this post was submitted on 05 Dec 2023
32 points (97.1% liked)

Selfhosted

39980 readers
657 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I am wanting to self host a fediverse instance. I don't hope to make it big. Hoping for 200 users at most, and I won't advertise it heavily so it'll probably be a while before it gets there.

Is it a bad idea to host something like this on local hardware at home? I have a lot of local-only self hosted services, and I wouldn't want those to be compromised.

But my biggest fear is overloading my network. I already don't get the fastest signal in some parts of my house, and I am worried the extra traffic might put more pressure on the network.

What are your thoughts on hosting local? Should I just avoid the headache and host on public instance?

all 31 comments
sorted by: hot top controversial new old
[–] [email protected] 23 points 11 months ago (2 children)

On a technical level, user count matters less than the user count and comment count of the instances you subscribe to. Too many subscriptions can overwhelm smaller instances and saturate a network from the perspective of Packets Per Second and your ISPs routing capacity - not to mention your router. Additionally, most ISPs block traffic traffic going to your house on Port 80 - so you'd likely need to put it behind a cloudflare tunnel for anything resembling reliability. Your ISP may be different and it's always worth asking what restrictions they have on self-hosted services (non-business use-cases specifically). Otherwise going with your ISP's business plan is likely a must. Outside of that, yes, you'll need a beefy router or switch (or multiple) to handle the constant packets coming into your network.

Then there's a security aspect. What happens if you're site is breached in a way that an attacker gains remote execution? Did you make sure to isolate this network from the rest of your devices? If not, you're in for a world of hurt.

These are all issues that are mitigated and easier to navigate on a VPS or cloud provider.

As for the non-technical issues:

There's also the problem of moderation. What I mean by that is that, as a server owner you WILL end up needing to quarantine, report, and submit illegal images to the authorities. Even if you use a whitelist of only the most respectable instances. It might not happen soon, but it's only a matter of time before your instance happens to be subscribed to a popular external community while it gets a nasty attack. Leaving you to deal with a stressful cleanup.

When you run this on a homelab on consumer hardware, it's easier for certain government entities to claim that you were not performing your due diligence and may even be complicit in the content's proliferation. Now, of course, proving such a thing is always the crux, but in my view I'd rather have my site running on things that look as official as possible. The closer it resembles what an actual business might do, the better I think I'd fare under a more targeted attack - from a legal/compliance standpoint.

[–] [email protected] 5 points 11 months ago* (last edited 11 months ago) (1 children)

That's a long winded way of saying "if you have to ask, you're not ready"

[–] [email protected] 29 points 11 months ago

Eh, but then he won't learn anything. I've never found that response acceptable. It just perpetuates the problem. To each their own though!

[–] [email protected] -2 points 11 months ago* (last edited 11 months ago) (1 children)

I understand this policy of needing to report them to official authorities is a new thing they now added out of fear of losing their grip of control on social media when people swarm to private instances.

My standards however will always remain on "No government has any business in private stuff." Just like everybody follows default trafficlaws on private parkings, but in reality they are just rules of the owner and unless you do damage the police can't do anything for driving wrongly on them. Same goes inside a store. Government has no say in how internals are handled and will only be allowed to note damage and allow the owner to press charges, if they so chose. I'm just drawing that basic right further to everything, including any privately setup software.

I kinda also feel that if I have to go and involve government authorities, it takes away a large basic reason to even go private. I'm not paying servercosts to still having to deal with government [insert bad word here]...

Governments can suck it and I'll just deal with my own issues. There is absolutely no way in hell I'm going to voluntarily contact any government [insert different bad word here] for things I am doing in private. They can go stand on their heads for all I care...

NB: This is in no way an attack towards you or what you commented, voting it up even cause you were very helpful and I do agree in general it's best to give the legals and leave it up to people to choose to follow that or not, I just needed to get this frustration about government control in private setups off my chest... 😅

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago) (1 children)

My standards however will always remain on “No government has any business in private stuff.”

I never thought I’d see someone openly admit, even advocate, that they’re willing to host child sexual assault material on hardware they own. That’s a sad hill to die on.

I don’t really care about anything else you’ve written to justify your blanket standards either. All it takes is one example (CSAM) to show the depravity of your standards.

I’m all about privacy, even so far as to emigrate from the US to a country in the EU for privacy. But I have compassion and empathy and am also aware of ethical behavior, morality, and decency.

Privacy is not more valuable than protecting innocent human lives. If you can’t see that, you are lost. I’m sorry.

[–] [email protected] -1 points 11 months ago* (last edited 10 months ago) (2 children)

I agree, yet privacy is still more important than people watching media they didn't make. I advocate any and all people making those should be our target, not senselessly give up rights so we can punish those that didn't hurt anyone. And I just don't believe in the current legal system and allowing people that unpunished do attrocities to deal with other people doing them does not form an ok with me. 🤷‍♂️

You are literally going to idiots that don't solve the problem and are proven to do similar bad things themselves, who are using offense towards the people so attention diverts away from them, and you are arguing to 'me' that I don't want to do the same stupidity...? 🤷‍♂️

Go take a better look at your own actions, dude...

[–] [email protected] -1 points 11 months ago* (last edited 10 months ago) (1 children)

Also if somebody films a murder, do we punish everybody that wants to see the video? No.

