So, serious question, should I self-host my servers in AWS?
this post was submitted on 19 Oct 2025
117 points (96.8% liked)
Selfhosted
52411 readers
882 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
Why would you?
Working on setup reserve proxy properly. With all this research and testing, im going to be ans expert in the area, just to never speak about to another human being... except on and another post
Updated to OpenSuSE Leap 16.0 with the autotool and it broke some things, but nothing terrible. Had to fix network config and add back Packman for ffmpeg for Jellyfin to work but that was about it
I installed immich and began migrating our phones away from Google.
I am playing around with Podman Quadlet and that's one hell of a rabbit hole. I have everything up and running, and now I need to configure the containers, and probably will deal with other pain points, etc.
The good thing is that I have documented the whole process so it is reproducible but it took me quite some time to figure out everything.
Would you mind sharing your process in a write up?
I will definitely do that, I just want to finish the whole setup.
almost done re setting everything up after a catastrophic failure (ended up replacing multiple drives, the CPU, the motherboard, the psu, and the ram).
now I'm just running long command after long command, waiting for drives to zero, ensuring extended smart checks pass on new drives, cloning to my backup drives...
this things been down for a few weeks and I'm so excited to have it back up soon!
anyways, moral of the story is, the 3-2-1 strategy is a good strategy for a lot of reasons. just do it, it may save your ass down the line.
Finally managed to carve out some time since the birth of my daughter two months ago to tinker around a bit. Decided to tackle my gripe to semi-automate updating my services when there is a new release.
Now I have Renovate running on my self-hosted Forgejo instance using Forgejo's actions and a "Podman in Podman" image for its runners. Don't ask me why I wanted to do a PINP instead of DIND - I guess I like to punish myself. But at least this means everything I deploy is running with Podman 😄
A self hosting thing that I did after having a kid that's helped us tremendously is hook up an internal camera to frigate to use as a baby monitor, and then have automations in home assistant to automatically change which parent gets notified about crying in the middle of the night based on an agreed-upon "shift". Just a thought to consider :)
I love the idea! I was actually thinking about building something like a baby monitor with cameras instead of just buying one, so your comment further inspires me to follow up on that. May I ask what camera you were using?
I think it was an older model of this one, but I'm not sure. Just a random amcrest I had lying around.
It's also worth pointing out that there are a few self-hosted solutions actually meant to act as baby monitors doing stuff like sleep/wake differentiation. I just had trouble getting one of them going and just thought screw it I'll just use frigate and noise levels to detect crying sounds since he was older and hardier.
CLOUDFLARE IS NO MORE FOR MY NETWORK
Soon I'll drop Cloudflare for my public services too
What are you moving to?
Anubis, though I always had it before I removed Cloudflare.
I did have troubles passing the Anubis check from time to time. It does not offer an alternative way to prove you're not a bot and locks you out of the website completely.
load more comments
(1 replies)
Working on getting bazarr to work with Plex, turns out it still requires radarr/sonarr even if I don't sail the seven seas. Guess I'll be learning the entire stack tonight :)
I have been looking for something new.
Last week was moving Immich up to the new release I was on an old version, which meant migrating to an intermediate version to allow a database rebuild. It worked well.
I was bored this week so just ran some wattage testing.
- 15w at idle (800MHz)
- 20w active (3.4GHz)
- 30w peak at boot
load more comments
(2 replies)
I finally got my ISP to enable bridge mode on my modem.
I also learned that I didn't lose port forwarding and related services because I had been moved behind CGNAT or transitioned to IPv6 -- they simply no longer offer port forwarding to residential customers. Ruminate on the implications of that statement so I'm not the only one with blood pressure in the high hundreds.
My ISP did the same thing recently and what was most annoying is they didn't admit to changing anything, while trying to sell me a business account.
This weekend I setup Pangolin on a budget VPS and forwarded it back home. I don't have my VPN backup but it fixed Plex and I can access my security cameras again.
load more comments
(5 replies)
Installed qbittorrent and downloaded a few seasons of Linux isos onto a vps. Discovered accessing those files over SSH to be too slow to play them without buffering so installed filebrowser to get them via http which worked well.
It's been a long long time since I used bittorrent and wow it works so much better these days.
I’ve learned a hard lesson this week. Jellyfin server OS partition run out of free space and corrupted the database. Nothing to do but reinstall. I guess this week I’ll be reviewing backups! 🤣🤣🤣
FYI from the newest release notes for 10.11.0
Jellyfin now actively checks the available free space for its configuration and data directories. If you have less than 2GB of free space in each data directory, Jellyfin now refuses to start to prevent data corruption. Additionally, checks are implemented to prevent certain path misconfigurations that are known to cause issues.
load more comments
(5 replies)
I've had immich but went to homegalley instead. Mostly because I want to keep MY directory structure in case I'm abandoning the choosen platform. Have not regretted my choice (so far ... 8 months)
load more comments
(5 replies)
I've been making another attempt to replace Docker with Podman. The issue is I can't connect to my server through a web browser. I think it's a firewall issue.
Networking and networking troubleshooting is a bit confusing for me and that's the least favourite part about self hosting for me. Turns out I actually enjoy writing scripts more and the challenge of writing POSIX scripts especially.
If I can figure it out, I'll probably write a guide for setting up Podman and Caddy on Alpine Linux since there isn't a lot of recent information out there from what I found in my searches so far.
Rootless podman cannot bind ports <1024, only root can by default (on pretty much any distro I guess). Have you done something like sysctl net.ipv4.ip_unprivileged_port_start=80 to allow non-root processes to bind to port numbers >=80?
I've read about that and I already have that in my notes as well.
