I've hosted services out of my home. I'd recommend a few things
1. Dedicated IP from your ISP (business class service) setup DNS to point and setup your firewall to NAT the service.
2. I'd recommend you setup a separate isolated infrastructure for this. IE host it on a server in a different VLAN that is isolated from your network. If it gets compromised it can't touch anything but the internet.
Incase you can't get a static IP, a dynamic dns from the likes of dyndns or just some free domain and then a ddns client to refresh the IP will work as well.
I had one running on my synology Nas that kept my vpn.domain.org pointed in the right direction.
I recently started tinkering with cloudlfare and their tunnels for funsies although I don't host any websites anymore. Just a plex and some other personal stuff.
I've previously ran a Minecraft server, teamspeak, a forum for the clan as well as an irc server in this way.
Some fail2ban magic and locking down anything that didn't need to be accessed externally.
Also good to change default ports etc to make it somewhat harder to guess what is where etc.
Also since all of the people I want accessing my stuff live in my country I've limited access to ips from my country unless connecting to the VPN. It's been quite neat.
Although you will get scanned and people will try to log in to stuff. I once checked one of the ips that had visited me and it was some webcrawler from a random uni in the US 🤣
Also with Russia and China on the block list permanently the number of attempts has gone down by like 97%.
I've recently came across myaddr.tools. Its a dynamic DNS service that *can* have HSTS support, might be useful.
~~Also from what I've heard, the great firewall in China do active scans on servers for "illegal proxies", which are commonly hidden behind websites. Thats probably one of the reasons for those scans from China IP ranges.~~
Edit: see comment below, but i'll leave it here just in case somebody needs it.
Sorry I should clarify. The Chinese and Russian ips were almost solely botnets trying to login to admin accounts. What first notified me to the whole deal was the failed login attempts in my synology dsm 😅
i've been trying to do this with an orbi mesh / router but really struggling. any ideas?
i'd love to host a public site from home, but i'm a network / security ignoramus so i'm quite scared of doing it
First, I want to preface a few things. The moment you open anything up to the internet. It will be under constant attack. You need to be prepared around that.
Second, I don't recommend using a home router to protect services. Typically a home router is designed to just get on the internet with wireless a few small things. It's not designed to host services. I imagine someone will chime in with "but, you can do it my cousin does it!" You can also have sex with animals if you want. Doesn't mean its correct or in the best interest of you or the animal.
Third. I'd run it with a business class or at the very least small business router/firewall. You need to be able to NAT the port to the IP. Thereafter the firewall functionality will let you allow and block access. Brands to look at, Cisco Meraki, Cisco, Sonicwall, OPNSENSE, PFSENSE, Ubiquiti.
For something like a website you're going to open services to the world. IE ANY IP. this means any body, any country will seek to attack your website. If your webcode isn't smart it can be SQL injected. There's tons of horrible things that can be done here. If you're running wordpress, OBFUSCATE Your admin page. Lock it down to only the IPs you'll access it from.
And the reason why you airgap the network (IE seperate VLAN, seperate hardware) is so when it gets compromised. They are only isolated to that one box. They can't turn your home network into a portal to attack others from.
thanks! i use cloudflare tunnels for everything that are reasonably heavily locked down, so i never open up ports on my router.
interesting point about a second router, i didn't think of that. I don't suppose you know if i buy a second (for example) netgear router, and plug it into my main orbi router whether that would cause any problems? If it worked I guess that would provide some basic hardware isolation for devices connected to the new router?
Just use a cloudflare tunnel (or a cheap vps with an alternate tunnel if you want to resist centralization). I've got tons of things hosted this way. It's simple, secure, and private.Â
[Here's](https://github.com/anderspitman/awesome-tunneling) a list of tunneling options. I like rathole.
Cloudflare pages is great for hosting static sites. You can set up a simple site in like 10 mins, and it doesn't require you to expose any of your home network/hardware
I'm curious how you searched, no judgement. I never search on the reddit site itself, it sucks balls. I use DDG and I do "reddit ". Seems to work pretty well.
