Self Hosting

It's becoming increasingly important to take control of your own data. Examples of data you may wish to take control of include your website, password manager, photos, calendar, contacts, social media profile and documents.

When you upload your data to the "cloud", what you're really doing is handing that data over to a trusted third party and putting it on hardware that you do not physically control. The security and privacy of your data is outsourced to this third party and you can be deplatformed at any moment.

There are advantages and disadvantages to self hosting and it's important to decide if it's right for you.

The benefits are clear. You aren't subject to other people's decisions. You are in control of your own data and where it goes and therefore you enjoy the benefits of privacy. Your data isn't sold, distributed without your permission, deplatformed or censored.

However, it comes at a cost, from a monetary perspective as well as time to learn and understand.

This document lays out how I get the job done. I go into details about my internet connection, hardware and the software I'm using.

Internet connection

Your home internet connection should preferably be stable with decent upload capacity. For self hosting, ideally you want a connection that has a public facing static IP address, but this is not necessary.

You will pay a premium for a static IP address, but it allows you to access your devices from anywhere in the world using OpenVPN (or Wireguard). If you've got a dynamic IP address, it can be used in conjunction with noip.com. It might be worthwhile looking into a business plan, rather than a residential plan. Residential plans might block or prohibit the use of certain ports such that you're unable to host websites. If you're on a mobile/wireless connection, it's unlikely you'll have a public facing IP address. You can use Tailscale or ZeroTier to connect to your devices. For hosting websites publicly, you can use Cloudflared.

My plan is a 100/40mbps with a static IP address.

Hardware

To self host, we're going to need some equipment. We need a router and a desktop computer that we can run 24/7. All of these devices will need to be switched on and permanently connected to the internet.

For my router, I use an old Dell Optiplex computer with an Intel 4 Port Network Interface Card (NIC) in it. It has a 250GB SSD that my friend gave me, 8GB RAM and an Intel i5 CPU. It is complete overkill and consumes more electricity than it's worth, but it gets the job done. I also have a Netgear R7000 set up as an access point, offering wifi throughout my house and 4 LAN ports to which my devices can be plugged into.

For my desktop, here are my specs:

• Intel i7-4790K @ 4.4Ghz
• 32GB DDR3 RAM
• NVIDIA GeForce GTX 760
• Drives
  • 512GB NVMe SSD Samsung 960 PRO (operating system and storage of virtual machines)
  • Seagate 4TB HDD (data)
  • 3 x 1TB hard drives for various backups and additional uses

Software

pfSense

My router is running pfSense. As I mentioned, it's completely overkill to be running this on the machine I have. You may wish to look to alternatives to run this software on. I would advise that you run pfSense on a dedicated device.

What does my pfSense router handle?

My pfSense router is the backbone to self hosting. Here's what I have done with it.

1. Set up an OpenVPN client connecting through to my commercial VPN provider. This helps to protect all my devices from giving away my real IP address. I can set certain exceptions for devices to not connect through the VPN. The only exception I have is for my TV. My streaming service blocks my VPN.
2. Set up an adblocker throughout the network. I still do, however, use Ublock Origin extension on my browser. The pfSense plugin to do this is called pfblockerNG.
3. Set up an OpenVPN server, allowing me to access my network from anywhere in the world. Because I have a public facing static IP address, I am able to connect to my home network in a secure way. One of the best parts is that when I'm connected to my VPN server, it acts as if it was just another device on the home network, which means I'm also protected by my commercial VPN provider when I'm out and about. I usually have 2 devices - my laptop and my mobile phone connected to my home VPN.
4. Because I host public facing websites, my pfSense router is also configured to use the HAProxy plugin as a reverse proxy. This tells incoming traffic where to go on my network to get the information they've requested. Related to this, I've also got the ACME plugin installed which manages Let's Encrypt SSL certificates required for serving traffic over https.

To solve the issue of not having a static IP address, you could use a service such as noip.com in combination with your pfSense router. This would allow you to get access to your network's services.

Operating system

My desktop PC is running Pop!OS 20.04. It is based on Ubuntu, which is derived from Debian. I find this to be a very user friendly operating system that has the 'it just works(tm)' factor to it. It's a good operating system for beginners venturing down the Linux rabbit hole.

