For example, something that is too complex for your comfort level, a security concern, or maybe your hardware can’t keep up with the service’s needs?
You must log in or register to comment.
Hosting an email server is pretty sure a magnet for half the Chinese IP range… So I would refrain from hosting that myself.
I figured email would be a common theme. I’m just starting to dip my toes into all of this, so an email server is not on my to-do list (and may never be).
I have an email server but it is not my main email account. I’m purely only using it to learn and to have email notifications sent out from a few services. I do not trust myself or my setup enough to have my main email account hosted on it
Google and other large scale providers have intentionally made it very difficult to self host your own email. It’s generally not considered a wise move these days and is very difficult to maintain.
Why do you say so? I’m not an expert in the fields, but isn’t a mail server pretty much the same as 20 years ago plus DKIM and SPF?
ip-reputation is also important. Mailgun, an email service for mass mailing, is doing an „ip-warmup“ if you choose a dedicated ip. So, if you are self-hosting with dynamic-ip, i think you would have a very very low ip-reputation.
True, but this has nothing to do with Google and other, is a well done method to avoid spam.
so what else is a factor for reputation? Or is it like if you dont pay to get your mail-domain whitelisted we lower your reputation score?
No idea! I don’t run my own mail server. But if you read a bit up here, there’s a guy who runs his own mail server(s) since years. But the selfhosted world seems to be full (well…not so full) of people that self host their mail server.
Problem is, that most larger providers sort your mails to spam if the domain is not well known to them, which is not easy to achieve
Mmm…are you sure about that? I happen to buy some random domain and I’ve never had any problem sending email even right after the domain created.
There’s been a lot of write ups on this, such as this one: After self-hosting my email for twenty-three years I have thrown in the towel. The oligopoly has won.
But there are even people that still self host email server (have a look in the selfhosted subreddit for example). IP reputation is a thing, for sure, but I don’t feel that it’s been brought up by the big corp wickedly, it’s a good way to prevent spam to arrive to the server. There are thousands of email providers in the world that are not Google, Amazon, Microsoft or some other big corp. This means that is possible. Is it difficult? For me for sure!!! But I think that the rising difficulty has been a result of this fields over the years. Just my 2 cents.
With DKIM and SPF, I’ve had zero problems in the last 15 years of selfhosting, most recently with Mailcow Docker on a residential IP. I don’t even have a reverse PTR to my mailserver hostname, just a PTR provided by the ISP that can be resolved.
I’ve added a few fresh, un-reputed domains to the server and had no issues.
I think many people’s problems with running email servers are self-inflicted. I remember even before there were things like blacklists, etc with large providers, many people had problems keeping mailservers running. It’s just not an easy task for a variety of reasons completely unassociated with the mega’s blacklisting you. I’ve been running mailservers at various scales for 20+ years so maybe it’s just second nature to me now.
Thanks for sharing your experience with us. @[email protected] , @body_by_make
I did host my email, but the problem wasn’t the spam but the bigger email providers. Best case was my mail was marked as spam. Worst case was that I was blocked until I jumped through hoops. Email hosting is unfortunately broken.
what’s that? a federated service isn’t immune from a corporate take over? colour me shocked.
Me too, I’ll never self host my email server. Too much time that I don’t have to set it up correctly, manage the antispam and other thing that I don’t even know . And if it goes down and I don’t have time to look into it (which would be the case 95% of the time 🙈), I’ll be without email for I don’t know how long.
I’ve been self-hosting a personal email server for about half a year now, and it was definitely challenging! But it also tought me quite a bit about how the system works, so I think it was worth it. There are solutions for everything, but you definitely need some time and patience.
Gladly, fail2ban exists. :) Note that it’s not just smtp anyway. Anything on port 22 (ssh) or 80/443 (http/https) get constantly tested as well. I’ve actually set up fail2ban rules to ban anyone who is querying
/on my webserver, it catches of lot of those pests.CrowdSec has completely replaced fail2ban for me. It’s a bit harder to setup but it’s way more flexible with bans/statistics/etc. Also uses less ram.
It’s also fun to watch the ban counter go up for things that I would never think about configuring on fail2ban, such as nginx CVEs.
Edit: fixed url. Oops!
Thanks for mentioning it, I didn’t know about it. Protecting against CVEs sounds indeed awesome. I took a more brutal approach to fix the constant pentesting : I ban everyone who triggers a 404. :D Of course, this only work because it’s a private server, only meant to be accessed by me and people with deep links. I’ve whitelisted IPs commonly used by my relatives, and I’ve made a log parser that warns me when those IPs trigger a 404, which let me know if there are legit ones, and is also a great way to find problems in my applications. But of course, this wouldn’t fly on a public server. :)
Note for others reading this, the correct link is CrowdSec
This method supposedly works great too.
Om going to try that as well
I tried getting a music setup to work, but I couldn’t find a good solution for generated playlists with new song recommendations. The self-hosted music service just can’t add songs it doesn’t have yet, so it’s not really feasible. Plus I still have a very cheap YouTube Music subscription from the GPM days.
You can use Lidarr to subscribe to artists’ new album/singles. But you’d still need to have a workflow to add new artists every now and then to incorporate them into your library.
I want to be able to pick a song and say “give me a playlist of similar songs I don’t know yet”, and have that play immediately. That’s just not something a self-hosted setup can do. :/
Yeah I think the closest thing I’m aware of is Plex and album/track mood on smart playlist, and even then that’s kind of janky (ie: cannot shout into smart assistants to creat one on the fly). Music is so cheap now, even the free Amazon Music I get from Prime serves my needs, so I don’t even bother with it.
A social media platform where you can post or view images. I don’t wanna deal with CSAM.
I feel like I’m having a change of heart on NextCloud… Every time some little thing breaks I have to figure out how to fix it
For updates yeah. I used to run it with docker and just about every other major update would break it. Then I went to bare metal…still broke. Now I have it on yunohost and its…better. Its only broken once last year. But heavy backups is how I deal with it.
Really? Nextcloud has been pretty set-and-forget for me.
Nextclouds shitly encryption implementation burned decades of my data.
Ouch, that’s awful. Yeah tbh I wouldn’t quite trust it to do encryption well. I haven’t had any actual problems with Nextcloud but it does feel like it’s held together by duck tape.
It’s my own fault for not having better backups, but i kept all of the decryption keys and everything, so i was really shocked and upset that it wasn’t actually possible to decrypt the data.
Someone in the community had created a third party script that could technically do the decryption, but iirc you could only do one file at a time and then you had to manually remove the first 32 bytes of the file or something and the file usually ended up corrupted anyway.
I kept the files to remind me to not toy with encryption, but also to remind me to never install *cloud again.
Okay, but do you run it in containers or on bare metal?
Bare metal (using the NixOS module, so the manual stuff like database upgrades after an update and such is automated). Only containers that go on my servers are Pterodactyl because it requires it ;)
It largely is, but yesterday the Recognize app broke and I have no idea how to fix it. I think the environment got messed up from an apt-get upgrade? Its little things like that I have to figure out how to fix
Nextcloud AIO has officially hit the 1 year mark for me without any issues. The truck has been to use it as a real Dropbox replacement not a Google Drive with word and all these other integrations. I had it break 3 times due to weird updates because of that the prior year. Using it to mirror/backup files is pretty nice.
IRC server or ZNC bouncer.
In the early days it was cloud and mail, since Mailcow works really good, it’s just the cloud. Because nextcloud is too much hassle, all this php stuff… I have a managed nextcloud at hetzner and I am really happy this is something I haven’t to worry about.
I check ocis from time to time, if it is usable the same way, I would selfhost my cloud again. NC on selfhost? Only if they do the same steps ocis already made. Because ocis is a simple single binary without php.
not complicated or hard, just don’t care enough: music, spotify is fine, especially on the family plan.
Mail server, but mostly because deliverability in this day and age is a nightmare. If you’re some one off running your own mail server in 2023 be prepared to deal with many headaches around IP reputation.
Minecraft. When I started out it was fine but when I began to get regular visitors I got DDOSed for days on end and people poking me for ssh access. Never again.
Why were people asking for SSH access?
They weren’t asking, I was getting spammed with attempts. I changed the ports and locked down my server. In the end I switched to VPS’s.
You get spammed with ssh attempts no matter what. Just set up fail2ban with harsh firewall rules, key-only auth, and live happy!
Been using mine using docker behind an extra vpn container…works beutifully…
Sadly my server predated Docker or I would have done this. After I left the community I think they migrated to Docker.
Bitwarden actually. I was really split on this but ultimately I trust Bitwarden, the company, to run a secure server than myself.
Who has time to track CVE’s and react to them in a timely manner? I don’t. If something happened, I probably don’t have the infrastructure or know-how to even realize I had been breached.
Mail, Bitwarden and Joplin. Too important stuff for my Raspberry Pi setup.
Second. I used to self-host Bitwarden. Then I realized it’d be too devistating to lose all my passwords, even with backups. So I moved to their cloud service and paid for my families accounts too.
Joplin tho, Joplin stays on the server with no backup. I should really, really make a backup this weekend.
I’ve never heard of joplin but it looks just like what I need
I am hosting bitwarden myself (on a VPS) and I am not that concered about losing my passwords, because every device syncs all passwords locally regulary so that you don’t need internet to access them.
