[hinkley]

What is the state of the art in leveraging your home network to have a presence (website or otherwise) on the internet?

Fiber just became available in our neighborhood recently and I'm about to have fewer people sharing our network, so the idea of being able to host my own files is becoming attractive again.

We are about to be due for this pendulum (centralized vs distributed) to swing back again and I like to be prepared.

[candiddevmike]

You can run a website off a cellular connection, you don't need fiber for that. The pendulum has never left decentralized from a tech standpoint, folks are just too lazy.

Home computer ownership is tanking, millennials were probably the last "power user" generation, and there's just no major interest in self hosting with the convenience of cloud. Even among tech professionals like HN.

[luma]

As someone with a full homelab with all the fixins, I don't self-host external-facing services without a VPN (meaning, no ports open into my network and thus no public web sites etc). This isn't because I don't know how, or that I'm too lazy, but rather an acknowledgement that it's a huge security risk and it isn't necessary.

My public facing stuff lives on cheap cloud services and is kept well away from my home network.

[quaintdev]

r/selfhosted would like to have word with you. That sub is increasing steadily.

https://www.reddit.com/r/selfhosted

[candiddevmike]

I'm a member, I even built a self hosted home organizer (https://homechart.app). It's a niche community with a very high cost of entry (time/money/skill).

[nirav72]

Regarding the money aspects of the high cost of entry - you can source cheap hardware from secondary markets. I just helped a friend setup a cheap selfhosting/homelab for his home. He bought couple of HP EliteDesk 800 G4 minis for $99/each with i5-8500T CPUs. Each came with 16gb ram. Both units had NVMe drives. So we just had to add couple of 2.5 SSDs 2tb ($50/each) for media storage. Running Ubuntu server with CasaOS ontop with handful of containers for media consumption (e.g Jellyfin) on one unit. The i5-8500T is new enough and supports Intel quicksync. So no GPU needed for transcoding. The second unit is running cloudflare tunnel daemon for things like his MicroBin(like pastebin), Wireguard VPN and NextCloud for external access. He still has plenty of room to add more applications to both servers.

[candiddevmike]

Where'd you find those, ebay? That sounds like a great deal.

[nirav72]

Amazon Renewed. But Ebay has them as well. Often a bit cheaper on ebay. If you spend a bit more time searching.

[gottorf]

Not the GP, but eBay is great for off-lease or just plain old computer equipment.

[rconti]

I think the pendulum DID swing, as The Cloud became more popular and connections became radically asymmetric with very slow upload.

[hinkley]

The story with the Cloud is that everything is distributed. The facts on the ground are that everything is more consolidated than it has ever been, mostly into 3 companies, and dozens of datacenters each.

I don't think the Internet has been this small in that respect since the early 90's.

[candiddevmike]

10 Mbps upload is plenty fast for hosting things like websites and web apps.

[ndriscoll]

Not really. For my daughter's birthday, I put together an album of around 100 photos to share with family. That came out to 386 MB at default quality settings in digikam, which would take 5 minutes to download at 10 Mb/s. Even for smaller things where maybe I share 10-15 photos from a day out, that'd take ~30 seconds to load. I can drop the quality just for sharing on the web, but I'd rather be able to just share it.

Likewise with backups, each photo is ~40 MB for RAW files, so 10 Mb/s can take all day to backup a couple hundred photos.

That's without even getting into video. Off the camera, video files are ~200 Mb/s. Backups of the raw footage take forever, and sharing at the original quality is a non-starter.

[candiddevmike]

> 10 Mbps upload is plenty fast for hosting things like websites and web apps.

I made no guarantees for file sharing or backups...

[ndriscoll]

I would consider things like home movies and photo albums to be one of the main use-cases for a personal website (photo albums are pretty much what everyone in my social network uses Facebook for today). If you restrict to text websites, we could all get by with < 1Mb/s internet connections.

Backups are something else sure, but for personal hosting, the world is easier if you can just plop photos into a directory with maybe a simple html (or in my case xml) file and not deal with things like generating thumbnails or different quality settings.

[rconti]

10Mbps is barely enough to send the ACKs on a 250Mbps download. Maybe it's fine as a dedicated connection, but you might not want to be hosting anything on your home connection.

[ricw]

As long as you have a static IP address, this is trivial and typically very reliable. Throw an ATS battery into the mix and the internet will be super reliant, even when the power goes down.

