Best Practice Self-hosting - Email, Cloud Storage, Website and more

I have been hosting my own Cloud storage with owncloud and wordpress blog. It’s been reliable enough though owncloud is a pain to config/troubleshoot and updating is a pain. I will probably want to move to nexcloud. I am hosting it all an a single dedicated server from scaleway at only 3€ month. It s a bit slow but sufficient for a blog and certainly for owncloud.

I am now thinking of hosting other services as well for both personal and small business use. Email is the biggest concern as it is quite critical. Here is what I see myself wanting to host in the foreseeable future and current and possible future software:

  • Email (business + personal) - none, mail in a box
  • Blog (personal) - Apache/Wordpress
  • Low traffic E-commerce - none, Magento
  • Cloud storage (personal and business) - ownCloud, nextcloud
  • Image Hosting (Personal) - Lychee, ?
  • VPN - none, ?
  • Anything else?

What would be best practice when it comes to physical servers? I would like to avoid more than 2 servers for time/maintenance/cost reasons. What about things like using docker etc…? Anything else to consider?

I’d run one machine for all of that. Definitely use some combination of virtualization or Docker. The arguments still rage as to which method is better. The data, however, speaks for itself, with Docker’s meteoric rise and massive userbase. Docker compose makes it even simpler and more flexible.

The most important thing when it comes to security for self-hosted services is to stay updated. Docker makes this the simplest thing in the world. One command of:
sudo apt-get update && sudo apt get install -y && docker-compose pull && docker-compose up -d
…and every one of my services is updated.

Things I host with Docker:

  • Matrix chat server
  • Three blogs
  • OpenVPN host
  • NextCloud
  • Minecraft server
  • AirSonic server

And honestly that list changes all the time because spinning stuff up in Docker/Docker-compose takes seconds.

As far as email goes, I’ve never tried my hand but Mailcow has a Docker-compose setup that looks quite compelling:

Edit:
There’s also https://mailu.io/1.7/ which looks very simple and possibly a little easier to setup.

Personally I use Pigallery2 as it the only one I have found that can use a pre existing directory structure for pictures rather than needing a custom database and having to add pictures to the database. https://github.com/bpatrik/pigallery2

Docker is very nice for stuff that has sprawling dependencies and is not already packaged for your distro.

Although, I don’t quite get the value in running say Nginx in a container as it is already packaged for pretty much every distro.

I would be concerned about exposing so many services to the internet. Not that I don’t have the skills to maintain it myself, but keeping all that secure would be an ongoing constant drain on my will to live for what I perceive to be very little gain.

I run a ton of services at home but only expose two to the internet; Plex Media Server (running sandboxed inside a LXD container) and a wireguard VPN.

2 Likes

One of the reasons I am considering having 2 servers is so that it would be easy to recover and maintain as it might only have 1 or 2 services. I believe mail in a box has an OS that basically only runs email with everything optimized for it.

Virtualization is probably not an option with these servers as I imagine they are similar to raspberry pi when it comes to performance.
I never used docker but looks like I will finally have to start learning it.

Any more info/opinions welcome as I an not a sysadmin myself.

I am a SA and I wouldn’t want to do that because it seems like a neverending pain in the butt. But if you approach it as a fun project that could be a great way to learn your way.

Learning docker is a great idea, and it would allow you to segregate those services without running a ton of VMs. Check out Linuxserver.io in particular.

I agree that one machine with well thought out VM backups would work well for this.

Correct me if I’m wrong on this. I’ve done a lot of research around VM isolation; isn’t Docker only useful if you are using software with micro-services?

In other words, if you are running full OS vm guests within a single host, which would be desirable in this case to reduce the complexity of managing and maintaining this sort of setup, means that Docker would not be needed in this situation. In other words, everything I’ve read over the years has implied or explicitly stated that full VM’s OS’s are isolated from one another except for over their virtual or physical network interfaces.

