I’ve been following this community for some time in order to learn about self-hosting and, while I have learnt about a bunch of cool web services to host, I’m still lost on where/how to start. Does anyone have, like, a very beginner guide that is not just “install this distro and click these buttons”? I have an old laptop that runs Arch (btw), but I’m not familiar with networking at all. So anything starting from “you can check your IP address using ip a
” would be appreciated.
More specifically, I have a domain that I want to point to an old laptop of mine (I intend to switch to a VPS if/when I feel like the laptop is starting to lose it). How do I expose my laptop to the internet for this to work (ideally without touching my router, because I’ll be traveling quite a bit with my laptop and don’t mind the occasional downtime). I assume that once I’m able to type my domain name on my mobile and see it open anything from my laptop, I can then setup all the services I want via nginx, but that’s step 2. I tried to follow a few online guides but, like I mentioned, they’re either too simplistic (no I don’t want to move to Ubuntu Server just for this) or too complex (no I don’t know how DHCP works).
Thanks in advance
It sounds like maybe you’re looking for a primer on how networking works across the internet? If so, here’s a few concepts to get you started (yeah unfortunately this huge post is JUST an overview), and note that every one of these services can also be self-hosted if you really want to learn the nuts & bolts…
DNS is the backbone of everything, it is the service that converts names like “lemmy.world” into an actual IP address. Think of it like the phone book of the internet, so like if you wanted to call your favorite pizza place you would find their name, and that would give you their phone number. Normally any domain that you try to reach has a fixed (or static) IP address which never (or rarely) changes, and when you register your domain you will point it to a DNS server that you have given authoritative access to provide the IP where your server can be found.
But what if you’re running a small setup at home and you don’t actually have a static IP for your server? Then you look to DDNS (Dynamic DNS) and point your domain’s DNS to them. There are several free ones available online you can use. The idea is you run a script on your server that they provide, and every time your IP from your ISP changes, the script notifies the DDNS service, they update their local DNS records so the next person looking for your domain receives the updated IP. There can be a little delay (up to a few minutes but usually only seconds) in finding the new address when your IP changes, but otherwise it will work very smoothly.
You mentioned DHCP, so here’s a quick summary of that. Basically you are going to have a small network at your home. Think of your internet router as the front-end, and everything behind it like you computers or mobile devices are going to be on their own little private network. You will typically find they all get an IP address starting with 192.168.* which is one or the reserved spaces which cannot be reached from the internet except by the rules your router allows. This is where DHCP comes in… when you connect a device it sends out a broadcast asking for a local network IP address that it is allowed to use. The DHCP server keeps track of the addresses already in use, and tells your device one that is free. It will also provide a few other local details, like what DNS server to use (so if you run your own you can tell the DHCP service to use your local server instead of talking to your ISP). So like the phone book analogy, your DHCP service tells all of your local devices what phone number they are allowed to use. other Now to put all of this together, you probably have a router from your ISP. That router has been pre-programmed with the DHCP service and what DNS servers to use (which your ISP runs). The router also acts like the phone company switchboard… if it sees traffic between your local devices like a computer trying to reach your web server, it routes those calls accordingly. If you are trying to get to google then the route sends your call to the ISP, whose routers then send your connection to other routers, until it finally reaches google’s servers. Basically each router becomes a stepping stone between your IP address and someone else’s IP address, bringing traffic in both directions.
OK so now you want to run a web server for your domain. This means that besides getting the DNS routing in place, you also need to tell your router that incoming web traffic needs to be directed to your web server. Now you need to learn port numbers. Web pages traffic on port 80, and SSL pages use port 443. Every type of service has its own port number, so DNS is port 53, ftp is port 21, and so on. Your router will have a feature called port-forwarding. This is used when you always want to send a specific port to a specific device, so you tell it that any incoming traffic on port 80 needs to be sent to the IP address of your web server (don’t worry, this won’t interfere with your own attempts to reach outside websites, it only affects connections that are trying to reach you).
