I’m trying to better understand hosting a Lemmy Instance. Lurking discussions it seems like some people are hosting from the Cloud or VPS. My understanding is that it’s better to futureproof by running your own home server so that you have the data and the top most control of hardware, software etc. My understanding is that by hosting an instance via Cloud or VPS you are offloading the data / information to a 3rd party.

Are people actually running their own actual self-hosted servers from home? Do you have any recommended guides on running a Lemmy Instance?

    • PeachMan@lemmy.one
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Not really, you’re ideally paying for a server that you have complete control of. The differences are mostly just fundamental limitations.

      Example: if you’re hosting off site, you will always be connecting remotely, so your access depends on a network connection. If you’re hosting at home then your stuff is still accessible when your internet goes down

    • seshat@lemmy.963.pm
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      It is, if you can host at home and use a cheap vps as proxy is better in my opinion. Like it or not when you host something you will put sensitive info in your vps and ofc you should trust them. Exactly like the vpn providers, they will fight for your rights paying 5 dolars/months? For sure no.

        • seshat@lemmy.963.pm
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          My services are not accessible from my wan, i forward all my services to a cheap vps,using a proxy and trafic is encrypted. So i am not worried about my isp also my real ip is hiden. I use something like cloudflare zero trust… but is open source.

      • ProtecyaTec@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I’m less worried aobut sensitive info and more worried about owning the data. I’m looking to avoid a sitaution where I offload all the data to a 3rd party and lose access or pricing get expensive (like a Reddit situation). I’m more worried by offloading the data to a 3rd party I can’t verify that they’re not reselling it. etc.

    • Alvaro @social.graves.cl
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      @ProtecyaTec@lemmy.world not sure what that means but I guess you can do certain thing in your home server not allowed on a VPS. OTOH, an email server at home for example is much more difficult to achieve because your ISP most likely won’t allow you to open port 25

      • ProtecyaTec@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I was just reading through Lemmy-Ansible Github docs and wasn’t sure if a 3rd party server or a home server was going to be better to run. The documentation doesn’t feel super user-friendly or maybe I’m just not as tech-savvy as I thought.

          • ProtecyaTec@lemmy.worldOP
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            This may be way of scope for this thread but I’m not sure a better place yet to ask and learn more about how all this works. Say I run my Docker Container from a home PC, how do I make my Lemmy Instance accessible to the public? I’m familiar with web hosting but only from hosting on a simple 3rd party, where you buy a domain.

            • cbAnon0@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              1 year ago

              Agree with the VPS in this case. For sure you can create public-facing services in a home server or home lab, but to do so you need:

              1. Domain name hosting.
              2. an Internet Service Provider who will allow you expose port 80/443 web services and on a Static IP (most do not, or paid extra on business plans). OR use a Cloud proxy like CloudFlare which your home IP can be updated through a DynDNS service and served on private ports.
              3. Setup NAT/Port Forwarding on your modem to route incoming requests to internal services. First to a firewall or threat gateway like PFSense, a web proxy like Traefik/NGinX, and security harden and maintain your modem, router, network and served applications.

              If you’re new to these things, Id start with something more mature for personal or family home use first. Like NextCloud, HomeAssistant or Jellyfin media server. Lots of YouTubers have covered how these can be set up as a reference.

              Lemmy is still alpha, full of bugs and security vulnerabilities and needs regular hotfixes and babysitting. Permitting Joe Public into your home services is ripe for disaster unless you have the time and expertise.

              • PuppyOSAndCoffee@lemmy.ml
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Operating internet-facing services in the home, in my opinion, requires a layer-3 managed switch so that internet traffic is 100% separated from home traffic, w/attendant DMZ to bridge home<-> internet-facing services safely.

                L3 managed is the simplest method to contain a penetration to just the internet-facing devices (which is still pretty bad). Cloud hosting is more manageable, but you must watch the spend.

                The biggest issue is a DDoS attack on the home network, which could impact internet-facing services and home clients (streaming TV, gaming, email, etc.).

                • cbAnon0@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  1 year ago

                  Agree. Best to have that dedicated hardware, and a degree in network engineering first! Hah :)

                  tech waffle...

                  You might achieve network isolation without dedicated managed switches by: using prosumer routers or OpenWRT, with a Hypervisor like Proxmox, which support VLAN tagging. But this wouldn’t save your home connection from a DDoS. To help with that, running public services behind CloudFlare seems to be one of the better choices, even our Lemmy hosts are using.

                  If you’re starting out, best keep internet facing home services private through a VPN, maybe ZeroTier or TailScale. Don’t advertise them publically at all.