If this is still true, it could eliminate a significant amount of heavy setup and maintenance lifting.

He has a 3 euro/month VM from a budget provider, I don’t think he’s gonna be nesting too many full VMs inside that.

3 Likes

Oh, my mistake, lol. I must have read “owncloud” and mistook that for a typo for local cloud hosting…

Docker is the way folks usually go then. The company, Docker, I’ve read is having some rather serious financial difficulties, so I suppose you may need to be prepared in case there’s a issue there and I’ll leave the config to the more qualified folks on this topic! :slight_smile:

I am trying to avoid pain, so what would be your suggestion as an SA for hosting said services? I am reasonably happy with my owncloud setup so as long as its not much more of a pain its ok.

It’s not about the initial setup so much as the ongoing maintenance and reserved head space you need to keep it running and secure. Anyway, I would suggest using docker containers for process separation and some degree of security.

Docker is useful for running multiple services on a single operating system. There’d be usecases for running VMs and then Docker on top of the VM, but more likely, it’d be one or the other. Either you run an entire VM for every service, or you run one OS and use Docker containers. The advantage of Dockerizing is that you remove overhead but still maintain independent dependencies (is that a term??). i.e. my Docker container for Nextcloud has it’s own PHP, my Docker for WordPress has it’s own PHP, etc. So it makes it nice and clean and everything can update independently of each other, but without the overhead of an entire OS for each service.

1 Like

I’ve always wanted to know more about how this works, but I’ve never had a reason to do it.

I admit, I really LOVE running unlimited full VM guest hosts on Windows Server 2012 R2 Datacenter. The Domain Controller system and group policy abilities are something I’ve used a LOT and it just has such a smooth overall configuration experience with great continuity. It’s a shame that home testers and non business developers can’t get full registered copies for free. That would be huge for retaining Microsoft junkies like me that feel betrayed by every client release post Windows 7. That was a blathering tangent, lol… but yes, Docker seems like a pretty slick and useful technology in lieu of those things.

Agreed. So what would you recommend as a sysadmin for someone needing said services (not necessarily exact same apps)? What do you use/would use in my position? For email it probably would be easier just to go with gmail for business but I really want to move away from google if possible…

Maybe instead of scaleway, something like kimsufi.com … and possibly this yunohost.org.

If you want to be an admin, go towards a solid dedicated server with the right parameters for your needs and financial possibilities.

If you want a light separation of services and less minded as an admin then move key services such as e-mail and websites to separate solid webhosting and let
others worry. There will be no miracles for such money!

What budget do you have for these solutions? For 3 euros it will not be a miracle. Cheap dedicated server or small vps. Possibly modest webhosting.

For 36 euros / year I have a modest WH …

20GB (ssd). Unlimited monthly transfer. No restrictions for www, email, databases.
PHP 5.6, PHP 7.0, PHP 7.1, PHP 7.2 and PHP 7.3
Django, Pyramid, Catalyst, RoR, Node.js, Redmine, Trac
Python, Ruby, Perl, Java, TCL / TK, Lua, Erlang, Pascal, C, C ++, D
GIT, SVN and HG (Mercurial) repositories
MySQL 5.7, PostgreSQL 9.6, MongoDB 4.0
SSL certificate support (SNI)
Free Let’s Encrypt certificates
Web Application Firewall (WAF)
Two-factor authentication (2FA)
DNS zone control
.Htaccess and mod_rewrite file support
Own error pages
HTTP / 2 support
Unlimited number of email aliases
Antispam protection
Antivirus protection
Email via IMAP and POP3 with SSL / TLS encryption
Mail via WWW (webmail)
SSH access
Crontab tasks
The ability to run your own software
Daily backups
RAM limit 1GB
System processes 40
Limit of sent e-mails (day) 5000

Private IP Address - 3.5 euros / month
10 GB of disk space - 1.5 euros / month
1 GB of RAM - 2.5 euros / month

If you want to do everything yourself then containers or virtualization. Server security is a river topic …

I’m a huge fan of docker for multi purpose servers.
The major Upside of Docker: Your individual installation is worth nothing. If you set up your compose files correctly, put a bit of thought into configuration and volumes, you can basically spin up and down as many instances of what ever you need without worrying about loosing data or configuration.
Updates are handled by docker too with properly staging updates of components and such.
You also get proper network segmentation “for free” if you set it up, without having to worry about configuring everything by hand.

