For example, something that is too complex for your comfort level, a security concern, or maybe your hardware can’t keep up with the service’s needs?
What types of services are you not willing to self-host?
3 years ago by Tinnitus to c/selfhosted
Reivax 9 points 3 years ago
Yes these. Essentially anything that an unidentified user could push data to that would land me in regulatory trouble. I would want to host these things, but I don't want to become a distributor of anything that would get me a search warrant.
Artaca 4 points 3 years ago
Lemmy instance for me as well. I have a specific community I miss from reddit that I want to replicate, I even have a domain sitting around that'd be good...I just don't want to store data coming from complete strangers. I also have zero interest in any sort of admin/moderating. So I'll just go without it and get over it lol
Cqrd 18 points 3 years ago
Google and other large scale providers have intentionally made it very difficult to self host your own email. It’s generally not considered a wise move these days and is very difficult to maintain.
MaggiWuerze 9 points 3 years ago
Problem is, that most larger providers sort your mails to spam if the domain is not well known to them, which is not easy to achieve
ikidd 7 points 3 years ago
With DKIM and SPF, I've had zero problems in the last 15 years of selfhosting, most recently with Mailcow Docker on a residential IP. I don't even have a reverse PTR to my mailserver hostname, just a PTR provided by the ISP that can be resolved.
I've added a few fresh, un-reputed domains to the server and had no issues.
I think many people's problems with running email servers are self-inflicted. I remember even before there were things like blacklists, etc with large providers, many people had problems keeping mailservers running. It's just not an easy task for a variety of reasons completely unassociated with the mega's blacklisting you. I've been running mailservers at various scales for 20+ years so maybe it's just second nature to me now.
loppwn 1 point 3 years ago
ip-reputation is also important. Mailgun, an email service for mass mailing, is doing an „ip-warmup“ if you choose a dedicated ip. So, if you are self-hosting with dynamic-ip, i think you would have a very very low ip-reputation.
Monkeyclock1234 1 point 3 years ago
I have an email server but it is not my main email account. I'm purely only using it to learn and to have email notifications sent out from a few services. I do not trust myself or my setup enough to have my main email account hosted on it
chris 6 points 3 years ago
I did host my email, but the problem wasn't the spam but the bigger email providers. Best case was my mail was marked as spam. Worst case was that I was blocked until I jumped through hoops. Email hosting is unfortunately broken.
metaStatic 7 points 3 years ago
what's that? a federated service isn't immune from a corporate take over? colour me shocked.
Anafroj 5 points 3 years ago
Gladly, fail2ban exists. :) Note that it's not just smtp anyway. Anything on port 22 (ssh) or 80/443 (http/https) get constantly tested as well. I've actually set up fail2ban rules to ban anyone who is querying / on my webserver, it catches of lot of those pests.
mrms 3 points 3 years ago
This method supposedly works great too.
stardreamer 2 points 3 years ago
CrowdSec has completely replaced fail2ban for me. It's a bit harder to setup but it's way more flexible with bans/statistics/etc. Also uses less ram.
It's also fun to watch the ban counter go up for things that I would never think about configuring on fail2ban, such as nginx CVEs.
Edit: fixed url. Oops!
Anafroj 2 points 3 years ago
Thanks for mentioning it, I didn't know about it. Protecting against CVEs sounds indeed awesome. I took a more brutal approach to fix the constant pentesting : I ban everyone who triggers a 404. :D Of course, this only work because it's a private server, only meant to be accessed by me and people with deep links. I've whitelisted IPs commonly used by my relatives, and I've made a log parser that warns me when those IPs trigger a 404, which let me know if there are legit ones, and is also a great way to find problems in my applications. But of course, this wouldn't fly on a public server. :)
Note for others reading this, the correct link is CrowdSec
peregus 3 points 3 years ago
Me too, I'll never self host my email server. Too much time that I don't have to set it up correctly, manage the antispam and other thing that I don't even know . And if it goes down and I don't have time to look into it (which would be the case 95% of the time 🙈), I'll be without email for I don't know how long.
shrugal 2 points 3 years ago
I've been self-hosting a personal email server for about half a year now, and it was definitely challenging! But it also tought me quite a bit about how the system works, so I think it was worth it. There are solutions for everything, but you definitely need some time and patience.
colebrodine 26 points 3 years ago
I told my wife when I die, she's just going to have to throw it all away and start over.
We have separate email accounts and she knows how to get into my Keepass, so she should be able to get into whatever she needs to. I now have a daughter who is becoming interested in how these things work, so I'm hoping to slowly start training/handing off to her.
freeman 3 points 3 years ago
I have a router, switch and older access point preconfigured and ready to just plug in.