Now if you’ve followed along you might have realized that even on your local network, DHCP means that your server’s own IP address can change, so how can you port-forward port 80 traffic to your web server all the time? Well you need to set a local static IP on your server. How that is done will be specific to each linux distribution but you can easily find that info online. However you need to know what addresses are safe to use. Log in to your router, and find the DHCP settings. In there you will also see a usable range (such as 192.168.0.100 to 192.168.0.199). You are limited to only changing the last number in that set, and the router itself probably uses something like 192.168.0.1. Each part of an address is a number between 0-255 (but 0 and 255 are reserved, so except in special cases you only want to use the numbers 1-254), so with my example of the address range being used by DHCP, this means that you would be free to use any address ending in 200-254. You could set the static IP of your web server to 192.168.0.200, and then point the port-forwarding to that address.
Now remember, your local IP address (the 192.168 numbers) are not the same as your external internet address. If you pay your provider for a static internet address, then your router would be programmed with that number, but your web server would still have its local address. Otherwise if you’re using DDNS then you would tell that service the outside IP address that your router was given by your ISP (who coincidentally is running a DHCP that gave your router that address).
Let me see if I can diagram this… OK so imagine your router has the internet address of 1.2.3.4, your web server has the local address of 192.168.0.200, and someone from the internet who has address 100.1.1.1 is trying to reach you. The path would be something like this:
100.1.1.1 -> (more routers along the way) -> your ISP -> 1.2.3.4 (router) -> 192.168.0.200 (server)
They send a request to get a web page from your server, and your server send the page back along the same path.
Yes there’s a lot to it, but if you break it down one step at a time you can think of each step as an individual router that looks to see if the traffic going to something on the outside or going to something on the inside. Which direction do I need to send this along? And eventually the traffic gets to a local network that says “hey I recognize this address and it needs to go over to this device here.” And the key to all of this routing is DNS which provides hints on where to forward the information to the next router in the path. I can break things down further for you if something isn’t clear but hopefully that gives you a broad overview on how things move around on the internet.
Holy shit dude, that was actually very helpful! I’ll need a few more go-throughs to fully grasp every piece here, but thanks a ton for writing it so precisely.
Based on this though, is there no way to have port-forwarding except setting it up explicitly in my router? I ask this because 1) in my personal setup, I’ll be switching between wifi and mobile data quite often, and 2) I may end up on an institutional wifi after some time, in which case I won’t have access to the router
You might want to consider setting up a VPN tunnel to your own network. Main benefit is that you can access your home network as if you were connected to it locally. Which makes switching between mobile data and WiFi a non-issue.
This requires some sort of VPN server and usually a single port-forwarding rule for the protocol which your VPN software of choice uses. For the simplest default configuration of OpenVPN this means setting UDP port 1194 to point to your OpenVPN server.
Generally, keeping things simple, there’s two types of VPN you can set up:
- split tunnel VPN, which gives you access to your home network but accesses the internet directly.
- full tunnel VPN, which sends all of your traffic through your home router.
It is a little more complicated than that, and there’s more nuance to it, such as wether to user your own DNS server or not, but all that is best left to some further reading.
I’ve setup an OpenVPN server myself, wich is open source and completely free to mess around with. (Save for maybe some costs for registring your own domain or DDNS serviced. Those are all optional though, and mainly provide convienience and continuity benefits. You can definitely just setup a VPN server and connect with your external IP adress)
Or use Tailscale, it’s quite easy and it’s how I access all of my services
Sorry for the late reply, we had a yard sale today and then company this evening so I’m just getting back to the computer. God this feels like the longest I’ve been offline in like a decade! Anyway I’m glad it was helpful, I literally rolled out of bed and this was the first post I read this morning so I just started typing, I was a bit worried I might have been incoherent writing so much before I even had breakfast but hey if it came across then I’m glad I helped!
Happy to see others have already stepped in to answer your questions, as with most things there are multiple solutions to your challenges but the first goal is to understand what’s going on so you know the right questions to ask. Get your basic setup in place, poke around to see how it all interconnects, and you’ll start understanding how other things come in to play. The bit I mentioned about being able to direct your port 80 incoming traffic without affecting your web browsing from another computer (which of course ALSO talks on port 80) really tripped me up until I realized I was overthinking things, so I just trusted that it would keep working and eventually I did find the answers.
