That’s a big if. Sure if you have everything figured out then it would make sense, but not for a beginner.
I agree. I would not recommend a beginner to self-host any important stuff.
Redundancy is the biggest concern for me.
Then Vaultwarden/Bitwarden does the perfect thing for you. The database is after you log in (browser extension) downloaded and saved locally, and it gets synced every few minutes.
So as long as you do not log out of your browser extenstion or app and instead lock it. All passwords and data is still there and available to you even if the server dies.
If your hardware explodes next year then you’d lose all of your saved passwords in vaultwarden.
For that you should have a functioning 3-2-1 backup system.
Vaultwarden repo doesn’t do a good job of explaining this so if you’re a beginner you could be caught with your pants down.
Yeah, I was one of them (not Vaultwarden) and I learned it the hard way.
Overall, expect to break things hence don’t put too much of an important stuff on it.
It will apply to a VPS or a self-hosted computer so not a huge difference here.
And if Vaultwarden is a pain to install/maintain and you only do use password, consider just hosting a Keepass file to keep it simple without the need for a bulky container.
There’s absolutely nothing wrong with using a VPS. I feel like VPS providers got a bad wrap here. For beginners, they’re an excellent option, IMO. It’s how I got into self-hosting, once I saw all the stuff I could do.
VPS providers often give you far more than just an OS. Most offer various app platforms (like Nextcloud, for example) as well. I think this aspect was a bit oversimplified.
The biggest factor of all is that a VPS is typically more forgiving if/when you do break something. They often include weekly (or more frequent) backups and/or snapshots.
Plus, even if all fails, you just re-select your preferred image and start over with a click. That kind of accessibility / simplicity is simply not available in the average home lab.
OP, you seem to be awfully concerned about logs. It depends on the app/service, but most logs wouldn’t show anything particularly revealing. What matters far more is how whichever app/service (i.e., Vaultwarden) stores its data.
Given the nature of what Vaultwarden stores, I’d venture to guess databases are encrypted. Keep in mind you’re essentially renting the hardware, so yeah, the VPS host has some insight into what you’re doing.
However, unless you really have good reason to hide what you’re doing, your concerns seem a bit exaggerated to me. A VPS is a much easier (and forgiving) entrypoint to self-hosting than figuring out the hardware, the OS, the networking, etc. on your own.
It’s not hard, but it requires time, effort, knowhow, and quite a lot of learning. It is a worthwhile venture, just be aware it’s a very different animal than simply operating a VPS.
There’s absolutely nothing wrong with using a VPS.
What is wrong about it is that it takes sovereignty away from you and typically costs more (a lot more if you want a lot storage). Storing files on your LAN is also obviously much better since this is where you typically access them (with negligible latency).
I would use a VPS to obtain a fixed IP in a non-residential IP block, if it proves difficult or expensive to get that at home. You can then forward traffic to your own hardware without having to pay for storage on the VPS. This is particularly relevant if you want to host email.
VPS providers often give you far more than just an OS. Most offer various app platforms (like Nextcloud, for example) as well. I think this aspect was a bit oversimplified.
This I would not call self-hosting anymore.
if you buy a manged VPS where everything is installed already and managed by the provider.
Plus, even if all fails, you just re-select your preferred image and start over with a click. That kind of accessibility / simplicity is simply not available in the average home lab.
If you would do it smart, you install yourself Proxmox on your machine and run VMs on it.
OP, you seem to be awfully concerned about logs. It depends on the app/service, but most logs wouldn’t show anything particularly revealing. What matters far more is how whichever app/service (i.e., Vaultwarden) stores its data.
“We kill people based on Meta-Data” paraphrased quote from one of the NSA directors.
Ah no …
To create an own secure Homelab like a VPS doesn’t just mean buying an Optiplex. It means a lot more.
You need a RAID (Hardware or Software) with multiple disks to counter damages on data through a damaged disk, you need constant Backup (3-2-1), you need some sort of USV to counter power outages¹, the internet connection and many things more.
The internet connection is the most difficulty part. Most VPS provides you with about 1GBit/s for down and upload. While on most consumer ISP connection you get, if you life in a good country, about 250 to 350MBit/s for download and only 50 to 100MBit/s. Then people might live in a location where there is simply no strong, fast and good internet connection, like your life on the countryside where you only have an old copper cable that has a throughput of only 1MBit/s.
