this post was submitted on 26 Jun 2026
211 points (91.7% liked)

Selfhosted

60093 readers
553 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require your active participation in selfhosting or related communities, or the post will be removed. No more than 10% of your posts or comments may be self-promotional, or your post will be removed. F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, and your account is at least 30 days old, your post is exempt from this rule as long as you continue to engage in comments.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
211
My entire production website runs on a Raspberry Pi 4B + Orange Pi Zero 3 — real traffic, public dashboard, zero cloud (feddit.it)
submitted 1 day ago by Tommy2970@feddit.it to c/selfhosted@lemmy.world
67 comments fedilink hide all child comments
 

A few months ago I decided to self-host everything for my software house instead of paying for cloud infrastructure. Here's what's running on a Raspberry Pi 4B (4GB) at home:

Astro static site + nginx Full mail stack (Postfix + Dovecot + Roundcube) in Docker MariaDB with automated backups GoAccess analytics with custom Python bot/human separation Dynamic IP blocklist generated at every deploy Certbot managed on a separate Orange Pi Zero 3 (HAProxy + SSL termination)

The Orange Pi Zero 3 as a dedicated HAProxy node was the best €25 I spent — SSL overhead completely offloaded from the Pi, all subdomains routed through one config, clean network separation between "what faces the internet" and "what runs the services." Storage: all boards boot from SSD via USB3. No SD cards in production. The ISP situation: Eolo wireless, 20Mbps down / 100Mbps upload. Yes, upload is 5x download. For a web server that's actually ideal. Real stress test — June 22, 2026 A post on r/italy hit 20k views in 24 hours. Numbers that day:

555 human visitors (vs ~180 daily average) 151 unique IPs 72.2% return rate 9.98 MB bandwidth 0 downtime 0 errors in the mail stack

PageSpeed from Google's infrastructure:

Desktop: Performance 100 / SEO 100 Mobile: Performance 97 / SEO 100

No CDN. No Cloudflare. No edge nodes. Just nginx on a Pi. The honest limitations:

Single point of failure — yes, if the Pi dies the site goes down Mail deliverability on residential ISP is hard (Brevo relay helps) No redundancy — we run backups, not replicas

All traffic data is live and public: stats.lake8.dev/geo.html Happy to answer questions on any part of the stack.

top 50 comments
sorted by: hot top controversial new old
[–] Tommy2970@feddit.it 2 points 1 hour ago* (last edited 1 hour ago)

also, if someone have a technical article or white paper and want to share - we have a contribute page on https://lake8.dev/contribute/contribute/ how it works: you send, we read, we write back with technical notes (good and bad, honest). if you ok with feedback we publish. if not, no problem, we delete. is free, is honest, no marketing 🐕 https://lake8.dev/contribute/contribute/

[–] Grail@multiverse.soulism.net 14 points 1 day ago (2 children)

Why are all your comments full of em-dashes?

[–] Kazumara@discuss.tchncs.de 13 points 1 day ago* (last edited 1 day ago) (1 children)

And one even starts with:

You’re completely right

Hahaha

[–] Grail@multiverse.soulism.net 6 points 1 day ago

You're completely right — OP's comments do sound like an AI! Keep going, champ, and let U̸̡̢̖̜̬̐Ș̵̲̈̀̎̈́ know what project you'd like to work on next!

[–] Tommy2970@feddit.it 7 points 1 day ago (3 children)

Ciao! I'm Italian 🇮🇹 — my English is very "pasta asciutta" level. I use AI to help me write without saying something cosmically wrong. Sorry for that. But me and my dog are 100% real. 🐕

[–] frongt@lemmy.zip 2 points 23 hours ago (1 children)

The AI is writing for you. None of your words are coming through. While I'm sure that Google translate runs on AI these days, it's miles better than chatgpt.

Even if your English is terrible, I'd still rather read broken English than AI slop. (Or you can post the short top-line summary in English and the rest in Italian, or even just the whole thing in Italian; this isn't an english-only community!)

[–] Tommy2970@feddit.it 4 points 23 hours ago

Ciao, messaggio ricevuto. La prossima volta preparerò il post appositamente per te. Se mi mandi le specifiche IEEE ti prometto che farò del mio meglio per rispettarle. Buona serata.

