I’m considering a business plan for people getting in to self-hosting. Essentially I sell you a Mikrotik router and a refurbished tiny x86 server. The idea is that the router plugs in to your home internet and the server into the router. Between the two they get the server able to handle incoming requests so that you can host services on the box and address them from the broader Internet.
The hypothesis is that $150 of equipment to avoid dozens of hours of software configuration is a worthwhile trade for some customers. I realize some people want to learn particular technologies and this is a bad fit for them. I think there are people out there that want the benefit of self-hosting, and may find it worth it to buy “self-hosting in a box”.
What do you think? Would this be a useful product for some people?
I think this needs to exist, but as a community supported system, not as a commercial product.
Pick a set of open technologies - but not the best, lightest weight, just pick something open.
Come up with a security architecture that’s reasonably safe and only adds a moderate amount of extra annoyance, and build out a really generic “self-hosted web hosting and VM company-like thingy” system people can rally around.
Biggest threat to this, I think, is that this isn’t the 90s and early 2000s any longer, and for a big project like this, most of the oxygen has been sucked out already by free commercial offerings like Facebook. The technical family friend offering to self-host email or forums or chat no longer gets gratitude and love, they get “why not Facebook?”
So… small group effort, resistant to bad actors joining the project to kill it, producing a good design with reasonably safe security architecture, that people can install step by step, and have fun using while they build and learn it.
We already have that, the first problem is we have like a dozen of them, a few are even well supported. The second problem is that usually the technical knowledge required to set up the systems are still lower than the technical knowledge required to keep it running.
I’ve been struggling to wrap my head around a good security architecture for my mspencer.net replacement crap. Could I bug you for links?
I figured out a while ago to keep VM host management on a management VLAN, and I put each service VM on its own VLAN with heavy, service-specific firewalling and a private OS update repo mirror - but after hearing about ESXi jackpotting vulns and Broadcom shenanigans, I’ve gotten really disheartened. I’d love some safe defaults.
It sounds like you’re getting into the keeping it running phase.
First, going back to your previous comment, self-hosting email is difficult. It’s not hard for a small provider to end up blacklisted and you’re probably kind of just done at that point and it will feel very unfair. I get that it’s a fun set of technical challenges, but you couldn’t pay me enough to help someone self-host email.
Second, guessing, but it sounds like you may be trying to expose your services directly and doing a lot to make that work which goes against what most would recommend for hosting your own services. Big companies don’t expose their intranet like that, follow their example. Almost every guide or system is going to warn against that. If you’re going to host more than one thing, highly recommend focusing on minimizing entry points and looking into a VPN-like solution for accessing most if not all of your services. Still spend time on securing your intranet, but most of your risk is going to come from how hard it is for people to get past the front door (or doors).
I think a possibility is a series of open source anvil or nixos scripts that you can run on most hardware with minimal changes, in an extendable architecture of some kind to add or remove functionality and they perhaps get maintained by the community or some structure of the kind of Linux distributions.
This could enable people with minimal skills set up and maintain a reasonably useful but secure environment just by changing a few variables.
What’s a nixos script?
Nixos is an os that’s defined by its config stored in .nix files. Everything is defined here all the software and configurations. Two people with the same script will have the exact same os.
Any changes you make that aren’t in the scripts won’t be present when you reboot.
You could maintain a very custom linux distribution (kinda) by just maintaining these config scripts.
So a user wouldn’t need to install all required software and dependencies. They could get a nixos and the self-host config and adjust some settings and have a working system straight after install.
I think this is a great point, it doesn’t help much to create a business that ends up with the same incentives and the same end-game as the existing systems.
That is precisely what I’m looking to build. I don’t want to get rich, I want people without 10 years of industry experience to get some of the benefits we have all been able to build for ourselves.