I have some basic documentation and a short list of folks to call, along with admin creds should anything need untangling.
But mostly it’s a rip and replace network. Ditch plex and get cable.
Google workspace is basically just gmail. You can pay someone to migrate it or abandon.
ily 16 points 3 years ago
Dealing with the digital afterlife of a hacker - The Daily Dot
The main challenge was Michael’s tech footprint: His Gmail, Twitter, personal domains, rented servers, hosting business, home servers, and a huge collection of Apple tech.
“It was tough for Beth because she got home and she had a brand new phone and couldn’t even get on the Wi-Fi,” Kalat said. “Michael had done everything. Beth is very smart—she’s a scientist—but Michael had handled everything. A friend had to come over to reset the Wi-Fi password.”
BastingChemina 15 points 3 years ago
Bitwarden has an option called emergency contact.
The emergency contact can request access to see all the saved passwords. If I don't deny the request then the request is automatically approved after X days.
I feel like this would cover most of the issues in the article.
bearfootbees 6 points 3 years ago
This guy has a good financial planner.
Karcinogen 83 points 3 years ago
Password manager like Bitwarden. I'd rather they take care of it for me. The consequences would be too great if I messed it up.
apprehensively_human 17 points 3 years ago
Smart move, unless you really know what you're doing and have redundancy. When I first made the switch from Lastpass to Bitwarden I had tried to host the vault myself instead of using the cloud version, which worked fine right up until the moment I had a server outage and lost access to all my passwords.
somedaysoon 20 points 3 years ago path: 0 1938489 1939167 1939650, hotness: undefined, score: 20, children: 2
SocialDoki 8 points 3 years ago
I think that's what's kept me at KeePass rather than moving to something like Bitwarden. Since it's file-level encryption, anything that can serve files can also serve my KeePass database. When I upgrade servers or change to different services, restoring my database is as simple as throwing the file into that new service and going on with my life.
somedaysoon 6 points 3 years ago path: 0 1938489 1939167 1939650 1942855 1947080, hotness: undefined, score: 6, children: 0
ChrislyBear 8 points 3 years ago
Oh man, that's actually really good advice! I recently switched to Vaultwarden, but you're right: If my server goes down, I can't even restart it, because the password for my account is in there! Damn! Close call!
Limit 17 points 3 years ago
Well with bitwarden/vaultwarden you can have a copy of your entire vault on your phone or computer or both... so even if your server was totally dead, you'd have access to your passwords. Solid backups is a must, I follow the 3-2-1 rule on super critical systems (like vaultwarden) and test that you can actually recover. Something as simple as spinning up a VPS, testing a restore, testing access, see if that could work in a pinch until you get your server back online, then tear it down. Linode is very cheap for this kind of testing, it'd only cost you a few pennies to run a "dr" test of your critical systems. Of course you still want to secure it, I'd recommend wireguard or tailscale instead of opening access to your DR node to the internet, but as a temporary test it's probably fine if your running patched up to date versions of docker, vaultwarden, and I'd always recommend putting a reverse proxy in front like nginx.
newIdentity 11 points 3 years ago
Usually the password are also stored locally.
I can definitely access all my passwords offline with bitwarden
rglullis 1 point 3 years ago
I still don't get why people want to have cloud-based password managers. Keepass works in all major platforms, it's just one file, which it is super easy to sync and/or merge. It can integrate with your browser/Os if you want, but otherwise the surface attack is basically zero.
nomadjoanne 13 points 3 years ago
I've managed to do it for my personal email and find it very rewarding. Sadly, I could never use it for my business. It's just too risky and there may always be a few delivery problems here and there.
VPS hosting, BTW, not home.
cmhe 1 point 3 years ago
I have setup a mail server for my employer, and doing it manually yourself is difficult. I didn't want to do it for myself as well.
However I looked into mailcow, and tried that privately and it works great so far! However, i would dedicate a separate VPS for just that.
waspentalive 4 points 3 years ago
That, and the fact that Spam abatement is a terrible chore. Whackamole at its worst.
daFRAKKINpope 11 points 3 years ago
Second. I used to self-host Bitwarden. Then I realized it'd be too devistating to lose all my passwords, even with backups. So I moved to their cloud service and paid for my families accounts too.
Joplin tho, Joplin stays on the server with no backup. I should really, really make a backup this weekend.
cmhe 18 points 3 years ago
I am hosting bitwarden myself (on a VPS) and I am not that concered about losing my passwords, because every device syncs all passwords locally regulary so that you don't need internet to access them.