VirtualBox

All of my hosted services on the desktop run in separate virtual machines. Again, it's probably not the most efficient use of system resources, but it gets the job done. The virtual machines each are allocated between 512MB to 4GB of RAM, have a bridged network adapter (assigning it a new internal IP address), running Ubuntu Server 20.04LTS, all saved on the 512GB NVMe SSD. They each take up a minimal amount of storage space, between 10-50GB. The virtual machines are configured to start upon the boot of my desktop computer and run headless (seamlessly in the background). The following are the virtual machines I currently have.

• nextcloud
• vaultwarden
• pleroma
• bludit
• hedgedoc
• mediacentre
• photoview

I'll go through what each software does in detail and how it's been deployed.

Nextcloud

Nextcloud is a software that hosts storage, calendar, contacts and notes. It does other things like collaborative documents and chat functionality too. But since there's nobody else on my instance, it's just me, there's no one to really collaborate with. It is only available on my network, it has not been exposed to the world. I am able to access it remotely through connecting to my OpenVPN server.

You might be thinking, why is your nextcloud instance only allocated 20GB? Shouldn't you allocate more? No need. My data is stored in the 4TB hard drive. I have set it up such that my nextcloud instance is able to access the data on that drive as a network shared drive using samba (or SMB). The advantage of this is that in the event of nextcloud going down, or if I need to change instances, I don't have to back up much. All my data just sits in the 4TB drive, waiting to be read and served by nextcloud. The only data that's stored natively on the instance is my contacts and calendar, which is easy enough to import/export as required.

All of my devices (desktop, laptop, mobile) are able to view, edit and save to the 4TB drive using nextcloud. I'm able to synchronise folders with my devices that I need synchronised.

In terms of guides I used, initial set up guide that I used is here.

I did not create this in a /nextcloud folder. I just put the files straight into /var/www/html.

I amended the nextcloud.conf file such that instead of going to http://ipaddress/nextcloud, it goes to http://ipaddress instead. The amended file is here.

Alias / "/var/www/html/"
<Directory /var/www/html/>
    Options +FollowSymlinks
    AllowOverride All
      <IfModule mod_dav.c>
        Dav off
      </IfModule>     

     SetEnv HOME /var/www/html
    SetEnv HTTP_HOME /var/www/html
</Directory>

In terms of setting up cache, I used Redis. It makes the instance a bit snappier. To do that, it's a matter of installing redis with two packages.

sudo apt install php-redis redis

and adding the following to the bottom of the config.php file. Be mindful of the syntax/parenthesis. The location of the config.php file is /var/www/html/config/config.php

  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 6379,
    'timeout' => 3,
  ),

In terms of setting up https, I followed this video tutorial here and adjusted it accordingly.

In your Settings>Administration>Overview section of nextcloud, you want it such that "all checked passed". You'll need to read through what the warnings and error messages you're getting.

Once you're happy with your nextcloud setup, you can start to import your contacts and calendars. You can then keep it sychronised with your mobile phone using an open source software called DAVx5.

Vaultwarden

Bitwarden is a highly rated password manager. But instead of using Bitwarden's servers, you should consider hosting your own instance. Vaultwarden, previously known as Bitwarden_RS, is a lighter version of Bitwarden which makes it easier for individuals to host their passwords across their devices and browsers.

This is a server that I do not expose out to the world, but have it on my local network. I can access it remotely through my home VPN on my laptop, or mobile device.

In terms of installation, I launched a virtual machine with Ubuntu Server 20.04LTS and installed docker. Instructions for docker installation are here for Ubuntu.

I would also consider executing this command so you don't have to use sudo.

sudo usermod -aG docker <your-user>

Once you've installed docker, you can pull down the docker repository using the instructions on the GitHub repository.

The more challenging part is using HTTPS and generating self signed certificates. I found an excellent video tutorial that will help you get your head around it. It's for specifically made for the Raspberry Pi, but it works the same for Ubuntu. Have a watch of the video in its entirety, it is well worth your time.

The commands required are found here.

Pleroma

Pleroma is social networking software compatible with other Fediverse software. If you're looking for a quick primer into what the "Fediverse" is, consider watching this. Pleroma works very similar to Twitter.

