Opening the door: Making self-hosting friendly for newcomers
Hi everyone, I posted about my Safebox project earlier, but now I'd like to hear your thoughts on something a bit broader. I’ve been noticing a pattern in self-hosting communities, and I’m curious if others see it too.
Whenever someone asks for a more beginner-friendly solution, something with a UI, automated setup, or fewer manual configs, there’s often a response like:
“If you can’t configure Docker, reverse proxies, and Yaml files, you shouldn’t be self-hosting.”
Sometimes it feels like a portion of the community views complexity as a badge of honour. Don’t get me wrong, I love the technical side of self-hosting. I enjoy tinkering, breaking things, fixing them, learning along the way. That’s how most of us got into it.
But if we want more people to own their data, escape Big Tech, and embrace open-source alternatives, shouldn’t we welcome solutions that lower the entry barrier?
There’s room for:
- people who want full control and custom setups
- people who want semi-manual but guided
- people who want it to work with minimal friction
Just like not every Linux user compiles from source, but they’re still Linux users.
Where do you stand? Should self-hosting stay DIY only or is there value in easier, more accessible ways to self-host?
Safebox aims to make self-hosting more approachable without sacrificing data ownership, so I genuinely want your honest take before releasing it more widely.
Some technical highlights of the project, for those interested:
Safebox runs on Linux, macOS, and Windows, supports both x86 and ARM64 (including Raspberry Pi, Banana Pi, and others), and handles domain/subdomain setup, Let’s Encrypt certificates, DNS configuration, reverse proxy (nginx), and also offers WireGuard-based remote access.
The project is currently in beta, and we’d really appreciate feedback from anyone interested in testing it, whether it’s about usability, stability, features, design, or honestly anything at all. You can find all the info about beta testing on our Discord channel.
If you’d like to try it out, check the Github repo: github.com/safeboxnetwork/fram…
Website: safebox.network/
Discord: discord.gg/aBP8bz6N8J
Thanks in advance to anyone who gives it a look or shares their thoughts.
GitHub - safeboxnetwork/framework-scheduler: Framework scheduler is a lightweight, Alpine-based container that provides task scheduling and service management.
Framework scheduler is a lightweight, Alpine-based container that provides task scheduling and service management. - safeboxnetwork/framework-schedulerGitHub
CameronDev
in reply to drebora • • •Its not this, it's that there are very serious risks to self hosting (dataloss, hacks etc), and if they aren't prepared for them, itll be catastrophic.
The gatekeeping isnt just for fun, there are actual risks and downsides.
As for prepackaging an appliance, we already have a model for how that plays out. There are millions of ISP provided routers and IoT things, and every other day there is a new breach involving them.
nfreak
in reply to CameronDev • • •bunkyprewster
in reply to nfreak • • •☂️-
in reply to bunkyprewster • • •(sorry, could not resist)
QuazarOmega
in reply to ☂️- • • •nfreak
in reply to bunkyprewster • • •brygphilomena
in reply to nfreak • • •cRazi_man
in reply to CameronDev • • •like this
Howlinghowler110th likes this.
CameronDev
in reply to cRazi_man • • •I dont know. I'm in an adjacent industry, and even amongst some of my colleagues who do have degrees, there are some significant knowledge gaps. Companies often have entire teams dedicated to cyber security, and still get this wrong.
There are just so many subtleties that need to be done right. I'm pretty certain that even my setup isnt properly secure, and the only reason things haven't crashed down is pure luck.
The appliance model is probably the best way to enforce security practices for regular users, but that pushes significant control/responsibility back to the supplier (they must stay up to date with patches, force push out updates so no one is left behind, limit flexibility so everyones setup is relatively homogeneous). Done right (for security), that costs a lot of money, so likely a subscription model. And it rapidly becomes a "cloud" service that runs off your own electricity, which loses all the self hosting benefits.
cRazi_man
in reply to CameronDev • • •OK, so I've spent a load of time on this today. Searching for "self-hosting security" mostly brings up mostly home surveillance camera results.
