I understand that people enter the world of self hosting for various reasons. I am trying to dip my toes in this ocean to try and get away from privacy-offending centralised services such as Google, Cloudflare, AWS, etc....
Yeah na, put your home services in Tailscale, and for your VPS services set up the firewall for HTTP, HTTPS and SSH only, no root login, use keys, and run fail2ban to make hacking your SSH expensive. You're a much smaller target than you think - really it's just bots knocking on your door and they don't have a profit motive for a DDOS.
From your description, I'd have the website on a VPS, and Immich at home behind TailScale. Job's a goodun.
I speak Polish, German, Swedish and English. 3 of them are Germanic languages so they were easy to learn because they are so closely related. Polish and German I learned as a child so it was kind of automatic....
Not exactly self hosting but maintaining/backing it up is hard for me. So many “what if”s are coming to my mind. Like what if DB gets corrupted? What if the device breaks? If on cloud provider, what if they decide to remove the server?...
I started as more "homelab" than "selfhosted" as first - so I was just stuffing around playing with things, but then that seemed sort of pointless and I wanted to run real workloads, then I discovered that was super useful and I loved extracting myself from commercial cloud services (dropbox etc). The point of this story is that I sort of built most of the infrastructure before I was running services that I (or family) depended on - which is where it can become a source of stress rather than fun, which is what I'm guessing you're finding yourself in.
There's no real way around this (the pressure you're feeling), if you are running real services it is going to take some sysadmin work to get to the point where you feel relaxed that you can quickly deal with any problems. There's lots of good advice elsewhere in this thread about bit and pieces to do this - the exact methods are going to vary according to your needs. Here's mine (which is not perfect!).
I'm running on a single mini PC & a Synology NAS setup for RAID 5
I've got a nearly identical spare mini PC, and swap over to it for a couple of weeks (originally every month, but stretched out when I'm busy). That tests my ability to recover from that hardware failure.
All my local workloads are in LXC containers or VM's on Proxmox with automated snapshots that are my (bulky) backups, but allow for restoration in minutes if needed.
The NAS is backed up locally to an external USB that's not usually plugged in, and to a lower speced similar setup 300km away.
All the workloads are dockerised, and I have a standard directory structure and compose approach so if I need to upgrade something or do some other maintenance of something I don't often touch, I know where everything is with out looking back to the playbook
I don't use a script or Terrafrom to set those up, I've got a proxmox template with docker and tailscale etc installed that I use, so the only bit of unique infrastructure is the docker compose file which is source controlled on Forgejo
Everything's on UPSs
A have a bunch of ansible playbooks for routine maintenance such as apt updates, also in source control
all the VPS workloads are dockerised with the same directory structure, and behind NGINX PM. I've gotten super comfortable with one VPS provider, so that's a weakness. I should try moving them one day. They are mostly static websites, plus one important web app that I have a tested backup strategy for, but not an automated one, so that needs addressed.
I use a local and an external UptimeKuma for monitoring, enhanced by running a tiny server on every instance that just exposes a disk free and memory free api that can be consumed by Uptime.
I still have lots of single points of failure - Tailscale, my internet provider, my domain provider etc, but I think I've addressed the most common which would be hardware failures at home. My monitoring is also probably sub-par, I'm not really looking at logs unless I'm investigating a problem. Maybe there's a Netdata or something in my future.
You've mentioned that a syncing to a remote server for backups is a step you don't want to take, if you mean managing your own is a step you don't want to take, then your solutions are a paid backup service like backblaze or, physically shuffling external USB drives (or extra NASs) back and forth to somewhere - depending on what downtime you can tolerate.
I asked for some advice here a couple of months ago about transitioning to espresso from Aeropress, and have since done that, and thought my journey my have some lessons for others, or y'all might have some ideas for my remaining issues....
*What rights do you have to the digital movies, TV shows and music you buy online? That question was on the minds of Telstra TV Box Office customers this month after the company announced it would shut down the service in June. Customers were told that unless they moved over to another service, Fetch, they would no longer be...
Wish by Peter Goldsworthy. J.J. has always been more at home in Sign language than in spoken English. Recently divorced, he returns to school to teach Sign. His pupils include the foster parents of a beautiful and highly intelligent ape named Eliza.
I've been downloading SSL certificates from my domain provider, using cat to join them together to make the fullchain.pem, uploading them to the server, and myself adding a 90 day calendar reminder. Every time I did this I'd think I should find out about this Certbot thing....
Such a good feeling cancelling my paid tier on Dropbox this week. I've been 'playing' at self hosting for a few months, and now I'm confident in my infrastructure and processes so I can start turning off some of the cloud things I've been paying for....
What's the most likely end of mankind and our world as we know it?
Is it practically impossible for a newcomer selfhost without using centralised services, and get DDOSed or hacked?
I understand that people enter the world of self hosting for various reasons. I am trying to dip my toes in this ocean to try and get away from privacy-offending centralised services such as Google, Cloudflare, AWS, etc....
How did you acquire the first 1000 words?
I speak Polish, German, Swedish and English. 3 of them are Germanic languages so they were easy to learn because they are so closely related. Polish and German I learned as a child so it was kind of automatic....
Self hosting is hard. How do you overcome?
Not exactly self hosting but maintaining/backing it up is hard for me. So many “what if”s are coming to my mind. Like what if DB gets corrupted? What if the device breaks? If on cloud provider, what if they decide to remove the server?...
Noob espresso experience (longish post) ( lemmy.world )
I asked for some advice here a couple of months ago about transitioning to espresso from Aeropress, and have since done that, and thought my journey my have some lessons for others, or y'all might have some ideas for my remaining issues....
‘My whole library is wiped out’: what it means to own movies and TV in the age of streaming services ( www.theguardian.com )
*What rights do you have to the digital movies, TV shows and music you buy online? That question was on the minds of Telstra TV Box Office customers this month after the company announced it would shut down the service in June. Customers were told that unless they moved over to another service, Fetch, they would no longer be...
Which are the most fucked up books you've read?
Who Are Todays Heroes?
Who are the heroes of our time? Who is driving us to a better future? And who is inspiring and guiding us?...
Are you getting good use out of your espresso machine?
I'm currently brewing in an Aeropress, and considering one of the lower end espresso machines....
Certbot is great. Let's Encrypt is great. ( lemmy.world )
I've been downloading SSL certificates from my domain provider, using cat to join them together to make the fullchain.pem, uploading them to the server, and myself adding a 90 day calendar reminder. Every time I did this I'd think I should find out about this Certbot thing....
Cancelled Dropbox
Such a good feeling cancelling my paid tier on Dropbox this week. I've been 'playing' at self hosting for a few months, and now I'm confident in my infrastructure and processes so I can start turning off some of the cloud things I've been paying for....