this post was submitted on 19 Dec 2025
45 points (100.0% liked)

Selfhosted

53934 readers
313 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
45
Setting up VPS (finally) (lemmy.world)
submitted 1 week ago* (last edited 1 week ago) by d00phy@lemmy.world to c/selfhosted@lemmy.world
20 comments fedilink hide all child comments
 

For awhile I've liked the idea of using a VPS for "critical" services. Currently looking at running:

  • Authentik
  • Komodo (with periphery agents on local boxes)
  • Uptime Kuma
  • NTFY
  • Panglolin (or Cosmos Cloud?)

So, first of all, to folks already using a VPS, do you think it's worth it? Do you think I'm missing anything? Happy to discuss/research alternatives, too. I've thought about TinyAyuth+PocketID in place of Authentik. While I think Authentik is probably more complex (and likely overkill), it's a single solution. That said, I haven't played with TinyAuth/PockedID.

Second, I was pretty interested in Pangolin until I saw Cosmos Cloud mentioned elsewhere. It seems like it actually ticks a lot of boxes:

  • Built-in authentication
  • Reverse Proxy
  • VPN (At least for local-to-VPS connection, but possibly also for external clients?)
  • Docker management(?): They have an "app store" that's all docker images, so there's some docker capability built-in. Not sure yet if it can handle multiple hosts like Komodo.
  • DNS (I would still keep at least 1 local pi-hole instance)

Looking at the doc for chaining proxies and hiding IP, here, it mentions creating an A record for services hosted on a different server. I'm curious to know if this means Cosmos will only manage DNS for services hosted on the same box. Honestly this seems kind of odd, unless I'm misunderstanding how proxy servers work.

Anyway, I know this was a bit of a meandering post. Curious to know thoughts on my original plan, but also if anyone has played with Cosmos, I'd like to hear your thoughts.

Lastly: This morning, I found this interesting write-up to manage container updates using Forgejo, Renovate, and Komodo. Another rabbit hole to explore!

EDITS:

  • Spelling
all 23 comments
sorted by: hot top controversial new old
[–] cmc@lemmy.cleberg.net 2 points 4 days ago

Worth it in what way? Are you already self hosting and looking to just offload some of your critical services to a VPS for its availability, or are you fairly new to all of this?

For your first question on the VPS, I'd suggest thinking about backups (Is it provided by your VPS? Do you need something like Backblaze B2?) and firewalls.

For your Cosmos question:

I’m curious to know if this means Cosmos will only manage DNS for services hosted on the same box.

No, not necessarily. The DNS zone you control lives on Cosmos, but the records themselves just point to IP addresses. You can point an A record to any reachable IP, whether it’s the same VPS or a completely different server. As long as the tunnel is alive, the backend can be anywhere.

[–] motruck@lemmy.zip 8 points 1 week ago (3 children)

Wow lots of people who can't handle hosting. Ignore the nay sayers. Run your VPS just you know keep it up to date, back it up and use a long stable release.

It seems like the same crowd that can't figure out email also can't figure out running a server in general on the internet. Go figure.

[–] kossa@feddit.org 2 points 6 days ago

I get the same feeling, like, as if three letter agencies from all over the world start targeting your server specifically in 300 ms.

What happens is, yes, your server is immediately bombarded by ScriptKiddies from all over the world, and if you set up root SSH with hunter2 as password, that thing is taken over immediately. But if you only allow keyfile SSH you're 98% there already ¯\_(ツ)_/¯

[–] Wigglesworth@retrolemmy.com 1 points 5 days ago

...yeah, I've never had any issues, personally. I run a Gotosocial instance, XMPP and a Synapse fork publicly.

Update, lock your shit down and use a firewall is all I can tell anyone. My SSH isn't even open to the web, I have to go in via wireguard to access any administration.

[–] irmadlad@lemmy.world 1 points 1 week ago

I sure haven't seen any nay sayers. Just some people giving advice, and sharing their experiences.

[–] irmadlad@lemmy.world 6 points 1 week ago (2 children)

I remember the first Linux server I stood up on a VPS. It got thoroughly hacked almost immedietly. Not only did they hack the server, they set up attack vectors on other servers.....aaaand a bitcoin miner. Got up that morning, checked mail, and there was a nastygram from my host wanting to know WTF over. Since then, I did a ton of reading, took a couple basic online courses for my own edification. I now tend to go overboard on security now days if that is possible. I've been told my set up is way over engineered. However, it's been ticking along these many, many years now without issue. Also, since I am the only user of my network, it's a little easier to lock down. Users create complexities and complexities cause issues.

I'm sure you have done the leg work in bolstering your knowledge base in setting up your first VPS server, but as others have said, beware. It reminds me of the movie Constantine, where just beyond light, in the shadows, lurk thousands and thousands of demons. They are sophisticated bots too, and are quite autonomous.

Authentik

In my reading, tho I don't run it, VoidAuth is supposed to be lighter than Authentik. Do you have a directive or purpose sketched out for your server? What you want to accomplish, etc?

VPN (At least for local-to-VPS connection, but possibly also for external clients?)

Tailscale is my choice for my VPN overlay on the server. I also use the evil Cloudflare Tunnel/Zero Trust. All devices also run their own VPN.

I have played around with Cosmos. Pretty neat little package, especially for someone just starting out. I can't speak to it's performance, but I read glowing reviews. YunoHost would be in that category as well, with a very large app catalog.

Looks like you are heading in the right direction.

[–] littleomid@feddit.org 4 points 1 week ago (1 children)

How did you manage that? Opened SSH with no password?

[–] irmadlad@lemmy.world 1 points 1 week ago

I was rather green then, and when I got the nastygram, the host had already shut things down because it was reeking havoc. So I never really got to observe and I didn't want to light that candle again. I just wiped it.....started studying, and when I felt comfortable, I gave it another go.

[–] Pika@sh.itjust.works 3 points 1 week ago (1 children)

reminds me of my first mail server, accidentally set up an open relay and got a lot of abuse reports from mail providers saying they blocked my server due to it. Took forever to get fixed again.

[–] irmadlad@lemmy.world 1 points 1 week ago (1 children)

I mean, there can be some serious consequences, especially if your server starts attacking other servers. They don't take that shit lightly.

[–] Pika@sh.itjust.works 3 points 1 week ago

oh for sure, it made sense that they wanted to make sure was fixed. Just was super alarming the speed it was advertised that the relay was there!

[–] silver@das-eck.haus 4 points 1 week ago (3 children)

I can't speak to cosmos, but I have Pangolin, Kuma, and vaultwarden on a hetzner vps and I love it. I run everything in docker compose files on a Debian host. Right now I have authentik on one of my sites, but I think I will be switching to voidauth also hosted on the vps in the near future

[–] fleem@piefed.zeromedia.vip 1 points 1 day ago

sorry for being late to this, but if you're using pangolin, why put anything else on the vps? this is a great thread!

[–] d00phy@lemmy.world 2 points 1 week ago

Hadn’t heard of voidauth. Will check it out. Thanks!

[–] pleksi@sopuli.xyz 2 points 1 week ago* (last edited 1 week ago)

Im on the same boat, Pangolin on a vps with some other services. Really inpressed with pangolin and usung pocket id for oauth witg great success

[–] TigerCR1200@sh.itjust.works 3 points 1 week ago

Cosmos sounds kind of interesting, if I’m understanding correctly the vps only job would be the lighthouse. And the fact once they are connected they don’t have to go through the lighthouse anymore sounds good. However the cost to get to features is concerning to me, I don’t mind paying but I want to make sure it’s what I want first .