Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
You might be misunderstanding the value-add of a CDN to self-hosting, so here's my attempt at explaining:
I've been self-hosting things for a very long time. In the old days, we would wrangle our routers to expose port 80 for HTTP (and later, port 443 for HTTPS) and forward those connections to the self-host server and then add the appropriate DNS records to point our website domain to our home IP address (which was its own fun challenge when ISPs refused to give static IP addresses for home plans). Relatively simple.
However, in recent years (especially after the pandemic) the internet has become a much more hostile place. People find vulnerabilities in your nginx/caddy/apache or whatever reverse proxy you use (or router, or any one of the many other parts of your network/software stack) gain access to your local network and your personal data. And then there are bad actors doing DDoS attacks or AI crawlers generating DDoS levels of incoming requests to overload your hardware.
All that combined means it's very dangerous to have your home IP exposed to the internet (allowing any sort of inbound requests) at all.
So, how do we access our self-hosted stuff while we're outside of home? The safest approach is to use a VPN. Tailscale is the most popular one that I've come across. Only client devices that are connected to the VPN have access to your stuff. Random bad actors can't poke your self-hosted stack for vulnerabilities.
Okay, what if you want to share something with people publicly? I for one, use Immich for my photo libraries and it's very easy to be able to share a link to an album for friends and extended family to access without having to install and configure a VPN on their phones.
That is where cloudflare comes in. We can run
cloudflaredon our machine, which makes an outbound request to cloudflare and creates a tunnel to route all the incoming requests from their servers to your reverse proxy. Your network is still not exposed to the internet, and the edge nodes (the machines that actually front the incoming traffic from the clients) are not owned by you.Now, I guess it's feasible to rent a VPS on DigitalOcean/OVH/Azure/AWS and run a Tailscale exit node there to achieve a similar result. I haven't looked too deeply into Pangolin but it looks kind of similar. Now you're adding extra work to keep those configured correctly (and up-to-date), is less secure because you're not doing that full time (unlike the engineers at cloudflare) and you're still dependent on that VPS provider to not go down, so the disaster recovery profile hasn't changed all that much.
That's why there's no self-hosted alternatives to a CDN. I guess you can go with their competitors like Fastly/Akamai/etc, but all of them are considerably more expensive. And even the ones that do have free tiers have data limits or bill per gigabyte. That's an extra headache to worry about for that one month your mother decides to take 1000 videos of your son during the family vacation and her phone automatically backed up all of them at full-quality.
More eloquent than anything I could conjure up. In the 'at least it's not Cloudflare' column, how do you feel about https://ngrok.com/ or similar? I've never explored those avenues, but from what I hear, ngrok is fairly popular.
That's news to me lol. I've personally only used them for development so I can't tell you how good they are for running production services.
I just looked at their pricing page and it looks like the Free and Hobbyist only include 1GB and 5GB of data, respectively. I've never actually measured my data usage because Cloudflare gives unlimited data, but I suspect that's nowhere near enough for a photo sharing app like Immich.
True. I've never measured the bandwidth, but staring at ntopng flows for a few minutes and you can kind of get the enormity of ingress/egress, which is sometimes mind blowing to me especially for a little homelab outfit like mine. I was just curious if you had a handle on other venues besides the big guys, for the 'at least it's not Cloudflare brethren in the group. I mean, I know how I am about Google in that I absolutely deny any access. They aren't on my 'I HATE' list or 'I wish they'd go tits up' list, I just don't use them for anything. Now I'm sure that periodically, during my internet travels, I inadvertently use one of their services. With a vast catalog of services that Google possesses, they've got their fingers in everybody's pie. So I can kind of understand the Anti-Cloudflare coalition.
Yep, simply wondering what you think about it. Thanks, so the CDN is what you find hardest / impossible to replace without paying more from a similar service.
I did it more for the security aspect, but as @MinFapper@startrek.website points out, there are many advantages. The AI crawlers, the bad actors, et al make even the free tier worth considering. Don't go in blindly tho. Do some searching and reading and make up your own mind.