For a while now, I’d been curious about self-hosting things… I didn’t really know what. I just wanted to learn more about it. Maybe Linux? Maybe deployments, Docker, and networking in general?
Choosing the Hardware
After some research—laptop, mini PC, or maybe a NAS? I decided to go with an old OptiPlex. Easier said than done: I spent weeks browsing eBay until I found a solid-looking OptiPlex 7050. It came with a 512 GB NVMe SSD, but since I already had one lying around, I figured I’d sell this one later. I ordered it, and so the journey began…
Ended up with a Dell OptiPlex 7050 and a 512 GB NVMe SSD. A budget-friendly choice for starting out, sourced from eBay after weeks of searching.
Setting Up the Operating System
While waiting for it to arrive, I looked into how to run different OS images from a single bootable device. My plan was to test a few Linux distros—Kali (because it sounds cool), Arch (for the hands-on experience), and Ubuntu Server (the one I’d actually use for my mini server).
I found Ventoy, a FOSS tool that does exactly that. Couldn’t ask for better. I installed it, set up my USB stick, and made sure to verify the signatures of the downloaded images. The docs walked me through everything.
Pro Tip: Verify Your Downloads
Always check the signatures of downloaded OS images to ensure they’re authentic and untampered. Tools like Ventoy make multi-OS setups a breeze.
Learning SSH
Finally, the OptiPlex arrived. I was thrilled until I realized I didn’t have an Ethernet cable to connect it to the router. So at first, I had to hook it up awkwardly to my PC setup. Not fun. The next day I grabbed a CAT6 cable and started tinkering. First step: SSH. I knew of it, but not much beyond that. Time to learn. I read up on the basics: generate a public-private key pair, move SSH off port 22, set up fail2ban, and disable root login. Took me a while, but eventually I had it working. I could now connect from my PC to the server with just the command line. The only issue? I didn’t know Linux all that well, and the CLI felt intimidating. But I was determined.
SSH Security Checklist
- Generate a public-private key pair for secure authentication.
- Change the default SSH port from 22 to reduce automated attacks.
- Install and configure fail2ban to block brute-force attempts.
- Disable root login to minimize unauthorized access risks.
Deploying with Docker
Next, I explored deploying services in containers with Docker Compose. I read about reverse proxies and log management, and thought it was a good place to start. Spoiler: it was harder than I expected. Still, I got Traefik running, and Portainer too. The catch? Portainer wasn’t actually behind Traefik. But I didn’t realize that at the time—I was just happy to see my own page load.
Lessons Learned
Thankfully, my initial SSH setup was strong enough to block any basic malicious attempts. But looking back, I should have spent more time learning about how socket proxies and reverse proxies actually work, and how to harden my setup before exposing it to the internet.
Final Thoughts
Self-hosting has a steep learning curve, but it’s incredibly rewarding. Start small, secure your SSH setup, and make sure you understand proxies and networking before going live. Keep learning, and stay safe!
Happy hosting, amigos!