So to loose all your passwords not only do you have to loose your bitwarden server and all the backups, you also have to loose access to all your bitwarden clients synchroniously.
Because passwords are so critical I’d never give that to a third party.
Stuff like bitwarden is needlessly complicated, though - I nowadays have a vaultwarden instance for friends and family, but everything important is done via pass - which only needs a git server, which I have anyway.
I really want to use Bitwarden and I pay for the premium as well, but it’s starting to bother me that a lot of basic stuff is missing despite years of user requests.
- An Auto-fill UI for the web interface
- Credit card auto-fill
- A way to refresh from the auto-fill menu on the Android UI
I just tried Proton Pass (I have unlimited anyway) and it’s not better, but at least they seem to be working on these.
It has all of those though?
Okay, credit card autofill is there at least on the browser, my bad. But the other two, no. What I mean by auto-fill UI is an overlay like we see in LastPass, Proton, etc.
If you add an item on your desktop, make sure it’s synced and try to use the Android app to auto-fill it, it won’t be there yet. And if you use the basic auto-fill view (“Items for x”), there’s no way to refresh. The main app (not the “Items for” view) does have a refresh option though, so i end up closing everything, going back and refreshing from there.
Also, I like the way Aliases work in Proton. I’m still using both and really like both, and for now, both have its pros and cons.
all the features you listed are available though?
I have replied above: https://lemmy.world/comment/1988541
I think someone else already mentioned it, but just to reiterate… Anything for other people who aren’t my wife and future kids.
Password manager, file backups, photo backup, whatever.
If something happens to me, or I pass away, wifey has instructions on shutting everything down (probably should write instructions on how to save all the important stuff).
But I don’t want to deal with other peoples stuff. I like tinkering with my server and different docker containers, etc. So I don’t want someone complaining they can’t access their photos because I wanted to try something new. Also, just don’t wanna be responsible for storing their photos and important documents.
@Tinnitus E-mail because of all reasons mentioned here.
Tor exit node because I don’t want to have legal problems.
Mastodon or similar fedi instance because of its resources requirements and usage.Backups. Cloud services like Backblaze B2 are so cheap for the durability they offer, it just doesn’t make sense for me to roll my own offsite solution with a Raspberry Pi at my parents’ house or something. Restic encrypts everything before it leaves my machine.
Password manager- it’s too important and it’s the thing that has to work for me to recover when I break something else. I’m happy to support Bitwarden with a few bucks a year.
Email- again, it’s mission critical and I have a habit of tinkering with things and breaking them. And it’s just no fun. The less I need to think about email, the happier I am.
I self-host all those things.
I just have two portable drives, and I bring one home from work at a time to run an rsync backup job.
Why is backblaze so cheap?
Because the assumption is there’s very little throughput. Storage isn’t really that expensive, but bandwidth is and Backblaze is only cheap if you aren’t trying to get at your data regularly. That’s fine for backups because hopefully you never need them.
EDIT: I should say that for an individual user, getting data out of Backblaze isn’t that expensive, but it’s more expensive than cold storage. I think they charge $.01 per GB transfered, so a 10GB movie would cost you about ten cents to stream. It would cost you $100 to recover a 10TB backup from Backblaze (though for a fee than can mail you some of that on a hard drive, I think).
That’s what “1” in the “3-2-1” backup strategy stands for, a true offsite backup (preferably continent where you do not reside) For “2” I would still deploy a local offsite at someone’s house for quick disaster recovery.
Downloading your 10TB data from B2 (or even requesting a tarball HDD from them) is costlier than recovering from an offsite backup facility within an hour’s reach.
Re backups, to be clear it sounds like you’re specific referring to offsite backups.
I run my own local backup server using syncthing for replication and restic for snapshotting, but I also send offsites to cloud storage (in my case gdrive).
A video hosting service. I cant be bothered collecting and storing all that media.
I was the same way for a while, but the last few years have just gotten worse and worse for streaming. I have a handful of streaming services I don’t have to pay to access (some through phone provider, prime video, parents accounts, etc), but anything not on there I’m just going to pirate. I use sonarr/radarr with Plex so it’s super easy to get and maintain media and it’s easy to access on all my devices, and my 4 tb hdd was $100, which I more than made up for after 4 months or so by not paying for hbo max and Netflix. No way in hell I’m going to pay for every streaming service for every show that looks good, or buy them individually.
I did this for a couple of years and it became such a major hassle I just closed my server and told everyone to go get their own subscriptions. 30 terra-bytes of data deleted!!
Ouch that’s brutal. You must have spent so much money on running all that and so much time collecting all that media.
It’s not that hard honestly. I only have one TB though but it really isn’t that much of a hassle.