[–] Philippe23@lemmy.ca 3 points 1 day ago* (last edited 1 day ago) (3 children)

"My dog and I [...]" is proper English grammar.

  1. It's impolite for you to be first in the list of beings.
  2. "Me is 100% real" is wrong, it's "I am [...]"

Your AI needs a grammar upgrade. 😉

load more comments (3 replies)
[–] Grail@multiverse.soulism.net 3 points 1 day ago (1 children)

Ah, yeah, we don't like AI here.

[–] Tommy2970@feddit.it 4 points 1 day ago (2 children)

Ciao! I'm Italian — my English is not exactly my strongest skill. But if AI-assisted translation bothers you, I can always switch to Google Translate 😊 Hope that's reassuring enough.

[–] BakedCatboy@lemmy.ml 3 points 1 day ago (3 children)

Yeah Google translate preserves a lot more of your communication style. AI overuses so many phrases it can get annoying reading something that was processed through it.

load more comments (3 replies)
[–] Brownie@lemmy.zip 5 points 1 day ago (1 children)

Ah, yeah, we don't like Google here either.

[–] Tommy2970@feddit.it 4 points 1 day ago (1 children)

Ah, yeah, we don’t like Google here either. Ciao! At this rate I'll have to rewrite everything in carrier pigeons. :-)

[–] Brownie@lemmy.zip 4 points 1 day ago (1 children)

The Lemmy council approves

[–] Tommy2970@feddit.it 2 points 1 day ago

Honored. 🙏

[–] Tommy2970@feddit.it 11 points 1 day ago (1 children)

This is BASIC — my Lagotto Romagnolo. Official lake8.dev mascot and uptime monitor. He also finds truffles. 😍

[–] x00z@lemmy.world 3 points 1 day ago (1 children)

How did you get him to find truffles? :O

[–] Tommy2970@feddit.it 7 points 1 day ago (1 children)

He's a Lagotto Romagnolo — a breed selected for centuries specifically for truffle hunting. It's literally in his DNA. Training starts as a puppy: you hide small pieces of truffle in the garden and let him find them. Now the only way to make him truly happy is to let him run free in the woods — and you run behind him 😄 When he finds one, he expects a proper reward. I'm from Bologna, so his payment is a tortellino per truffle. Fair trade. 😁

[–] irmadlad@lemmy.world 5 points 1 day ago (1 children)

tortellino per truffle

Hell, I'll find you truffles if you feed me that. LOL

[–] Tommy2970@feddit.it 4 points 1 day ago

Deal! Work hard, find truffles, get tortellini con burro e tartufo. Best salary package in the industry. 😀

[–] tidderuuf@lemmy.world 39 points 1 day ago (3 children)

Last time I tried something like this my ISP cut me off by sending me an email after they cut me off about how if I am running a business website it has to be through their business plan not residential plan.

I never saw the email because they cut me off before I could ever view it.

I wasn't even hosting a business site but it was for a wedding announcement and RSVP shit.

Little guys have a hard time these days.

[–] DenimFootpath@lemmy.dbzer0.com 12 points 1 day ago (1 children)

What if you hid your traffic by using a wireguard VPN like mullvad as your exit node? Your ISP wouldn’t be privy to the services you host all they could see is that your using wireguard or a vpn

[–] SpacePirate@feddit.nu 3 points 1 day ago

Not a ad but want to leave this here because I think it's relevant. Najalla has a VPN service that is very unique, instead of giving you multiple exit points with different IPs and maybe 1 portforward they give you One static IP with full access to portforwarding for like 5€/Month

I am in no way affiliated with them but I am just a customers of thier service and enjoy it!

[–] irmadlad@lemmy.world 4 points 1 day ago (1 children)

Was this a well known ISP or a local ISP That's weird. Did they have a policy against that? Even when I didn't have a business account with my ISP, they didn't seem to care,

[–] tidderuuf@lemmy.world 2 points 1 day ago

It was Comcast. Luckily I don't have them anymore. Thank God for municipal fiber.

load more comments (1 replies)
[–] Tommy2970@feddit.it 8 points 1 day ago

Here's my "cloud infrastructure" Air conditioning — NO Sterile environment — NO Dedicated server room — NO Enterprise-grade monitoring — is BASIC (BASIC is my Lagotto Romagnolo. He checks uptime personally.)