I've found this resource and have implemented his recommendations. Finally a good resource and I'm feeling much better after hardening SSH access, closing open ports in the firewall, installing Fail2Ban, etc.
The Complete Guide to Self-Hosting: From Hardware to Nextcloud | The CyberSec Guru | The CyberSec Guru
The CyberSec GuruCameronDev
in reply to cRazi_man • • •I would encourage you to setup wireguard or tailscale, so that you dont have to expose SSH at all, but SSH hardening is definitely a good start.
Worth monitoring your SSH logs as well, that'll give you an idea of how constant the automated attacks can be. Even when I was using a non-standard port, I was getting heaps of attacks.
cRazi_man
in reply to CameronDev • • •pishadoot
in reply to cRazi_man • • •Honestly? It can't, really. There's some very accessible things people can do on the user side such as good password management practices, but even something as "simple" as firewall rules quickly devolves into technical stuff that most people have no idea how to deal with.
The reality is that the Internet, computers, applications are all incredibly complicated. How they interconnect is incredibly complicated, and the vast majority of people don't even understand what an IP address is, what the function of DNS is, what a MAC address is and how it's different than an IP address, etc. So, you can maybe point them to a guide that they can follow to set up wireguard to access their music folder when they're out, maybe, but since every network is different, how do you make sure they're setting it up securely without copying and pasting routes that make them less secure? You have to understand what you're doing to be able to see if in a specific use case you're not causing an issue.
I dunno. This is a really tough nut to crack. There's no "guide to learning cyber security." I
... Show more...Honestly? It can't, really. There's some very accessible things people can do on the user side such as good password management practices, but even something as "simple" as firewall rules quickly devolves into technical stuff that most people have no idea how to deal with.
The reality is that the Internet, computers, applications are all incredibly complicated. How they interconnect is incredibly complicated, and the vast majority of people don't even understand what an IP address is, what the function of DNS is, what a MAC address is and how it's different than an IP address, etc. So, you can maybe point them to a guide that they can follow to set up wireguard to access their music folder when they're out, maybe, but since every network is different, how do you make sure they're setting it up securely without copying and pasting routes that make them less secure? You have to understand what you're doing to be able to see if in a specific use case you're not causing an issue.
I dunno. This is a really tough nut to crack. There's no "guide to learning cyber security." If you know nothing and want to learn more, you just have to learn about networking, Linux, firewalls, active directory, everything.
If you're looking for something incremental all you'll find is incremental learning of specific things. Like, look up the LPI Linux Essentials study guide if you want to just learn some Linux stuff. Then spin up a bunch of VMs of different distros to play with, and look at some other Linux stuff. And more Linux stuff, until you feel like you understand Linux pretty well. But, that doesn't make you good at cyber security.... Because there's so much more than just knowing Linux. So no, there's no incremental guide for what you're looking for - you just have to learn many things, and you can come from whatever direction you want to start from.
If you want to learn safely then just don't expose anything to the Internet. Keep it all local, and yeah you might introduce some insecure setups or applications, but you're not really under any more threat of network intrusion than if you never started. That sucks though because we want to access our shit from outside the house, right? But that's the choice, if you want to stay more secure until you're more educated. And yeah, honestly it's kind of undergraduate qualification level to start understanding things well enough. Sorry, that's just the reality I think.
Jason2357
in reply to cRazi_man • • •A device on your local lan is pretty accessible. Don't open ports from the internet and be sure to back up important data. Something like homeassistant or pi-hole on a raspberry pi is very accessible. Remote access is where thing start getting tricky.
If you want to host something publicly, buy a $5 VPS and install a web server on it. Try hosting static websites. Don't put anything sensitive on it and if something happens to it, you are out your 5 bucks for the month and learned a lesson.
voracitude
in reply to drebora • • •like this
Howlinghowler110th likes this.
youmaynotknow
in reply to voracitude • • •gyurix
in reply to voracitude • • •I’m happy to answer — I am one of the developers of Safebox.
