For over 10 years now, maybe 15 don’t remember exactly, I have been hosting various (web) services at home, and their number is growing over the years.

Like a lot of people I’ve started with a “NAS” a simple computer with some HDD share over NFS / CIFS ... Now I run more and more services.

Hardware : #

As you can see I host a entreprise / Tiers 3 infrastructure.

A Router powered by DDWRT that provides VPN / DNS guard ...
An HPE Microserver Gen8 powered by TrueNAS Core
An small Intel N100 box 16G RAM with 2 NIC port 2.5Gib/s which is my main machine hosting all my services.
A simple switch

What do I host : #

Nginx as reverse proxy.
2 websites (this one and another) they are almost static.
2 Nextcloud instances for files and photos with "Memories", the other one is for business purpose.
Gitea: for personal Git
Vaultwarden: password manager
Shiori: A bookmark manager
Navidrome: A music library manager
Silverbullet: for my personal notes
Ntfy: for sending messages or kind of ...
MariaDB: for Nextcloud and Shiori
Redis: For Nextcloud
Garage: for an S3 endpoint
Rustypaste: a super cool application that allows you to share files
Hundreds of GB of personal files/photos
Grafana with InfluxDB for kind of monitoring
Authelia for Authentication.
A NocoDB database (more for testing purposes than real use case)
VPN

All of this is powered by FreeBSD and jails 👺

Except for the DATA, all these applications run on the small N100 Box... and the CPU is most of the time in idle mode!
This must be put into perspective: the number of service users is limited to just a few people. It wouldn't be the same with dozens of users.

Backed by a solid connection : #

A big bandwith

Note I've started with a very slow ADSL connection at time

At least in France we have the advantage of fast, high-performance internet connections at competitive prices.
And I am in the countryside.

Services I use that I don't/can't host myself #

You can't be 100% autonomous, at least for backup and DNS

For DNS registrar, I trust Infomaniak (I was at Gandi before they decided to change their pricing... sorry Gandi) also there is a free mail box attached to the domain with unlimited space.
The price is super competitive.

I use "Cloudflare" in the Free plan for the DNS.
In the last decade, Cloudflare has really changed the game by making it possible to modify a DNS record with immediate effect. Older users will remember that it used to take several days before a DNS record could be modified. The ability to manage everything with an API is also a real bonus.
Heavy virtualisation solutions like Proxmox - I see a lot of people on the internet running Proxmox with dozens of VMs just to run services that I run on a single small instance with BSD Jails.
I found this way to be overkill.

Emails : #

Hosting email is really painful and time consuming, you have to struggle with spam and constantly ensure that your domain is not blacklisted by certain email providers.
The tooling has undoubtedly been improved since then, but given the effort likely required and what else is available on the market, it's not worth the effort.

For this I've chosen to trust Infomaniak - they are really competitive on the mail service. You have 1 email address with your domain name and the storage on the email is unlimited.

Stacks used #

My favorite stacks are jails, packet filter and Nginx :)

The application I've been using the longest is Nextcloud. I read a lot of complaints about how slow it is.
On my side, properly configured with php8.3+, jit/opcache/memcached, Nginx optimisation with cache and Redis, it runs very smoothly for less than 5 users on my modest N100.

However, I don't use most of the plugins/options. I use it simply for storing files and photos (with the excellent “memories” plugin).

Software : #

That I don’t like #

All the npm/javascript software that are so painful to build and most of the time impossible to build on FreeBSD because some modules are not ported on FreeBSD: I see you Immich

Also all the software only packaged with Docker...

That I like #

Nginx is probably my favorite, I know there are now more "modern" http servers like "Caddy" but I don't know if it allows you the same amount of modularity. Also I've spent a lot of time learning this stack and now I am benefiting from the return on investment. One is not necessarily better than the other.

Perhaps if I had to rebuild my infrastructure from scratch, I would use Caddy, which is probably also excellent, particularly for automatic Let's Encrypt management. But since all of my services use Nginx, I don't have time to devote to this migration.

Also I really like all the Rust or Golang based applications. Because even if there are no binaries for FreeBSD, it's almost always super easy to build with golang or cargo.

An automation tools ? #

Well, not really. This is not super necessary when you have 1 server to manage... For the few operations I need to automate (actually just backups), I have a very simple bash script.

But your crontab should be full of commands #

It contains 3 lines: 1 for a request at Cloudflare to make sure the IP on the CNAME is still mine (I don't have a totally dynamic IP but sometimes it can change), and another one just to refresh the TLS certificate with certbot. And 1 for backup.

That's all.

Do I really need a NAS ? #

I continue to use my HPE Microserver because it works like clockwork since years and doesn't cause me any problems. But if I had to buy another one, I think I would just buy another N100 box with a simple NVME/SSD as a 'storage' solution.

