Guides for self-hosting from a focus on privacy?

kissu · December 18, 2025, 6:07pm

Again, from this perspective nobody should ever:

touch a keyboard
drive a car

There is a real risk and you’re not a pro in either fields.
So…then, give up on doing anything at all in life?

You can push people forward too by educating/explaining rather than scaring away and telling how bad things can turn out.

I never said it would be an out-of-the-blue thing, more of a long term project/dream.
You don’t become good at a thing without investment, time, trial and error (times 10k hours).
Not trying is being defeated before even trying out.

Idk, at least you’re responsible of your own fate. Better than hope that a company will actually care about you/your family now and in a foreseeable future.
Also, the damage you can inflict to yourself is not on a “let me fiddle around with live wires without having no clue about basic safety measures”-level kind of danger.

Doing things by yourself will always have downsides and worse results (in the beginning), you wouldn’t have any companies making money otherwise.

This is overall why I kinda hate Linux and gave up on it some time ago.
But hey, there are solutions and I have more time for it now.
Also, I think that even if there are obvious ways to fix it, one of the best to fix this particular issue is NixOS.
Learning curve is steep but might be very worth the effort in the long run.

In the meantime, understanding basics of Docker is indeed “low effort” high reward for sure.

Very true for servers etc but doesn’t scale on a system-wide config kind of setup easily, especially when spread across various distros/versions.
(this is where the NixOS comment above makes more sense )

Very much agree, got hit hard by that one last time while trying to host Headcale…gave up on it.
Round 2 upcoming haha.

anon12918199 · December 18, 2025, 7:09pm

Mollysocket wasn’t so bad as long as you RTFM which I didn’t initially. There was some secret (“VAPID key”) generation step that I initially missed before starting its docker container.

After typing out my previous post I realized that I might as well self host a UnifiedPush server instead of relying on the publicly-hosted ones. I started hosting a ntfy server now with the same type of service + cloudflared setup from my previous post.

The RCE vulnerabilities in React’s server components implementation from last week got me pretty spooked. I then realized I’ll be way too lazy to ssh in and update the running docker containers, but would still want them get updated in case some security vulnerability like an RCE came up.

So for auto updates I set up GitHub - containrrr/watchtower: A process for automating Docker container base image updates. two days ago. The crazy thing is that, that project just got archived and is no longer maintained as of yesterday. I guess I need to find something else now -_- wtf

kissu · December 18, 2025, 7:17pm

Oh yeah, “a chair” kind of problem, I see.

Oh yeah, would make more sense indeed.

Is Next.js/Remix used in some of those Docker images for some damn reason?
I hope its not because I don’t see the point of such a thing honestly.

Yeah, you’ll end up being a CISO kind of guy patching daily then.
Until your patcher has a 0-day too.

Oh wow
Give it a day or two and you might see a GH issue with an alternative.

DailyChems · December 18, 2025, 7:17pm

That will probably be my last comment in this discussion as I think we’re both not helping anyone with this even though I personally find it interesting.

DailyChems:

In security you should always think of the worst case scenario and then know that it could be worse because you forgot something.

Again, from this perspective nobody should ever:

touch a keyboard

drive a car

There is a real risk and you’re not a pro in either fields.
So…then, give up on doing anything at all in life?

Never said that, but I might’ve not written it in the most comprehensive way. I think you should know about the risks. I think you should start with easy things and with someone to help you.

The first few times I touched a keyboard I had an older, more experienced person helping me and the same goes for the car back when I was a learner. Driving instructors can always use the brakes, gas themselves and learners are not allowed to drive without them at least where I’m from.

After getting confident and used to things you can start experimenting with harder/more complicated things. When I’m teaching a new co-worker I’m not giving them access to everything on day one and not assigning them the hardest things.

You can push people forward too by educating/explaining rather than scaring away and telling how bad things can turn out.

I honestly think that was what I’m doing. I gave ideas what to host etc but I also pointed out things that could be dangerous. If I didn’t educate people and only scared them away from self-hosting completely I’m honestly sorry. Only after people specifically asked me why I explained some of the pitfalls.

