this post was submitted on 02 Oct 2024
112 points (99.1% liked)

Selfhosted

40183 readers
766 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hey there!

I'm thinking about starting a blog about privacy guides, security, self-hosting, and other shenanigans, just for my own pleasure. I have my own server running Unraid and have been looking at self-hosting Ghost as the blog platform. However, I am wondering how "safe" it is to use one's own homelab for this. If you have any experience regarding this topic, I would gladly appreciate some tips.

I understand that it's relatively cheap to get a VPS, and that is always an option, but it is always more fun to self-host on one's own bare metal! :)

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (1 children)

So many suggestions here but I thought I'd chime in because I have a setup very similar to what you suggested and I found a very easy way of hosting it securely. I am using Unraid on a system in my house. I have my web service running in a docker container. I exposed it using a cloudflare tunnel. There is an Unraid plugin for cloudflare tunnels that takes out a lot of the configuration work involved in getting it running locally. You just have to also set up a corresponding endpoint on Cloudflare's website and have a domain name registered with them for you to link to it.

The way it works then is when someone requests your domain (or subdomain) in their browser, Cloudflare gets the request and redirects the traffic to the cloudflare tunnel client app that you set up in your computer. That app on your machine then redirects the traffic to your other container that is hosting your web service and established bidirectional communication that way.

The benefits to this system are:

  • Relatively easy setup, especially if you want to expose more services in the future (you'll need to run a separate cloudflare container for each service exposed though)
  • No need to open ports in your router or firewall on your home network. Cloudflare just knows how to communicate between its server and its client app on your computer (I think you have to set up an access token so it is secure).
  • None of your users ever learn your home IP address because once they connect at Cloudflare's server, they don't get any more knowledge than that about what's on the other side.
  • It's free (not including the cost of registering your domain)
  • You don't have to worry about changing anything if your ISP randomly changes your IP address. Hell, you could even move to a new house and take your computer with you and you wouldn't have to reconfigure anything.

Downsides:

  • You have to trust that Cloudflare is not scraping all the traffic going through the tunnel.
  • Some people have a moral issue with giving Cloudflare more responsibility for hosting "the Internet". We already rely on their infrastructure heavily for large sections of the Internet. If they ever become malicious or compromised, there is a lot to lose as a society.

I believe you can use Wireguard and a rented VPS to recreate this setup without Cloudflare but it will require a lot more knowledge in order to set it up with more points of failure. And it would cost more because even though Wireguard is FOSS, a VPS will cost you a monthly fee of at least a few bucks per month.

I currently have 2 services exposed using Cloudflare tunnels on my Unraid system at home. They've been running for over a year now with 0 interruption.

[–] [email protected] 1 points 1 month ago

Thanks for the detailed explanation, really appriciate it! Learned a thing or two here :)