So as I mentioned, yep there really is a lot of information to digest when you’re learning how networking works, but once you get some of these basics concepts down then the rest will start coming easier. A lot of what I have learned comes from taking a single piece, playing with it a bit to get the hang of essentially what it is doing without getting so deep that I’m overwhelmed, and then moving on to the next piece to see how they interconnect. If you do that long enough you’ll start coming back to the first pieces and going deeper into them. Or you’ll find some pieces that you can get by only knowing the basics and you’ll never need to dig any deeper. The big thing is having an overview of how things connect to each other because yeah, you’re going to want to try different things with your servers. Just wait until you build your first firewall with multiple internal networks and even multiple ISP connections (my home network has five local zones plus two ISPs – just because I can!)…
Haha I think it’s best if I stop running towards just getting my own server up and actually learn this stuff instead, regardless of how long it takes. I’ll try to follow through on this, thanks again for all the help :D
Hey no worries, you’ll get there. Just kick back and enjoy the ride, because its a lot of fun learning all this stuff!
Correct. What you’d need in that case is a reverse proxy like ngrok, which is a bit more difficult to set up.
Honestly one of the most well written posts I’ve read. Thanks a lot, helped me understand all of this networking stuff involved with self-hosting since I literally just bought a PC to function as my home server like 2 days ago.
Thanks! Maybe if I hadn’t just climbed out of bed five minutes before writing that I might have been able to organize the info a little better, but apparently everyone is happy with it. 😄
Don’t get caught up on needed fancy new hardware to run servers from, the last new computer I bought was a 386. This Spring I just rolled my VM servers off of some 2006 rack servers (dual-core and 8GB of memory, getting a bit painful!), and I’m serving up live internet content. You can go a long ways with old hardware. I always say play with what you’ve got, or with the stuff other people are throwing away. By doing this you can push a machine to its limits to see what it can really handle, which gives you a good idea of what hardware you want to upgrade to for YOUR specific needs. My new servers are from 2012-2014, and a massive upgrade at about $150 each!
Start with Docker/Containers.
Once you understand the basics of it you can start selfhosting all sorts of applications from/on your laptop with very little effort. For Docker Command Line Basics there are tons of free tutorials online. If that’s to big of a step in the beginning, start with a Portainer (spinning it up is basically just copy and paste one little command) the rest can be done from the GUI. Docker will also help you to figure out what you might think is worth „selfhosting“ for yourself. Because selfhosting is almost like clothing: Everyone has their own taste and style.
Wait, does Docker work without me setting me the IP address and all that stuff too? Coz that’s the stuff I’m more confused about. At least in my head, setting up docker is just launching the service and, optionally, setting reverse proxy. But wouldn’t that work solely on my own device instead of the internet?
Yes it is that simple. In the beginning you can reach your services via localhost or simply the IP address of your laptop (followed by the specific port).
Understood. Guess I’ll figure out setting up all the services before I get to figuring out putting them beyond my local network. Thanks!
This is the way! Don’t worry about vpn, proxies and tunneling before you know where you’re heading.
I have an old laptop that runs Arch (btw), but I’m not familiar with networking at all.
Actually the networking stuff is terribly important for selfhosting.
I recommend a different approach than most other commenters: buy two small WiFi routers and install openwrt there. Check here that the new devices support openwrt: https://openwrt.org/toh/start
Then go through some of the tutorials and forum examples about openwrt. Most of them are very good. You are going to learn the basics as well as some fun things you can do with networking/routing, and also much about network security.
Your selfhosting will become so much easier then.
Oh I’ve never heard about openwrt, but it sounds interesting. I’ll check it out, thanks!
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CGNAT Carrier-Grade NAT DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol NAS Network-Attached Storage NAT Network Address Translation Plex Brand of media server package SBC Single-Board Computer SSD Solid State Drive mass storage SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TCP Transmission Control Protocol, most often over IP UDP User Datagram Protocol, for real-time communications VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) nginx Popular HTTP server
[Thread #66 for this sub, first seen 19th Aug 2023, 14:05] [FAQ] [Full list] [Contact] [Source code]
It depends on what you want, but here is where i started:
I watched a lot of youtube videos about opensource software. Then i got a nice second hand server that was quiet and didnt use too much power. I installed ProxMox on it instead of VMware (opensource) and then i slowly started to build VM’s for whatever i wanted to selfhost.
A very important aspect that a lot of users ignore is security. You need to keep everything up to date. Follow sites with regards to your software (you can aelfhost freshrss. So thats a nice start) and keep “up” with cybersecurity.
