this post was submitted on 28 Jun 2023
59 points (96.8% liked)

Selfhosted

40733 readers
400 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I've been doing small hosting off and on for a while. Mainly for accessing files at home and the occasional Minecraft server. Not smart, as I've never used a specialized router. I used to use ddwrt, but now it's impossible to flash most consumer grade routers.

id like to learn more stuff about cyber security, host other stuff, maybe host a website, but I'm just a guy who lives in an apartment. I'm stuck with 1 Internet service that claims it will terminate my service if they find me to be hosting anything. They must be semi-lax with that rule, because i haven't gotten terminated for using ssh and cockpit.

Do you guys own a house, or are just fortunate enough to have access to an ISP that will let you host your own stuff?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 2 years ago

Home

Firewall / OpenBSD running on APU2

  • Wireguard (only thing open to the public)
  • IPSec site-to-site to Oracle cloud (only open for Oracle VPN GW IP)
  • NSD for authoritative DNS
  • Unbound for DNS filtering (unbound adblock script)
  • script that updates my public IP to DNS provider should it change

Containers / Debian running on Asus PN62

  • Portainer for controlling local Docker as well as one in the Oracle Cloud
  • certbot with DNS auth to get certificate for local services, this way I don't need to open anything to the Internet
  • Traefik as reverse proxy configured via labels

Cloud

Cloudflare

  • This is in front of public services
  • Public DNS

Oracle Cloud

  • Free tier server (4x vCPU, 24GB RAM) with Docker, Traefik, Portainer agent
  • IPSec from home so I can control Docker on my cloud server

Azure

  • Azure blob storage for backups (Restic)

Everything is separated as much as I can. All stacks are on separate networks with strict firewall rules (iptables) on host to control which container can talk to others. For example Traefik can talk to Gitea but not vice versa. Everything on physical network is separated by VLANs.