Idk, at least you’re responsible of your own fate. Better than hope that a company will actually care about you/your family now and in a foreseeable future.

Couldn’t you say the same about every amenity/service though not just IT? You could say the same about the government that might not give you pension/healthcare/ in x years but let’s not continue as this is certainly not on topic anymore.

anon82422799 · December 18, 2025, 9:49pm

If you’re looking for a place to start, I would recommend giving Proxmox a look. There are a whole bunch of tutorials on YouTube on it and has tons of support from the self-hosting community, including some projects that were made around it like the Proxmox Helper Scripts. It’s essentially a Debian-based KVM hypervisor that let’s you run both LXC containers and virtual machines in one place. Proxmox also makes a backup server that lets you backup your VMs and LXC containers. It has features like deduplication to save storage space for your backups. I’m personally planning on using Proxmox to run my actual self-hosted applications while using a NAS with UnRAID running bare metal with a TrueNAS VM running inside it to serve as my storage back end. Most would probably be off choosing one or the other. It’s just in my case I like both UnRAID and TrueNAS.

arise1984 · December 19, 2025, 2:09pm

It does scale. The point of docker compose master directory is its portable everywhere, on local desktop, on remote vps server, on whatever distro out there debian or fedora or arch or nixos etc. You just sync the master dir, docker compose up -d and everything should work. Hell its even interchangeable between docker and podman.

kissu · December 19, 2025, 6:44pm

This was the main keyword.
It doesn’t scale regarding anything specific to the system aka fstab, systemd, sshd or any kind of config that you could make to your system.
Servers/services are different and can be containerized yes and Docker is a viable solution for that indeed.

You cannot replace everything with Docker, this is why things like Ansible and NixOS exist.
You could achieve the same things in Ansible as in Docker, but Docker is not able to do everything that Ansible is able to achieve.
NixOS goes a step further and makes it reproducible in a very strict way.

This page is a good reference/comparison of various techs

Yes, it wraps servers/services very well, we do agree.

And yes, I do agree.
I only use podman myself, skipped the corporate BS day one haha.

yolakalemowa · December 20, 2025, 9:56am

that’s amazing and appreciated. Where would you advise to stay on the lookout to find out when you’re released this?

kissu · December 20, 2025, 5:14pm

I’ll share more here once I’ll start streaming early January.

anon12918199 · December 20, 2025, 10:44pm

This has been a struggle for me lately. I don’t think molly-foss + mollysocket has been built well and it can hide stability issues unless you’re monitoring your mollysocket server logs. The result of this particular issue is that your Signal messages can be delayed by up to an hour sometimes.

I found this issue on my mollysocket deploy:

github.com/mollyim/mollysocket

WebSocket to Signal frequently closed with code 4409 ("Connected elsewhere") → no pushes until manual connection ping

