Use Cloudflare or PorkBun.com for cheap, no bullshit domains. As for the email host, self hosting not recommended. It’s a long battle to be not blocked by every other provider.
I recommend purelymail.com - no cost to add (even multiple!) custom domains, unlimited users, only pay for mail usage and storage. Go for advanced pricing until it starts costing you more than $10/yr. (Which it shouldn’t if it’s just you. Seriously this thing is cheap!) I just passed my one year anniversary with PurelyMail, and have spent $6 so far. This is my most expensive month, 85¢. And that’s only because I host a public Lemmy instance (small) and we had a few hundred spam signups which sends an email each time.
This will give you a total yearly price WAY under what Google or Microsoft will give you. Google is like, $7.20/user/month.
And if for some reason that service goes down one day, as long as you still have a mail client with your email stored in it you should be able to just switch providers and import your emails from your client. Make some backups.
I was very tempted to go for this one, but couldn’t find info on whether this was a one-man operation or if there are any disaster recovery plans. Sounds cruel, but if that one single guy my email depends on gets hit by a bus…
For anybody interested in more choices for volume-based providers like PurelyMail (with tiers based on storage and emails sent/received but who otherwise allow unlimited domains/mailboxes/aliases) there’s also MXRoute (US) and Migadu (Swiss/EU).
These providers don’t usually make sense for a single mailbox (although some of them have a low entry tier for this purpose) but can be extremely cost-efficient if you need 2 or more mailboxes/domains.
If your title is system administrator, maybe you don’t get paid as much with the same responsibilities as a DevOps Engineer, System Reliability Engineer, Cloud Computing Engineer etc. Don’t get caught up in titles, sell the value of your skills.
I was about to pay for simphonium app because was the best looking app for navidrome. Thanks for this amazing app , it looks great , it is super fast and responsive. Really great work where I can donate to it?
It’s just the cheapest type of drive there is. The use case is in large scale RAIDs where one disk failing isn’t a big issue. They tend to have decent warranty but under heavy load they’re not expected to last multiple years. Personally I use drives like this but I make sure to have them in a RAID and with backup, anything else would be foolish. Do also note that expensive NAS drives aren’t guaranteed to last either so a RAID is always recommended.
Make that RAID Z2 my friend. One disk of redundancy is simply not enough. If a disk fails while resilvering, which can and does happen, then your entire array is lost.
Hard agree. Regret only using Z1 for my own NAS. Nothings gone wrong yet 🤞but we’ve had to replace all the drives once so far which has led to some buttock clenching.
When I upgrade, I will not be making the same mistake. (Instead I’ll find shiny new mistakes to make)
That tracks with my experience as well. Literally every single Seagate drive I’ve owned has died, while I have decade old WDs that are still trucking along with zero errors. I decided a while back that I was never touching Seagate again.
I actually had my first WD failure this past month, a 10tb drive I shucked from an easystore years ago (and a couple moves ago). My Synology dropped the disk and I’ve replaced it, and the other 3 in the NAS bought around the same time are chugging away like champs.
For sure higher but still not high, we’re talking single digit percentage failed drives per year with a massive sample size. TCO (total cost of ownership) might still come out ahead for Seagate being that they are many times quite a bit cheaper. Still drives failures are a part of the bargain when you’re running your own NAS so plan for it no matter what drive you end up buying. Which means have cash on hand to buy a new one so you can get up to full integrity as fast as possible. (Best is of course to always have a spare on hand but that isn’t feasible for a lot of us.).
Fractal Design, definitely. The model I’m using is no longer made but they have very good ones today too. Look into the Define and Meshify lines. They have models that can utilize the full height of the case for HDD/SSD slots with openings on both sides for maximum ease of cable routing.
The Define 7 or Meshify 2 is most likely what you want. They only come with 6 HDD brackets included but you can buy more and they have slots for up to 11.
The R5 is another good choice, I like those brackets more, but it’s not so flexible as the others I mentioned, and the 5.25" bays will most likely go unused and just take up space.
Don’t get the Node 804, it’s much larger than it seems (check out yt videos) and is cramped and hard to work in.
I’ve currently got the Meshify C (not the 2) for my main gaming rig and I’ve dug it the whole time I’ve had it; looking at the drive mounting for the Meshify 2 makes me really want it for sure as that looks really convenient
The more I looked at the Node 804 since I made this post the less I liked it
NGL I wish their North line of cases had more slots for HDDs
Yeah I expect acting as SSD bays could become popular in the future if SSD prices drop low enough. Although they might be M.2 bays by then.
I have a bunch of old 60 GB 2.5" SSDs around but they’re so small it’s not worth bothering to set up an array of them. Plus they’re more useful individually for stuff like upgrading an old laptop, portable USB storage or installing Windows the one time in three years I need it.
In the meantime I’ve liberated the 2x HDD cage from a Define C Mini’s shroud and mounted it on the floor in a fan slot.
Pi 4’s were hard to get there for a while. Pi 5’s are expensive. Lot of other SBCs are also expensive, as in not all that much cheaper than a 2-3 generations old low-end x86. That makes them less attractive for special purpose computing, especially among people who have a lot of old hardware lying around.
Any desktop from the last decade can easily host multiple single-household computer services, and it’s easier to maintain just one box than a half dozen SBCs, with a half dozen power supplies, a half dozen network connections, etc. Selfhosters often have a ‘real’ computer running 24/7 for video transcoding or something, so hosting a bunch of minimal-use services on it doesn’t even increase the electric bill.
