this post was submitted on 19 Jul 2024
15 points (72.7% liked)

Selfhosted

40696 readers
316 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Hi i just wanted to know if it is possible to host instance completely without renting anything.

if you have a video on it can you please share it here?

top 21 comments
sorted by: hot top controversial new old
[–] [email protected] 19 points 5 months ago (1 children)

You can host an instance on any pc you can install stuff on or run docker containers on.

The issue, as the other commenter said, is that the computer needs to run so that it can catch and send federated stuff. Otherwise you are an island which can be a good usecase for a school or small company but not generally.

A probable usecase would be an old pc which you leave running or a raspberry pi. You route the federation ports through your router and nothing else. That way you have full federation and very few attack vectors. The most secure way to use it is locally on your network or by connecting via vpn.

[–] [email protected] -2 points 5 months ago (1 children)

thanks for replying

yes i will leave it on for days that i want to use that instance

[–] [email protected] 14 points 5 months ago

The issue is once you turn it off, the federation attempts by other instances will fail and the software has an increasing „back off“ mechanic. That means after the first failed attempt the instances will wait eg an hour before reattempting federation, then two, then four, then eight, etc. this means if you turn it only on when you want to use it, your federation will only kick in after a huge amount of hours. That makes no sense, sadly.

[–] [email protected] 13 points 5 months ago

I think the real question is not if it's possible (it is), but what you are actually trying to achieve. It seems like you have this idea, but I'm not sure if you really understand what it means. Maybe you can describe, why you want to host a Lemmy instance yourself...

[–] [email protected] 8 points 5 months ago* (last edited 5 months ago) (2 children)

Short answer: yes, you can self-host on any computer connected to your network.

Longer answer:
You can, but this is probably not the best way to go about things. The first thing to consider is what you are actually hosting. If you are talking about a website, this means that you are running some sort of web server software 24x7 on your main PC. This will be eating up resources (CPU cycles, RAM) which you may want to dedicated to other processes (e.g. gaming). Also, anything you do on that PC may have a negative impact on the server software you are hosting. Reboot and your server software is now offline. Install something new and you might have a conflict bringing your server software down. Lastly, if your website ever gets hacked, then your main PC also just got hacked, and your life may really suck. This is why you often see things like Raspberry Pis being used for self-hosting. It moves the server software on to separate hardware which can be updated/maintained outside a PC which is used for other purposes. And it gives any attacker on that box one more step to cross before owning your main PC. Granted, it's a small step, but the goal there is to slow them down as much as possible.

That said, the process is generally straight forward. Though, there will be some variations depending on what you are hosting (e.g. webserver, nextcloud, plex, etc.) And, your ISP can throw a massive monkey wrench in the whole thing, if they use CG-NAT. I would also warn you that, once you have a presence on the internet, you will need to consider the security implications to whatever it is you are hosting. With the most important security recommendation being "install your updates". And not just OS updates, but keeping all software up to date. And, if you host WordPress, you need to stay on top of plugin and theme updates as well. In short, if it's running on your system, it needs to stay up to date.

The process generally looks something like:

  • Install your updates.
  • Install the server software.
  • Apply updates to the software (the installer may be an outdated version).
  • Apply security hardening based on guides from the software vendor.
  • Configure your firewall to forward the required ports (and only the required ports) from the WAN side to the server.
  • Figure out your external IP address.
  • Try accessing the service from the outside.

Optionally, you may want to consider using a Dynamic DNS service (DDNS) (e.g. noip.com) to make reaching your server easier. But, this is technically optional, if you're willing to just use an IP address and manually update things on the fly.

Good luck, and in case I didn't mention it, install your updates.

[–] [email protected] 1 points 5 months ago (1 children)

All great advise, but you missed pray that you're not the target of some 0 day exploit.

[–] [email protected] 1 points 5 months ago

No, but you are the target of bots scanning for known exploits. The time between an exploit being announced and threat actors adding it to commodity bot kits is incredibly short these days. I work in Incident Response and seeing wp-content in the URL of an attack is nearly a daily occurrence. Sure, for whatever random software you have running on your normal PC, it's probably less of an issue. Once you open a system up to the internet and constant scanning and attack by commodity malware, falling out of date quickly opens your system to exploit.

[–] [email protected] 1 points 5 months ago (1 children)

You make good points here for the beginner however there are better alternatives and solutions for basically everything you mentioned here. The biggest I want to address is conflicts on your system. Generally running servers on metal is just outright bad practice. Containerize. Always containerize. There are lots of great options. Docker, podman, Lxc, helm, flatpak.. hell. Snap if you must. Running servers on metal is generally is just asking for trouble unless the system’s entire purpose is for that. Also the cg-nat situation. Personally been behind it for a few years but it’s not a problem as long as you have a reverse proxy tunnel in place. Not a hard fix at all.

[–] [email protected] 1 points 5 months ago

I do agree with what you are saying, but for a complete beginner, and a very general overview, I didn't want to complicate things too much. I personally run my own stuff in containers and am behind CG-NAT (it's why I gave it a mention).

That said, if you really wanted to give the new user that advice, go for it. Rather than just nit pick and do the "but actshuly" bit, start adding that info and point out how the person should do it and what to consider. Build, instead of just tearing down.

[–] [email protected] 7 points 5 months ago (1 children)

Yea, you can but unless you plan to leave your PC on all the time and open ports on your firewall directly to your PC.

There are some major risks on doing that though.

[–] [email protected] 4 points 5 months ago (1 children)

I recall seeing talk about how Lemmy instances require a domain name. If that's true, you'd at least have to have a static IP if not pay for an actual domain name. I haven't tried to start one up myself though. Mostly because if that is truly a requirement, I wouldn't be able to.

[–] [email protected] 6 points 5 months ago (1 children)

You don't need a static IP to have a domain name, and you don't always need to pay for a domain name either.

[–] [email protected] 0 points 5 months ago (1 children)

You don't need a static IP to have a domain name

That's why I said or. You need a static address of some kind for Lemmy; be it just an IP or a domain name. I haven't seen domain names given away for free since I was in high school; where would you get one now?

[–] [email protected] 2 points 5 months ago

Cloudflare has a free tier for domains, although they're a little sketch. But they also support DDNS, so which updates the IP that your domain points to when it changes

[–] [email protected] 2 points 5 months ago (1 children)

What do you mean by PC? Just asking because sometimes people use PC to refer to a computer that runs Windows. Just sort of how the vernacular ended up going over the years.

I can't help, but even with Windows I think they have a way to run Linux stuff on it now, so it should be possible.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago) (2 children)

pc as in like laptop or desktop computer

btw is it possible if i use a high spec phone? like asus/ other gaming phones?

[–] [email protected] 2 points 5 months ago

Using other computing devices may be possible but more like a development project than just installing.

[–] [email protected] 2 points 5 months ago

btw is it possible if i use a high spec phone?

You can use it on a Raspberry Pi, which has about 1/2 the power of a modern smartphone. The main issue will be software and hardware compatibility.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
IP Internet Protocol
NAT Network Address Translation

[Thread #880 for this sub, first seen 20th Jul 2024, 01:55] [FAQ] [Full list] [Contact] [Source code]