First question: the store. It’s not finished yet, but if you visit our original gitea site (git.format.hu/safebox/default-…) and check the template examples, you’ll see that any application that can run in Docker can be added. I will soon move this repository to GitHub so it can be freely forked and you can add your own. You can already try adding one on an earlier (uglier) interface that we experimented with: http://:8080/manage_old.html. Click Settings, and the first menu item is the option to add another repository.
Second question: remote access is not subscription-based, and it does not require VPN. If you have a public IP address, install Safebox there, register a domain name somewhere (point it to your IP address as an A record, wildcard is also possible), and the proxy service will work. (But be aware: Safebox will also be accessible on port 8080, and there is no
... Show more...I’m happy to answer — I am one of the developers of Safebox.
First question: the store. It’s not finished yet, but if you visit our original gitea site (git.format.hu/safebox/default-…) and check the template examples, you’ll see that any application that can run in Docker can be added. I will soon move this repository to GitHub so it can be freely forked and you can add your own. You can already try adding one on an earlier (uglier) interface that we experimented with: http://:8080/manage_old.html. Click Settings, and the first menu item is the option to add another repository.
Second question: remote access is not subscription-based, and it does not require VPN. If you have a public IP address, install Safebox there, register a domain name somewhere (point it to your IP address as an A record, wildcard is also possible), and the proxy service will work. (But be aware: Safebox will also be accessible on port 8080, and there is no authentication protection for now!)
Third question: I wasn’t very familiar with Podman when I started working on this (I only had to learn it for the RedHat exam…)
default-applications-tree
SAFEBOX DEVirmadlad
in reply to drebora • • •This is the part that I don't like. Couple this with condescending labels like 'normies' et al, I can kind of understand why selfhosting is still something that only a small segment of the population engages in. I realize that people like to differentiate themselves from others. It doesn't matter if you're collecting stamps or you're the tiddlywinks champion of the world, we like to draw a line between 'us' and 'them', which is a pretty poignant song by Pink Floyd btw.
As @CameronDev@programming.dev pointed out, there are very serious consequences to self hosting too. The first Linux server I stood up got taken over fairly quickly, and over night began attacking other servers. That's serious shit and the owners of said servers don't take it lightly, and rightfully so. The owners of the platform you may be hosting on don't take it lightly either. So, yeah, there are some basics one needs to le
... Show more...This is the part that I don't like. Couple this with condescending labels like 'normies' et al, I can kind of understand why selfhosting is still something that only a small segment of the population engages in. I realize that people like to differentiate themselves from others. It doesn't matter if you're collecting stamps or you're the tiddlywinks champion of the world, we like to draw a line between 'us' and 'them', which is a pretty poignant song by Pink Floyd btw.
As @CameronDev@programming.dev pointed out, there are very serious consequences to self hosting too. The first Linux server I stood up got taken over fairly quickly, and over night began attacking other servers. That's serious shit and the owners of said servers don't take it lightly, and rightfully so. The owners of the platform you may be hosting on don't take it lightly either. So, yeah, there are some basics one needs to learn and implement before they can begin a successful, resilient, hardened, server, and it's not a lot of point and click solutions. Again...shit's complex. It's why there are so many specialists in the field, but now you as the selfhoster have to wear all the admin hats.
The doors to selfhosting should swing wide for all, and I try to be as accommodating as I possibly can because I know how I struggle and have struggled with things from time to time.
Safebox looks pretty interesting. I've often thought, if I were a much younger man, I would've loved to produce a type of 'server in a box'. But I am well past being a younger man, so I'll leave that up to you young guns.
