For this new year, I’d like to learn the skills necessary to self host. Specifically, I would like to eventually be able to self host Nextcloud, Jellyfin and possibly my email server too.
I’ve have a basic level understanding of Python and Kotlin. Now I’m in the process of learning Linux through a virtual machine because I know Linux is better suited for self hosting.
Should I stick with Python? Or is JavaScript (or maybe Ruby) better suited for that purpose? I’m more than happy to learn a new language, but I’m unsure on which is better suited.
And if you could start again in your self hosting journey, what would you do differently? :)
EDIT: I wasn’t expecting all these wonderful replies. You’re all very kind people to share so much with me :)
The consensus seems to be that hosting your own email server might be a lot, so I might leave that as future project. But for Nextcloud and Jellyfin I saw a lot of great tips! I forgot to mention that ideally I would like to have Nextcloud available for multiple users (ie. family memebers) so indeed learning some basic networking/firewalling seems the bare minimum.
I also promise that I will carefully read the manuals!
Docker really. If something goes bad, trash the container and start again without loosing your actual data.
Mostly Docker.
Portainer and plugging Docker Compose XML into Portainer stacks makes Docker stupid-simple. (personally speaking as a stupid person that does this)
Cloudflare tunnels for stuff people other than you might want to access.
Tailscale if it’s only you.
Reverse proxy & port forwarding for sharing media over Jellyfin without violating the Cloudflare Tunnel ToS.
Dokploy is a pretty easy web gui and is itself a docker container.
Makes it dead simple to manage multiple containers and domains. (Not for power users that need kubernetes level flexibility)
deleted by creator
Where’d you learn Docker basics? I pretty much have no clue what’s going on every time I try to even start.
Totally agree! I’m not a programmer and I have several services running in my home server. I’m just curious and have used Linux for a decade as a normal user. With just these 3 basic knowledge skills you’re good to go.
Perseverance
Experimenting with VMs is the way forward.
Basic networking knowledge is vital. And being able to configure your own firewall(s) safely is an important skill. Check out something like Foomuuri, or Firewald. Shorewall is brilliant for documentation and description of issues (with diagrams!) but it does not use the newer Linux kernel nftables and is no longer actively developed.
Go for it with Nextcloud.
I would also recommend at least having a shot at setting up an email server, although I would recommend pushing through to a fully working system. It is possible, and is very satisfying to have in place. The process of setting one up touches so many different parts of internet function and culture that it is worth it even if you don’t end up with a production system. The Workaround.org ISPMail stuff is a good starting point, and includes some helpful background information at every stage, enough so you can begin to understand what’s going on in the background and why certain choices are being made - even if you disagree with the decisions.
Python is great for server admin, although most server config and startup shutdown snippets are written in BASH. You will no doubt have already begun picking that up as you interact with your VMs.
if you could start again in your self hosting journey, what would you do differently? :)
That’s an excellent question.
If I were to start over, the first thing that I would do is start by learning the basics of networking and set up a freakin’ VPN! IMO exposing services to the public internet should be considered more of an advanced level task. When you don’t know what you don’t know, it’s risky and frankly unnecessary.
The lowest barrier to entry for a personal VPN, by far, is Tailscale. Automatic internal DNS and clients for nearly any device makes finding services on a dedicated machine really, really, easy. Look into putting tailscale right into the compose file so you automatically get an internal DNS records for a service rather than a whole machine.
From there, play around with more ownership (work) over what can touch your network. Switch from Tailscale’s “trusted” login to hosting your own Headscale instance. Add a PiHole or AdGuard exit node and set up your own internal DNS records.
Maybe even scrap the magic (someone else’s logic that may or may not be doing things you need) and go for a plain-Jane Wireguard setup.
For sure use Tailscale for VPN. They have apps for iPhone, Android, macOS, and Linux, so setting up your own personal network will be easy. Hosting on the real internet is definitely advanced and not always necessary.
the patience to read lots of documentation.
And maybe patience to power through a lack of documentation.
These 1000% eventually your gonna run into a problem / situation that does not have much documentation. Powering through step by step logically can test the best of us. You can spend 56 hours in a day on one problem. Give up. The next morning figure it out in 10 minutes. It’s a marathon not a sprint.
Give Nextcloud AIO a shot. I installed bare metal the first time, but AIO has decreased my maintenance burden to next to nothing. Before that, it felt like every update would break my system. I’m a year or two into my transition from Linux nerd to self-hoster. I still fail at things on occasion, but I have learned a lot. I hope it goes as well or even better for you.
I’ve hosted NC for a decade, and the AIO was the first method that doesn’t make me dread updates. And I’ve used pretty much every method of installing it over the years, everything sucked.
I snapshotted every time before and update because I knew it was a crapshoot whether the update was going to crater the system, and I’d roll back and wait for a working update to come out. Before snapshotting, I had to fix borked updates about every second time.
Learn how to properly backup your data in case you nuke something you shouldn’t
And regularly check them. I just found out the hard way this last week that my backups haven’t been running for a few weeks …
Yep.
I have friends in the SMB space, one thing they do is a regular backup verification (quarterly). At that frequency, restoring even a few files (especially to a new VM), is very indicative, especially if it’s a large dataset (e.g. Quickbooks).
In Enterprise, we do all sorts of validation, depending on the system. Some is performed as part of Data Center operations, some is by IT (those are separate things), some by Business Unit management and their IT counterparts.
Unfortunately, that wouldn’t have done anything. Because I did that in December and they stopped running like 2 weeks after my verification. I would have caught it on my next scheduled validation, but that doesn’t help me now 😕
I mean, it still helps right? It limits your losses to X weeks instead of X months or, I hate to say it, X years.
Persistence and reading comprehension.