So to loose all your passwords not only do you have to loose your bitwarden server and all the backups, you also have to loose access to all your bitwarden clients synchroniously.
lastweakness 1 point 3 years ago
I really want to use Bitwarden and I pay for the premium as well, but it's starting to bother me that a lot of basic stuff is missing despite years of user requests.
- An Auto-fill UI for the web interface
- Credit card auto-fill
- A way to refresh from the auto-fill menu on the Android UI
I just tried Proton Pass (I have unlimited anyway) and it's not better, but at least they seem to be working on these.
IdealShrew 9 points 3 years ago
all the features you listed are available though?
lastweakness 1 point 3 years ago
I have replied above: https://lemmy.world/comment/1988541
i_lost_my_bagel 6 points 3 years ago
It has all of those though?
lastweakness 1 point 3 years ago
Okay, credit card autofill is there at least on the browser, my bad. But the other two, no. What I mean by auto-fill UI is an overlay like we see in LastPass, Proton, etc.
If you add an item on your desktop, make sure it's synced and try to use the Android app to auto-fill it, it won't be there yet. And if you use the basic auto-fill view ("Items for x"), there's no way to refresh. The main app (not the "Items for" view) does have a refresh option though, so i end up closing everything, going back and refreshing from there.
Also, I like the way Aliases work in Proton. I'm still using both and really like both, and for now, both have its pros and cons.
aard 1 point 3 years ago
Because passwords are so critical I'd never give that to a third party.
Stuff like bitwarden is needlessly complicated, though - I nowadays have a vaultwarden instance for friends and family, but everything important is done via pass - which only needs a git server, which I have anyway.
emhl 36 points 3 years ago
- My own search engine (a meta search engine like searx-ng would be fine though)
- a tor exit node, because don't want to deal with the legal hassle (i run snowflake on multiple machines though)
- a SMTP relay (recieving email is easy. Sending email is a pain in the ass)
VanillaGorilla 7 points 3 years ago
Sending email is super easy as well. Making sure everyone can receive it is such a pain though.
moist_towelettes 35 points 3 years ago
Bitwarden actually. I was really split on this but ultimately I trust Bitwarden, the company, to run a secure server than myself.
Who has time to track CVE's and react to them in a timely manner? I don't. If something happened, I probably don't have the infrastructure or know-how to even realize I had been breached.
poVoq 25 points 3 years ago
A public Matrix server. Its just a never ending black-hole of ever increasing storage requirements and the software is too buggy to not become a maintenance hassle.
I do run a Synapse server for bridging purposes, so I am not just talking in theory.
u_tamtam 3 points 3 years ago
And so damn easy to self-host in general. Ejabberd is batteries included down to offering stun/turn for audio/video calls, Erlang is just unrivaled when it comes to hot reloading so updates are effectively zero-downtime (unsurprising considering all the business critical environments it's deployed).
At first (and especially because I went with Matrix originally) I wouldn't think of self hosting all my instant messaging, but in retrospect, ejabberd is one of the easiest services I've got to maintain. I highly recommend everyone to give it a shot, especially to all the matrix refugees to whom it was a surprise/disappointment.
DeltaWhy 24 points 3 years ago
Backups. Cloud services like Backblaze B2 are so cheap for the durability they offer, it just doesn’t make sense for me to roll my own offsite solution with a Raspberry Pi at my parents’ house or something. Restic encrypts everything before it leaves my machine.
Password manager- it’s too important and it’s the thing that has to work for me to recover when I break something else. I’m happy to support Bitwarden with a few bucks a year.
Email- again, it’s mission critical and I have a habit of tinkering with things and breaking them. And it’s just no fun. The less I need to think about email, the happier I am.
hempster 10 points 3 years ago
That's what "1" in the "3-2-1" backup strategy stands for, a true offsite backup (preferably continent where you do not reside) For "2" I would still deploy a local offsite at someone's house for quick disaster recovery.
Downloading your 10TB data from B2 (or even requesting a tarball HDD from them) is costlier than recovering from an offsite backup facility within an hour's reach.
zaphod 3 points 3 years ago
Re backups, to be clear it sounds like you're specific referring to offsite backups.
I run my own local backup server using syncthing for replication and restic for snapshotting, but I also send offsites to cloud storage (in my case gdrive).
Yearly1845 1 point 3 years ago path: 0 1995322 2010774, hotness: undefined, score: 1, children: 1
hot_guava 1 point 3 years ago
Because the assumption is there's very little throughput. Storage isn't really that expensive, but bandwidth is and Backblaze is only cheap if you aren't trying to get at your data regularly. That's fine for backups because hopefully you never need them.