[–] i_stole_ur_taco@lemmy.ca 19 points 1 day ago (2 children)

Waddaya mean no cloud?

YOU ARE THE CLOUD NOW

[–] pmk@piefed.ca 4 points 1 day ago

If clouds are far away, then self-hosting could be "fog"? Clouds at ground level that you walk around in.

[–] Tommy2970@feddit.it 3 points 1 day ago

Exactly. I didn't move to the cloud. The cloud moved to my living room.

[–] ropatrick@lemmy.world 8 points 1 day ago (1 children)

I like posts like this (certainly the spiffy world map looks like you are in a movie!), and I like the self hosting idea, but here's the issue I see with self hosting stuff...

Its so complex. To me its bordering on inaccessible for the regular user. What you have described is very technical, and I see this all the time in the self host section; very cool looking dash, doing cool stuff, but then the description is like its literally in a different language. I'm usually lost before I have read three lines.

In your post, I'm actually not even sure what you have built. Mail server? Website? I'm fairly techie but I find it hard to understand. Is "software house" your business?

Its great and I commend your work, but its mind boggling and my overarching feeling when I see these posts is usually: "damn, way too complex, I wouldn't know where to start".

Thanks for the post however and for taking the time to document and answer questions. 👍🏼

[–] Tommy2970@feddit.it 3 points 1 day ago (1 children)

You're completely right, and thank you for saying it directly. Let me try again in plain English: I run a small software company from home. Instead of paying €50-100/month for hosting, email, and analytics services, I built everything on a €60 Raspberry Pi computer sitting next to my router. What's actually running on it:

The website you're reading about (like any website, just hosted at home instead of on AWS) Email — when someone writes to info@lake8.dev, it lands on that Pi Analytics — that world map showing where visitors come from

That's it. Three things, one small computer, zero monthly fees. There's also a green angle that rarely gets mentioned: the entire setup draws around 3-4W idle — less than a LED light bulb. A data center rack serving the same traffic would consume orders of magnitude more. Self-hosting at this scale isn't just cheaper, it's genuinely lighter on the planet. The complexity you're seeing is real — it took months to set up and I have 20+ years of experience. I'm not going to pretend it's for everyone. It isn't. But that's also why I built Lagotto BI — our actual product — which does the opposite: takes complex business data and makes it readable for people who just want to understand their business, not manage servers. So yes, "software house" is my small business. The Pi is just how I run the infrastructure behind it without paying cloud prices forever. Thanks for the honest feedback — it's genuinely useful. thk :-)

[–] ropatrick@lemmy.world 3 points 1 day ago (1 children)

Hey Grazie for following up, appreciate it. Sounds even more impressive now that I understand it fully.

I was thinking about it after I posted and I suppose the fact that its complex is part of why the big corporations can benefit so much from our data. They have full control and a million services to host your site, manage your email and analyse your data, and all it takes is a two minute sign up and you are in. Sounds great for the basic user, which is most of the world, but the price you pay is that your data and privacy is effectively gone. They have a captive audience and we go running to them. Its a shame.

I suppose if self hosting was easy, many more people would be doing it. I still love the idea but i think its still a bit technical and that puts me off.

Again, appreciate the response and time taken to explain. I can almost feel feeling of satisfaction you must have, knowing that you are saving money, protecting your privacy and running part of your business in such an excellent way! Great work.

Ciao!

load more comments (1 replies)
[–] confusedpuppy@lemmy.dbzer0.com 2 points 1 day ago (1 children)

For the past year I've been learning to self host minimally on a used Raspberry Pi 5. I do have a Pi 4 as well but that's dedicated to HomeAssistant for the small handful of lights and switches it controls.

Both Pi's run Alpine Linux with Podman containers. For my Pi 5 server it runs Caddy as my reverse proxy/SSL cert handler plus another contained for Kiwix. It's super simple. Caddy also has a basic file server for me to host my git repositories as well as hosting my static site.

