My Self-Hosted Setup
I recently deployed a couple of services on a VM in the cloud so I could get my feet wet when it comes to self-hosting apps for my own personal use. So far, it’s been pretty fun but also frustrating at times; I figured I’d document everything I’ve done up until now so it’s easier for me when I migrate to a different server at some point in the future.
My current VM
Right now, I’m using an Azure Standard_B1s VM (1 vCPU / 1 GB RAM / 30 GB SSD) because it’s free with Azure’s yearly $100 credits for students. Signing up for Azure and verifying my student email was unexpectedly confusing, because there was no immediate confirmation that I’d successfully been verified, so I think I ended up going through the verification flow thrice. I have to say, confusing accounts for most of my experience with Azure, which is probably what I should expect from an enterprise-grade IaaS. I do think I’m getting the hang of the bits and pieces I need to run a little VM though.
However, I have heard that the big 3 cloud providers are comparatively expensive for personal use, so I’ll probably switch to a different provider when I need a bigger server. Hetzner has positive reviews all around and is currently looking like the best option.
SSH and Security
Hardening SSH was one of the first things I did, because I was being hammered by bots trying to log into my server. Granted, they can’t do anything because Azure VMs have passwords disabled by default and only use key-based authentication. Still, my reasoning was that it wouldn’t do any harm to change the SSH port to a random high-numbered port. This also tripped me up for quite a while, because most of the guides I found talked about editing /etc/ssh/sshd_config. Apparently, this is deprecated in Ubuntu >=22.10 and the way to do it instead is to alter the ListenStream for the SSH Socket. It took a while to finally come across this piece of information, but it finally worked! From lastb, I can see that I haven’t had any bad login attempts since, so it was worth it at least for that.
The VM is proxied by Cloudflare so its IP address is never publicly revealed through HTTP(S) connections. I enabled Full (Strict) SSL/TLS, so all traffic between my VM and Cloudflare is encrypted. On a tangent, I also want to use Cloudflare’s Email Routing combined with Amazon SES to create a custom email address that forwards to/from my Gmail. One more for the to-do list (which, by the way, is something I self-host but more on that soon)!
I considered setting up WireGuard but it seems like overkill so I decided to skip it for now.
Services
The way everything is set up is incredibly similar to the setup we have on the NetSoc server. To start with, everything is running in separate containers on the same network. One of the containers runs NGINX, which acts as a reverse proxy and routes HTTPS requests on port 443 to different ports on other containers based on the hostname in the headers.
As for the services I’m actually hosting, the first one I got working is FreshRSS. I’ve been wanting an RSS feed reader for a while, but the commercial alternatives all have something wrong with them, such as only allowing a limited number of feeds or displaying algorithmically recommended articles “for me”. FreshRSS was recommended multiple times in r/selfhosted and I’ve found it pretty great to use. I’m still figuring out how all the features work, but I like it a lot and the fact that it has a PWA is a bonus.
The next one is Vikunja. I’ve used Todoist for task management for the longest time, but a self-hosted to-do app seemed like low-hanging fruit, so I decided to try it out and see how it goes. With the new academic year starting in just over a week, it’ll be getting plenty of use and I’ll be able to really put it through its paces. From everything I’ve seen so far though, it seems feature-rich and powerful (though I feel like the design could use a bit of polish in some places) and again, it has a PWA!
That’s it so far, but I’m looking out for more interesting and useful services to set up for myself.