this post was submitted on 01 May 2026
229 points (96.7% liked)

Selfhosted

58910 readers
348 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
229
my homeserver mapped (feddit.nl)
submitted 2 days ago by blinfabian@feddit.nl to c/selfhosted@lemmy.world
46 comments fedilink hide all child comments
 

i love selfhosting :3

you are viewing a single comment's thread
view the rest of the comments
[–] frongt@lemmy.zip 28 points 2 days ago (1 children)

Why do you use two separate Debian VMs plus a truenas VM running nextcloud?

[–] Natanox@discuss.tchncs.de 12 points 1 day ago (1 children)

Security is the first thing that comes to mind. Compartmentalization prevents or at least makes it considerably harder for compromised services to screw up all the others.

Another thing would be that it might be easier to manage backups and snapshots.

[–] jimerson@lemmy.world 1 points 1 day ago (1 children)

From my understanding, it's helpful that each VM will have its own IP so ports can be opened only on specific VMs, increasing overall security.

[–] kureta@lemmy.ml 2 points 1 day ago* (last edited 15 hours ago) (1 children)

Am I doing something wrong? All my services are grouped in docker compose files. Containers that have to communicate internally - a server and it's db for example - are on their own private docker network. A reverse proxy has its ports 80 and 443 open and it is on an external docker network. Services that I need to access from the outside are on this network and they do not have any ports open. Except for the torrent client, which has a UDP port open.

[–] jimerson@lemmy.world 4 points 23 hours ago (1 children)

It's strong, but splitting services into separate VMs is stronger than just using separate docker containers. This is especially true for the torrent client.

I'm not a netsec professional, this is just my understanding of best practices.

[–] kureta@lemmy.ml 3 points 15 hours ago (1 children)

I am also just a hobbyist, so that was a genuine question. Thanks for the answer.

[–] jimerson@lemmy.world 2 points 12 hours ago

Same here! Good luck with your setup!!