (in my case No-IP, but others like DynDNS exist as well) and my gianmarco.ga domain. The DNS being managed by Cloudflare is a bit of a mess and it gives a few issues, for example, when connecting via SSH with the main domain, so I’m probably gonna change things up a bit in future. Here’s a little diagram showing how everything is setup as of now.

My servers setup

I have my gianmarco.ga domain registered at Freenom, Cloudflare takes care of redirecting the domain to No-IP among other things like SSL and subdomains, No-IP gives me an address that always points to my home network thanks to my router which has No-IP support built-in and port forwarding. So for example if I type www.gianmarco.ga in my browser, it will go to Cloudflare which will go to No-IP which will finally go to my network and the corresponding server and port, but I can’t use the gianmarco.ga domain to SSH into my servers (or even my desktop PC) because of the whole DNS mess, so for that I must use the No-IP address, like this:

$ ssh gianmarco@whatever.ddns.net -p 1234

The “whatever” address and the 1234 port are not the real credentials, just in case you tought I was so dumb I would dox my server to everyone like this 🙃. No-IP or a similar dynamic DNS service is a must when it comes to selfhosting, because otherwise you would have to pay quite a bit of money to get a static DNS, so it’s just easier and cheaper to do it this way. Also what the hell is SSH? It stands for Secure Shell and it’s a protocol used to access the command line interface of a computer or a server remotely (not to be confused with stuff like VNC which is for remoting into a GUI rather than a CLI), so it’s like if I was actually sitting in front of the server and using it, with the difference that I can control it from anywhere and that the server itself can run headless (meaning with no peripherals connected, just power and ethernet).

SSH example

So as I showed before I can login with ssh username@address -p 1234, but if for example I’m at my desktop which is connected to the same home network as my server, instead of using the No-IP address I can just type the local IP (e.g.: ssh username@192.168.1.50) without the need to pass through the outside. Notice that this time I didn’t specify a port like -p 1234, that’s because I left the actual SSH port of the server to the default one (port 22) while if you’re accessing from the outside the router wants a different port: this is a simple security measure against hacks or login spams which is generally considered essential if you’re opening up an SSH server to the whole internet. Another good practice against intrusion is using SSH keys instead of passwords. An SSH key is basically a “unique identifier” that you generate on your computer and give to the SSH server, so every time you try to login the server will know that the computer you’re logging in from corresponds to the key you gave it, so it will let you in without requiring a password, and all other computers that are not in the server’s “whitelist” of keys won’t be able to login. So for example you could generate keys for your desktop, your laptop, your work computer and maybe even your phone, this way only your devices can access the server and no one else.

sudo systemctl status apache2

When it comes to web hosting it’s quite simple: I run Apache on both servers (you could also use nginx for the same purposes), Tadpole is open to the HTTP port on the router and gets all connections from/to the outside, Sunfish gets redirects from Tadpole when someone wants to connect to a subdomain like staging.gianmarco.ga with a few reverse proxies. These proxies are some configuration files on Tadpole at /etc/apache2/sites-enabled/, here’s what one of them looks like:

<VirtualHost *:80>
    ServerName staging.gianmarco.ga
    ProxyPass / http://192.168.1.12:80/staging/
    ProxyPassReverse / http://192.168.1.12/staging/
</VirtualHost>

It’s basically a virtual host taking connections from staging.gianmarco.ga and giving them access to the corresponding place on Sunfish like in this case http://192.168.1.12/staging. It was a pain for me and my friend FreeApp2014 to figure this shit out but in the end it ended up being a very simple thing. The subdomain is setup on Cloudflare by making a CNAME record that points to the www subdomain which points to the No-IP address (this was originally setup to make the domain work in the first place). So for example dl.gianmarco.ga goes to the main server which automatically redirects to Sunfish because it knows it’s the dl subdomain and that it has to go there (virtual host file).

CNAMEs on Cloudflare’s dashboard

Nextcloud is a free and open source software that acts like a cloud service, similar to Google Drive or iCloud, where you have files, notes, contacts, photos and videos all synced on a server (which in this case is mine because I’m hosting it) that you can access from your devices. You can also use it for videocalls, collaborative projects, tracking your phone’s location and more by installing “applications” that extend Nextcloud’s functionality. To get it up and running it’s very simple: you just get an installer script from Nextcloud’s website, follow the instructions and also install the required dependencies.

Nextcloud’s interface

At this point you have wasted enough time reading all of the crap I do, so why am I doing this in the first place?

Should anyone do the same? It depends on whether you’re a computer savy person who’s not afraid of the terminal and of configuration files or just someone who wants a simple website, it could be quite frustrating at times even for me (like the Git server I’m working on 💣), so if your needs are simple, using a third party service is probably less time/effort consuming than selfhosting. It also depends on if you’re willing to have a computer always on and connected, if not VPS services like Linode, Vultr or DigitalOcean are probably more to your liking.

Are there any special hardware or software requirements? Unless you’re doing very specific and specialized tasks, no. Any kind of hardware that’s not too old should be able to host anything that’s not super processor intensive. When it comes to software I suggest a minimal Linux/BSD install with just the TTY, but technically you could get away with a GUI or even with Windows or macOS, but it could be quite a bit of a waste of resources, disk space and boot times too, especially on particularly old or weak hardware, and also the latter two OSes are… you know… proprietary 💩.

What am I gonna do next? I’m probably gonna get a proper domain instead of this stupid Freenom .ga one, then I’ll try hosting my own email server (me@gianmarco.ga is currently being hosted on Yandex 😖🔫) and I might even give a try to chat stuff like Matrix or something XMPP-based. Also if DuckDuckGo is ever gonna give me up, I might host a Searx instance. A cool thing I’d like to do is hosting a PeerTube instance for my videos, but it requires quite a bit of power for transcoding and unfortunately none of my servers are powerful enough for that.

Why you should selfhost stuff, published on September 3, 2021.
Follow me

or email me@gianmarco.ga