EDIT: I should say that for an individual user, getting data out of Backblaze isn't that expensive, but it's more expensive than cold storage. I think they charge $.01 per GB transfered, so a 10GB movie would cost you about ten cents to stream. It would cost you $100 to recover a 10TB backup from Backblaze (though for a fee than can mail you some of that on a hard drive, I think).
aard 6 points 3 years ago
I find it funny that a bunch of the simple basics are nowadays considered complicated. I've been doing my own mail and DNS for over two decades now, and don't see a reason for stopping. It is pretty low maintenance, and generally less headache than having someone else do it.
Toribor 2 points 3 years ago
Standing up email might not be that hard... but it's much harder to ensure that your mail will actually be delivered successfully. Plus it's not a service you can typically afford to go down. Any emails you miss during that downtime are gone forever, whereas even if my Vaultwarden credential vault goes down I can access passwords from a device that has things cached at least while I fix things.
Plus the big providers just treat small mail servers with a lot more skepticism than they did 20 years ago.
aard 2 points 3 years ago
Plus it's not a service you can typically afford to go down. Any emails you miss during that downtime are gone forever
The sending server will retry a few times, so you have at least a few days to bring it back. And if you prefer an additional fail-safe - adding a secondary MX somewhere else which will just store mails until the primary comes back is trivial.
realcaseyrollins 19 points 3 years ago
A social media platform where you can post or view images. I don't wanna deal with CSAM.
kameecoding 14 points 3 years ago
not complicated or hard, just don't care enough: music, spotify is fine, especially on the family plan.
alvaro 13 points 3 years ago
@Tinnitus@lemmy.world I would say in retrospective, email, but it is too late now.
While I do have self hosted backups, I also have offsite, paid copies as well, not sure if that can be considered "self hosting" though.
Tinnitus 4 points 3 years ago
Email was one I figured I would get an answer for. I know plenty of people do it, but I’m not sure if I’d trust myself to do it right.
The paid offsite backups just seem like a good idea. Some might have the ability to also self-host that, whether it be in a friend/family members home, but if that isn’t an option, paying for a service could save your ass some day.
IsoKiero 4 points 3 years ago
Email was one I figured I would get an answer for. I know plenty of people do it, but I’m not sure if I’d trust myself to do it right.
It's not even about doing it right. It's a PITA to manage when big players can just decide to block your server and then you'll be jumping trough hoops with Microsofts spam filtering program and whatnot just go get your messages trough. It's got very little to do if you've managed things right on your end, random issues with delivery just pop out of the thin air and it's your job to monitor it, swear by your mothers name to the big players that you'll play nicely and hope that their robotic overlords are satisfied with your time and effort.
And if you host email for anyone else it gets exponentially worse. I've been doing it long enough that apparently my server has a reputation now so those cases aren't as frequent as they used to, but they still pop up now and then and it takes time to figure it out with no other reward than the issue goes away, until it returns without any way to really know why.
alvaro 1 point 3 years ago
@Tinnitus@lemmy.world tbh I started hosting my email when I was young, I wanted to learn and had no major responsibilities. I think you learn a lot in terms of UNIX processes, networking, specific details about email like DKIM, etc. but at this moment I would not start doing it by myself.
Still every now and then something breaks and it is kind of painful to review things. Additionally, sometimes your emails are considered spam.
SocialDoki 1 point 3 years ago
I did email for about a year. Sucked shit so I cut my losses and closed the thing down.
alvaro 1 point 3 years ago
@SocialDoki@lemmy.blahaj.zone what do you use now?
SocialDoki 1 point 3 years ago
Honestly I've got like 7 different addresses spread across 3 different providers. Email isn't important enough for me to worry too much about privacy and control. It's mostly just a place to collect spam for me these days.
shrugal 10 points 3 years ago
I tried getting a music setup to work, but I couldn't find a good solution for generated playlists with new song recommendations. The self-hosted music service just can't add songs it doesn't have yet, so it's not really feasible. Plus I still have a very cheap YouTube Music subscription from the GPM days.
chiisana 4 points 3 years ago
Yeah I think the closest thing I’m aware of is Plex and album/track mood on smart playlist, and even then that’s kind of janky (ie: cannot shout into smart assistants to creat one on the fly). Music is so cheap now, even the free Amazon Music I get from Prime serves my needs, so I don’t even bother with it.
jetsetdorito 10 points 3 years ago
I feel like I'm having a change of heart on NextCloud... Every time some little thing breaks I have to figure out how to fix it
jetsetdorito 5 points 3 years ago
It largely is, but yesterday the Recognize app broke and I have no idea how to fix it. I think the environment got messed up from an apt-get upgrade? Its little things like that I have to figure out how to fix
megamutant 1 point 3 years ago
Nextcloud AIO has officially hit the 1 year mark for me without any issues. The truck has been to use it as a real Dropbox replacement not a Google Drive with word and all these other integrations. I had it break 3 times due to weird updates because of that the prior year. Using it to mirror/backup files is pretty nice.
legenderic 2 points 3 years ago
Okay, but do you run it in containers or on bare metal?