There’s no need to learn Python or any programming language to self host stuff, you just need to be able to follow blog posts and run some Docker commands.
I’m a software dev and haven’t touched a single line of code on my NAS. Everything is docker compose and other config files.
No special knowledge needed except the very basic ability to understand and run commands from documentation.
Until you run into some kind of problem :D
It really depends. I actually needed to learn a bit about networking to be able to host multiple things on nginx on the same port. Internally they run on different ports, but they can get routed by the host name
Networking isn’t specific to Linux. It’s just networking. Nginx configs work the same on every OS.
Who said anything about linux
Setting up jellyfin, I used docker on debian, and an old Quadro card. What could possibly go wrong?
Turns out that week the Nvidia drivers got a faulty update pushed to debian stable and caused an error with getting the GPU to work in any container. I could either wait a week or pull the simple fix from testing. So impatiently I pulled it from testing.
Why didn’t you do a rollback?
Learning Linux is a great start.
Learning any coding language will help you understand a bit more about the programs will work, however there isn’t much need to actually learn a specific language unless you plan to add custom programs or scripts.
The general advice for email is don’t. It’s very risky to host and it’s a big target for spam. Plus there’s challenges getting the big companies to trust your domain.
However hosting things behind a VPN (or locally on your home network) can let you learn a lot about networking and firewalls without exposing yourself to much risk.
I have no direct experience with next cloud but I understand it can be hosted on Linux, you can buy a Synology NAS and run it in that, or use something like TrueNAS.
Personally my setup is on one physical server so I use Proxmox which lets me run 2 different Linux servers and trueNAS on one single computer through virtual machines. I like it because it lets me tinker with different stuff like home assistant and it won’t affect say my adblocker/VPN/reverse proxy. I also use Docker to run multiple services on one virtual machine without compatibility issues. If I started again, I’d probably have gotten bigger drives or invested in SSDs. My NAS is hard drives because of cost but it’s definitely hitting a limit when I need to pull a bunch of files. Super happy with wireguard-easy for VPN. I started with a proprietary version of openVPN on Oracle Linux and that was a mistake.
Is there a good way to not self host email yet maintain good control? Like storing it on a local device. I know that addresses are portable with a domain, but still.
I feel like objecting to the “General advice about email is don’t” thing but I don’t know if I understand the objections well enough to refute them. I self host email for mspencer.net (meaning all requests including DNS are served from hardware in my living space) and I have literally zero spam and can’t remember the last time I had to intervene on my mail server.
On one hand: My emails are received without issue by major providers (outlook, gmail, etc) and I get nearly zero spam. (Two spam senders were using legitimate email services, I reported them, and got human-seeming replies from administrators saying they would take care of it.) And I get amusing pflogsumm (summarizes postfix logs) emails daily showing like 5 emails delivered, 45 rejected, with all of the things that were tried but didn’t work.
On the other: most of the spam prevention comes from greylist, making all new senders retry after a few minutes (because generally a legit MTA will retry while a spammer will not) and that delays most emails by a few minutes. And it was a bear to set up. I used a like 18 step walkthrough on linuxbabe dot com I think, but added some difficulty by storing some use and alias databases on OpenLDAP / slapd instead of in flat files.
But hey, unlimited mail aliases, and I’m thinking of configuring things so emails bounce if they seem to contain just a notification that terms and conditions are updated somewhere. I don’t know, cause some chaos I guess.
And I have no idea if my situation is persuasive for anyone because I don’t know what the general advice means. And I worry it’ll have the unfortunate side effect of making self hosting type nerds like me start forgetting how to run their own email, causing control of email to become more centralized. And I strongly dislike that.
I self host many services without any coding languages under my belt. I use Unraid because u found it user friendly for a newb like me. The most important skills I needed were good data backup habits just in case I messed something up, a willingness to read and learn, and the persistence to try more than once.
You don’t really need to know a specific language to self-host anything. But things like YAML, JSON, Docker, and some networking basic will go a long way.
If I could do anything different though, it would definitely be to write more documentation. Document the steps taking setting things up, log notes on when you have to fix something, archive webpages and videos that you used along the way. Currently doing that myself now after some time self-hosting.
One under-appreciated aspect of Docker is that it forces you to document all your setup steps in your dockerfile and docker-config files.
Enough focus to read documentation.
That’s really it. If your purpose is just self hosting learning bash could also be helpful. And yeah Linux would be a great choice.
But mostly, if you want to self host an instance of Nextcloud correctly and without having to deal with too many unexpected things, you have to read the documentation to correctly set it up.
Docker or not docker you will have to deal with configuration, settings, requirements and updates.
Ansible will be really hard without Linux knowledge
Maybe do that later
If you have a VM, there is no need for docker. Start by installing ssh. Enable public key auth. Disable password authentication. Set up fail2ban with ssh. Set up ufw. Set up nextcloud. Avoid hosting your own mail, that’s another level of complexity. If you really need it, try mailcow.
If you have all that and didn’t touch a GUI on your way, you’re good to go.
Absolutely can and should use docker in a VM. ☺️
I would not run anything outside of docker honestly. Docker is so much easier to setup and maintain.
As others have said, you don’t need to know how to code, but you do need to be comfortable editing structured documents, so knowing a little programming does help.
Unfortunately, Nextcloud and email are two of the most difficult things to self-host. This is by reputation, I haven’t tried myself. Email is supposed to be particularly difficult and the usual advice is to not bother.
Jellyfin is pretty straight-forward as long as you don’t have a weird hardware decoding setup and as long as you don’t want remote access. If you do want remote access you need to use third party tools to do it securely. If it’s just for your own use then Tailscale makes it really easy. If you want to share with non-technical users it gets messy.I remember reading that tailscale can’t be used for sharing media, was that wrong?