Flatfire
in reply to drebora • • •A couple points:
- Your website does not properly convey the technical context of Safebox. Docker is a complex platform, and asking someone to install it point blank on any OS, while also championing ease-of-access feels at odds here.
- There is a severe lack of documentation about the tool. Discord is not an appropriate means to find these documents if they exist. It is rarely okay as a support channel.
- I saw your post from a few days ago, but it was framed as a question about about gatekeeping specifically. The post also advertised Safebox. Given that the post no longer exists (but the comments sure do), I'm inclined to think you didn't get quite the answer you were looking for.
I dove into self-hosting several years ago and ultimately I think I found the experience quite welcoming. I also don't know that Safebox has a lot to offer over well-established alternatives these days like
... Show more...A couple points:
- Your website does not properly convey the technical context of Safebox. Docker is a complex platform, and asking someone to install it point blank on any OS, while also championing ease-of-access feels at odds here.
- There is a severe lack of documentation about the tool. Discord is not an appropriate means to find these documents if they exist. It is rarely okay as a support channel.
- I saw your post from a few days ago, but it was framed as a question about about gatekeeping specifically. The post also advertised Safebox. Given that the post no longer exists (but the comments sure do), I'm inclined to think you didn't get quite the answer you were looking for.
I dove into self-hosting several years ago and ultimately I think I found the experience quite welcoming. I also don't know that Safebox has a lot to offer over well-established alternatives these days like Unraid or TrueNAS, which have large user-bases and a depth of support articles to help admins better understand what they're doing and how to do it. It's true that not everyone would want to do this as a hobby. No one wants their services to break, or their data to be lost, and more tools that make it easier to prevent these scenarios are helpful. With that in mind, I am not left with a clear understanding of how Safebox is meant to provide safeguards here.
I used the word "admin" in the previous paragraph for good reason. Self-hosting makes you the administrator, and it means that you, the administrator, have the power to make mistakes. My recommendation is not to talk down to your users. Someone interested in self-hosting should be aware of the potential security implications of what they're taking on, alongside the risk to their data and that breaking changes are something they can and will make along the way. If you really want to make self-hosting accessible, then the documentation for your tool needs to be accessible too.
A user should be able to learn why these elements are important and how they work together. Talk about the limitations of running it on a raspberry pi vs a workstations or server. What's a reverse proxy? Is WireGuard good? This doesn't mean the average person needs to know how to configure detailed permissions or application configs, and if the goal is to provide a repository of pre-hardened Docker configs for use then that's cool too, but there should never be a barrier to the information itself. Especially as it is relevant to the tool you've built.
I think that fundamentally, you've built a good tool that simplifies things someone who is already familiar with its components, and where it needs to improve is by expanding to help new users familiarize themselves. Education is as big a part of accessibility as the ease-of-setup.
Cooper8
in reply to Flatfire • • •As a non-coder interested in self hosting and somewhat aware of cybersecurity, this is the most relevant take for me.
An application that facilitates safe self-hosting of many different service is great, however for it to be actually safe and useful it must either be a cybersecurity service keeping up with the pace of threats (which is essentially the corporate closed source model) or from the ground up be an educational platform as much as an application. Documentation needs to not only be comprehensive, but also self-explanitory to a non-technical audience. It is not enough to state that a setting or feature exists, it must also be made clear why it should be used and what the consequences of different configurations are.
This approach is almost never done effectively by FOSS projects unfortunately. Fortunately I think we are at the point where it is completely feasible for this type of educational approach to be fully replicable and adaptable from a creative commons source to the specific content structure of the application user manual using LLMs (local ones). The
... Show more...As a non-coder interested in self hosting and somewhat aware of cybersecurity, this is the most relevant take for me.
An application that facilitates safe self-hosting of many different service is great, however for it to be actually safe and useful it must either be a cybersecurity service keeping up with the pace of threats (which is essentially the corporate closed source model) or from the ground up be an educational platform as much as an application. Documentation needs to not only be comprehensive, but also self-explanitory to a non-technical audience. It is not enough to state that a setting or feature exists, it must also be made clear why it should be used and what the consequences of different configurations are.