2xsaiko 3 points 3 years ago
Bare metal (using the NixOS module, so the manual stuff like database upgrades after an update and such is automated). Only containers that go on my servers are Pterodactyl because it requires it ;)
Yearly1845 1 point 3 years ago path: 0 1963277 1967897 2010756, hotness: undefined, score: 1, children: 2
Yearly1845 2 points 3 years ago path: 0 1963277 1967897 2010756 2011213 2020899, hotness: undefined, score: 2, children: 0
mesamunefire 1 point a year ago
For updates yeah. I used to run it with docker and just about every other major update would break it. Then I went to bare metal...still broke. Now I have it on yunohost and its...better. Its only broken once last year. But heavy backups is how I deal with it.
ShittyBeatlesFCPres 10 points 3 years ago
I don’t self-host Nextcloud. I have a cheap cloud instance running it and it’s essentially my off-site backup for important documents. I don’t put just anything up there but I live in New Orleans so I feel like I should assume my home server won’t necessarily be online when I most need insurance documents and shit like that.
lastweakness 1 point 3 years ago
Same, Hetzner Storage Share has been really good for me so far.
newIdentity 2 points 3 years ago
It's not that hard honestly. I only have one TB though but it really isn't that much of a hassle.
finestnothing 2 points 3 years ago path: 0 1939161 1947753, hotness: undefined, score: 2, children: 0
h3ndrik 7 points 3 years ago
Nothing really. I'm comfortable hosting mail, chat, my passwords and important documents. However:
Hosting personal/important data for other people is a bit intimidating because you kind of guarantee for safety and availability.
And services that are likely to be misused for illegal stuff and would be too bothersome. Otherwise i might host an anonymous spam eating email-forwarder, maybe a tor exit-node and a forum where adults can practise free speech. But that kind of stuff just attracts the wrong kind of idiots.
zaphod 11 points 3 years ago
First, that's what recovery codes are.
Second, that's what backups are for.
Frankly, given what we've seen with LastPass this past year alone, there is absolutely no one I would trust to host any of my credentials.
My TOTP seeds go in a Keepass database that has a very long passphrase. That database is then sync'd across devices with syncthing and included in encrypted backups.
lastweakness 1 point 3 years ago
Can Authy really be trusted?
hempster 1 point 3 years ago
Out of all hosted options available that I lasted tested 2-3 years back, Authy is the only one that reliably syncs and backups seeds across devices. I would switch in an instant if something like Bitwarden comes up but for 2FA only.
giant_smeeg 1 point 3 years ago path: 0 1984923 1989992 1990872, hotness: undefined, score: 1, children: 0
koinu 2 points 3 years ago
I think someone else already mentioned it, but just to reiterate... Anything for other people who aren't my wife and future kids.
Password manager, file backups, photo backup, whatever.
If something happens to me, or I pass away, wifey has instructions on shutting everything down (probably should write instructions on how to save all the important stuff).
But I don't want to deal with other peoples stuff. I like tinkering with my server and different docker containers, etc. So I don't want someone complaining they can't access their photos because I wanted to try something new. Also, just don't wanna be responsible for storing their photos and important documents.
Samsy 1 point 3 years ago
In the early days it was cloud and mail, since Mailcow works really good, it's just the cloud. Because nextcloud is too much hassle, all this php stuff... I have a managed nextcloud at hetzner and I am really happy this is something I haven't to worry about.
I check ocis from time to time, if it is usable the same way, I would selfhost my cloud again. NC on selfhost? Only if they do the same steps ocis already made. Because ocis is a simple single binary without php.
DunkinCoder 1 point 3 years ago
IRC server or ZNC bouncer.
selfhosted
@lemmy.world
60075
6388
7716
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam.
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
Submission headline should match the article title.
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
go to feed...
selfhosted
@lemmy.world
60075
6388
7716
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam.
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
Submission headline should match the article title.
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
go to feed...
Tor exit node, public Lemmy instance.
save