I’m trying to better understand hosting a Lemmy Instance. Lurking discussions it seems like some people are hosting from the Cloud or VPS. My understanding is that it’s better to futureproof by running your own home server so that you have the data and the top most control of hardware, software etc. My understanding is that by hosting an instance via Cloud or VPS you are offloading the data / information to a 3rd party.
Are people actually running their own actual self-hosted servers from home? Do you have any recommended guides on running a Lemmy Instance?
Isn’t control limited on 3rd party hosts for security purposes?
Not really, you’re ideally paying for a server that you have complete control of. The differences are mostly just fundamental limitations.
Example: if you’re hosting off site, you will always be connecting remotely, so your access depends on a network connection. If you’re hosting at home then your stuff is still accessible when your internet goes down
@[email protected] not sure what that means but I guess you can do certain thing in your home server not allowed on a VPS. OTOH, an email server at home for example is much more difficult to achieve because your ISP most likely won’t allow you to open port 25
I was just reading through
Lemmy-AnsibleGithub docs and wasn’t sure if a 3rd party server or a home server was going to be better to run. The documentation doesn’t feel super user-friendly or maybe I’m just not as tech-savvy as I thought.@[email protected] idk about ansible but if you are starting I would recommend starting small, in your personal computer. Docker is a good way to start
This may be way of scope for this thread but I’m not sure a better place yet to ask and learn more about how all this works. Say I run my Docker Container from a home PC, how do I make my Lemmy Instance accessible to the public? I’m familiar with web hosting but only from hosting on a simple 3rd party, where you buy a domain.
Agree with the VPS in this case. For sure you can create public-facing services in a home server or home lab, but to do so you need:
If you’re new to these things, Id start with something more mature for personal or family home use first. Like NextCloud, HomeAssistant or Jellyfin media server. Lots of YouTubers have covered how these can be set up as a reference.
Lemmy is still alpha, full of bugs and security vulnerabilities and needs regular hotfixes and babysitting. Permitting Joe Public into your home services is ripe for disaster unless you have the time and expertise.
Operating internet-facing services in the home, in my opinion, requires a layer-3 managed switch so that internet traffic is 100% separated from home traffic, w/attendant DMZ to bridge home<-> internet-facing services safely.
L3 managed is the simplest method to contain a penetration to just the internet-facing devices (which is still pretty bad). Cloud hosting is more manageable, but you must watch the spend.
The biggest issue is a DDoS attack on the home network, which could impact internet-facing services and home clients (streaming TV, gaming, email, etc.).
Agree. Best to have that dedicated hardware, and a degree in network engineering first! Hah :)
tech waffle...
You might achieve network isolation without dedicated managed switches by: using prosumer routers or OpenWRT, with a Hypervisor like Proxmox, which support VLAN tagging. But this wouldn’t save your home connection from a DDoS. To help with that, running public services behind CloudFlare seems to be one of the better choices, even our Lemmy hosts are using.
If you’re starting out, best keep internet facing home services private through a VPN, maybe ZeroTier or TailScale. Don’t advertise them publically at all.
@[email protected] yeah if you want to host something like Lenny you may be able to do it on a home server but in terms of ports blocked, security, etc I guess it is easier to run it in a VPS
It is, if you can host at home and use a cheap vps as proxy is better in my opinion. Like it or not when you host something you will put sensitive info in your vps and ofc you should trust them. Exactly like the vpn providers, they will fight for your rights paying 5 dolars/months? For sure no.
Or your Internet provider, they will also not fight for your rights paying $30 a month.
My services are not accessible from my wan, i forward all my services to a cheap vps,using a proxy and trafic is encrypted. So i am not worried about my isp also my real ip is hiden. I use something like cloudflare zero trust… but is open source.
I’m less worried aobut sensitive info and more worried about owning the data. I’m looking to avoid a sitaution where I offload all the data to a 3rd party and lose access or pricing get expensive (like a Reddit situation). I’m more worried by offloading the data to a 3rd party I can’t verify that they’re not reselling it. etc.