This approach is almost never done effectively by FOSS projects unfortunately. Fortunately I think we are at the point where it is completely feasible for this type of educational approach to be fully replicable and adaptable from a creative commons source to the specific content structure of the application user manual using LLMs (local ones). The big question is, what is the trusted commons source of this information? I suppose there are MIT and other top university courses published for open use online that could serve as the source material, but it seems like there is likely a better formatted "IT User Guide Wiki" and "Cybersecurity Risk and Exploit Alert List" with frequent updates out there that I'm not aware of, perhaps the annals of various cybersecurity and IT associations?
Anyway I'm aware this is basically calling for another big FOSS project to build a modular documentation generator, but man would it help a lot of these projects be viable for a wider audience and build a more literate public.
drebora
in reply to Cooper8 • • •We created Safebox mainly to make self-hosting easier, and proper, complete documentation is definitely something we want to provide, it’s already in the works. We also thought a lot of people might learn from it, but the scope is huge, so we’re still figuring out the right balance.
Should we cover the basic concepts too? How deep should we go? Introducing the software itself is the easy part, explaining all the related concepts in a clear, non-technical way is the real challenge.
Our goal isn’t to turn Safebox into a full-on cybersecurity course, but we do want users to understand what’s happening and why certain features matter, so they don’t feel lost.
As for the sources you mentioned, I have to admit I’m not entirely sure either. During my university studies I only touched on cybersecurity partially, mostly around the risks users face and how they respond. Yes, there definitely needs to be some basic guidance on security, what the main risks are and how to keep yourself safe. Honestly, I think this could work even better as
... Show more...We created Safebox mainly to make self-hosting easier, and proper, complete documentation is definitely something we want to provide, it’s already in the works. We also thought a lot of people might learn from it, but the scope is huge, so we’re still figuring out the right balance.
Should we cover the basic concepts too? How deep should we go? Introducing the software itself is the easy part, explaining all the related concepts in a clear, non-technical way is the real challenge.
Our goal isn’t to turn Safebox into a full-on cybersecurity course, but we do want users to understand what’s happening and why certain features matter, so they don’t feel lost.
As for the sources you mentioned, I have to admit I’m not entirely sure either. During my university studies I only touched on cybersecurity partially, mostly around the risks users face and how they respond. Yes, there definitely needs to be some basic guidance on security, what the main risks are and how to keep yourself safe. Honestly, I think this could work even better as a community project, where different people can contribute their own approaches and share experiences on how they protect their setups and what has worked for them.
Cooper8
in reply to drebora • • •drebora
in reply to Flatfire • • •Thanks your detailed feedback, I’ll try to go through all your points.
When we said Docker, we meant the desktop version, basically so anyone can try Safebox on their own desktop and check out the early product. We also added an auto docker install for server setups a few days ago.
You’re right about the docs, they’re still in the works, and proper documentation will be released soon.
That other post you mentioned got a bit too heated, so the mods took it down. Definitely wasn’t our intention to stir up tension, and it wasn’t about not liking the answer or linking it to the product. Right now we’re mainly looking for early feedback and for people curious enough to help test things out.
Thanks for explaining your point of view and your suggestions. It means a lot for us in this early state, and looking forward of any future feedback of your about the actual product.
nottelling
in reply to drebora • • •On a project geared specifically toward helping the ignorant, documentation and admin guides are probably more important than code releases.
Non technical people will want to see and understand the process before they have to do the process, so don't really on simple wizards to be your breakthrough to the masses.
nottelling
in reply to Flatfire • • •yup, I even commented on the previous thread.
I'll take a look at this safebox out of curiosity, but as I said in the previous thread, assuming this even meets OP's goal, I expect the project to be another abandoned GitHub repo once the constant security maintenance cycles hit.
