If you can’t configure Docker, reverse proxies, and Yaml files, you shouldn’t be self-hosting

Yes, absolutely.

Configure Docker

if you cannot run docker compose up or understand the basics of what it’s doing, you should not be self hosting. Yes, Docker can be difficult to troubleshoot but you need to understand where your data is being stored and generally self hosting projects using Docker are easy to set up.

reverse proxies

Implying exposing your server to the Internet. Yes. 100%. If you do not know what you’re doing, you should not. This is dangerous to your machine and to your data.

Yaml files

This is a plain text file. You can open it with Notepad or your operating system’s equivalent. Editing a text file to enter some default parameters is a low bar and if you can’t edit a text file, you’re going to get caught up in some other part of self hosting

You’re confusing a lack of handholding with gatekeeping.

beginner friendly solution, something with a UI, fewer manual configs…

First, you’re not entirely right. you can get a ton of self hosting done with things like Synology or Home assistant, and never see the complexity. You might get owned by a botnet, but it “works.”

Self hosting securely has a steep learning curve, there’s no way around that. What you’re asking for is for someone to write programs that’ll let you skip the learning curve.

GitHub is littered with abandoned attempts at doing this. You bury your lede by mentioning “your project” at the end. It’s your project going to be another well intentioned attempt that’s eventually abandoned or causes more problems than it solves?

Certain minimum knowledge is required if you don’t want to be low hanging fruit for criminal botnet operators who will use your system to launch attacks.

You can’t also beg/complain about tools “made for you” not existing - if they’re not already there, it may mean the problem can’t be reduced to appliance-user level.

If you’re building such a tool, why ask? Get uptake rate and user feedback data.

What sounds like gatekeeping is often a strongly worded emphasis on having the prerequisite knowledge to not just host your services, but do it in a way that is secure, resilient, and responsible. If you don’t know how to set up a network, set up a resilient storage, manage your backups, set up HTTPS and other encryption solutions, manage user authentication and privileges, and expose your services securely, you should not be self-hosting. You should be learning how to self-host responsibly. That applies to everything from Debian to Synology.

Friends don’t let friends expose their networks like Nintendo advises.

I think truenas and unraid are the only user friendly experience out of the box. Everything else needs a lot of configuring. I don’t think you can call system administration gate keeping

Sometimes it feels like a portion of the community views complexity as a badge of honour

Adding GUI tools adds complexity

I don’t mind power users in general … but holy molly the militant foss and privacy advocates can be really annoying. Better not mention any proprietary software or you’ll get a dozens answers to a question no one asked.

If it is then not enough people have heard of YUNOhost.

Being encouraged to learn about the basics isn’t gatekeeping, it’s just sound technical advice. Self hosting can be great, but when you shift critical services/infrastructure and something goes south you expose yourself to some serious harm (think self-hosting your password management), or perhaps leave yourself open and vulnerable to threats you don’t understand.

Having access to easier/friendlier tools is great, but using them without fundamental understanding is risky.

Docker, copy-paste yaml definitions and shit are the automated/user-friendly solution. There are projects that provide things that you want, they are either proprietary or cloud-based, or paid.

Yeah. I’m seeing a lot a it in this thread tbh. People are stylizing themselves to be IT admins or cybersec people rather than just hobbyists. Of course, maybe they do do it professionally as well, but I’m seeing an assumption from some people in this thread that its dangerous to self host even if you don’t expose anything, or they are assuming that self hosting implies exposing stuff to the internet.

Tailscale in to you machine, and then be done with it, and otherwise only have access to it via local network or VPN.

Now, about actually keeping the services secure, further than just having them on a private subnet and then not really worrying about them. To be explicit, this is referring to fully/partially exposed setups (like VPN access to a significant number of people).

There are two big problems IMO: Default credentials, and a lack of automatic updates.

Default credentials are pretty easy to handle. Docker compose yaml files will put the credentials right there. Just read them and change them. It should be noted that you still should be doing this, even if you are using gui based deployment

This is where docker has really held the community back, in my opinion. It lacks automatic updates. There do exist services like watchtower to automatically update containers, but things like databases or config file schema don’t get migrated to the next version, which means the next version can break things, and there is no guarantee between of stability between two versions.

This means that most users, after they use the docker-compose method recommended by software, are manually, every required to every so often, log in, and run docker compose pull and up to update. Sometimes they forget. Combine this with shodan/zoomeye (internet connected search engines), you will find plenty of people who forgot, becuase docker punches stuff through firewalls as well.

GUI’s don’t really make it easy to follow this promise, as well. Docker GUI’s are nice, but now you have users who don’t realize that Docker apps don’t update, but that they probably should be doing that. Same issue with Yunohost (which doesn’t use docker, which I just learned today. Interesting).

I really like Kubernetes because it lets me, do automatic upgrades (within limits), of services. But this comes at an extreme complexity cost. I have to deploy another software on top of Kubernetes to automatically upgrade the applications. And then another to automatically do some of the database migrations. And no GUI would really free me from this complexity, because you end up having to have such an understanding of the system, that requiring a pretty interface doesn’t really save you.