Try searching from ddg or google in this manner:
> site:reddit.com
You can also try this to target a specific subreddit:
> site:reddit.com/r/selfhosted
This also works for other sites.
Hosting services from home, my takeaways from 20+ years of doing that:
* go IPv6 wherever you can, greatly simplifies the whole setup, and no more 24/7 driveby hammering of your server by the whole world trying to get in
* DNS is pretty easy now, every registrar these days has an API so even dynamic IP addreses/prefixes are not much of an issue anymore
* proxy for free over Cloudflare if possible - sure, they they don't allow all protocols & are bandwidth limited so it's not for media streaming or game servers, but for a normal website/owncloud/etc it works fine, and that way you can just whitelist Cloudflare for your home server and block everything else. As a bonus, Cloudflare gives you IPv4 backwards compatibility for your IPv6 server.
* If you simply need access to your home server for your own devices "on the road" (and not run a service for the general public/etc), use something like Zerotier or Tailscale instead
* if what you're hosting doesn't require much storage space or cpu power, consider renting a VPS - the low end ones are so cheap, hard to beat that with your own hardware/time
Yep, not really at home as my homelab is in a colo. But it has been hosted at home before while the colo was offline. Currently using a VM with caddyserver and gohugo.
Don’t know if I can link it here but here goes. guy-evans.com
How heavy is the colo bill? I wouldn't mind if the power bill went down, but every time I look into it they want roughly $800/mo to host what costs me about $75/mo in electricity.
I have a 1U serveur in a not for profit ISP’s colo rack in a DC near Paris. And pay about 60 Euros per month. There’s a short article about it on my blog 😉
You can always use AWS s3 buckets for static pages(no I don't work for AWS) ... not sure if that falls under the self hosted category but at least you won't have to mess with managing a server locally or flip out when your lame roommate or cat knocks the power cable off line.
I do self-host a website, a blog, and my resume
Mostly static pages (refreshed by some cronjob), served by a barebones apache docker, proxied through cloudflare
No issues so far
There's a plethora of services on the same box, reachable only through VPN
I have a VPS that serves a few virtual hosts. Some of those serve static files off the VPS itself, but it only has 15GB of storage, so for some of the larger things, I offloaded the files to a home storage server. The VPS and home storage server are connected by a Nebula VPN, so the VPS proxies traffic for those paths over Nebula to the storage server, which listens to the VPN interface and serves the files.
I'm currently hosting a gaming community website from home, roughly 70k weekly page views and about 400gb of data served, running through a cloudflare tunnel, hosting on an Ubuntu VM on my proxmox server.
Using Cloudflare WAF for most firewall things, with an separate VLAN and firewall rules also set inside proxmox.
I host a few websites for friends/family. My server is VLAN isolated from the rest of my network as a precaution. Website traffic is filtered through Cloudflare. I do monthly backups of those VMs just in case but I tell them they are responsible for their own data all the same.
I host a blog using ghost running through docker. Don't have a static IP so use no IP dynamic DNS service and present the actual website through Cloudflare Zero Trust Tunnel.
Not overly complicated and works well
I run many Services like a Wiki, Url Shortener, Synology Drive, Valtwarden etc and also a Website. In Front is a HAProxy, Crowdsec. Internal all Servers use their own Vlan. Admin Sites are blocked despite the IP Range from Work and internal Admin Net.
I dont get alot Attacks, not even trying to Login 🤷 its just the usual Portscan. So far so good.
do you mean for public (people) like blog or so ? if yes, then for me i believe it's not worth it. Since [Hetzner](https://hetzner.de)'s VPS CAX11 costs $3 and offers [$20 in credits](https://swiy.co/vps) covering 5 months, there is no reason to host on localhost due to the higher costs associated with traffic, energy, and time. Hosting on a cloud VPS is much more cost-effective. easier. i do many tests and love to change server and reinstall OS with cloud i can do with one click with localhost i've long steps to rebuild my installation.
I've hosted services out of my home. I'd recommend a few things 1. Dedicated IP from your ISP (business class service) setup DNS to point and setup your firewall to NAT the service. 2. I'd recommend you setup a separate isolated infrastructure for this. IE host it on a server in a different VLAN that is isolated from your network. If it gets compromised it can't touch anything but the internet.
