Portainer + caddy + watchtower, this will give you the benefits of containers without the complexity of Kubernetes. As someone who professionally works with Kubernetes, I agree with what other people have said here: “only run it if you want to learn it for professional use”.
Portainer is a friendly UI for running containers. It supports docker compose as well. It helps with observability and ops.
Caddy is an easy proxy with automatic Let’s Encrypt support.
Watchtower will update and restart your containers if there’s an update.
(Edit: formatting)
Icinga2 works reasonably well for us. It is easy to write new checks as small shell scripts (or any other binary that can print and set and exit status code).
It’s open source, it’s easy to setup, its agents are available for nearly anything including OpenWrt, it can serve the simplest use case of “is it down” as well as much more complicated ones that stem from its ability to collect data over time.
Personally I’m monitoring:
Is it up?
Is the storage array healthy?
Are the services I care about running?
I used to run it ephemerallly - wiping data on restart. Recently started persisting its data so I can see data over the longer run.
Reduce your threat profile. Run sslh, 443 handles both SSL and ssh. Adjust your host based firewall to just 443 Attack yourself on that port, identify the logs Add the new profiles to fail2ban Enable fail2ban email If you don’t like email, use a service that translates email to notification. Ntfy.sh is free notifications Or… Use something like tailscale and don’t offer a remote login to the general Internet.
I submitted your post to got here’s what it thought
I used zabbix at some point, but I never looked at the data so I stopped. Zabbix shows all kind of stuff.
I have cockpit on my bare-metal that has some stats, and netdata on my firewall, I do not track any of my VM’s (except vnstat that runs on everything device).
I run Prometheus on a separate cluster, so I plug my servers with node_exporter and scrape metrics. I then alert with grafana. To be honest, the setup is heavier (resource usage-wise) than I would like for my use case, but it’s what I am used to, and scales well to multiple machines.
I have a huge datablob that I mirror off-site once monthly. I have a few services that provides things for my family, I take a backup of them nightly (and run a “backup-restoration” scenario every six months). For my desktop, none at all - but I have my most critical data synched / documented so they can be restored to a functional state.
I have autocron jobs that sync various server directories to a daily backup (on the same server), then sync that backup once a week to the weekly backup, and once a month take a tarball snapshot of the weekly backup.
Every once in a while I plug in a HDD on USB and take a Borg backup of the monthly dir. Borg does compression and deduplication (and encryption if you want to). I should be doing this also once a week but sometimes I’m lazy and leave a few weeks between them.
I think you can get a free subdomain and dynamic DNS service at desec.io, with this you should be able to keep the domain updated with your IP and point it at your home server. But you need to have a public IP from your ISP and not to be behind NAT.
Anither option is to use a Tailscale Funnel. You will have to use a .ts.net subdomain with them and they terminate TLS and re-encrypt for you. On the other hand it’s completely free, you get NAT traversal, an encrypted tunnel, and you don’t have to maintain the IP even if it’s dynamic.
Be careful OP that after first year you have to pay the ‘renew’ price, which is generally higher than ‘register’ price. A lot of cheap domain offers use that trick expecting users to become attached to their domains.
Because I am school student (16yr) from INDIA. Here u have to give record of each penny to parents and If say them that I just want a domain for self hosting my personal stuff I will not be able to say something else.
Can you make the domain somehow personalized to you so you can say its for an online resume to further your education and employability? If you happen to host other personal stuff that won’t cost you anything extra, just make sure you have a fancy looking CV at the root.
If you have a stable IP, there also free top level domains .TK / .ML / .GA / .CF / .GQ over at www.freenom.com . Their frontend is down sometimes, but once you have a domain and are point it to an IP, you should be dandy.
Check whatismyipaddress.com to see your IP address once you’re connected to either network, but with a high likelihood, it’s almost certainly different IPs. In that case, Dynamic DNS is probably best.
But if you’re using your neighbor’s wifi, I doubt there’s a way for you to host stuff unless you have access to their routers, can open ports 80 (HTTP) and 443 (HTTPS), and forward them to your server. It’s best to use hardware you control (including the router).
Not sure which ports are required for your usage but maybe cloudflared would work? It works on the free tier as well, you can install cloudflared on your linux/windows server (no BSD support afaik).
Freenom’s domains are pretty unstable, they lost management for .ga domains last year and they often claim others’ free domain when they have high usage.
though if you have unstable network I won’t suggest self hosting fediverse stuff.
Had really good experience with this option. Namecheap seems quite reasonable. Also, self hosting on other’s domain can cause a lot of issues as you try creating enough paths for everything. I have found subdomain routing to work much better as a lot of applications get sad when their host url is something like blarg.com/gitea or something.
If you ever decide to host your own, via VPS or sth consider checking docker-mailserver and watchtower. First takes care of the mail stuff and the second updates your containers frequently so you will not have to manually update to new versions of the container (for security patches etc.).
selfhosted
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.