opened 03:39PM - 13 Dec 25 UTC

OrkoGrayskull

### Summary MollySocket runs fine for a while, then stops delivering Signal not…ifications via UnifiedPush. The path **MollySocket → UnifiedPush (NextPush) → device** works reliably (test pushes always arrive), but "normal" Signal messages eventually stop triggering pushes. Debug logs show that the WebSocket connection from MollySocket to Signal is frequently closed by the server with: - close code **4409** - reason **"Connected elsewhere"** After that, MollySocket retries with an increasing backoff and shows the known `Failed to decode Protobuf ... wire type 7` log line. As soon as I manually run `mollysocket connection ping <UUID>`, a push is delivered immediately and then *all pending* notifications arrive on the device – without changing anything else. This makes it look like MollySocket is not continuously connected to Signal (or is being kicked) even though the UnifiedPush path itself is fine. ### Environment - Server OS: Debian Trixie - Container runtime: Podman 5.4.2 (rootful, Quadlet/systemd unit) - MollySocket image: `ghcr.io/mollyim/mollysocket:latest` (auto-update via `podman-auto-update.timer`) - UnifiedPush distributor: NextPush (Nextcloud UnifiedPush) - Reverse proxy: nginx (HTTPS terminator, passing through WS upgrade headers) - `RUST_LOG=mollysocket=debug,hyper=info` MollySocket is configured with: - `MOLLY_ALLOWED_ENDPOINTS=["https://<my-nextcloud-host>"]` - `MOLLY_ALLOWED_UUIDS=["<my-account-uuid>"]` - strict egress firewall: only DNS + TCP/443 from the container ### Error from log: ``` Dez 13 16:26:04 webserver mollysocket[500716]: [2025-12-13T15:26:04Z INFO mollysocket::server::connections] Starting connection for <UUID> Dez 13 16:26:05 webserver mollysocket[500716]: [2025-12-13T15:26:05Z DEBUG tungstenite::handshake::client] Client handshake done. Dez 13 16:26:05 webserver mollysocket[500716]: [2025-12-13T15:26:05Z INFO mollysocket::ws::websocket_connection] WebSocket handshake has been successfully completed Dez 13 16:26:05 webserver mollysocket[500716]: [2025-12-13T15:26:05Z DEBUG mollysocket::ws::websocket_connection] New message Dez 13 16:26:05 webserver mollysocket[500716]: [2025-12-13T15:26:05Z DEBUG mollysocket::ws::signalwebsocket] New request Dez 13 16:26:05 webserver mollysocket[500716]: [2025-12-13T15:26:05Z DEBUG mollysocket::ws::signalwebsocket] Sending the notification. Dez 13 16:26:05 webserver mollysocket[500716]: [2025-12-13T15:26:05Z INFO mollysocket::vapid] VAPID public key: "<PUB KEY>" Dez 13 16:26:05 webserver mollysocket[500716]: [2025-12-13T15:26:05Z DEBUG reqwest::connect] starting new connection: https://nextcloud.mycloud.de/ Dez 13 16:26:05 webserver mollysocket[500716]: [2025-12-13T15:26:05Z DEBUG mollysocket::ws::websocket_connection] New message Dez 13 16:26:05 webserver mollysocket[500716]: [2025-12-13T15:26:05Z DEBUG mollysocket::ws::signalwebsocket] New request Dez 13 16:26:06 webserver mollysocket[500716]: [2025-12-13T15:26:06Z DEBUG tungstenite::protocol] Received close frame: Some(CloseFrame { code: Library(4409), reason: Utf8Bytes(b"Connected elsewhere") }) Dez 13 16:26:06 webserver mollysocket[500716]: [2025-12-13T15:26:06Z DEBUG tungstenite::protocol] Replying to close with Frame { header: FrameHeader { is_final: true, rsv1: false, rsv2: false, rsv3: false, opcode: Control(Close), mask: None }, payload: b"\x119Connected elsewhere" } [...] Dez 13 16:40:23 webserver mollysocket[500716]: [2025-12-13T15:40:23Z DEBUG tungstenite::protocol] Received close frame: Some(CloseFrame { code: Library(4409), reason: Utf8Bytes(b"Connected elsewhere") }) Dez 13 16:40:23 webserver mollysocket[500716]: [2025-12-13T15:40:23Z DEBUG tungstenite::protocol] Replying to close with Frame { header: FrameHeader { is_final: true, rsv1: false, rsv2: false, rsv3: false, opcode: Control(Close), mask: None }, payload: b"\x119Connected elsewhere" } Dez 13 16:40:23 webserver mollysocket[500716]: [2025-12-13T15:40:23Z DEBUG mollysocket::ws::websocket_connection] New message Dez 13 16:40:23 webserver mollysocket[500716]: [2025-12-13T15:40:23Z ERROR mollysocket::ws::websocket_connection] Failed to decode protobuf: failed to decode Protobuf message: invalid wire type value: 7 Dez 13 16:40:23 webserver mollysocket[500716]: [2025-12-13T15:40:23Z WARN mollysocket::ws::websocket_connection] Websocket finished Dez 13 16:40:23 webserver mollysocket[500716]: [2025-12-13T15:40:23Z INFO mollysocket::ws::signalwebsocket] Retrying to connect in 80 secondes. ``` So Signal repeatedly closes the WebSocket with code 4409 "Connected elsewhere", followed by the known Protobuf decode error, then MollySocket applies a backoff and reconnects. During these “broken” phases I don’t get any pushes for normal messages – but a manual connection ping still works immediately. ### Quadlet/systemd (simplified) ```ini [Unit] Description=MollySocket (Quadlet) [Container] Image=ghcr.io/mollyim/mollysocket:latest Exec=server ContainerName=mollysocket ReadOnly=true DropCapability=all NoNewPrivileges=true Tmpfs=/tmp:rw,noexec,nosuid,nodev,size=16M Tmpfs=/run:rw,noexec,nosuid,nodev,size=16M LogDriver=journald EnvironmentFile=/etc/mollysocket.env Volume=mollysocket-data:/data Network=podman PublishPort=127.0.0.1:8020:8020 AutoUpdate=registry [Service] Restart=always RestartSec=3s OOMPolicy=kill MemoryLimit=64M TasksMax=256 [Install] WantedBy=multi-user.target ``` ### Expected behavior - MollySocket keeps a stable WebSocket connection to Signal (with reasonable reconnection behavior), so that incoming messages are consistently forwarded via UnifiedPush. - At least no long-lived state where normal messages never trigger pushes, while connection ping continues to work. ### Actual behavior - WebSocket to Signal is often closed with code 4409 ("Connected elsewhere") followed by a backoff. - After some time, MollySocket appears to be in a state where: - pushes for normal messages no longer arrive, but - mollysocket connection ping <UUID> still delivers a push and “wakes up” the client, which then pulls all pending messages directly from Signal. Happy to provide more logs or try experimental builds if that helps.