Am doing this at home with a fibre line and it's been super reliable.

[chaxor]

Dynamic dns is a thing?

[rjsw]

The choice for my fibre ISP is between static IPv4 or carrier-grade NAT. Both options get IPv6.

[xur17]

My ISP uses dynamic dns, but it never changes unless my modem is down for several minutes. My router has a script that updates a dns entry if it changes, but realistically this rarely happens.

[nickspacek]

I don't want to open my home network to just anybody, so I have a "jumpbox" that is the lowest-end shared VM at Hetzner. It runs nginx, dnsmasq, and Wireguard; my home servers connect to it, I add other peers as I need to, and dnsmasq resolves the hostnames using Zeroguard IPs for the home network.

I have 3 sets of DNS entries for the home lab servers:

1. "internal"/home network addresses (e.g. your 192.168.x.x) 2. Wireguard addresses (e.g. 10.0.x.x) 3. public DNS entries that all resolve to the jumpbox

The purpose of #3 is to support simple Letsencrypt setup: nginx on jumpbox forwards Letsencrypt requests to the internal servers over the Wireguard connection.

Internally, I use a https://github.com/nginx-proxy/nginx-proxy setup, so that any time I want a new service running inside the home lab I just have to:

1. Pick a hostname and add it to public DNS 2. Configure its Docker container to add the environment variables that nginx-proxy looks for 3. Add the hostname to the jumpbox /etc/hosts 4. Add the hostname to internal LAN DNS

It's a little much but I like how it works. It's not so bad to get setup.

[vollmond]

> Just then, a bandwidth load as heavy as a pregnant elephant sits down on Manfred's head and sends clumps of humongous pixilation flickering across his sensorium: Around the world, five million or so geeks are bouncing on his home site, a digital flash crowd alerted by a posting from the other side of the bar. Manfred winces. "I really came here to talk about the economic exploitation of space travel, but I've just been slashdotted. Mind if I just sit and drink until it wears off?"

- Charlie Stross, "Accelerando"

[V1ndaar]

Damn, I read that book as a teenager in 2006 or 07! I've been thinking about a reread whenever I remember it. It was the book that really made me appreciate the whole technological singularity idea back then.

[vollmond]

I've been trying to find my paper copy all week so I can reread it. Might just give up and read it on his site: https://www.antipope.org/charlie/blog-static/fiction/acceler...

[bombcar]

For me the state of the art is realizing that you do NOT need 99.99999% uptime for personal stuff.

Once there, do whatever you want. Get a DMZ or even a separate connection if you really want to go wild, but it's not terribly complicated.

There are even "in a box" solutions - such as https://mailinabox.email or https://owncloud.com

[organsnyder]

Cloudflare tunnels are easy to set up. Otherwise, serving directly can be an option if you have a public static IP from your ISP or a public dynamic ISP and are okay with doing dynamic DNS.

IMHO the key is to have a good router/firewall that gives you the flexibility you need—ideally a custom box like OP. My software preference is opnsense, but there are plenty of other good options.

[ozarker]

I'm hosting my blog on machines running at home accessible via a Cloudflare tunnel. It works very well in my experience. And it's nice not having ports open to the internet or having to mess with dynamic dns.

[h2odragon]

I'm tinkering with a Raspi to do that sometime soon. Its going to be on an isolated network segment off an openwrt router that'll forward ports and hold the public ip. Technically it's ready to go but I'm enjoying tinkering with it still and no rush to put anything up.

its not "state of the art" but I expect it to serve my needs.

[fulafel]

It depends, if you have real IP connectivity on your box you just run a web server and bob's your uncle. If you're stuck behind a nat for v4, try v6. Or port forwarding or VPN to a cloud provider or vps with better IP connectivity.

[Symbiote]

I just run a normal website through a normal (major company) connection with their supplied router.

I have 10 minutes or so of power outage per year, otherwise it works fine. Maintenance effort is close to zero, security update apply automatically.

[tgtweak]

reverse dns to catch your dynamic IP changes, and port forwarding/dmz on your modem/router should be all you need if your ISP doesn't block port 80/443.

If your ISP does port block (or you don't want to port forward or expose your IP) you can also set up a cloudflare tunnel (warp?) on a server, and point it to your local webserver's port, and set your cloudflare DNS for your domain so that it points to your warp tunnel. This way requests for the website go to cloudflare then to your machine and on to your local webserver.