To Self-Host or not to self-host, that is the question!?

I’d like to preface this with: I only trust what I can own and manage myself… The truest freedoms are freedoms that you, and a community can verify. How many of you here like to self-host over having your data “in the cloud”?

I run both a server at home (Nextcloud, Jellyfin, file storage, among other things, but only Nextcloud is facing the open internet) as well as a VPS in Linode (Gemini, Gopher).

Though the latter could be considered “the cloud” in some sense, I tend to not think of it that way.

So yes, I do enjoy self-hosting, largely for the reason you mentioned.

How much work do you have maintaining the systems and services?

i use nexcloud as my personal server. I bought a domain and redirect to my public ip assigned to me by the telephone company. You can find many guides on the net to do this. There is a nice distribution, yunohost, which configures everything almost automatically and then, from within the distribution, you can install nexcloud, roundrobin, server matrix, mastodont etc.

Almost none, really. Here’s the part where I say something that makes many think I am crazy. Both servers mentioned are running Arch.

For my home server, I run updates manually once a week or so. All my PCs run Arch so I often do them all together. There’s so few packages installed on these servers that manual intervention is almost never needed, and minimal if it is needed.

For the Linode server, I run updates once in a while, but since it only has a few packages installed, there isn’t much to update outside of the linux-lts kernel when I log in to it. It’s been running for about 7-8 months and I haven’t had to do anything outside of a few pacman -Syu's and reboots to keep it up to date.

My setup is probably a bit atypical though and probably not for everyone.

I’m using debian stable. I installed the program that updates automatically and … I never think about it.
I only update nextcloud but it’s a simple process that takes a few minutes.

I have to reinstall my home server. I currently there is only SSH via which I use it as a file server and aria2 download manager as a daemon.

I consider to install DHCP, DNS, opfSense or what its name was, PiHole. That can all stay internal and I could setup a VPN for remote access.

Public services could be Matrix and maybe some fediverse thing. Also maybe a web server and a mail server. But I pay a hoster for web and mail and right now I don’t even show something public.

For mail I consider something like fetch all mails from the payed public server to my internal server for a lifetime email archive. I am not sure how to a) get emails without delay and b) how to send email without getting declared as spam.

My favorite sticker from https://shop.fsf.org/collection/stickers :

nocloud1632×916 320 KB

If your home connection is not suitable for receiving and sending email due to isp restrictions, you could use the hosted server as a relay host both ways.

You should (‘must’) configure dns and reverse dns on the mailserver hostname, mx-record and ip-addresses, and at the least configure spf for your domain.

Reverse dns can be a bit tricky for ipv6 as the outgoing ipaddress might not be what you expect as your server will likely have multiple ipv6 addresses.

I self host everything but emails. I have a TrueNAS (so basically a Free BSD) that hosts jails for Nextcloud, Bitwarden, Wallabag, Plex, Transmission, Gitea and a few other things. I also have a few rPi-based hacks for home automation, orchestrated by HomeAssistant. Everything served by a router running OpenWRT, with Wireguard VPN, DNS Ad blocker and a few other things too (I blocked the entire AS number of Facebook, for instance).

I basically removed myself from the cloud.

It was indeed quite some work and a tad of learning in the beginning (especially that everything is secured using mTLS), but it was fun. Now that it runs, it basically needs no intervention but an upgrade here and there sometimes. I guess it took me a week or two to settle in, but now, I have no regret. I guess the most important thing to do is to keep everything as simple as possible and to have a strong, tested backup/restore strategy.

To Self-Host or not to self-host, that is the question!? […] The truest freedoms are freedoms that you, and a community can verify

Then what is the question?

What do you mean by self-host? I think it could mean any of the following.

a) home host - the server is located at your home and is 100% under your control
b) VPS - the server is virtual, could be located anywhere in the world and is not 100% under your control but you control the software that goes on it and the configuration of that software
c) leased dedicated server - the server is real, could be located anywhere in the world and is not 100% under your control but you control the software …
d) co-located server - the server is real, is supplied by you but located in a Data Center managed by someone else and as such is not 100% under your control but you control the software …

The main disadvantages of “home host” are:

• your IP address may not have a high reputation or may not be trusted at all, making it difficult to run an outbound email service
• your ISP may block outbound email
• your IP address may not be static (or even public!) - lack of a static IP will make inbound email flaky
• you don’t get redundancy (unless you make a serious effort to avoid single points of failure in your home infrastructure)
• your available bandwidth may be quite low

I do a combination of (a) and (b).

Given how many other services you self host, why not email?

Because emails are kinda vital. If my Bitwarden burns, I can reset passwords. I can still receive important information etc. I used to self host emails 10y ago. Then I moved to a foreign country. And my email server were in a boat for 3 months. So now, I pay a subscription to protonmail, and I can sleep well

What @primalmotion said plus the first four bullet points in my post.

That’s an easy one for me… self-host all the way! I do self-host email too… it is actually not that difficult to manage. There are some challenges for sure that others outlined above, but you can overcome them with a little effort:

• Host the email server/inbox at home and host an email relay/gateway on a VPS. For example, you can host something like mailcow at home with a lot of RAM and Storage; then host a VPS with a cloud provider with an gateway/relay server (like Proxmox Mail Gateway) that will have static IP. You then connect the home mail server with the VPS Gateway via persistent VPN tunnel (tinc, wireguard, etc). Emails would be delivered to your VPS gateway static IP and then the gateway will relay that to your home email server on the VPN connection. For outbound, the email flows from your home server to your VPN gateway also via VPN tunnel. This solves the problem of ISP blocking email ports and having a static public IP for the gateway, as opposed to a dynamic one. Also, the VPS gateway will have much better uptime than the home server. If home server is down to receive emails, the VPS gateway server will keep it and try again and again until your home server is back up and receives. This mitigates most issues with uptime and fear of missing important emails.

• IP reputation may or may not be an issue, especially if you have a VPS that hosts your email gateway. Assuming you properly configure SPF and DKIM DNS records, if you find you emails are ending up in junk folders by large providers like Microsoft, Google, and Yahoo, you have to use a reputable SMTP service (ONLY for email delivery and you can still directly receive emails via your VPS gateway). For example, you can use Google, Amazon, etc. I do recommend reading the privacy policy of the SMTP provider to make sure it is acceptable. You would then configure your home email server or VPS gateway to send outbound messages to the SMTP provider as the next hop. This would resolve the issue of low IP reputation that results in messages ending in a spam folder.

So it may take a few extra steps for self-hosting email. But once you invest the time, it is pretty much on auto-pilot… just make sure you do periodic updates and upgrades. You can self-host as many email domains as you want, have whatever email inbox size you want, create unlimited email addresses for family and friends (an a bonus of having admin access as parental control).

Or you can do what I do and use a non-default port. The port number is completely arbitrary anyway since I control both ends.

The VPN adds value if you want to obscure the details of mail traffic (i.e. metadata that could be derived from traffic analysis). Otherwise STARTTLS is adequate for many people.

I’ve seen on many occasions that low IP reputation has resulted in outright rejection by the destination SMTP server of outbound email. That can in theory happen when the source is a VPS too.