Then why are we punishing people that just watch it while not solving anything on those making them? 🤷‍♂️

Logic is a thing people apparently give up for authority. Not me though. Someone that wants to watch CSAM is not your business, just like it isn't if they watch murder, space stuff of baby cats... (And no, I don't think they are the same. Taking that from this would just be not wanting to think logic to make another inconsistent counter-attack, so please, don't.)

The harm with CSAM is already done and you're taking it out on the wrong persons with help of even worse people, wasting time on targets for what they might do instead of using it on people who actually did/do the bad things creating them.

Good job... Meanwhile I'll continue to focus on people that actually did something wrong...

[–] [email protected] 15 points 11 months ago (2 children)

Your biggest fear should be something like the CSAM attack from a few months ago. I doubt you have tens of thousands to spend on a lawyer.

That's why I killed my instance.

[–] [email protected] 6 points 11 months ago

You could just disable pict-rs, I believe.

[–] [email protected] 3 points 11 months ago (1 children)

Did that instance have public registration? What speaks against having it for private (family) use only, as a gateway to the public instances?

[–] [email protected] 5 points 11 months ago

Public registration has nothing to do with federation. My instance required admin approval for all new registrations. Illegal content is much more likely to come through federation than from inside.

IMHO, the few reasons to host your own instance largely disappeared with 0.19 and the risks were never worth the rewards to run a tiny instance. Things are likely to continue improving with future releases. Which is why sdf.org became my main.

[–] [email protected] 7 points 11 months ago (2 children)

You may want to also look at offloading media with pict-rs to a object storage like an S3 API compliant bucket. Otherwise, you'll find Lemmy soaks up lots of storage.

[–] [email protected] 1 points 11 months ago

That's part of my concern behind going with local setup. I have a lot of unused HDD storage.

[–] [email protected] 1 points 11 months ago (1 children)

Cloudflare R2 is the cheapest here, it's free for some gigabytes and egress is free too.

To be honest, I'd just disable image uploads...

[–] [email protected] 1 points 11 months ago

R2 is $0.015/GB, B2 is $0.005/GB and it also has free egress when put behind cloudflare.

[–] [email protected] 7 points 11 months ago (3 children)

I'm doing what you want to do now. I'm running lemmy.fan on a NAS with really good hardware on a fiber connection. My ISP provides symmetric bandwidth and doesn't block anything, though emails can't be sent with a local smtp server since most places don't trust the IP addresses of residential subscribers.

I learned a ton, I'm enjoying running things, and though it's an open instance I don't advertise it. I say go for it. Experiment and have fun. If it sucks and you hate it you just stop the containers.

[–] [email protected] 6 points 11 months ago

Though now its been advertised 🤣

[–] [email protected] 2 points 11 months ago

Lucky! I wish I had symmetrical fiber with all the ports available.

I totally have a server capable of hosting a LOT of things but lack the upload to make use of it. I'm considering transferring to a rack mount and sending it to be colocated at a datacenter within driving distance.

[–] [email protected] 2 points 11 months ago (1 children)

Realistically, how much bandwidth does Lemmy need if pict-rs is disabled, if you tested that?
I am thinking of something a bit crazy if freenom shows up working again. Since my only internet connection is mobile data, I am thinking about the possibility of hosting Lemmy in Termux and using a Cloudflare tunnel. The biggest problem is probably bandwidth. It varies between 0.02-6Mbps, hanging around 1Mbps for most of the day.

But I am not sure if Lemmy could even run in Termux in the first place.
Probably a stupid idea regardless.

[–] [email protected] 2 points 11 months ago

Definitely not stupid.

[–] [email protected] 6 points 11 months ago (1 children)

But my biggest fear is overloading my network. I already don't get the fastest signal in some parts of my house, and I am worried the extra traffic might put more pressure on the network.

This line concerns me. How experienced are you with servers and networking? Your WiFi network should be fine unless you have your server on WiFi - which you absolutely should not. Ethernet only.

If you set this up limit it to just yourself and friends to start. Get a feel for it before exposing it to strangers.

[–] [email protected] 1 points 11 months ago (1 children)

I have it on WiFi unfortunately.

If I put it the server on Ethernet, would it no longer impact the WiFi connection of any other device? I guess it makes sense that it wouldn't.

Extending Ethernet to the server won't be trivial, but I think you're right I might have to do it.

[–] [email protected] 2 points 11 months ago

Either that or maybe a separate wifi network so it can have the network to itself.

You can always start with it where it is and start small - get comfortable with hosting and how the server will behave. You don't need to solve all the problems at once.

[–] [email protected] 3 points 11 months ago* (last edited 11 months ago) (1 children)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
CSAM Child Sexual Abuse Material
IP Internet Protocol
NAS Network-Attached Storage
VPS Virtual Private Server (opposed to shared hosting)

[Thread #337 for this sub, first seen 5th Dec 2023, 02:25] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 2 points 11 months ago

You missed one:

ISP - Internet Service Provider

[–] [email protected] 2 points 11 months ago

Could be a target of intentional or unintentional DDOS.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

I'm fairly sure the obligation to report goes back as far as the DMCA at least. That law gave carriers and hosting providers certain limited liability against user generated content provided they had reasonable moderation policies and acted promptly to take down content either subject to copyright complaints or other legal demands. Basically a you're ok as a host if somebody does something bad, just so long as you clean up the mess as soon as you become aware.