It doesn't really affect my needs because my ISP blocks incoming on those ports anyways. Also I'm choosing not to use a tunnel at the moment so I'll be using a higher port anyways.
The last time I asked about it, a few people seemed to agree it was something to do with the firewall settings. That seems most likely since I was able to connect when I disabled my firewall. I'm not a fan of working with iptables. The language for that type of networking is gibberish to me.
I had also tried going from docker compose to rootful podman compose and ran into the same issue. Although I'm trying to work away from podman compose in the future, just taking it in steps.
Good luck 🫡 I made the switch about half a year ago and went all in on rootless quadlets while I was at it. It was a pretty nightmarish couple weeks figuring out things like user id mappings and rootless permissions, but I got there eventually. Landed on a super neat Traefik config that should work for anyone and makes spinning up new quadlets with their own reverse proxied subdomains really simple. I should really post it somewhere…
In the end I wouldn’t exactly say it was worth it… but it sure feels cool to be fully moved into a more open/native container implementation.
Yeah, I mainly just want to move away to more open projects. When I first started, everyone kept suggesting using Cloudflare. After half a year using their service, I just felt icky the entire time.
In the past couple months I was able to move away and chose to protect myself by learning how to harden my server as well as hiding my server behind multiple layers of obscurity.
With my current setup, the only site traffic I get has only been myself and my custom ssh port only gets hit by bots about 3-10 times a week according to my logs. Only time will tell how effective my layers of obscurity will hold up but so far it seems to satisfy my needs better than I was expecting.
Once I get podman in a state I like, I'll pretty much be all open sourced and all I'll have to do for myself is be in maintenance mode unless I care to add a new service. I like to keep things simple so I don't normally go crazy adding new services anyways.
Did the switch from Docker to Podman a couple of months ago. Now I host all my services (arr-stack, Forgejo, Nextcloud, Authelia, Traefik, Immich... to name a few) on my VPS and mini pc/home server with Podman.
I recently sat up headscale to connect my VPS running the Traefik Proxy to my home lab to make some of my services running on there accessible from the internet. It was quite the journey, to say the least, as networking is not my forte either.
But feel free to drop me a pm if you need some inspiration or support, maybe I can help.
Thank you for the offer. I still need a bit more more time to experiment and zero in on the issue again. Fortunately my setup is quite simple and the only bottleneck will be Caddy.
I basically run Caddy which redirects to a static generated blog, simple file server page and a Kiwix instance. I'm mostly making a self hosted reference site of materials for Linux and Scripting resources.
One day I may add a Forgeo instance but currently my entire workflow exists around rsync. I'm happy just having my single file scripts hosted as text files and don't really need the power of git. At least not at the moment.
I’ve set up Uptime Kuma this weekend, monitoring everything from Docker containers, network devices (like IPcams, switches, printers, …), wireguard tunnels, etc etc. (I have 65 monitors set up so far) and a Signal rest api for notifications.
Furthermore, I integrated multiple new ESPHome switches into my Home Assistant setup for cable model reset, alarm system controller reset, etc.
Once I have Uptime Kuma finetuned I will automated som resets.
Uptime Kuma is amazing so far.
load more comments
(4 replies)
Love the post haha! Nothing much here things run rather stable and with low maintance right now.
load more comments
(2 replies)
I have noticed that Microsoft and google are trying to scan my domain for /php-myadmin and similar links that I thankfully do not have.
I had already fail2ban running but it failed to ban a single IP. I did setup custom filters that would ban admin panel scanning attempts but somehow now it also bans my home IP and my phone 5G ip sometimes. No idea how to fix it so far. Also, this filter/jail doesnt necessarily jail everyone attempting to reach these links, just sometimes it does.
I'll have to look at my fail2ban logs and see if I'm having similar issues.
It should be possible to mod your jail to whitelist an IP range on your local Network.
I'm doing that on one of my jails.
Good catch. My IP is dynamic. I'll look into it, thanks!
I've set up Kavita for my e-books. Nice UI, looks promising, and I've added some books. I haven't really used it yet, because half of this was just an excuse to try podman (instead of docker). I wanted to set it up to run as unprivileged user, without the docker daemon running as root. That wasn't too hard, but it was definitely a few extra steps.
But something about Kavita didn't sit well with me. Maybe I don't self-host enough stuff to know what's normal, but there is a donate button, which I don't mind, but its tooltip says: "You can remove this button by subscribing to Kavita+."
I'm donating to a few software projects already, and I have developed a substantial amount of free software myself. There is nothing wrong with asking for money. But what I cannot stand is when software running on my own device is intentionally acting against my interests. And this tooltip was very clear about not letting me do something that I might want to do.
So I checked the source code for more. I found another anti-pattern: telemetry is opt-out instead of opt-in. But that seems to be it, I didn't find anything worse than that. So... fair I guess, if the author wants it that way. It's still free software. It looks like I could delete all the Kavita+ stuff myself and re-build. Which I'm going to do if I keep using it. But this is now an extra step that prevents me from just using it, because I need to feel in control of what I run. Kind of self-inflicted, I guess...
If you reach the point of looking for a different solution, check out Calibre Automated. I tried several different things and this was the best one for me.
load more comments
(4 replies)
Self hosting wise, not much, just ran through updates (I prefer to do this manually) and set up a new box which will host another proxmost host and NAS.
The mobo/CPU that became the new server has been replaced with an Asus prime x370-pro and a spare 1700x to be used as a new endeavoros desktop (their defaults are close enough to what I want I dont bother with full manual install). Mostly need it for a KDE 6 box for dev/testing to go alongside the instances of Trixie/Sid, since I'm considering arch for some work stuff that Debian won't fit the bill for.
view more: next ›