It's a little more lightweight than a Mastodon instance and it's easier to run.

The instructions I used to Installing on Debian Based Distributions but I would recommend installation using Installing on Linux using OTP releases.

It's fairly straight forward and takes you through the commands step by step.

The key difference in this setup is that the instance needs to be exposed out to the world, which requires the use of a reverse proxy. I'm using HAProxy on my pfSense router, but you might wish to use nginx instead. You should also consider putting it behind CloudFlare or a VPS such that your IP is not exposed to the world. I use Cloudflare. My instance is social.k3tan.com and you can add me on @[email protected]

With Pleroma/Mastodon you get a couple of timelines to watch. You get your local timeline, which are the toots written by those on your instance. You get your own timeline which is made up of toots by people you've followed, and finally you get a federated timeline, whereby you get toots from other instances.

To help the facilitation of content within the Bitcoin community, I have set up a relay that your instance can join. Once you've joined the relay, you'll be able to see a flurry of bitcoin related content on your federated timeline. The relay can be found at relay.k3tan.com and you can host your own relay if you wish.

It doesn't just stop at Twitter alternatives. The Fediverse has its equivalent Instagram and blogging instances as well. Which brings me to my next piece of software - writefreely.

Writefreely

Writefreely.org is a blogging website that is connected to the Fediverse. It allows you to create blogs and gets your ideas out. You can host it yourself. It's easy enough to do on Ubuntu because they've created a little installation script. The instructions can be found here.

There's not much other than to read through the instructions and get it set up and configured to how you want it.

I've exposed my instance using HAProxy on my router and put it behind CloudFlare.

Bludit

Bludit is an open source content management system allowing you to create a customisable great looking website. I have since upgraded from Writefreely to Bludit as it provides an easy way to create content with images and insert other HTML.

The k3tan.com blog is now using Bludit.

I have exposed by instanced using HAProxy on my router and put it behind CloudFlare.

HedgeDoc

HedgeDoc is an open-source collaborative markdown editor. If you want a demo of it, you can take a look here. It has some impressive features and makes your documentation look very nice.

I am running it on a virtual machine using docker. I've explained how to install docker above. Docker is the easiest way to get the instance up and running. The documentation to install HedgeDoc can be found here.

I am exposing it through HAProxy on my router and putting it behind CloudFlare.

It is very configurable with all the options listed out here

This concludes all the software that I run on my desktop computer for now. Let's now move on to the Raspberry Pi 3. What's that being used for?

MediaCentre

The media centre virtual machine is running Jellyfin. It is a server that allows you to connect Jellyfin clients. You can find the downloads page here.

In terms of clients, I have a raspberry pi 4 setup specifically with LibreELEC (Kodi). This has the Jellyfin add-on which allows me to view the contents of my media. This seperate raspberry pi is hooked up to my Samsung television (via HDMI) and I'm able to control it with my normal TV remote, which is very slick.

Jellyfin can also be used on pretty much any device. If I want to access it from outside my network, I can do so via my VPN.

Media Content

You probably now want some content to stream. I'm using Transmission, Radarr, Sonarr and Jackett to get that job done for me. The only tip I have is to make sure your file permissions are correct and that the user you install all this software to has access the directory you want to store your media.

The virtual machine also has access to a 1TB hard drive for the storage of media. I never re-watch the movies or TV shows I watch. They are scheduled, watched and occasionally pruned. I'm not much of a data hoarder in this regard.

Weechat

The Raspberry Pi also hosts Weechat, a client for IRC. Alongside this, I'm using a web based client to connect to weechat called glowing bear.

Photoview

Instead of uploading your photos to the Google cloud, photoview allows you to self host photos. I keep it internal to my network and can access them from anywhere I want using my VPN. The original photos reside in a hard drive and the software takes them in and builds an index of all the photos for easy viewing. I use the docker installation method to get the job done.

Conclusion

I have been self hosting my own media for a while. I've only just recently got into nextcloud, bitwarden and pleroma and the fediverse. I do enjoy trying out incredible free and open source software. I'm deeply fascinated by what computers can do.

I hope you've enjoyed the detailed and lengthy write up and hopefully you've found it useful.