[machrider]

One thing I've worried about with self-hosting small (or smol) services is that I'm responsible for securing them against attackers. Even if my circle is 15 people using a particular service, potentially thousands of malicious actors will be poking at it over the months and years I'm running it.

I'm a big fan of self-hosting, especially things that I can run inside my home with no internet-facing ports. But anything that will be outward facing has to be sandboxed from everything else, kept up to date, and monitored for intrusions. It can be daunting unless you definitely have time to stay on top of it. I'm curious if any self-hosters have thoughts about this.

[kornhole]

I have been running an SBC server at home for years with many publicly available services for friends and family. To keep everything secure and easy to maintain, I use Yunohost.org which is a distribution containing most of what you need to easily install, secure, update, backup, and manage the server. It includes fail2ban and other security measures. If you or your server would be target of a persistent attacker, using VLAN's or a VPS would be a good idea. I am sure somebody will comment on some tangents to go down a rabbit hole, but I am like probably 95% of self hosters whose servers contain nothing of any value for a hacker.

[kensanata]

As the "Administration" tag for my blog will attest, the sysadmin side does take a lot of work. Every now and then something is down, something needs defending (like the current HN users all clicking on the site which is running without any caches…), and on and on. In my experience, it's not so much cybercriminals that keep me busy but bad programmers that write spiders that treat every website in the world like corporate infrastructure. Stuff like git, cgit, radicale, a bunch of web apps, a netnews server, an IRC server, those things aren't tricky. But of course I also decided not to host mail, matrix, Next Cloud and so on. You need to pick your battles, too.

[TheNewsIsHere]

In the past I ended up in a place where I self-hosted virtually everything I consumed within my network that could be self-hosted. Right down to major OS software update caching.

It’s definitely exhausting and I hit upon a point where it felt like I couldn’t distinguish between home and business infrastructure. I expanded to include family stuff, and that became a massive headache. When you do that, it’s not always easy to extricate yourself either. It took several years to downsize so my services were only consumed by me again. Then a few more to fully move to non-self-hosted almost-everything.

I used to host my mail but that eventually becomes a headache. It didn’t become an admin headache, but overtime it became either/or (depending on the time) a technical liability or a security concern.

These days I try to buy/pay for the services I consume instead of self-hosting. However I’ve been moving back to assuming a “self hosting first” mindset because it seems like so many tech companies are actively trying to alienate their user base lately.

Tailscale does make sharing services amongst groups of technically minded friends _crazy_ simple.

[rglullis]

You seem like my dream customer for communick. What can I do to have you joining it?

[DANmode]

If (all of) your users are worried about it, or can be convinced to, it's not difficult to put great measures in place today.