I'm generally of the opinion that OP's target could be better met with well designed and well maintained walkthroughs of the most common use cases. There's a ton of documentation and tutorials out there, but they're all either terrible or unmaintained. A system that cross-linked and branched for the various up to date use cases like a choose-your-own-adventure book would be super.
Broken
in reply to drebora • • •I believe self hosting should be made easier. Definitely easier to understand.
If its not going to be that, then the opinion that people should self host is flawed. Not everybody can self host. They don't have the knowledge or time to commit to it. So either it's wrong to not have a better entry to them or it's wrong to say they should self host.
I don't self host much. What I do I keep with local access only. Why? Because while I'm no dummy, I also am very out of touch with modern tech and don't have the time or energy to learn what I need to for it to be done right.
mierdabird
in reply to Broken • • •mierdabird
in reply to drebora • • •drebora
in reply to mierdabird • • •Autonomous User
in reply to drebora • • •ByteOnBikes
in reply to Autonomous User • • •These platforms are a gateway drug to open source.
I got more folks into Linux using Reddit than I have anywhere else.
Autonomous User
in reply to ByteOnBikes • • •drebora
in reply to Autonomous User • • •Autonomous User
in reply to drebora • • •hagelslager
in reply to Autonomous User • • •Autonomous User
in reply to hagelslager • • •Autonomous User
in reply to drebora • • •Mio
in reply to drebora • • •I think you are aiming for people that don't want to learn maintenance work. This means you have to take care of that part.
This means protect the OS from crashing when an app fill up the disk. Security. Upgrade the applications and the OS itself. Perform backup and rollback if something goes wrong. Add/removal off harddisks. Handle hardware failure and inform the user what they need to replace. Migrating to a new server.
drebora
in reply to Mio • • •At the moment we looking for early user feedbacks and testing demand.
Evotech
in reply to drebora • • •drebora
in reply to Evotech • • •Safebox is basically a framework to help you install and manage self hosted apps. It also includes features like remote access, backup, monitoring, and disk management (the last three are still in development). Safebox handles all the setup for you, DNS configuration, SSL certificates, and so on. If you want remote access, all you need to do is provide a domain (it can be an existing one, or you can register it with us). Of course, you can still use it locally, remote access is just an optional feature.
For people who don’t want to deal with the technical side, or who are still learning but want to try out self-hosting, I think Safebox makes things a lot easier and gives them a solid starting point
Zykino
in reply to drebora • • •As you describe it your project looks very similar.
YunoHost: garden your own piece of the Internet!
yunohost.orgsobchak
in reply to drebora • • •termaxima
in reply to drebora • • •People make it too complicated. When I want to self host something I just install the Nix package and call it a day.
When I get around to upgradingy storage, I'll just do a very simple RAID setup on some reliable HDDs.
I'm super allergic to unnecessary complexity. I don't want a perfect setup, I want a setup that is reliable with almost no maintenance. I'm skipping the 80% of the effort it takes to get the last 20% of the result.
chaoticnumber
in reply to termaxima • • •I loathe this approach. But for me its more of a hobby and even then, I too am alergic to overt complexity, but saying no maintenance is asking for a security hole to open, sure it can be automated away, but it still takes at least SOME work.
The main reason I dislike this approach is by doing things as simply as possible you delegate the control to the developer of your solution. Its not a one size fits all thing. Some solutions can for sure be turnkey, but most should require some work, because we do this to regain control, not delegate more of it away.
nottelling
in reply to termaxima • • •lol Nix as the beginner friendly choice?
"very simple RAID?"
For someone who hasn't even seen a command line before? Who doesn't know what a RAID is? That's the target audience here.
You're entirely missing OP's point here. You've reduced maintenance complexity, but increased the typical learning curve to get started.
amphetaminisiert
in reply to drebora • • •DockSTARTer
dockstarter.comMrSulu
in reply to drebora • • •