109 lines
7 KiB
Markdown
109 lines
7 KiB
Markdown
# Host your own services NOW
|
|
|
|
2023-06-24
|
|
|
|
I talk a lot about freedom, privacy and free software on this blog, but today
|
|
I want to talk about hosting your own services. But why should you host your
|
|
own services? Isn't that really scary and difficult? Doesn't it require very
|
|
powerful hardware? No, not really and I'm going to talk about some of
|
|
the benefits here.
|
|
|
|
Alright so let's talk a bit about why you should host your own stuff and what
|
|
you can host. There are many different services you can host. I'm hosting my
|
|
website, some files, a Git server, wiki, email server and might host more in
|
|
the future. But there are many cool things you can host, such as a Matrix
|
|
homeserver, IRC network, SearX instance, PeerTube, NextCloud, it goes on
|
|
and on. I won't be talking much about the specific services you can host today.
|
|
But why should you host all of this stuff? Why not just use Gmail, or a
|
|
public SearX instance, or GitHub, or any of these public services?
|
|
|
|
It's because as the sysadmin, you are very powerful and have a lot of power
|
|
over your users and your services, and my site and services are no exception.
|
|
You have power over everyone that uses your site and services. The ability to
|
|
delete their accounts, look at what they're doing, all of these different
|
|
things that you have no control over. When you host your own services though,
|
|
the only one who is going to be able to see what you upload to your server is
|
|
you (and your VPS provider if you're hosting using a VPS). Maybe other people
|
|
can see it if they manage to compromise your server or you let your web server
|
|
serve content that you don't want public. But in general, you're the only one
|
|
who is going to be able to see that.
|
|
|
|
Let's take a public SearX instance for example. Let's say you visit
|
|
searx.speedie.site and use it as your primary engine. Now, this search engine
|
|
does not exist because I host my SearX instance locally but anyways, if you visit
|
|
my SearX instance and use it to search for things, I have the power to log the
|
|
search queries you search for, and I have the ability to see all the anime pornography
|
|
you search for with great shame. Do you really trust me to not look at your
|
|
search queries? No? So why should you trust any other SearX instance or hell,
|
|
even Google for that matter. For this reason, you should take matters into your
|
|
own hands and host your own services that you have control over. That way,
|
|
you have the power to customize anything and everything about the service you're
|
|
hosting, shut it down at any time to perform maintainence, set up logging,
|
|
shred all logs and log absolutely nothing, etc.
|
|
|
|
But, doesn't hosting your own services require spending a lot of money? Doesn't
|
|
it require a very powerful computer? No. If you want to host many, massive big
|
|
files on a VPS or server that you rent, you may not have that much disk space.
|
|
But even if that's the case you can host from home on a cheap old Dell Optiplex
|
|
or maybe even a Raspberry Pi and just connect storage to it. I'm hosting a Git
|
|
server using Gitea, and all the repositories Gitea handles combined only takes
|
|
up approximately 870MB. And my public folder where I host downloads to all my
|
|
software only takes up about 30MB. That really isn't much, and you can host
|
|
that and much, much more on a cheap VPS. And the spmenu wiki I host takes up
|
|
31MB. So unless you want to host many, massive files I think making the
|
|
argument that you don't have space is ridiculous. Any desktop computer
|
|
from.. say 2008 or later is going to be able to handle hosting your site,
|
|
and the terrible hard drive it has is going to be able to hold all of
|
|
your files as well.
|
|
|
|
You can get a cheap VPS from Vultr for $3.50, and you can get a domain for
|
|
usually very cheap as well. I went with Namecheap for my domain name, and they
|
|
seem quite reliable and not very expensive. If you want to get a VPS from
|
|
Vultr, feel free to use [my referral link](https://www.vultr.com/?ref=9327892).
|
|
There are other VPS companies though, and I still recommend hosting from home
|
|
if you are able to, and your ISP reliably allows you to because it's likely still
|
|
going to be a bit cheaper, but more importantly means you avoid the ability for
|
|
your VPS provider to look at the contents of the virtual hard disk, and you are
|
|
able to use more disk space. You have a lot more freedom that way. Still, a VPS
|
|
is not a bad choice if you just want to host a few services and your personal
|
|
site, but it's probably not the best option if you want to host NextCloud or a
|
|
lot of big files or use it as a media server or anything like that. It also
|
|
makes a lot more sense if you want to, for instance set up a VPN. Doing that
|
|
on your own network doesn't make much sense unless you use the VPN away from home.
|
|
|
|
I won't get into hosting from home as that isn't something I'm familiar
|
|
with (although I might try it at some point), and I also won't get into more
|
|
complex setups or containers, just the basics. While I'm not a particularly big
|
|
fan of Debian based GNU/Linux distributions, simply because of their old
|
|
packages and the apt-get package manager, it's a fairly good choice if you want
|
|
things to just work and serve your content all day every day. Despite not really
|
|
liking Debian very much, it's what this website is hosted on, along with my
|
|
other services I have.
|
|
|
|
When I'm using a VPS, I usually start by adding a new user and giving him a
|
|
password. Then I usually install doas because it's smaller and has had fewer
|
|
vulnerabilities than the more bloated sudo that people use. Then I will copy
|
|
over my SSH keys to that user's `.ssh` directory. Finally, I **always** disable
|
|
authentication using passwords for SSH, and more importantly I disable SSH as the
|
|
root user. I do this because the root user is present on almost every machine, meaning
|
|
if you want to gain access to someone's server by bruteforcing, a safe bet is to
|
|
try to gain access using the root account. Then for extra security I will disable
|
|
the actual root user, so the only way to gain superuser is to use `doas`
|
|
Now you may have to open ports to be able to host anything on it. If you want to
|
|
host websites you will have to open TCP port 80 for HTTP and 443 for HTTPS. On
|
|
Vultr VPSes this is done using the `ufw` command, which is the firewall the VPS
|
|
comes with. It should be noted though, that if you want to host an email server
|
|
you will need to open port 25 used for SMTP, and should be done with the `ufw`
|
|
command as well, but you also need to file a ticket on Vultr's website giving
|
|
a valid reason for wanting the port to be opened. Usually they will accept your
|
|
request, though.
|
|
|
|
Now that you've opened the ports you need, you can start hosting the services you
|
|
wish to host. I would probably install Apache and php-fpm for PHP to get my
|
|
website set up now. A VPS is going to function exactly like any GNU/Linux computer
|
|
you're used to, although it will not have a graphical environment. Therefore you
|
|
should expect to get familiar with Vim, it is your best friend. Anyways, you should
|
|
host your own services, instead of using public services because it's more
|
|
private, more secure, and you have much more control than with a public service
|
|
that many people are going to use.
|