E-mail

Don't host your own email server.

Just trust me.

A password manager because if anything goes wrong, you'll be completely screwed.

What you SHOULD absolutely self host though is a password manager, so you can be in control of your most sensitive data.

Regarding email, I think everyone should absolutely self host it, but it's less and less viable in this google/Microsoft duopoly world. But ideally everyone would self host it. The reason why people advise against it really comes down to lack of real competition, and the two tech giants dictating how we violate every RFC possible.

Passwords:
-> You want to have immediat access to them, even if your house burns down

Notes:
-> You want to be able to read the documentation how to fix your selfhosted service, even when your selfhosted services are down

Public Reverse proxy:
-> A reverse proxy is only as safe as the applications behind. And NO, most selfhosted-applications are not hardened or had security audits
(reverse proxy with a forward authentication proxy is something different)

In my opinion, cloud storage for (zero knowledge) backup. Your backup strategy should include a diversity of physical locations. I had a house fire a few years ago. Luckily, my data drives survived, but if they hadn't, my cloud backup would've been invaluable.

Okay I understand that email hosting is bad for SENDING email , but what about only RECEIVING email , isn’t it a good idea to keep my stuff private ? I rarely send personal emails, and like to avoid my data being used for marketing purposes Is that bad to have smtp imap open on dynamic ip address ? Just asking your opinion

Primary backups

People saying email, look into using external SMTP servers as relays. Your domain most likely comes with at least one email account with SMTP access. You can use that as a relay to send personal/business emails from your server using the provider's reputable IP addresses.

Don't self-host email SMTP or public DNS. They're hard to set up properly, hard to maintain, easy to compromise and end up used in internet attacks.

Don't expose anything directly to the internet if you're not willing to constantly monitor the vulnerability announcements, update to new releases as soon as they come out, monitor the container for intrusions and shenanigans, take the risk that the constant updates will break something etc. If you must expose a service use a VPN (Tailscale is very easy to set up and use.)

Don't self-host anything with important data that takes uber-geek skills to maintain and access. Ask yourself, if you were to die suddenly, how screwed would your non-tech-savvy family be, who can't tell a Linux server from a hot plate? Would they be able to keep functioning (calendar, photos, documents etc.) without constant maintenance? Can they still retrieve their files (docs, pics) with only basic computing skills? Can they migrate somewhere else when the server runs down?

I'd say backups. At least it shouldn't be only local. I follow the rule of threes: two local copies and one off site with backblaze. Yeah, it ties up a not insignificant amount of disk space I could use for other things, but dammit, I'm not loosing my wedding photos, important system configurations, etc.

Aside from other stuff mentioned here about email. I always assumed I'd become a target for spam that I'd have a harder time filtering out to the point it stops being worth it to have a custom email address.

That and I can almost guarantee I would end up screwing up the backup of my inbox and losing everything rending the whole endeavour pointless.

The login page to your NAS.

Some generic purpose LLM probably.

I’ve seen far too many compromised Wordpress installations to ever consider installing it in my home dmz.

email service

If self hosting from home.. email servers

At home, your IP is likely blacklisted and/or your provider has blocked the necessary ports. Not to mention the layers of potential headaches dealing with potential spam block dbs, especially if you don't own your IP.

You can of course do custom setups allowing you to skirt these restrictions, but can sometimes be a bit complicated and typically involve non-traditional customizations.

Email

Email. I always recommend AWS SES. Use it at as an SMTP relay and any internal services gets restricted access through IAM.

I don't self host anything where it would impact me unduly if it went down while I was on holiday to the point where I'd have to break state and go fix stuff.

I don't want to have to leave my beer or beach and head off to fix things like an email server, restore a password manager db etc. so anything like that which is critical to the point where an outage would prob have me do so means I pay someone else.

Mail server or anything using RDP.

Email

Child porn, obviously

A CDN

Password manager. While some may cache on your client devices, by and large if your server goes down, no passwords.

Internet-accessible authoritative DNS nameserver(s) (unless you have a completely static public IP).

Clearly opening RDP port on internet. NEVER.

Plex. Despite everything be supposedly self hosted, they are spying on what you're watching and sharing that info with 3rd parties, your friends and your family.

Use Kodi instead or if you're old school like me, an old fashioned smb share running on a pi.

Personally I don't think it's worth hosting recursive dns resolvers. Most of the options with ad blocking are single points of failure and when it breaks the household acceptance factor is just too low.

Choosing a service to NOT selfhost is a subjective descision.

I host 18 Proxmox VMs and 20 Docker containers at home. I also was selfhosting a WebDAV server for synchronizing my Joplin notes between devices and Vaultwarden for managing my Bitwarden vault, but decided to push the Joplin synchronization target to Dropbox [free] and to use Bitwarden's free cloud solution for my passwords and secure notes. I did this because I will need immediate access to these two critical sources of information should my house burn down, or get blown over by a tornado. I have extremely strong passcodes for these and trust the hosts.

This was strictly a personal decision. YMMV.

I know this might be a bit controversial, but IMO a beginner should not self host passwords, and at least not the sole backup for photos and videos. I think self hosting them in general is good, but until you know for sure, "Ok, my back-up system is working fine, even if my stuff goes down, I have little downtime for bringing it back up".

If you can't say for sure this is you, Don't self host your passwords, bitwarden is great and encrypted so I highly doubt issues will be had there. Also make sure to use a different/seperate hosting service for pictures. I personally recommend using google drive + rsync since rsync can encrypt all your pictures.

I've seen more then a couple people fail the backup part, even when they thought they were fine before hand.

Mail is a waste of time, and it's take the risk to don't receive important mail in time.

6 u6