These days i have a small server with Alpine installed on it. Since most my selfhosted things now come in docker. If you go that way, learn yourself everything anout docker and docker compose. Compose is a really powerful tool once you work with docker!
I’ve been putting off learning docker for a while now, guess it’s finally time to dive right into it. Thanks for the info about freshrss, I’d been looking for ways to get more into cybersecurity and this might be it
I’m not at home now, but i will try to remember to post you some links to rss feeds i follow :-)
deleted by creator
Welp, port-forwarding seems to be the major issue then, since I’m soon going to shift to an institutional wifi where I may (not) have access to the router. But you’re right, I should try getting familiar with what I have first lol. Thanks!
There is this mostly French community (second language English) called yunohost (read y u no host) that provides a selfhosting solution accessible for beginners. They even offer one free domain to familiarise yourself hands on (+letsencrypt certificate). I have been using this for two years and it works well, I ran into issues but learned a lot in the process, community and devs are nice and helpful. Based on debian. https://yunohost.org/#/index_en They package most of the popular applications you’d expect for selfhosting (nextcloud, owncloud, WordPress, drupal and easily a hundred other apps)
That’s super cool, I’ll check it out. Thanks a lot!
If you are absolute beginner and OK with setting up things few more times in the future, start eith Yunohost. I get the grasp of everything while I’m using it.
I second containers. I use Unraid and have found it pretty simple to get started. At one point I was using a vm on unraid as my gaming machine, although I have moved away from that and now have a low power Unraid server for hosting.
I agree. Unraid is great because it is user friendly and easily scalable. I started using it a few years ago just to set up a NAS with two HDDs and a Plex library and now have over 50 containers and 8 drives. That’s the beauty of it. You want more drives, just add one. I feel like TrueNAS is probably technically better but this feature was really important to me because I had a feeling that scaling up would be in my future.
The community is very supportive and SpaceInvader One is an amazing resource, as well as Trash (SIO is not trash, Trash is the name of another resource lol)
To point your domain to your machine you can use Cloudflare tunnels. If you don’t want it publicly available, you can use a VPN.
I was also going to suggest tunnels (Cloudflare, ngrok, etc) as a great way to test out your setup without worrying about the networking side. They’re not a great long-term solution, but a great step before diving into vpn configuration or messing with a new router.
This is what I was planning to go with, until I read a couple posts/comments here about privacy issues with this approach (something something cloudflare has to read every incoming request to stop spam). By VPN, you mean I just connect the server to a VPN and put the VPN’s address as my server’s address?
I know as little as you do about selfhosting, but I just want to point out, if
ip a
generates a convoluted/confusing output, I would recommend usinghostname -I
instead. It just prints out all your IP-addresses, with no additional info.Oh interesting (now, if only I can recall this the next time I need it)
If you want something publicly accessible (like google, etc) you will have to open a port on your router and point it to your laptop.
If you want something privately accessible (like your router website) then you do not need to touch your router but both devices (laptop and phone) will need to be on the same private network.
What is not possible is to take your laptop to a hotel somewhere, leave it on while you take your phone out in the city and access your laptop via the public internet. You would need access to the hotel router to allow it. I believe this is what you’re trying to do from your post above.
IF you want to do something like what I said. You’ll need an overlay network. It’s basically a virtual private network you can install on your devices. Personally I love tailscale(with headscale) but there are lots. Then you’ll be able to connect to your laptop in a hotel from your phone while you’re away.
I would start with a website that says hello world without SSL/HTTPS. Get this accessible from your phone on the same network, then decide what you want to do and take it one step at a time. SSL next? Public access? Tailscale access? The idea would be to do it all but one thing at a time.
I did try launching a website on my local network, but widening it to the public network is what I was confused about, like you said. But the idea of overlay network sounds interesting, I’ll give it a shot. Thanks!
Your router will get a public IP. For example 1.2.3.4. This is the port your ISP is plugged into. (Perhaps the WAN labeled port) this IP is what you want to access from a different network (cell data, friends house, etc). It’s important that you confirm the WAN IP on your router is a real public IP. Some providers actually give you a private (CGNAT) IP and its a huge pain in the ass. Going to what is my IP or whatever and compare it to your WAN IP on the router website is a good test. They should be the same. If they are, no matter where you are in the world you can access the wan side of your router. If not, tailscale is a good option.
