How do I selfhost

/ Sin categoría / Por

You may be wondering how to use Nextcloud to keep your data private. Maybe you want to selfhost a WireGuard VPN to access your home devices while you are away. Or maybe you are just curious, as I am, and you want to learn the way of selfhosting. You are in the right place, I am just a geek with just no networking knowledge, with some free time, a lot of curiosity, and here it’s my experience selfhosting.

First of all, you will need to learn the basics of Docker. In a nutshell, Docker is a software for running containers. And you may ask, what is a container? Well, a container is just a bunch of software the is packed together, ready to run. Container developers prepare all the dependencies that an application may need, so you don’t have to worry about it. And all that software is run in a sandboxed environment, so you don’t have issues with several applications requiring different versions of some dependencies. But enough, I am not an expert in Docker, and there are better places to learn what it is and how it works. 

In my case, I wanted to selfhost some application for several purposes:

First of all, sometimes I travel, and when I’m travelling, I still need to work, which by the way, I do with a workstation which sits in my home. So I need to access my workstation somehow. 

Second, I like home automation. I have a bunch of IoT devices all around, for turning on and off the lights, the AC, the heater, checking power consumption, watering the plants, opening the blinds… And I don’t want to expose all those devices to a mega corporation somewhere in California or Shangai. So I selfhost HomeAssistant. 

Third, I want to be in control of my multimedia and data. I have pictures, and I don’t trust any company storing them. I once paid for MegaUpload, and all my data disappeared.

Fourth, https://www.youtube.com/watch?v=BuYf0taXoN

Hardware

So you want to selfhost, okay. And you want to do it at your own place. You will need some hardware.  Some people say they use a Raspberry Pi. I tried to use a Raspberry Pi 3, and for some services it’s okay, but when you start adding more stuff, and you will add more stuff, it’s not enough.

So I would recommend you to buy directly a server. There are some nice server that fit into a rack and all that, but if you dont care about that, just buy a normal desktop computer. You don’t need a GPU, at least, I dont need a GPU. My current hardware is the following:

00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 Root Complex 
00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 IOMMU 
00:01.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 00h-1fh) PCIe Dummy Host Bridge 
00:01.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 PCIe GPP Bridge [6:0] 
00:08.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 00h-1fh) PCIe Dummy Host Bridge 
00:08.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 Internal PCIe GPP Bridge 0 to Bus A 
00:08.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 Internal PCIe GPP Bridge 0 to Bus B 
00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller (rev 61) 
00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge (rev 51) 
00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 Device 24: Function 0 
00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 Device 24: Function 1 
00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 Device 24: Function 2 
00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 Device 24: Function 3 
00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 Device 24: Function 4 
00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 Device 24: Function 5 
00:18.6 Host bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 Device 24: Function 6 
00:18.7 Host bridge: Advanced Micro Devices, Inc. [AMD] Raven/Raven2 Device 24: Function 7 
01:00.0 USB controller: Advanced Micro Devices, Inc. [AMD] 300 Series Chipset USB 3.1 xHCI Controller (rev 02) 
01:00.1 SATA controller: Advanced Micro Devices, Inc. [AMD] 300 Series Chipset SATA Controller (rev 02) 
01:00.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Device 43b2 (rev 02) 
02:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 300 Series Chipset PCIe Port (rev 02) 
02:01.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 300 Series Chipset PCIe Port (rev 02) 
02:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 300 Series Chipset PCIe Port (rev 02) 
02:05.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 300 Series Chipset PCIe Port (rev 02) 
02:06.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 300 Series Chipset PCIe Port (rev 02) 
02:07.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 300 Series Chipset PCIe Port (rev 02) 
08:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0c) 
09:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Picasso/Raven 2 [Radeon Vega Series / Radeon Vega Mobile Series] (rev c9) 
09:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Raven/Raven2/Fenghuang HDMI/DP Audio Controller 
09:00.2 Encryption controller: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 10h-1fh) Platform Security Processor 
09:00.3 USB controller: Advanced Micro Devices, Inc. [AMD] Raven USB 3.1 
09:00.4 USB controller: Advanced Micro Devices, Inc. [AMD] Raven USB 3.1 
09:00.6 Audio device: Advanced Micro Devices, Inc. [AMD] Family 17h/19h HD Audio Controller 
0a:00.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI mode] (rev 61)

I have been using this setup for 4 years already and I haven’t got a single problem.

Software

I run everything on Docker containers, so obviously, I use Docker. But managing the container by hand its a bit cumbersome, so I use Docker Compose. With Docker Compose you create some text files (compose files) that describe one or more containers and Docker Compose reads that file and run the containers.

I divide my compose files by categories.

  • Network: Cloudflare stuff, Nginx, this web you are reading, VPN
  • Nextcloud: Nextcloud
  • HomeAssistant: HomeAssistant, mosquitto, Z2MQTT, stuff for home automation
  • Multimedia: https://www.youtube.com/watch?v=BuYf0taXoN
  • Photos: I am still deciding if I want to use Immich or Photoprism
  • Passbolt: Password manager. Other people prefer Vaultwarden, your choice
And how is all this working together? Each compose file creates it own network docker. I use “swag”, a container provided by linuxserver.io (check this guys, they are awesome!) which provides a nginx server. All the compose networks are connected to the swag container, and I have a subdomain for each services I want to expose to the internet. Of course, I protect each of them with Authelia. 
For accessing the services through the Internet, I use a Cloudflare Tunnel, which points to the swag container. Really easy to setup using the cloudflared mod in swag container. 

As I said, I want to be able to access my computers while I am not at home, because I need them to work. For that, I have a WireGuard server, and each one of my devices can connect to this VPN server. I use Cloudflare again as a dynamic DNS provider, but you can use DuckDNS or anything else. For this, I had to NAT forward the WireGuard port in my router.  

Once I am connected to the VPN, I can just open VSCode wherever I am, connect through SSH to my workstation and get things done. Really convenient if you are a digital nomad. 

Conclusion

Selfhosting can be a great way to learn about containers and networking. Thanks to it, I have been able to solve some issues at work involving some weird Docker setups we had. 

If you are a digital nomad and you need to access computers at home while you are travelling, selfhosting lets you do that easily, so you can work wherever you want. 

On top of that, self hosting is fun.