If I want the same internet connection I have on my dedi. Server in the datacenter I would need to pay more than 400 bucks a month to my ISP.
1: Not as a battery option to run the Homelabs hours without power, just enough power that your hardware can safely shut down.
Storing files on your LAN is also obviously much better since this is where you typically access them (with negligible latency).
Yes, for a NAS. If you have a Nextcloud and access them often outside your home. The homelab will most likely be slower than a VPS.
You may be overthinking this. Do you have actual experience running your own cloud?
I have been self-hosting for years on commodity hardware and do not use RAID, dual WAN, or uninterruptible power supplies. I do live “in a good country” with symmetric 1Gbps WAN and a fixed IPv4, but you certainly don’t need nearly as much bandwidth. My uptime is well in excess of 99%, last reboot was six months ago. Backups are a simple systemd job.
The thing is you are comparing a selfhosted Optiplex, server with a VPS from Hetzner as an example.
This is not a really fair comparison, since to achieve the same as the VPS on Hetzner you need to do a lot more.
Do you have actual experience running your own cloud?
Yes, I do.
But mostly smaller stuff, since I have no fixed IPv4, no IPv6, no port-forwarding option, only 250MBit/s download and 30MBit/s upload. Mostly because we have old copper cables and the new fiber 1GBit/s cables are coming maybe 2027/8.
So everything that needs more bandwidth (Nextcloud, Game servers, Gitlab or Wazuh) is hosted on a dedi. inside a datacenter.
I have been self-hosting for years on commodity hardware and do not use RAID
Why?
A software ZFS or BTRFS Raid Mirror is extremely good and even better than most consumer Hardware Raids, so why?
I do live “in a good country” with symmetric 1Gbps WAN and a fixed IPv4, but you certainly don’t need nearly as much bandwidth.
Okay, yeah. I don’t have such bandwidth.
My uptime is well in excess of 99%, last reboot was six months ago. Backups are a simple systemd job.
I always considered email service to be the absolute craziest thing to self-host. I’ve never done it but I read that residential IPs are blacklisted, so it’s interesting that you have to rely on a VPS to get a non-residential static IP. Even then I read that it takes months (years?) to earn enough reputation for your IP, from other email service providers, to get out of their automatic spam filtering. It all sounds like too many hoops to jump through to avoid paying proton their $4/month.
There is certainly a lot of FUD out there about hosting email. It is perhaps harder than it should be, but it is certainly possible. Self-hosting anything isn’t about saving money, it is about control and making your own rules. Proton’s privacy claims are essentially “trust be me bro”—you have no insight into their operations whatsoever. Perhaps it’s better than Google, but your files are still on someone else’s computer. And unless you pay with crypto and always use a VPN, Proton also knows full well who you are.
I don’t have to agree to anyone’s “terms and conditions” or be reminded regularly that they exist, get unlimited storage, mailboxes and aliases. The price is literally $0 since I already own a domain and hardware. My hardware is also basically free (retired gaming or office rigs that would otherwise become e-waste).
Proton’s privacy claims are essentially “trust be me bro”—you have no insight into their operations whatsoever
Their clients are source available (not sure about the exact license in use) and you can build your client from that source code and comprehend from it, if it is client side encrypted/E2EE or not.
Yes, some things like E-Mail or VPN are “trust me bro”, but not everything.
This I would not call self-hosting anymore.
if you buy a manged VPS where everything is installed already and managed by the provider.
This is a fair critique. But even for non-managed services, many other platforms are often available. For Hostinger, for example, see here.
Even if the VPS host loads it for you, you still have to manage it yourself through the CLI. Is it technically self-hosting? Debatable, I suppose. However, for people who don’t have a lot of experience with Linux, it gives you a decent head start. Ofc, you may well run it into the ground, but that’s the fun of learning.
What is wrong about it is that it takes sovereignty away from you…
I fully agree with this. You’re not wrong to suggest that a home lab is superior from a privacy perspective, and just from a personal sovereignty perspective. However, even using a VPS to “self-host” a service is often preferable to using proprietary services and/or walled gardens.
I think it’s important to recognize that there’s people on here with a variety of skill levels, and while a home lab may be ideal, it may also not be necessary or possible for everyone. It really depends on your threat model and the tradeoffs you can (or can’t) live with.
I just don’t want people to think that a VPS is something they need to avoid if they value their privacy. It may not be the ideal or best option, but it’s also not a terrible option, especially if you’re new to hosting your own services and not really sure how deep you want to get in. The VPS server will be as secure and/or private as you choose to make it, with the caveat that the VPS host will always have some visibility.