The static site is based off a script I found called BashWrite but it hasn't been updated in a year so I decided to add some of my own changes to it here. I also fixed up some of the English grammar since the original creater wasn't an English native speaker.

I'm still focusing on the background stuff but I've put a lot of effort into security and hardening. I've written all the maintenance (backup, keep-alive, updating) myself using POSIX portable scripts which can all be found on my codeberg page. It's been a long process but I'm nearly there. I just have to switch from iptables to nftables and add secrets to my Caddyfile configuration to hide important keys that are currently sitting as plain text. After that I can focus on my blog/static site.

Since I'm not doing this for a business, I've decided to use a wildcard domain for my SSL cert plus an uncommon port as a low effort way to hide myself from bots/scraper. Also I set up Wireguard infront of my SSH connection to also hide from bots. My log activity only shows my own activity which is comforting to know, especially since I've seen just how active bots and scrapers are in comparison to a year ago when I was just getting started and beginning to learn things.

It's really cool to see another minimal project like this and I think it's refreshing to see. A lot of the times I see people with dozens on intensive services running and I feel a bit out of place with my scaled down self hosted project.

My only question about your setup is about HAproxy. How important is a load balancer for your site? I don't think I will need one for myself since the traffic will mostly be for myself and a few people I know personally but I am still curious about how it works and how effective it is for your setup.

[–] Tommy2970@feddit.it 1 points 1 day ago (1 children)

Ciao! Really enjoyed reading about your setup — Alpine + Podman is a great minimal choice, and the Wireguard-in-front-of-SSH approach is elegant. On HAProxy: for my use case it's not really a load balancer — it's a reverse proxy and SSL termination point running on a separate board (Orange Pi Zero 3). The main reason is architectural: it sits in front of everything, handles Certbot renewals, and routes traffic to the Raspberry Pi 4B behind NAT. If one board needs maintenance, the other keeps running. For a personal setup with low traffic, you honestly don't need it. Caddy already does what HAProxy does for me, and with less configuration. Your setup sounds cleaner for what you need. One thing I noticed we share: the bot/scraper problem is real. My public dashboard shows 6400+ attacks in 17 days vs ~4500 legitimate human visits. The uncommon port trick is underrated. 😄

confusedpuppy @lemmy.dbzer0.com to Selfhosted@lemmy.world • My entire production website runs on a Raspberry Pi 4B + Orange Pi Zero 3 — real traffic, public dashboard, zero cloud English For the past year I’ve been learning to self host minimally on a used Raspberry Pi 5. I do have a Pi 4 as well but that’s dedicated to HomeAssistant for the small handful of lights and switches it controls.

Both Pi’s run Alpine Linux with Podman containers. For my Pi 5 server it runs Caddy as my reverse proxy/SSL cert handler plus another contained for Kiwix. It’s super simple. Caddy also has a basic file server for me to host my git repositories as well as hosting my static site.

The static site is based off a script I found called BashWrite but it hasn’t been updated in a year so I decided to add some of my own changes to it here. I also fixed up some of the English grammar since the original creater wasn’t an English native speaker.

I’m still focusing on the background stuff but I’ve put a lot of effort into security and hardening. I’ve written all the maintenance (backup, keep-alive, updating) myself using POSIX portable scripts which can all be found on my codeberg page. It’s been a long process but I’m nearly there. I just have to switch from iptables to nftables and add secrets to my Caddyfile configuration to hide important keys that are currently sitting as plain text. After that I can focus on my blog/static site.

Since I’m not doing this for a business, I’ve decided to use a wildcard domain for my SSL cert plus an uncommon port as a low effort way to hide myself from bots/scraper. Also I set up Wireguard infront of my SSH connection to also hide from bots. My log activity only shows my own activity which is comforting to know, especially since I’ve seen just how active bots and scrapers are in comparison to a year ago when I was just getting started and beginning to learn things.

It’s really cool to see another minimal project like this and I think it’s refreshing to see. A lot of the times I see people with dozens on intensive services running and I feel a bit out of place with my scaled down self hosted project.