In fact I do not really need this. What I (you) need is backup, backup and backup, and also solid procedures for restore.

Backup #

This is the most important point of all, regardless of what you choose to implement.

On my side I use :

I backup locally my jails on the NAS into an NFS Share.
My data are replicated on a local USB Disk
And at Pcloud.

I make these backups with a homemade script and rclone or rustic.

I like Pcloud because it's a one-time purchase without subscription. They don’t provide an S3 endpoint but this is a reliable Webdav service reachable with rclone.

I also have some old tiny PCs for spare just in case of emergency hardware replacement.
And that’s all, I try to keep the setup as small as possible and the most energy efficient 🔌

My last hardware purchase was to "downgrade" from an old ThinkCenter with an i3 to the N100 box in order to reduce my energy consumption.

I try to keep the most minimal approach possible for this setup, and I will increase the CPU in the box just in case of necessity.

You don’t need to backup (into another site) everything #

Backups can take a lot of space, also you probably don't need to backup your films and series... The Lord of the Rings trilogy in 4K or all the MCU films can be found quite easily on the internet if you lose them ...

Do not open your SSH port over Internet #

There are more secure / modern ways in the 2020s decade with Mesh VPN to access your server if you want to take control when you're not on your local network.

More than that, you can also only allow application connections when you're connected to the VPN / Mesh Network.
This provides an additional layer of security. I will also strongly recommand usage of portal like Authentik or Authelia and put in place 2FA when you have to login into a portal.
Truly skilled hackers have better things to do than waste their time attacking random people's web services.

But don’t be (to much) afraid by hacking : #

There's no need to be paranoid (otherwise you can stop using computers and go fishing...)

There are very few (really) competent people capable of hacking your infrastructure. 90% of the bad traffic you will receive will be generated by script kiddies trying to exploit PHP/WordPress CVEs (even if you don't host PHP...) on your webserver.

Of course, follow some best practices by having good habits: 2FA, strong passwords, network segmentation, and up-to-date software...

How much time do I spend ? #

For daily operations, if I don't want to add a new service: almost nothing. I would say just a pkg upgrade once a month and that's all.

In case of disaster recovery I just have to reimport, I've made this operation 2 or 3 times over the last decade. I usually spend maybe 2 or 3 hours to restart the services.

Unlike GNU/Linux-whatever, major version upgrades with FreeBSD go smoothly.

I started with FreeBSD 9.x and, without having to replace the hardware, I don't think I would ever have needed to format / reinstall

Also more recently I’ve subscribed into a “Cursor” plan, and then I have reviewed all my Nginx/Firewall/Network configuration to improve my security.

When there are electricity outages / Internet issues. #

You know shit happens 😄 Not a big deal, I do not run mission-critical services. My emails are still available and to be honest the uptime is pretty decent for a private individual. Internet connection is really stable, and electricity outages really rare.

Also we have solar panels at home :D

Will I migrate to Linux ? #

Fuck no !

Even if sometimes I feel a bit frustrated by software that are only possible (or badly documented ...) with docker. Once you get used to FreeBSD for servers you can't rollback.

One of the only Linux distributions that might suit me would be Slackware (though I haven't looked at it in years). ALL other distributions have been taken over by IBM/Systemd and have become incredibly cumbersome.

I know it because I have to deal with RedHat on a daily basis at my job.

FreeBSD for self-hosting, installations are fully integrated with everything you need right out of the box. There are very few breaking changes. Systemd will not interfere with yet another service and force you to modify or revise your scripts. Every time you apply updates you aren't afraid of it breaking. And after more than 10 years, I can say that FreeBSD has proven its reliability.

Also I’ve never lost a single bit of data on ZFS with FreeBSD over 15 years.

What's next : #

Migrate from TrueNAS Core (Discontinued) to XigmaNAS or a vanilla FreeBSD as NAS
Maybe I want to play with Bhyve (Virtualisation on FreeBSD) to run an Alpine Linux within FreeBSD for docker purposes
Replace the N100 by an efficient Ryzen in the next years (while keeping electricity consumption under control)
Replace my backup solution by Plakar

Conclusion #

After more than a decade of self-hosting, I can say that it's been a rewarding journey. The key to success is keeping things simple, reliable, and well-backed up. FreeBSD with jails has proven to be an excellent choice for this use case, providing stability and performance without the complexity of modern Linux distributions.

The most important lesson I've learned is that you don't need the latest and greatest hardware or software to run a successful home server. A modest N100 box can handle dozens of services for a small group of users, and FreeBSD's reliability means you spend more time using your services than maintaining them.

If you're thinking about starting your own self-hosting journey, my advice would be: start simple, focus on backups, and don't be afraid to stick with what works. The goal is to have services that serve you, not the other way around.

#self-hosting #FreeBSD #infrastructure