overdrawn98901 · December 20, 2025, 11:57pm

I think this thread clearly shows why there would greatly benefit in a targeted self-hosting guide for those without technical chops aside outside of non-technical Linux usage. I see a lot of different technologies mentioned around self hosting. Below is a list of various things people have mentioned (no order)

Proxmox
Umbrel
TrueNAS
Synology NAS
RAID storage
Hypervisors
Rustdesk
TeamViewer
Samba
Nextcloud
Cockpit
Docker
Podman
Portainer
Using Cloudfare
DDNS
Tailscale
Wireguard
Various Linux Distros, but Ansible and NixOS notable
Lots of people saying this is the right first place with different recs

If I was just starting out, my head would be spinning on how to even evaluate any of this. This all is assuming everyone has a pretty solid foundation of networking, which is definitely not something most people casually know. Such a guide isn’t going to be done in a forum post, as there is plenty of ground to cover. This would need to be a multi-page article or even a course.

kissu · December 21, 2025, 11:00am

Most of those tools serve the same goal and are alternatives or are niche things about advanced topics on how to achieve data storage, remote access etc.
So yes, if you take a glossary of everything thrown out here, there is a lot but it’s just like saying that the cooking industry is a huge topic, yes it is but not everybody wants to cook every possible dish in the world.
Hence, just picking how to “bake a pizza” is a good start.
Then maybe give a try to a “quiche”.

Without being too overwhelmed by trying to solve it all at once.
Some people can mention simple things like “doing an omelette” or “5 stars Michelin recipe” too, hence skill levels/needs are also different.
This could apply to any deeply technical topic to which you’re new and joining a table of experts debating around their POVs.

Yes: written blog articles + videos is the best way to solve all of this.
Idea is to go incremental.

anon82422799 · December 21, 2025, 8:15pm

Don’t forget to add UnRAID to that list. Lol

anon82422799 · December 21, 2025, 8:19pm

Yeah, I wish that there was just some sort of central self-hosting website that has all of these different tools listed in one spot, with tutorials on how to install and self-host commonly used self-hosted applications. I think this would help a lot with discoverability of these different tools and aid beginners who wish to self-host their own services without needing to pay subscriptions or rely on companies to manage their data and host things for them.

kuebic · December 21, 2025, 11:21pm

After going through the self-hosting learning curve myself recently (few years ago), I totally understand the desire for beginner-friendly step-by-step guides where it goes into detail without missing anything.