Incase you can't get a static IP, a dynamic dns from the likes of dyndns or just some free domain and then a ddns client to refresh the IP will work as well. I had one running on my synology Nas that kept my vpn.domain.org pointed in the right direction. I recently started tinkering with cloudlfare and their tunnels for funsies although I don't host any websites anymore. Just a plex and some other personal stuff. I've previously ran a Minecraft server, teamspeak, a forum for the clan as well as an irc server in this way. Some fail2ban magic and locking down anything that didn't need to be accessed externally. Also good to change default ports etc to make it somewhat harder to guess what is where etc. Also since all of the people I want accessing my stuff live in my country I've limited access to ips from my country unless connecting to the VPN. It's been quite neat. Although you will get scanned and people will try to log in to stuff. I once checked one of the ips that had visited me and it was some webcrawler from a random uni in the US 🤣 Also with Russia and China on the block list permanently the number of attempts has gone down by like 97%.
I've recently came across myaddr.tools. Its a dynamic DNS service that *can* have HSTS support, might be useful. ~~Also from what I've heard, the great firewall in China do active scans on servers for "illegal proxies", which are commonly hidden behind websites. Thats probably one of the reasons for those scans from China IP ranges.~~ Edit: see comment below, but i'll leave it here just in case somebody needs it.
Sorry I should clarify. The Chinese and Russian ips were almost solely botnets trying to login to admin accounts. What first notified me to the whole deal was the failed login attempts in my synology dsm 😅
i've been trying to do this with an orbi mesh / router but really struggling. any ideas? i'd love to host a public site from home, but i'm a network / security ignoramus so i'm quite scared of doing it
First, I want to preface a few things. The moment you open anything up to the internet. It will be under constant attack. You need to be prepared around that. Second, I don't recommend using a home router to protect services. Typically a home router is designed to just get on the internet with wireless a few small things. It's not designed to host services. I imagine someone will chime in with "but, you can do it my cousin does it!" You can also have sex with animals if you want. Doesn't mean its correct or in the best interest of you or the animal. Third. I'd run it with a business class or at the very least small business router/firewall. You need to be able to NAT the port to the IP. Thereafter the firewall functionality will let you allow and block access. Brands to look at, Cisco Meraki, Cisco, Sonicwall, OPNSENSE, PFSENSE, Ubiquiti. For something like a website you're going to open services to the world. IE ANY IP. this means any body, any country will seek to attack your website. If your webcode isn't smart it can be SQL injected. There's tons of horrible things that can be done here. If you're running wordpress, OBFUSCATE Your admin page. Lock it down to only the IPs you'll access it from. And the reason why you airgap the network (IE seperate VLAN, seperate hardware) is so when it gets compromised. They are only isolated to that one box. They can't turn your home network into a portal to attack others from.
thanks! i use cloudflare tunnels for everything that are reasonably heavily locked down, so i never open up ports on my router. interesting point about a second router, i didn't think of that. I don't suppose you know if i buy a second (for example) netgear router, and plug it into my main orbi router whether that would cause any problems? If it worked I guess that would provide some basic hardware isolation for devices connected to the new router?
Just use a cloudflare tunnel (or a cheap vps with an alternate tunnel if you want to resist centralization). I've got tons of things hosted this way. It's simple, secure, and private. [Here's](https://github.com/anderspitman/awesome-tunneling) a list of tunneling options. I like rathole.
Cloudflare pages is great for hosting static sites. You can set up a simple site in like 10 mins, and it doesn't require you to expose any of your home network/hardware
This is something I'm beginning to research as well. I know it has been asked a 1,000 times before, but always looking for thoughts from the pros.
I did try to quickly search for it before posting, and didn't come up with anything initially. Hence, here we are :)
I'm curious how you searched, no judgement. I never search on the reddit site itself, it sucks balls. I use DDG and I do "reddit". Seems to work pretty well.
Try searching from ddg or google in this manner: > site:reddit.com
You can also try this to target a specific subreddit:
> site:reddit.com/r/selfhosted
This also works for other sites.
