Hey there!

I’m thinking about starting a blog about privacy guides, security, self-hosting, and other shenanigans, just for my own pleasure. I have my own server running Unraid and have been looking at self-hosting Ghost as the blog platform. However, I am wondering how “safe” it is to use one’s own homelab for this. If you have any experience regarding this topic, I would gladly appreciate some tips.

I understand that it’s relatively cheap to get a VPS, and that is always an option, but it is always more fun to self-host on one’s own bare metal! :)

  • JubilantJaguar@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    30 days ago

    This is a bit fuzzy. You seem to recommend a VPS but then suggest a bunch of page-hosting platforms.

    If someone is using a static site generator, then they’re already running a web server, even if it’s on localhost. The friction of moving the webserver to the VPS is basically zero, and that way they’re not worsening the web’s corporate centralization problem.

    I host my sites on a VPS. Better internet connection and uptime, and you can get pretty good VPSes for less than $40/year.

    I preferred this advice.

    • dan@upvote.au
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      30 days ago

      You seem to recommend a VPS but then suggest a bunch of page-hosting platforms.

      Other comments were talking about pros and cons of self-hosting, so I tried to give advice for both approaches. I probably could have been clearer about thay in my comment though. I edited the comment a bit to try and clarify.

      I have some static sites that I just rsync to my VPS and serve using Nginx. That’s definitely a good option.

      If you want to make it faster by using a CDN and don’t want it to be too hard to set up, you’re going to have to use a CDN service.

      Self-hosted CDN is doable, but way more effort. Anycast approach is to get your own IPv4 and IPv6 range, and get VPSes in multiple countries through a provider that allows BGP sessions (Vultr and HostHatch support this for example). Then you can have one IP that goes to the server that’s closest to the viewer. Easier approach is to use Geo DNS where your DNS server returns a different IP depending on the visitor’s location. You can self-host that using something like PowerDNS.

      • JubilantJaguar@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        30 days ago

        I have some static sites that I just rsync to my VPS and serve using Nginx. That’s definitely a good option.

        Agree. And hard to get security wrong cos no database.

        If you want to make it faster by using a CDN and don’t want it to be too hard to set up, you’re going to have to use a CDN service.

        Yes but this can just be a drop-in frontend for the VPS. Point the domain to Cloudflare and tell only Cloudflare where to find the site. This provides IP privacy and also TLS without having to deal with LetsEncrypt. It’s not ideal because… Cloudflare… but at least you’re using standard web tools. To ditch Cloudflare you just unplug them at the domain and you still have a website.

        Perhaps its irrational but I’m bothered by how many people seem to think that Github Pages is the only way to host a static website. I know that’s not your case.

        • dan@upvote.au
          link
          fedilink
          English
          arrow-up
          1
          ·
          30 days ago

          That’s not Cloudflare-specific; you can use any CDN that supports origin pull in the same way :)

          It’s not ideal because… Cloudflare… but at least you’re using standard web tools. To ditch Cloudflare you just unplug them at the domain and you still have a website.

          Definitely agree with this! That’s one of the pain points of “cloud” services - they really try to lock you in, making it impossible to swotch.

          without having to deal with LetsEncrypt.

          You still need encryption between your CDN and your origin, ideally using a proper certificate. Let’s Encrypt (and other ACME services like ZeroSSL) are pretty easy to use, and can be fully automated. I’m using Let’s Encrypt even for internal servers on my network, using a DNS challenge for verification instead of a HTTP one.

          Perhaps its irrational but I’m bothered by how many people seem to think that Github Pages is the only way to host a static website

          It’s strange because out of all the possible options, Github Pages is the most basic. You have to store your generated files in a Git repo (which is kinda gross) and it barely supports any features. For example, it doesn’t support server logs or redirects.

          I guess it’s popular because people already use Github and don’t want to look for other services?

          • JubilantJaguar@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            29 days ago

            You still need encryption between your CDN and your origin, ideally using a proper certificate.

            It can be self-signed though, that’s what I’m doing and it’s partly to outsource the TLS maintenance. But the main reason I’m doing it is to get IP privacy. WHOIS domain privacy is fine, but to me it seems pretty sub-optimal for a personal site to be publicly associated with even a permanent IP address. A VPS is meant to be private, it’s in the name. This is something that doesn’t get talked about much. I don’t see any way to achieve this without a CDN, unfortunately.

            I guess it’s popular because people already use Github and don’t want to look for other services?

            Yes, and the general confusion between Git and Github, and between public things and private things. It’s everywhere today. Another example: saying “my Substack” as if blogging was just invented by this private company. So it’s worse than just laziness IMO. It’s a reflexive trusting of the private over the public.

            • dan@upvote.au
              link
              fedilink
              English
              arrow-up
              1
              ·
              29 days ago

              it seems pretty sub-optimal for a personal site to be publicly associated with even a permanent IP address

              What’s the downside you see from having a static IP address?

              I don’t see any way to achieve this without a CDN, unfortunately.

              I think you’re looking for a reverse proxy. CDNs are essentially reverse proxies with edge caching (their main feature is that they cache files on servers that are closer to a user), but it sounds like you don’t really care about the caching for your use case?

              I don’t know if any companies provide reverse proxies without a CDN though.

              • JubilantJaguar@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                29 days ago

                What’s the downside you see from having a static IP address?

                What’s the downside to having one’s phone number in the public directory? There’s no security risk and yet plenty of people opt out. It’s personally identifying information.

                I don’t know if any companies provide reverse proxies without a CDN though.

                Exactly.

                • dan@upvote.au
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  29 days ago

                  What’s the downside to having one’s phone number in the public directory?

                  The difference is that an IP of a VPS doesn’t directly connect back to you. It’s in the provider’s name. Some providers let you change your IP address to a different one for a small fee.

                  • JubilantJaguar@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    28 days ago

                    Yes yes, I know all that. The fact remains that a permanent IP associated with an individual is personally identifying information. Even the variety in browser requests counts as such according to the GDPR, and that is usually pooled with lots of other users. This is clearly a level above that. It’s why, for example, I would not use the VPS for proxy web browsing: zero privacy.