For me, the most interesting aspect of those SBCs was GPIO and access to raw sensor data. In the last few years, ‘smart home’ technology seems to have really exploded, to where many of the sensors I was interested in 10 years ago are now available with zigbee, bluetooth or even wifi connectivity, so you don’t need that GPIO anymore. There are still some specific control applications where, for me, Pi’s make sense, but I’m more likely to migrate towards Pi-0 than Pi-5.
SBCs were also an attractive solution for media/home theater displays, as clients for plex/jellyfin/mythtv servers, but modern smart-TVs seem mostly to have built-in clients for most of those. Personally, I’m still happy with kodi running on a pi-4 and a 15 year old dumb TV.
I would much rather have a single machine running vms which I can easily snapshot and back up rather than a dozen small machines I have to deal with power supplies and networking.
SBCs have specific use cases, usually where they need to interact with hardware. That’s what made the rpi so great with it’s GPIO and hats. But that’s a rather small use case.
I have pi4 with OpenMediaServer for SMB shares and videos to TV, it has docker and portainer add ins; so that single Pi has CUPS, Trillium Notes, PaperlessNG, homeassistant, kanboard, pdftk converter, syncthing. It could have more, I just ran out of applications I might need. no issues with performance.
You might want to use a code block instead of bullet points for your table, the way you presented it is unreadable but I found the info on your blog page.
One of my criteria for video formats is the portability. Like sometimes I might watch something through a web browser which natively supports x264. Yeah x265 provides better compression, and AV1 certainly looks interesting, but they both require the addition of codecs on most of my viewing devices and in some cases that’s not possible.
For most cases I’ve found that CRF25 with x264 works reasonably well. I tend to download 720p videos to watch on our 1080p TV and don’t notice the difference except in very minor situations like rapid motion on a solid-color background (usually only seen on movie studio logo screens). Any sort of animated shows can go even lower without noticeable degradation.
The first worry are vectors around the Synology, It’s firmware, and network stack. Those devices are very closely scrutinized. Historically there have been many different vulnerabilities found and patched. Something like the log4j vulnerabilities back in the day where something just has to hit the logging system too hit you might open a hole in any of the other standard software packages there. And because the platform is so well known, once one vulnerability is found they already know what else exists by default and have plans for ways to attack it.
Vulnerabilities that COULD affect you in this case for few and far between but few and far between are how things happen.
The next concern you’re going to have are going to be someone slipping you a mickey in a container image. By and large it’s a bunch of good people maintaining the container images. They’re including packages from other good people. But this also means that there is a hell of a lot of cooks in the kitchen, and distribution, and upstream.
To be perfectly honest, with everything on auto update, cloud flares built-in protections for DDOS and attacks, and the nature of what you’re trying to host, you’re probably safe enough. There’s no three letter government agency or elite hacker group specifically after you. You’re far more likely to accidentally trip upon a zero day email image filter /pdf vulnerability and get bot netted as you are someone successfully attacking your Argo tunnel.
That said, it’s always better to host in someone else’s backyard than your own. If I were really, really stuck on hosting in my house on my network, I probably stand up a dedicated box, maybe something as small as a pi 0. I’d make sure that I had a really decent router / firewall and slip that hosting device into an isolated network that’s not allowed to reach out to anything else on my network.
Assume at all times that the box is toxic waste and that is an entry point into your network. Leave it isolated. No port forwards, you already have tunnels for that, don’t use it for DNS don’t use it for DHCP, Don’t allow You’re network users or devices to see ARP traffic from it.
Firewall drops everything between your home network and that box except SSH in, or maybe VNC in depending on your level of comfort.
Assume at all times that the box is toxic waste and that is an entry point into your network. Leave it isolated. No port forwards, you already have tunnels for that, don’t use it for DNS don’t use it for DHCP, Don’t allow You’re network users or devices to see ARP traffic from it.
I used to have a separate box, but the only thing it did was port forwarding
Specifically i don’t really understand the topology of this setup, and how do i set it up
Cloudflare tunnel is a thin client that runs on your machine to Cloudflare; when there’s a request from outside to Cloudflare, it relays it via the established tunnel to the machine. As such, your machine only need outbound internet access (to Cloudflare servers) and no need for inbound access (I.e. port forwarding).
I’d imagine an isolated VLAN should be sufficient good starting point to prevent anyone from stumbling on to it locally, as well as any potential external intruder stumbling out of it?
You need to have a rather capable router / firewall combo.
You could pick up a ubiquity USG. Or set up something with an isp router and a PF sense firewall.
You need to have separate networks in your house. And the ability to set firewall rules between the networks.
The network that contains the hosting box needs to have absolutely no access to anything else in your house except it’s route out to the internet. Don’t have it go to your router for DHCP set it up statically. Don’t have it go to your router for DNS, choose an external source.
The firewall rules for that network are allow outbound internet with return traffic, allow SSH and maybe VNC from your home network, then deny all.
The idea is that you assume the box is capable of getting infected. So you just make sure that the box can live safely in your network even if it is compromised.
The box you’re hosting on only needs internet access to connect the tunnel. Cloudflare terminates that SSL connection right in a piece of software on your web server.
Are you my brain? This exactly the sort of thing I think about when I say I’m paranoid about self-hosting! Alas, as much as I’d like to be able to add an extra box just for that level of isolation it’d probably take more of a time commitment than I have available to get it properly setup.
The attraction of docker containers, of course, is that they’re largely ready to go with sensible default settings out of the box, and maintenance is taken care of by somebody else.
selfhosted
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.