I don’t want to make this a docker workshop, so, if you plan a flexible environment where you want to test stuff and plan frequent changes/updates, docker is great.
If you want a “set it and forget it” kind of thing, installing things locally as packages or in individual VM’s is fine.

I looked into many hosts and I couldn’t find anything that beats scaleway. I mean 2.99€+VAT for dedicated server with 2GB RAM, 50GB NVME, 4 cores and static IP seems pretty damn good. It’s also one of the few based in EU which is a bonus for me. That’s why I am considering going with 2 servers if there is a reasons such as security or reliability/maintainability. Budget is really limited by what non self-hosted services would cost as then it wouldn’t make financial sense.

kimsufi.com also looks really good price wise for nextcloud if I ever need more than 50GB storage. Right now my upload is too slow to do any significant backups. FTTH is coming but that could take up to 7 years…

Yunhost looks really compelling. If anyone is using it can you comment on a couple of things below. Can you reasonably install/host apache server for other web stuff? How is hosting email on it? Anything else worth being aware of?

Personally, I’ve never used scaleway so I don’t have experience with them. I have been using kimsufi and ovh for over a decade. Kimsufi is ovh just a cheap sub brand.
Scaleway offers bare metal at this price? Is it just a virtual server? As vps it is not surprising that such a price. If bare metal is a price shock. The question is how it works. Because very cheap vps on paper are beautiful but in terms of speed of action are like blood from the nose. I used several such vps at arubacloud.com when they had the cheapest vps for 1.2 euros / month. Yes, it worked, but it’s hard to call it a particularly comfortable solution. So these marketing tricks like nvme in the case of vps mean so little. If bare metal is heavily loaded then …

In the case of kimsufi, I mainly mean bare metal KS-1 for less than 5 euros / month. Atom D425 1.8GHz, 2GB DDR3 1066, 500GB, 100Mbps. Location France. With OHV’s extensive network core, transfers are not a problem.

Are you sure you need your own server? Maybe shared hosting will be better?

Or buy yourself a Odroid HC1 and put it at home if you have some free Mb / s on your connection. Hide behind cloudflare. Unless it is to be serious, then it is rather a waste of time. :wink:

I also saw cheap vps for 4.5 euros / three months, EU location. 2GB RAM, 25GB NVMe. To test at this price … certainly there will be no miracles.

They definitely say it baremetal, they also have ARM vps at same prices. it’s billed per hour so can test it out. I moved worpress site to it and ran perf test on both servers, it was significantly slower (maybe 40% slower load times) but very much usable. I haven’t had any performance issues and it wouldn’t matter much for cloud storage and similar apps anyways. Kimsufi also advertises dedicated servers from 3.99 so price seems in line. For website with any traffic I would upgrade or move to managed hosting.

Home hosting is not an option due to slow net and even then I wouldn’t do it. Don’t need my own server but managed servers are limited. I recall not being able to setup custom DDNS, config apache etc.

Went ahead and installed yunohost on a new instance. Took a while to install but very easy. It doesn’t seem like it it suitable for email though. I see no UI options to config anti-spam features which defeats the point of all in one solution. Many apps are also missing from the marketplace and nextcloud is orphaned so updates are not going to be reliable.

I researched email packages and cowmail looks pretty incredible. It uses SOGO which has a really modern and integrated UI. I think I will go with manual install for all apps with docker where possible. If anyone has any recommendations or suggestion do post them.