Great discussion going on here, but I feel this discussion is veering too much into the weeds for a ELI5 beginner question, so I’ll try to be clear and straight-forward as possible.
Both sides are right, that VPS hosting is a practical middle-ground, but it’s not “pure” self-hosting, but still way better than relying entirely on big tech services.
Home servers are ideal for privacy, but as many lack the ideal setup (like no static IPs, port forwarding, or decent upload speeds) a VPS will give you a perfect learning ground.
While YES, the provider CAN see your stuff, but reputable hosts like Hetzner, Linode, etc, will NOT be snooping, especially if you aren’t raising any flags for them. And hosting stuff like Vaultwarden is no problem.
Essentially:
Start with a VPS especially if home hosting is not feasible. You’ll learn 90% of what you need
Use encryption for anything actually sensitive (Vaultwarden encrypts by default)
Once comfortable, you can hybrid: VPS as reverse proxy → home server for storage
DON’T LET PERFECT BE THE ENEMY OF GOOD
A VPS running services you control is infinitely better than throwing everything at Google/Microsoft. Learn, experiment, then optimize for privacy as you gain skills.
Your concerns are valid, but for most threat models (avoiding big tech, learning Linux, controlling your data), a VPS does the job. Just pick a reputable provider and use basic security practices (ssh hardening, firewall basics, user management) and don’t worry about hiding your logs or things like that.
As for your concerns about ddos and hacks, it’ll get a bit more technical to actually provide value, so feel free to take these suggestions one at a time and feel free to ask for clarification if you can’t figure it out. What I’m giving are not step-by-step guides and there are many unmentioned steps that are omitted for brevity, so please don’t copy/paste the commands without thinking through what you’re actually doing.
Chances are that you won’t be targeted so basics should be more than enough in terms of security.
For DDOS, most VPS providers will have built-in basic DDoS protection. But if you want more protection, use Cloudflare. It’s free, and not only will it hide your VPS’s IP, but will also absorb most small-medium attacks.
Some basics to make you more hack/malware-proof:
SSH hardening/Firewall/Fail2ban
# 1. SSH hardening
sudo nano /etc/ssh/sshd_config
# Set: PasswordAuthentication no
# Set: PermitRootLogin no
# Optional: Change port from 22 to something else
# 2. Firewall (ufw)
sudo ufw allow 22/tcp # or your SSH port
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
# 3. Fail2ban (blocks brute force)
sudo apt install fail2ban
sudo systemctl enable fail2ban
Against malware, just keep things updated sudo apt update && sudo apt upgrade weekly. Only install what you need to minimize your attack surface, and/or run services in Docker containers to isolate them from each other.
VPS provider should have some basic backup-system as an add-on option so take advantage of that. Otherwise, you’ll have to set up your own backups. I’d recommend restic with Backblaze B2, but there are many other great options, like borg and rsync with AWS S3.
Most important are: regular updates + strong passwords + backups. Security is a process, not a one-time setup, so learn as you go and don’t overthink things.
For starters, begin with SSH keys, firewall, Fail2ban, and Cloudflare. That’ll handle 99% of any attack you may face.
While YES, the provider CAN see your stuff, but reputable hosts like Hetzner, Linode, etc, will NOT be snooping, especially if you aren’t raising any flags for them.
I can only speak for Hetzner here, but Hetzner is not allowed by law to snoop on your server without a court order. So if you do not get on the radar of the feds, every red flag you could raise on Hetzners side will “only” lead to an Identity verification or account termination.
For DDOS, most VPS providers will have built-in basic DDoS protection. But if you want more protection, use Cloudflare. It’s free, and not only will it hide your VPS’s IP, but will also absorb most small-medium attacks.
The DDoS Protection of Cloudflare will decrypt the TLS encrypted connection and if we now look at the track record for incidents on Cloudflare it isn’t known to be always up.
So maybe consider Cloudflare only if you might be a target of DDoS attacks that your provider can’t handle.
Even if the VPS host loads it for you, you still have to manage it yourself through the CLI. Is it technically self-hosting?
I agree.
I thought you spoke about fully managed servers. So you get a VPS where you could access it via SSH, but your hosting provider sets up, updates, maintains Nextcloud and fixes bugs.
I wouldn’t say this is a good thing tho. Understanding how to use a tool rather than being like “Eh, idk the VPS provider did the setup for me here ” is not the way to go when you’ll need to tweak that one.
True. But also doable locally for free with a bit more friction that is.
A basic VPS provider doesn’t provide that off the bat + you can always do that later on.
It’s not mandatory to go through that one from the get-go.
True. Meanwhile, if you need to upload/download something big, your bottleneck will still be your connection and not the one from the VPS provider.
Yes and same here. But some people are not that lucky or have more critical services/files to keep intact I guess.
Haha, I remember that ol’ school bait. Waited for it for several years and it never came.
Don’t get your hopes too high.
Some people like to keep it simple I guess. You have drawbacks but the needs/time/complexity/maintenance can have diminishing returns too.
Most sane people use AWS’ email proxy to fix the reputation problem I think.
At the end of the day, it also depends on the need. I just crossed email from my “I do care about it” list and make it very transactional with nothing too personal stored there for too long.
It might not be that hard to self-host but the benefits/risks are also present, hence why most people just bail I assume. I honestly don’t want anything leading back to my homelab in any shape or form (maybe paranoid) hence I’m fine using a 3rd party.
Fine being challenged and brought on the other side tho.
Which is sometimes exactly what people from this forum do haha. [1]
Very unhealthy and useless abstraction that will only harm the end user than anything else.
Raw bash + knowing what you’re doing beats everything else.
Having something that works quickly is good, being able to troubleshoot efficiently when it breaks is far better. Yes it might be a steep learning curve but that’s what people are ready to pay if they switch from (for example) a hosted Ente Photos to a self-hosted instance.
Very much yes.
Also it puts your foot into the door, the rest can only be easier once you’re in motion!
I guess it’s like some other discussions here, do you:
recommend people to move away from Xiami OS (whatever the name of it is ) to iOS
do you recommend them to go to Calyx/iodé
straight GrapheneOS
Some points could be valid for steps 1. and 2. but it’s also fine to just recommend the step 3. if people can skip all the BS/time investment into a sub-par solution.
Meanwhile, solutions 1. and 2. exist for a reason because they don’t require a full skillset to hop from 0. to 3, very much agreed on it too.
Yes, a common issue that is and will continue to happen here I think.
Yes.
Also, very good TLDR you did here.
I am also part of the problem replying with such a long message ↩︎
A basic VPS provider doesn’t provide that off the bat + you can always do that later on.
It’s not mandatory to go through that one from the get-go.
I don’t know which dirty cheap shit VPS you know, however the VM you get from a VPS has a VDisk, this VDisk is sitting on nearly all good and big VPS provider on a Hardware Raid 5 or Cluster system with Hardware Raid 5.
So yeah, your data on a VPS is most likely saved on multiple disks.
A USV like system is standard on every datacenter, so a VPS will likely have that.
True. Meanwhile, if you need to upload/download something big, your bottleneck will still be your connection and not the one from the VPS provider.
This is true, but if I would self-host something my bottleneck is definitely the 5MBit/s from my ISP.
I really enjoy your and @kuebic s standpoint on the disscussion here.
Oh yeah, the datacenter has it but it doesn’t mean that you can have low-level access to it, as in interact with it to do “backup shenanigans” on your own.
It’s quite guaranteed that they got your booty covered and that it won’t vanish out of thin air, that’s for sure.
Yes, the initial quote of mine was mostly referring your own self-hosted solution: you don’t need to start with a RAID + UPS + 3-way backup.
If you F up your RaspberryPi, it’s not a big deal. Start over and take some notes was my entire point.
Given your USV from above, I guess you’re from Germany?
Damn, the Internet speeds there are rough huh…
Apparently electricity (prices) is also a big concern. Crazy how me being next door (Netherlands) has quite the opposite situation. I mean, depends if you live in a big city or not too.
Given your USV from above, I guess you’re from Germany?
Damn, the Internet speeds there are rough huh…
Austria and we have a pretty good connection over the country.
My problem is that my whole locality are old people and the big ISP only build fiber cables, if enough people are willing to buy a fiber connection.
That’s hard to get with old people. But we finally got enough people, so at least the ISP said, they will build it.
Apparently electricity (prices) is also a big concern. Crazy how me being next door (Netherlands) has quite the opposite situation. I mean, depends if you live in a big city or not too
” is not the way to go when you’ll need to tweak that one. 
) to iOS
