Hi everyone, I posted about my Safebox project earlier, but now I’d like to hear your thoughts on something a bit broader. I’ve been noticing a pattern in self-hosting communities, and I’m curious if others see it too.
Whenever someone asks for a more beginner-friendly solution, something with a UI, automated setup, or fewer manual configs, there’s often a response like: “If you can’t configure Docker, reverse proxies, and Yaml files, you shouldn’t be self-hosting.”
Sometimes it feels like a portion of the community views complexity as a badge of honour. Don’t get me wrong, I love the technical side of self-hosting. I enjoy tinkering, breaking things, fixing them, learning along the way. That’s how most of us got into it.
But if we want more people to own their data, escape Big Tech, and embrace open-source alternatives, shouldn’t we welcome solutions that lower the entry barrier?
There’s room for:
- people who want full control and custom setups
- people who want semi-manual but guided
- people who want it to work with minimal friction
Just like not every Linux user compiles from source, but they’re still Linux users.
Where do you stand? Should self-hosting stay DIY only or is there value in easier, more accessible ways to self-host?
Safebox aims to make self-hosting more approachable without sacrificing data ownership, so I genuinely want your honest take before releasing it more widely.
Some technical highlights of the project, for those interested:
Safebox runs on Linux, macOS, and Windows, supports both x86 and ARM64 (including Raspberry Pi, Banana Pi, and others), and handles domain/subdomain setup, Let’s Encrypt certificates, DNS configuration, reverse proxy (nginx), and also offers WireGuard-based remote access.
The project is currently in beta, and we’d really appreciate feedback from anyone interested in testing it, whether it’s about usability, stability, features, design, or honestly anything at all. You can find all the info about beta testing on our Discord channel.
If you’d like to try it out, check the Github repo: https://github.com/safeboxnetwork/framework-scheduler
Website: https://safebox.network/
Discord: https://discord.gg/aBP8bz6N8J
Thanks in advance to anyone who gives it a look or shares their thoughts.
How can security be made accessible? I’m a noob at self-hosting (I can deploy Docker containers and all that). There are loads of guides for beginners. I haven’t found any accessible info about security to learn from in an incremental way. Surely the advice can’t be that self-hosting shouldn’t be done till you’ve done a undergraduate qualification worth of learning about cyber security first.
I dont know. I’m in an adjacent industry, and even amongst some of my colleagues who do have degrees, there are some significant knowledge gaps. Companies often have entire teams dedicated to cyber security, and still get this wrong.
There are just so many subtleties that need to be done right. I’m pretty certain that even my setup isnt properly secure, and the only reason things haven’t crashed down is pure luck.
The appliance model is probably the best way to enforce security practices for regular users, but that pushes significant control/responsibility back to the supplier (they must stay up to date with patches, force push out updates so no one is left behind, limit flexibility so everyones setup is relatively homogeneous). Done right (for security), that costs a lot of money, so likely a subscription model. And it rapidly becomes a “cloud” service that runs off your own electricity, which loses all the self hosting benefits.
OK, so I’ve spent a load of time on this today. Searching for “self-hosting security” mostly brings up mostly home surveillance camera results.
I’ve found this resource and have implemented his recommendations. Finally a good resource and I’m feeling much better after hardening SSH access, closing open ports in the firewall, installing Fail2Ban, etc.
I would encourage you to setup wireguard or tailscale, so that you dont have to expose SSH at all, but SSH hardening is definitely a good start.
Worth monitoring your SSH logs as well, that’ll give you an idea of how constant the automated attacks can be. Even when I was using a non-standard port, I was getting heaps of attacks.
I’ve got to figure that out still. Each step is a lot of learning and troubleshooting. I’ve changed the SSH port, deactivated root login, deactivated password login and left the passkey token on only my desktop PC with Fail2Ban. I’m waiting till I have another weekend I’m not at work to figure out VPN access. I’m using Synology reverse proxy so I hope I’m secure enough for now anyway.