Back in 2013, i.e. 12 years ago, I decided that my private data must remain my own and started to self-host all essential services at my home. Not only for me, but also for my family and for my friends. Over those years, I’ve added more and more services and improved the redundancy of my setup. Some things came, some things went, and I thought it’s time to document my current hardware and software setup. So here we go with the software:

One of the two most important services I host on my own is Nextcloud. Initially, I only used it as a file server, but I quickly added calendar and address book synchronization. Much later, perhaps 2 or 3 years ago, I upped the game with an online office suite integrated in Nextcloud. This enabled me to work on my text and spreadsheet documents on several devices and with other people simultaneously. While I started with Collabora Office, I switched to the OnlyOffice integration in Nextcloud, as it works much better for me.

The second service that is of central importance to me is my own messaging infrastructure. For this purpose, I’m using the Prosody XMPP server in the background, the Conversations messenger on my smartphone, and Dino on my notebook. That covers text, picture and video messaging and also person to person voice and video calls. For the data path of these calls, I use eturnal as a proxy in the middle, so calls can go through NAT gateways.

And while we are talking about messaging, I use Gotify to send and receive messages when certain events such as server reboots, outages and other things are detected.

For conference calls, I run a BBB server in the cloud, so the occasional chat with many people is covered in my setup as well without requiring any Hyperscaler and intrusion into my privacy. BBB has come a long way over the past 5 years, and it’s very nice and easy to use these days with lots of handy features.

For remote support, I’m using a centralized SSH server to which all notebooks and other devices I remotely support can connect to. This way, I can use an encrypted tunnel to those devices, even if they are behind a NAT. x11vnc is my friend to remotely access the GUI of Ubuntu based notebooks. With Wayland now becoming more popular, however, x11vnc is probably not a solution for the next decade to come.

Then, there is this blog of course that is based on WordPress. It runs, together with other services, behind a Caddy reverse proxy. Other services that use the reverse proxy to be available on the standard https port (443) are for example the OnlyOffice server I used for Nextcloud and some private projects. Also, I have an Etherpad instance running behind the reverse proxy, but I have to say I use it only very rarely. Another service that is using the reverse proxy is my CommaFeed instance, a news aggregator service that replaced Selfoss earlier in the year.

On goes the list with OpenVPN at several different locations, so I can switch countries easily, and Wireguard, which will eventually replace OpenVPN once all notebooks I support are on Ubuntu 24.04, which is the first version that has a Wireguard GUI built-in.

As I like to know what is going on in my network, I have a data collection and visualization stack installed that gets data from my router to display and archive data points such as amount transferred, throughput and other parameters. Grafana is my friend for the visualization part.

And finally, one service I have added only recently is Immich, to which all my smartphones automatically upload pictures and videos. It requires quite a lot of storage, but it’s much preferable to manually copying photos and videos over USB to my notebook and from there to a backup.

So much for today. At this point, you might wonder on what kind of hardware all of this stuff runs on and what my CAPEX and OPEX is for all of this. More about this in part 2.

Post navigation