The other port on a router has a private IP, for example 192.168.0.1. This could look 4+ ports but that’s basically just a switch and more or less the same thing.
Anyway, you have to tell your router, if you get something on the WAN port 1.2.3.4 to TCP port 80 you need to forward it to laptop IP 182.168.0.100 TCP port 80.
If this is successful, you need to make sure the laptop firewall allows access to TCP 80 from anywhere. If you can access the laptop website from your phone on WiFi then its pretty safe bet that its allowed from anywhere, unless you told it otherwise.
I like to test public access from on https://canyouseeme.org/
Edit: to add, this will only ever work if you’re at home. Each new network you connect to, you will need to access the router and do the exact same thing to provide access to your laptop. Not ideal, and impossible at something like a hotel or hospital. Overlay network give you a second virtual network that you plug a virtual cable into for all your devices, including phones. If you do this you can just use that second virtual IP to access your stuff no matter where you are.
Ah now it makes a lot more sense. I’ll have to stick with things like overlay network simply because my ISP is super unreliable (for example, I’m out of wifi right now because of mildly incovenient weather lmao)
Its worth it. Super cool. However, it does need internet to work. It just gets around CGNAT and networks you don’t own (hospital, school, hotel, etc) so you can still access your stuff while you’re not at home.
Well, start with what you have, and let that guide your needs.
I started on my own windows xp machine. Before moving to a nas for image storage. Now, I have nextcloud running on a separate machine. With Arch documentation is very good where most services will be turn key. Especially if you don’t mind downtime. The best thing is get to know your setup. As that will be uniquely your setup, and let that guide your journey into madness 😄
Buy a Raspberry Pi or other SBC, firewall it from the open internet (so it’s only accessible from your home LAN) and start installing stuff like nextcloud and jellyfin on it. See if you can access the files from your other devices. That might be a good start.
Going for a RasPi might be a bigger hassle for me due to the market, but I suppose I can try the rest on my laptop as easily. Thanks!
Np :) are Rpis still in short supply? There are other good SBCs, notably odroid. Rpi has excellent community and support but if you are after hardware power you’ll be better off with other brands.
In terms of electricity- laptop is about 65W and SBC is about 4W. If you have a server that you never shut down, the difference will add up.
Gl, hf!
I think you can get the full Orange Pi kit (Pi + sd + power adapter + case) for around 60 bucks on Amazon. There’s also the option of going with a mini PC, you could find them from around 120 bucks.
I know you’re not asking for hardware recommendations, but using an old PC may increase your electric bill way more than any of these options, so that’s something to bear in mind.
That’s fair too. I was just trying to get some use out of my old device, but I think it’ll be better if I simply use to run some CLI tools via SSH that I don’t want running on my main device :P
I just wanted to thank OP for this post. I have the same question, as this is where I’m at. I also plan to run my server from a raspberry pi 4 on a 5T SSD for storage. Is this an adequate setup for a server?
It really depends on what you want to run. I have a clusterHat (four Pi Zeros on a Pi4) that runs a Hashicorp Vault cluster with minimal usage.
The big thing about self hosting is what happens if you (or other people) start to depend on your service - what do you do about hardware failures? Maintenance windows for patching?
To start off, a Pi is fine, but you’ll probably start maxing out your compute and memory (again, depending on workload).
For many, many things a pi 4 is a perfectly adequate server.
There are a few semi-common tasks where you will run into it’s limutations:
- it can’t do real-time media transcoding, which only matters if you want to run plex/jellyfin and your playback devices can’t playback the media types of your content
- it’s connectivity wrt. storage is limited. You won’t easily be able to run 8 Hard disks with it (and if you do, they will be slowed down and less reliable since USB is in the mix)
- compute-heavy tasks in general might be a pain (for example face detection/classification in an image manager)
This might sound like a lot, but that still leaves tons that you can do just fine on a pi, it’s a great starting platform at least.
I just wanted to thank OP for this post. I have the same question, as this is where I’m at. I also plan to run my server from a raspberry pi 4 on a 5T SSD for storage. Is this an adequate setup for a server?