Another commenter said:

20 years ago we were doing what we could manually, and learning the hard way. The tools have improved and by now do most of the heavy lifting for us. And better tools will come along to make things even easier/better. That’s just the way it works.

And I agree with them, but I think things kinda stalled with Docker, as it’s limitations have created barriers to making things easier further. The tools that try to make things “easier” on top of docker, basically haven’t really done their job, because they haven’t offered auto updates, or reverse proxies, or abstracted away the knowledge required to write YAML files.

Share your project. Then you’ll hear my thoughts on it. Although without even looking at it, my opinion is that if you have based it on docker, and that you have decided to simply run docker-compose on YAML files under the hood, you’ve kinda already fucked up, because you haven’t actually abstracted away the knowledge needed to use Docker, you’ve just hidden it from the user. But I don’t know what you’re doing.

You service should have:

• A lack of static default credentials. The best way is to autogenerate them.
  • You can also force users to set their own, but this is less secure than machine generated imo
• Auto updates: I don’t think docker-compose is going to be enough.

Further afterthoughts:

Simple in implementation is not the same thing as simple in usage. Simple in implementation means easy to troubleshoot as well, as there will be less moving parts when something goes wrong.

I think operating tech isn’t really that hard, but I think there is a “fear” of technology, where whenever anyone sees a command line, or even just some prompt they haven’t seen before, they panic and throw a fit.

EDIT and a few thoughts:

adding further thoughts to my second afterthought, I can provide an example: I installed an adblocker for my mom (ublock origin). It blocked a link shortening site. My mom panicked, calling me over, even though the option to temporarily unblock the site was right there, clear as day.

I think that GUI projects overestimate the skill of normal users, while underestimating the skill of those who actually use them. I know people who use a GUI for stuff like this because it’s “easier”, but when something under the hood breaks, they are able to go in and fix it in 5 minutes, whereas an actual beginner could spend a two weeks on it with no progress.

I think a good option is to abstract away configuration with something akin to nix-gui. It’s important to note that this doesn’t actually make things less “complex” or “easier” for users. All the configs, and dials they will have to learn and understand are still there. But for some reason, whenever people see “code” they panic and run away. But when it’s a textbox in a form or a switch they will happily figure everything out. And then when you eventually hit them with the “HAHA you’ve actually been using this tool that you would have otherwise ran away from all along”, they will be chill because they recognize all the dials to be the same, just presented in a different format.

Another afterthought: If you are hosting something for multiple users, you should make sure their passwords are secure somehow. Either generate and give them passwords/passphrases, or something like Authentik and single sign on where you can enforce strong passwords. Don’t let your users just set any password they want.

Self-hosting doesn’t always mean exposing things to the internet. It just means you have a PC capable of running software/services that can be accessed over your network. Whether or not you choose to expose that to the internet is up to you.

Self hosting is a great opportunity to learn about some popular technologies and even acquire a few sysadmin skills. Required knowledge of a self-hosted solutions tech stack is not gatekeeping any more than required knowledge of tools and building materials is gatekeeping when it comes to renovating your bathroom. In either scenario, if you don’t know what you’re doing, it’s going to be a much more difficult job.

reverse proxies

That said, you should not be exposing any of your services to the public if you don’t know what you’re doing. That’s a quick way to a bad time.

Self hosting is not just one thing. You are system adminstrator, network engineer, security specialist, service architect and many other things, specially if you expose anything to anyone outside your very private network. And to get anything even running on that complex mess requires some knowledge on a lot of things. Making them run securely with proper backups requires even more knowledge on things.

Sure, you can just throw some docker images on your old desktop and be happy, even forward ports from the public internet to your things if you like. But that exposes your stuff to quite a lot of dangers and if you just click buttons without any understanding you’ll soon be a part of a botnet or lose your data or lose money if someone decides to mess around with your home automation or something else.

I get what you’re saying, not all of us are very polite and answers can be pretty harsh, but more often than not the generic idea behind those answers is not trying to be an asshole or gatekeep anything. It’s just that there’s a skillset you need to build things safely and if it’s clear from the start that someone looking for answers is way over their head it’s better for everyone to get them take a step back and learn instead of trying to create a meaningful answer since there’s too many variables or it’d just take immense effort to write down comprehensive guide on what to do, why and how for everything from the ground up.

I know for a fact that in my area there’s a bunch of surveillance cameras, home automation stuff and even some farm equipment directly open to the public network just because someone just plugged things in without any idea on the whole picture. Sometimes the correct answer is ‘stop shooting yourself on the foot and learn the basics first, then come back’.

“If you can’t configure Docker, reverse proxies, and Yaml files, you shouldn’t be self-hosting.”

uh, if you can’t figure those things out then you absolutely should not be self-hosting until you can. those are the basic first steps a self-hoster takes, and if you somehow get them wrong you can expose yourself to some serious bad actors out there that will definitely exploit your setup and steal whatever data they can.

you see it as gatekeeping, and it is, but everyone here recognizes that if you fuck this up, you will get pwned. this isn’t a hobby you can just jump into without learning anything first. there are real consequences to messing up, and depending on what data you have accessed by a malicious actor, it could have lasting damage on your life.