Hello All,
I am really new to selfhosting, trying to learn the basics. I have a raspi 5 with docker installed and a domain. My question is, as I collect all my knowledge from all over the internet, is there a selfhosting guide for dummies? IT would be cool to have some guidance at hand to rfer to when i do dumb shit.
Thanks
Software: https://github.com/awesome-selfhosted/awesome-selfhosted
Guide: https://github.com/mikeroyal/Self-Hosting-Guide
As a beginner you might want to start out with one of the all-in-one turnkey operating systems like yunohost.org , dietPi.com or unRaid or a bunch of others (see the awesome-selfhosted list)
https://perfectmediaserver.com/
Another good one!
I think this question has been raised a few times here and I’m not aware of any “guide for dummies”.
Self-hosting is a wide topic and most of the knowledge is spread across the internet. I’d recommend going to communities like the one you just posted on, reading wikis and learning how to efficiently find information on the web. Most of the knowledge I accumulated over the years come from so many different places so I can’t think of a centralized knowledge base.
If you really want to have a handbook you can refer to you’ll have to write it yourself with your experience about your specific setup and environment.
For your media server setup.
Also this is a nice shopping list
https://github.com/awesome-selfhosted/awesome-selfhosted
Digital ocean also offers a bunch of guides from securing VMs to seeing up we servers.
What do you want to do? You could try to Ppick a problem and then find a service to solve it. Maybe a pi hole ad blocker, or homeassistant for home automation. Both of these run well on a pi. Then follow the guide to deploy those services.
Also, I started with a pi, added a synology (a NAS is a game changer), and then moved almost all services off the synology to a Beelink S12 pro. Recently upgraded the S12 to 32GB of memory, and I have a 2tb ssd upgrade I have to do soon. All of this is over the past 2-years.
It’s a pretty broad question and part of the adventure is learning what works for you.
I have found https://selfh.st/ a great resource of seeing the art of what’s possible and what is out there
Chatgpt is also helpful especially for fixing your yaml files which seems to be the main config format for most container based projects.
For remote access I have found tailscale the easiest way to access self hosted away from home.
Two sites that really helped me get the basics of docker compose were Marius hosting and Dr Frankenstein’s docker guides. Both are focused more on synology, but the docker stuff works anywhere.
ETA: linuxserver.io is pretty handy, too.
Unfortunately not as self hosting is really just an amalgamation of a number of different technologies, concepts, groups of best practices, and there are nine and a half viable ways to do any given thing you’ll want to do. For my day job I manage several public systems that serve millions of requests a day and even I can’t really give you a “One definitive way of doing things”, but I have my preferences.
I think if you wanted a rough plan of what would be the most valuable things to learn in which order it would be
-
Docker, especially persisting your storage and also how its network works. Use containerized services only on your local network at first to get a feel for things, and give yourself the ability to screw things ip without putting yourself in any danger.
-
VPNs and how they work. You can start with a direct stupid simple VPN like WireGuard, or Tailscale if you want a mesh-VPN. This will allow you to reach your services remotely without having to worry too much about security and the micromanagement that can sometimes come with it.
-
Reverse proxies for things you’d like to expose to the public. At this point you want to learn as well about things like server hardening, have a system in place to automate software updates etc. there’s a common misconception that using a reverse proxy is innately much safer than port forwarding directly to your services. It can help by obscuring your home IP, and if you pair it with a WAF of some kind that’ll help you with much of the chaff attacks that get tossed your way, but at the end of the day in both cases you’re exposing the web services on your local network to the internet at large, so you have to understand the risk and reward of doing this.
-
All good suggestions, but mine is: Start with something redundant.
Do you use Google Drive? Set up Nextcloud and use both for a while.
Also, decide on user management first. It’s way better to have a central system for managing passwords/etc. Personally I use an Active Directory based off Samba4: https://github.com/Fmstrat/samba-domain because it’s got LDAP and expandable with Keycloak to OAuth and OIDC. This may sound overwhelming, but once you learn what they are, its fairly straight forward.
I learned about this book written by Adam who founded the SeaGL conference.
I’ve been self hosting for years and bought it to support him. I like the style of writing and how he explains the concepts.
Don’t expose things to the internet with port forwards. Anything you want to do like that can be done with a reverse proxy or preferably a VPN.
That is all.
It took me a while to learn that:
Reverse proxy= your page lives in your basement but only your DNS knows. From outside everyone goes to “my page is cool.com”
VPN= LAN but in WAN…go to Starfucks and you can still get your files from your basement’s NAS
I’m sure they got other meanings, but this frame helped me a bit. Hide your IP!
But no ports only regards the home network, right? The proxy Server has to have open ports, and the home Server that connects to the proxy (how ever that’s done) needs to receive the forwarded packages on its ports, no?
Yes. The proxy will have 80 and 443 forwarded from the router. Everything else gets proxied through your reverse so you can set basic auth on anything likely to be a security risk. Generally, you don’t want regular login pages exposed directly, they should be behind basic auth.
What i dont quite understand: If I use something like a next cloud client app or file manager integration, how would the authenticator work? I thought the app or program would nee d direct access to the service, without anything in front of it
usually I get a lot of my info from youtube channels I like to watch; just seeing what they’re up to and if it’ll be relevant to me or just entertainment. some channels I enjoy are hardware haven, raid owl, techno tim, and christian lempa. I’m not super knowledgeable and also pretty new to self hosting but these guys have helped me a lot so I figure I pass em on and hope you gain from their knowledge as well!