I’ve seen a lot of people saying things that amount to “those tech nerds need to understand that nobody wants to use the command line!”, but I don’t actually think that’s the hardest part of self-hosting today. I mean, even with a really slick GUI like ASUSTOR NASes provide, getting a reliable, non-NATed connection, with an SSL certificate, some kind of basic DDOS protection, backups, and working outgoing email (ugh), is a huge pain in the ass.
Am I wrong? Would a Sandstorm-like GUI for deploying Docker images solve all of our problems? What can we do to reshape the network such that people can more easily run their own stuff?
So you want non-technical people to set up botnet members?
There’s this thing called ‘money’ which people who can’t do a thing give other people who can do the thing well to make them do the thing.
It’s not the command line that’s hard but the lack of proper documentation and tutorials that makes things hard.
I’ve been working on getting Matrix Synapse running on my NAS, and the CLI hasn’t been my problem. I’m a programmer, and CLI doesn’t scare me; but the other issues you mention are all new to me, and getting a web service set up so people outside my local network can access it but without leaving me open to bad actors is wicked stressful.
The biggest problems end up being that I need to work with the soup of technologies, and there’s no one place to do all the things. I’ve got TWO routers (because my internet comes through one, and I run my LAN and wifi off one I trust better) which means I’m double-NATed, which is apparently the root of all evil; I can use Cloudflare to tunnel to my NAS, but I can’t accept simple (CNAME) redirects from a family member’s domain to one of my subdomains without paying Cloudflare $200/month, so that means I’m back to dealing with the double-NAT, and then I have to learn setting up TLS, which sounds like it’s simple, but still it’s jimmy way another thing to screw around with and another thing I could screw up on accident.
I could pay for a VPS, but that to me defeats a lot of the point of “host your own” federation when some company could be subpoenaed for copies of all their hosted accounts or something. (Yes, I could get subpoenaed for my data just as easily, but it takes more work to subpoena a thousand people than one company for a thousand people’s accounts.)
Anyway, I’d love to see things evolve to where it’s easy for newbies to host their own private instances of everything.
Personally, I’d love a drop-in tool that runs more like a temporary server while it’s running, syncing federated data you missed while your device was off; and only serving your data when it’s on. Likely with some kind of redirect service/NAT punchthrough so other clients can find you…
…but I think we’re a long way off from being able to do that.
You could get a VPS only for getting around the double NAT.
Run a reverse proxy on the VPS and forward requests over WireGuard to your NAS. That way you wouldn‘t actually host any data on the VPS.
This is an idea I didn’t know about! I’ll have to look more into it. If you feel like it, I’d love to hear a bit more detail; but also I know how to use DuckDuckGo, so no pressure!
I don‘t know what specifically you would like to know and what your background is, so I will just elaborate a bit more.
The basic idea is that the VPS, which is not behind a NAT and has a static IP, listens on a port for WireGuard connections. You connect from the NAS to the VPS. On the NAS you configure the WireGuard connection with “PersistentKeepalive = 25”. That makes the NAS send keepalive packets every 25 seconds which should be enough to keep the connection alive, meaning that it keeps a port open in the firewall and keeps the NAT mapping alive. You now have a reliable tunnel between your VPS and your NAS even if your IP address changes at home.
If you can get a second (public) IP address from your provider you could even give your NAS that IP address on its WireGuard interface. Then, your VPS can just route IP packets to the NAS over WireGuard. No reverse proxy needed. You should get IPv6 addresses for free. In fact, your VPS should already have at least a /64 IPv6 network for itself. For an IPv4 address you will have to pay extra. You need the reverse proxy only if you can‘t give a public IP address to your NAS.
Edit: If you have any specific questions, feel free to ask.
The sad truth is that non-techy types will never want to host something themselves unless there’s a reason why doing so is better. I’m not just talking about better the way you and I think of better, either. Nobody really cares about privacy or security or ownership of data. A lot of people like to say those things matter but until it’s as easy to host your own email as signing up for gmail, and doing so provides all the fringe benefits you get with Google, you’re not going to get completely non-technical people self hosting.
You’re right, though. As part of this, there needs to be a way to have an all-in-one package that defaults to enabling the things you’re talking about. There are a lot of plug-n-play methods of self hosting any number of things, but the hard part of hosting is doing it right and securely.
The sad truth is that non-techy types will never want to host something themselves unless there’s a reason why doing so is better.
Not even techy types want it. It’s not a coincidence that SaaS offerings are viable in enterprise contexts. Why build a shit ton of knowledge and drag yourself through the mud of learning tons of different tools if you can as well pay someone who already has all that knowledge. Then you can use the free mental capacity to solve your actual problems.
The only reasons to self host are “paranoia” (no matter if warranted or not) and - which is the important thing for us self-hosters here - curiosity (or rather the drive to learn shit). We basically do it for the sake of doing it.
Getting a decent VPS is pretty cheap. Email is the enormous problem. Even if your VPS provider allows outgoing email, your IP address will be flagged and blocked by all mailservers everywhere for the crime of not being Google or Microsoft, or not having a full-time person working 24/7 to satisfy the people in charge of blacklists. You can pay someone else to send your email, but that’s going to cost you as much or more as the VPS you’re using to host your entire app.
How many outgoing emails are we talking about? Because there are a lot of free or cheap options for personal use and small businesses.
the hardest part is doing backups and updates. Repeat after me:
no backup, no pity,
updates neglected, compassion rejected.