The best guide in this style will be FUTO’s self-host-your-life series., 13+ hours. Yes, it’s comprehensive and long, but you don’t need to do it all at once.

This guide by design wants you to be using the exact same setup and configuration, even starting the guide with making sure you’re using same open-source router as them, to cut down on any potential complications. And if you decide to save money and use the router you already have, it’s up to you to accommodate for any difference between the guide and your unique setup.

The sheer amount of variety on how to perform a simple port forward depending on the router you have and the application/game you’re port forwarding should give you an idea into why making such a hand-holding beginner guide is nigh impossible and why FUTO starting with the router is the approach they took.

Everyone starts with a different machine setup, different configuration, different end goals, different preferences… when starting out, no matter what guide you follow, you WILL run into blocks and you’ll have to power through complications no guide can fully anticipate. But by doing so, you’ll better understand how everything works together and be more resilient in the future. Each problem you solve makes the next one easier.

And before you know it, you’ll learn just enough to be a novice sys-admin and your opportunities continue to expand. It’s a steep learning curve, but the hike is worth it.

Basically, my tip is: ask questions. Find friends/forums who are ahead in the self-hosting journey and work through difficulties and blocks with them. And when starting out, don’t be like me and say “I’m going to self-host my family’s nextcloud, jellyfin, matrix, and immich instance” and expect things to work out in a weekend. Or month. Or year.

Whatever you build first, you’ll soon learn how you could/should do things better, either make it more resilient, more secure, more accessible, etc. So DON’T START OFF PUTTING IMPORTANT INFORMATION ON THEM AS YOU WILL WANT/NEED TO TEAR THEM DOWN AND TRY AGAIN.
Leave space for you to tear down and rebuild better.

Start with literally one service that interests you, on hardware you already have (even an old laptop), without worrying about making it perfect or accessible from outside your home network. Just get something running locally first. Follow any (recent) guide and go from there. Don’t expect perfection here, you’re build knowledge and skills that will carry over to your ultimate goal.

Just like any skill, this journey is incremental. Like trying to become a piano player. When starting out, you have to learn the basics: body posture, music notation, music theory, and as you learn simple songs, those songs build certain skills that carry over to the next song, etc. as you work towards the song you actually want to play.

Same with self-hosting. You learn the basics: basic networking, basic terminology, basic competency of the terminal/linux, etc then start with simple services, then some skills carry over to the next simple service, etc and build from there.

And most importantly, have fun. Self-hosting is not a weekend project, but a marathon. Enjoy the process

anon82422799 · December 22, 2025, 3:14pm

Agreed. No objections here. I remember watching the whole self-hosting tutorial that Louis Rossman did for FUTO. It was the most thorough and detailed self-hosting guide that I ever watched, which I personally enjoyed.

I will also post the article/wiki version of the guide here from the FUTO Wiki: Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software

anon82422799 · December 24, 2025, 2:20pm

This video is pretty interesting. It goes over what a sample of self-hosters that took a survey say they actually use in their home lab setups: Benjamin S. Powell- What Does a Real Home Lab Actually Look Like in 2025?

yolakalemowa · December 24, 2025, 2:36pm

I take appreciate that FUTO guide but tbh it’s still way over my head almost right if the bat.

Really looking fwd to your Ente guide

overdrawn98901 · December 24, 2025, 4:42pm

Do you know the link to the actual survey? I personally do not need commentary on survey results

anon82422799 · December 24, 2025, 5:01pm

I didn’t get any link to the actual survey results itself, unfortunately. Sorry about that.

Topic		Replies	Views
How can i start self hosting stuff? Off Topic	10	616	February 5, 2025
Self-hosting advice Questions	28	2079	August 1, 2025
Self Hosters of Privacy Guides, tell us about your setups Off Topic	12	2108	October 22, 2024
Self hosting vs privacy subscription services Questions	9	988	June 11, 2025
Embracing Digital Sovereignty Through Self-Hosting General	7	426	July 28, 2025

Guides for self-hosting from a focus on privacy?

Related topics