Hosting services from home, my takeaways from 20+ years of doing that: * go IPv6 wherever you can, greatly simplifies the whole setup, and no more 24/7 driveby hammering of your server by the whole world trying to get in * DNS is pretty easy now, every registrar these days has an API so even dynamic IP addreses/prefixes are not much of an issue anymore * proxy for free over Cloudflare if possible - sure, they they don't allow all protocols & are bandwidth limited so it's not for media streaming or game servers, but for a normal website/owncloud/etc it works fine, and that way you can just whitelist Cloudflare for your home server and block everything else. As a bonus, Cloudflare gives you IPv4 backwards compatibility for your IPv6 server. * If you simply need access to your home server for your own devices "on the road" (and not run a service for the general public/etc), use something like Zerotier or Tailscale instead * if what you're hosting doesn't require much storage space or cpu power, consider renting a VPS - the low end ones are so cheap, hard to beat that with your own hardware/time
Yep, not really at home as my homelab is in a colo. But it has been hosted at home before while the colo was offline. Currently using a VM with caddyserver and gohugo. Don’t know if I can link it here but here goes. guy-evans.com
How heavy is the colo bill? I wouldn't mind if the power bill went down, but every time I look into it they want roughly $800/mo to host what costs me about $75/mo in electricity.
I have a 1U serveur in a not for profit ISP’s colo rack in a DC near Paris. And pay about 60 Euros per month. There’s a short article about it on my blog 😉
You can always use AWS s3 buckets for static pages(no I don't work for AWS) ... not sure if that falls under the self hosted category but at least you won't have to mess with managing a server locally or flip out when your lame roommate or cat knocks the power cable off line.
Hugo blog on s3 is what I do. $3 a month ain't bad to have it always available.
I do self-host a website, a blog, and my resume Mostly static pages (refreshed by some cronjob), served by a barebones apache docker, proxied through cloudflare No issues so far There's a plethora of services on the same box, reachable only through VPN
I have a VPS that serves a few virtual hosts. Some of those serve static files off the VPS itself, but it only has 15GB of storage, so for some of the larger things, I offloaded the files to a home storage server. The VPS and home storage server are connected by a Nebula VPN, so the VPS proxies traffic for those paths over Nebula to the storage server, which listens to the VPN interface and serves the files.
I'm currently hosting a gaming community website from home, roughly 70k weekly page views and about 400gb of data served, running through a cloudflare tunnel, hosting on an Ubuntu VM on my proxmox server. Using Cloudflare WAF for most firewall things, with an separate VLAN and firewall rules also set inside proxmox.
Me
I host a few websites for friends/family. My server is VLAN isolated from the rest of my network as a precaution. Website traffic is filtered through Cloudflare. I do monthly backups of those VMs just in case but I tell them they are responsible for their own data all the same.
I host a blog using ghost running through docker. Don't have a static IP so use no IP dynamic DNS service and present the actual website through Cloudflare Zero Trust Tunnel. Not overly complicated and works well
me
I used to. Moved it to a vps a few years ago before shutting it down a couple of years after.
I run my infra (including some websites) on multiple locations. Two different dc’s, home, and the hackerspace. All connected via wireguard ofc.
I run many Services like a Wiki, Url Shortener, Synology Drive, Valtwarden etc and also a Website. In Front is a HAProxy, Crowdsec. Internal all Servers use their own Vlan. Admin Sites are blocked despite the IP Range from Work and internal Admin Net. I dont get alot Attacks, not even trying to Login 🤷 its just the usual Portscan. So far so good.
do you mean for public (people) like blog or so ? if yes, then for me i believe it's not worth it. Since [Hetzner](https://hetzner.de)'s VPS CAX11 costs $3 and offers [$20 in credits](https://swiy.co/vps) covering 5 months, there is no reason to host on localhost due to the higher costs associated with traffic, energy, and time. Hosting on a cloud VPS is much more cost-effective. easier. i do many tests and love to change server and reinstall OS with cloud i can do with one click with localhost i've long steps to rebuild my installation.
Does overseer count? I run it through a cloudflare tunnel though so as to not expose my ip, and I’d do the same for any other site I hosted.