←back to thread

Self-Hosting like it's 2025

(kiranet.org)
221 points finnlab | 1 comments | 01 Apr 25 10:11 UTC | HN request time: 0.234s | source
1. 72deluxe ◴[01 Apr 25 15:00 UTC] No.43547603[source]
This seems overkill. You only need a Pi. I have a Pi4 fanless running:

1. lighttpd exposing a website, using letsencrypt and a cron job to run certbot and restart lighttpd.

2. mox (https://www.xmox.nl) to run a mail server, with PTR records set up by my ISP. I am not with a CG-NAT ISP else none of this would be possible. mox makes it easy enough to set up DMARC and SPF etc. with appropriate output given that you can add to your DNS records.

3. I grab the list of IPs from https://github.com/herrbischoff/country-ip-blocks and add them to an iptables list (using ipset) every week so that I can block certain countries that have no legitimate reason to be connecting, with iptables just dropping the connection. I think I also use https://github.com/jhassine/server-ip-addresses to drop certain ranges from cloud servers to make annoying script kiddies go away.

4. peer-calls (https://github.com/peer-calls/peer-calls/) to be able to video call with my family and friends (with a small STUN server running locally for NAT traversal as I recall).

5. linx (https://github.com/andreimarcu/linx-server) to share single links to files (you can get an Android app to upload from your phone)

6. filebrowser for sharing blocks of files for users (https://github.com/filebrowser/filebrowser).

7. pihole runs on it so blocks adverts.

8. Wireguard runs on the Pi and I open the VPN ports on my router. I use the VPN on my phone so adverts are blocked when I am out and about (traffic gets routed through the Pi).

9. navidrome runs on it and I use subtracks on Android to stream (or just download albums for when I have spotty connection).

10. mpd runs on the Pi and it plays music to some speakers in the house, so I can control it with M.A.L.P on Android.

11. I use goaccess (https://goaccess.io) to look at my server logs and see what is hitting me.

12. I use maxmind geoip data so I know which countries are hitting me.

13. minidlna runs on the Pi so I can stream films to my TV.

14. I run CUPs on it too so that my rubbish wireless Samsung printer can be printed to from Android and my wife's Apple devices without having to buy an AirPlay-compatible printer.

15. xrdp running so I can log into a visual desktop on the Pi if required.

My router doesn't expose SSH ports, just appropriate ports for these web services and the VPN. SSH keys are useful. SSH is not open to the world anyway and you have to VPN into the network first.

This all sits happily and quietly in a cupboard and uses a feeble amount of power.