Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Just got a brand new server, what do I do first?
5 points by h4ch1 on Feb 1, 2023 | hide | past | favorite | 5 comments
I've been long wanting a playground to host my own e-mail, website, media and miscellaneous utilities to break free from subscriptions and "free" services which are data hogs, but due to extrenuating circumstances, paying for and maintaining a server has just been too much of a monetary and temporal investment for a broke college kid.

After a bit of research I came across Oracle's Free Tier (<https://www.oracle.com/cloud/free/faq/>) which offers a LOT, and in my eyes seems like the perfect test-bed to try out homebrew before I invest in my own DIY VPS at home.

Currently thinking of setting up the following:

- <https://www.getoutline.com/> (Notion alternative)

- <https://github.com/jellyfin/jellyfin> (Media management)

- <https://github.com/Radarr/Radarr> (Movies)

- <https://github.com/dani-garcia/vaultwarden> (Passwords)

- <https://wildduck.email/> (E-mail)

Even though I have self-hosted things individually (eg: my Ghost blog on a RasPi connected to my home WiFi), something which I've always been concerned about is the separation of all these services, since they must have APIs and access rules. What's an ideal way of setting up a multi-service server like this, and what security policies should I implement. Additionally what are some must haves that you have running on your servers?

I understand self-hosting is a huge labour of love, and I have no qualms in investing time/effort learning :) Thank you for reading!

tl;dr got a server, want to self-host things, how do I secure it/what all do HN'ers have running on their servers.




Not sure what the first thing you should do is, but the second is set up and test backups!


Oh yes, thank you! Thinking of using https://torsion.org/borgmatic/ for my server backups and https://github.com/immich-app/immich for my photos and videos. Any x-platform solutions you may be aware of?


So close!

The first thing you should do is set up and test backups!


Here's what I have, plus a bit of stuff I should add:

* SSH set up for pubkey auth only, exposed to the internet.

* Tailscale - for accessing stuff when away from home. A unique, very cool VPN, check it out if you haven't already. [0]

* IMMICH - photos [1]

* Transmission - BitTorrent client [2]

* NZBGet - Usenet/NZB downloader [3]

* Sonarr - TV Shows [4]

* Radarr - Movies [5]

* Lidarr - Music [6]

* Prowlarr - indexer management [7]

* Jackett - makes torrent sites into the Torznab API, so you can add them as indexers. [8]

* A normal VPN - e.g. OpenVPN or WireGuard. I haven't gotten one set up yet, but I'm planning on it.

* Home Assistant - for smart home/automation stuff [9]

* Ombi - all-in-one place where it's easy for less tech-savvy people, like family members, to have Sonarr/Radarr download something. Can import logins from Jellyfin. [10]

* Gitea - Git repo hosting thing [11]

* Pi-Hole - DNS-based ad blocker [12]

* homepage - A nice, customizable homepage. Can set custom search engine, add sites, ping sites, view docker container health, view system load and free space. Also a static site. Very cool. [13]

* swag - nginx with auto-renewed certificate and reverse proxy set up, for secure access to your services outside your LAN. I haven't gotten it set up yet, because it's a bit of a pain! I've heard nginx proxy manager, a GUI for setting up a reverse proxy, is also good. Haven't tried it though. [14]

Other stuff:

* r/UsenetInvites - A place to get UsenetInvites. [15]

* NZBGeek - pretty good open Usenet indexer, multiple payment options. They've also got a decent Discord server. [16]

* Drunkenslug - widely regarded as the best Usenet indexer. Hard to get invite though, use r/UsenetInvites. [17]

* Eweka - Dutch Usenet provider. Their King's Day deal (very cheap) actually runs all year long. [18]

* r/selfhosted - Fantastic subreddit based around self-hosted stuff. [19]

* Self-Hosted - A podcast about self-hosting. They just finished Jellyfin January, where you only use Jellyfin, not Plex, for the whole month. [20]

* Self-Hosted Discord server - A Discord server run by the Self-Hosted podcast. There's an invite link on their site. [20]

* LunaSea - An app for Sonarr, Radarr, NZBGet, SABnzbd, and Tautulli. Similar to nzb360, but without torrents, but all features it has are free.

Remember, linuxserver.io is your best friend!

---

Tip: Keep all your docker compose stuff in a git repo, so that you can easily move to another server when needed. I do this on my boot SSD, and keep any of the actual data on a big HDD that I always mount at the same point.

Like this:

```

docker-data/

  - .git/

  - immich

    - docker-compose.yml

  - jellyfin

    - docker-compose.yml
```

---

By the way, what's your server's specs?

[0] https://tailscale.com

[1] https://immich.app/docs/install/docker-compose

[2] https://hub.docker.com/r/linuxserver/transmission

[3] https://hub.docker.com/r/linuxserver/nzbget

[4] https://hub.docker.com/r/linuxserver/sonarr

[5] https://hub.docker.com/r/linuxserver/radarr

[6] https://hub.docker.com/r/linuxserver/lidarr

[7] https://hub.docker.com/r/linuxserver/prowlarr

[8] https://hub.docker.com/r/linuxserver/jackett

[9] https://hub.docker.com/r/homeassistant/home-assistant

[10] https://hub.docker.com/r/linuxserver/ombi

[11] https://docs.gitea.io/en-us/install-with-docker/

[12] https://hub.docker.com/r/pihole/pihole

[13] https://github.com/benphelps/homepage

[14] https://hub.docker.com/r/linuxserver/swag

[15] https://reddit.com/r/UsenetInvites

[16] https://nzbgeek.info

[17] https://drunkenslug.com

[18] https://www.eweka.nl/en/landing/special-usenet-deal

[19] https://reddit.com/r/selfhosted

[20] https://selfhosted.show


Update: IMMICH has been super buggy for me, I'm probably going to switch to Syncthing + Lychee.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: