Selfhosting Status 2025

2025-11-22

I love selfhosting my own services. For me, it's about tinkering with Linux, something I've been enjoying since I first tried Red Hat Linux back in the late 90's. The other reasons is the fact that I own my own data and can replace some of the most common SaaS offerings from "big tech" with my own. My two favorite examples are Immich and Syncthing. Immich is basically a better version of "Google Photos" for your own server. And syncthing has completely replaced Dropbox / OneDrive for me since 2018 and also runs fully on my own infrastructure.

On top of that, there are many other great services you can selfhost. I often install new services to try them out, and then after a while, I decide whether to keep them or not. If I haven't used a services for a few months or more, I usually ditch it again.

Principles

Before presenting my architecture, here are few key principles that I've decided to follow after many years of experimentation.

• Prefer simple solutions whenever possible.
• Follow the "3-2-1 Backup Rule". Keep three copies on at least two different media with at least one off-site.
• Low maintainance. If I don't check in every few months, it should still just chuck along.
• Automatic healthchecks on important stuff like backups so I'm at least aware when something breaks.
• Cheap hardware and cheap cloud services. I don't want this to cost a fortune.
• Avoid selfhosting really complex stuff.
• Don't be afraid to mix with external cloud services as long as you don't get locked into something or compromise your data and security (examples below).

There might be other principles than those, but I just wrote these right now. Maybe I'll revise them a bit for next year.

Examples of external services that I use

Really simple stuff like static HTML is better served from a CDN than from my own server. And I'm not really locked into anything, since I can change the DNS in five minutes and have it point at a different provider or my own web server. For now, I'm perfectly fine putting my HTML on neocities, GitHub pages, or whatever else makes sense.

Also, for email, I don't bother hosting it myself. I really like Fastmail for that. I also have an old Google Workspace Legacy account I can't shutdown because old family members rely on it. That's a bit more bothersome, but at least I'm not very relient on Google myself anymore.

And as for sending emails, I simply use Amazon SES (Simple Email Service). Maybe not the best option anymore, but I don't bother switching for the 1-3 emails I send to myself every month. It costs next to nothing and can easily be replaced.

Architecture

The diagram below shows my current architecture. I have two Linux servers at home. They are both small Asus Mini PCs -- one is a NUC, and the other one is too old to be a NUC, but basically the same hardware, with a little less storage and RAM. They perform way better than your average Raspberry Pi, but are also somewhere between 2x-3x the price. Still cheap though, and they will last you for many years (the oldest one is from 2020). In addition to that, I keep a very small VPS (Virtual Private Server) on Hetzner permanently running.

None of the home servers are exposed directly to the big internet -- only the Hetzner one is. It's main function is as a reverse proxy for the services that run on the home servers. That way, I can access those services, like Immich, from the open web without opening up my home network. All three servers are wired together using a virtual private network using ZeroTier. It works incredible well and is free. ZeroTier relies on a central STUN server that you could selfhost, if you wanted to -- but so far I haven't bothered. It has been running smoothly for almost five years by now, and I trust the company. Cool thing about ZeroTier is that I can also connect all my mobile devices to the same VPN if I wanted to, though usually I don't.

Software stack

All my servers run Debian, and I do very little customization to them. I manually log in and update the packages and kernels when I'm bored at work -- usually at least once a month. Every other year or so I upgrade the distribution as well to the next major release. It's very stable.

For the services, they all run from "docker compose" files that I keep in a central git repository. I keep the docker compose files seperate from the "data" that each service stores, and all important data folders in the docker containers are mounted into the host for backup purposes. I consider all volumes that are not mounted into the host ephemeral, meaning if they get lost between reboots, it should not affect the operation of the services or my data.

I control all my servers using simple ssh and the terminal (my shell these days is "zsh"). I have portainer installed on each host but rarely use it. The terminal is king. I also have Cockpit installed as a web-based admin dashboard thingy but rarely use that either. Having "termux" on my Android phone enables me to do everything through "ssh" no matter which device I have at hand.

One of my key principles is to keep everything simple, which is way I don't bother with proxmox, k8n, or anything else that feels like overkill for my needs. If I did use any of those, it would have to be mainly for learning purposes. But I have other things I would rather spend my time on learning.

The services that I use

This changes every year, but a few services have stayed with me for years and are unlikely to be replaced by anything else.

• Immich -- Google Photo replacement that actually improves on the user experience. Even with modest server hardware like an old Asus NUC Mini PC that was the cheapest one in it's range when I bought it.
• Syncthing. It makes rolling your own Dropbox replacement fairly easy. It's not completely maintenence free. Over the years, I've had issues where syncing broke where I had to manually fix stuff. But it has gotten much better in recent years and I wouldn't live without it today. For Android, I highly recommend "Syncthing-Fork" (on F-droid).
• Redlib -- this is an odd one. It's basically a super lightweight proxy for reddit that makes browsing subreddits a very pleasent experience. But it's one-way. You can't post or interact with reddit, only read and browse. I use it almost every day and have done so since the big reddit exodus a while back.
• 2FAuth. Just like your app (Google Authenticator or similar), but hosted on a server. I love this. If I throw away my phone, I can still access all my one-time passwords. Just don't tell anyone I work with (I don't think the IT security folks would approve). I even have it installed twice on different servres in case one of them breaks, and obviously I also have backups. Yeah.
• Uptime Kuma so I'm notified if something breaks and goes down.
• HealthChecks. It tracks my backups so I'm notified if one of them doesn't finish in it's scheduled time. It's nice to now if automatic backups are not performed regularily. I learned that the hard way btw.

Services that I don't use very often, but still keep around:

• Transmission Web for sailing the high seas. I don't use it very often though, but I always keep it around. Obviously this one is only accessable from the VPN.
• Paperless NGX. I use it to scan my email and archive every PDF and document I'm sent. Honestly, 99% of the time when I need to find something, I just look in my shared syncthing folder or search my email. It's also a bit clunky as a whole. I might ditch it in 2026. We'll see.
• Portainer. It's neat to do maintanance on your docker services, but 98% of the time I just use the terminal instead.

New services that I'm evaluating:

• LinkDing. It seems very useful for saving articles for reading later and archiving pages for offline use. And for syncing bookmarks. I previsouly tried out Shiori, which has great UX and design. But it was too quriky and buggy and doesn't seem to be under much active development. So I never really got into the habit of using it. LinkDing improves on those issues with better API, better browser extensions, more active development, and less bugs.

Backup strategy

I keep it simple. I use restic to backup my home folders and service data folders to a Hetzner storage box (1 TB in size). I have simple bash scripts that are triggered by cron jobs. That's it. Occasionally I make manual backups to external SSD drives -- usually once a year.

How does that fullfill the 3-2-1 rule you might ask? Well, take pictures for instance. They live on my phone, are synced to Immich on my servers, and are backed up to Hetzner. So three different backups on three different media. And when my phone is not at home, it's also three different sites I suppose.

Other things like my home folders are not strictly following this rule, but also are not as important to me. If anything in my home folder is also not in a git repository somewhere, it's usually expendable.

The End

I didn't go into much detail about the actual hardware specs of my servers or how I handle security. Or how I configure the reverse proxy (which is based on Caddy btw). Or how Restic is configured. And maybe I skipped a few services as well. That'll have to wait until next time though. Thanks for reading!

← Back home