My only question about your setup is about HAproxy. How important is a load balancer for your site? I don’t think I will need one for myself since the traffic will mostly be for myself and a few people I know personally but I am still curious about how it works and how effective it is for your setup.

Body

[–] confusedpuppy@lemmy.dbzer0.com 1 points 23 hours ago (1 children)

Aaah that's good to know. I've seen HAproxy mentioned before and this was the first time I looked at it.

I am happy I went with Caddy because networking is not my strength and Caddy is quite simple in comparison to other reverse proxies. Nginx config files will forever look like scribbles to me.

I don't know about the limitations of using an uncommom port though because my needs are quite small and obscure by design. I do wonder if other people could benefit from using wildcard certs + uncommon ports. Watching bots/scrapers drop to zero attempts and stay zero has been really satisfying and I haven't had the desire to use outside services like Anubis or Cloudflare.

I know someone out there with itchy fingers is ready to warn that obscurity isn't security and I wouldn't deny that. However, I do believe obscurity layered with security is valid as long as security takes the main focus.

[–] Tommy2970@feddit.it 1 points 22 hours ago

Caddy is a great choice for exactly that reason — it gets out of your way. HAProxy gives me more granular control but the config is definitely not for everyone. On the obscurity point: you're absolutely right, and I'd sign that statement. Obscurity alone is theater. Obscurity on top of solid security is a legitimate noise reducer. Watching bots drop to zero is genuinely satisfying — my public dashboard shows 6,400+ attack attempts in 17 days vs ~4,500 real humans. The bots are loud. The wildcard cert + uncommon port approach is underrated for small personal setups. The attack surface doesn't shrink, but the automated scanners move on and that's often enough. 😄

[–] SwissOS@sh.itjust.works 3 points 1 day ago (1 children)

Sounds great! Is there an easy to follow/understand tutorial on setting up HAProxy node?

load more comments (1 replies)
[–] originalucifer@moist.catsweat.com 9 points 1 day ago (1 children)

[–] Tommy2970@feddit.it 6 points 1 day ago

Thk 😀

[–] fluckx@lemmy.world 2 points 1 day ago (1 children)

How do you enforce consistent backups of the database? Do you dump the data periodically? Copying the data on the docker volume won't give you consistent ( and possibly corrupted ) backups IIRC if the database itself isn't stopped.

load more comments (1 replies)
[–] Decronym@lemmy.decronym.xyz 2 points 1 day ago* (last edited 1 hour ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
Git Popular version control system, primarily for code
ISP Internet Service Provider
NAT Network Address Translation
SSH Secure Shell for remote terminal access
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)
nginx Popular HTTP server

[Thread #29 for this comm, first seen 26th Jun 2026, 07:20] [FAQ] [Full list] [Contact] [Source code]

[–] carlnewton@feddit.uk 2 points 1 day ago (1 children)

That's awesome! I would never have expected that kind of throughput. On the day of your popular post, did you feel the traffic while trying to use the internet yourself at all? I sometimes fear that I'm going to get hit by something that interrupts what I'm doing and I'll have to take the server down temporarily. It hasn't happened yet though. I use a cloudflare tunnel mostly because I don't have a static IP address, but it does help reassure me in the event of a DDOS and blocking bot traffic. Those services are free by the way (for the time being at least! Who knows about the future)

[–] Tommy2970@feddit.it 2 points 1 day ago

Honestly no — I didn't feel it at all. The Pi was handling the spike silently in the background while I was working normally. Upload bandwidth on Eolo is 100Mbps, and a static Astro site serving mostly HTML/CSS is incredibly light. Peak day was 555 human visitors with 9.98MB total bandwidth — that's nothing for a residential connection. The Cloudflare tunnel approach is smart especially without a static IP. We have a static IP included with Eolo (unusual for residential, I know) which simplifies things. For DDoS protection we rely on HAProxy on a separate Orange Pi Zero 3 doing rate limiting and our dynamic blocklist — but honestly at our scale a proper DDoS would still hurt. The "who knows about the future" concern about Cloudflare is real though. Building on free tiers of centralized services is convenient until it isn't — which is part of why we went full self-hosted in the first place.

load more comments
view more: next ›