Should I self-host my blog?
I've gone down the rabbit hole of self-hosting, and I'm wondering if I should try self-hosting my blog. The blog is currently on Netlify. I've left it there because I figure their infrastructure is much better than mine... but part of that is a CDN, and, despite the performance benefits, I'm not thrilled about the privacy implications of subjecting my users to that. I'm torn on that point.
That said, I'm on cable internet, so my upstream is abysmal. My site is mostly text and the site is low traffic, so maybe it's not a problem. What do you think? What are some of the implications of self-hosting the blog that I'm not considering?
Edit: Wanted to clarify a couple of things I realize weren't clear in my original posting. I'm already self-hosting a few dozen services from home on my own hardware. Port 80 and 443 both work, and I'm already running a Caddy reverse proxy to proxy to the other services. My question is less about whether self-hosting is a good idea and whether I should be keeping my blog on Netlify for the reasons above. My biggest concerns are the privacy implications of keeping with Netlify and their CDN vs. the performance implications of losing the CDN and serving via a ~30Mbps upstream connection.
Thank you for all the comments so far!
I genuinely think you are making a mountain out of an anthill here. CDNs are ubiquitous and privacy minded users will have ways to deal with it if that is a concern.
Self hosting is fine for a whole lot of reasons, but I don't think CDN privacy issues qualify.
Yes, you should try self-hosting your blog.
Why? I don't know. You seem to want to, and it would be a learning experience. If self-hosting your blog doesn't work out, then you can always go back to having it hosted elsewhere.
If you do end up self-hosting your blog (and also if you end up un-self-hosting it later) you should write about that experience (or experiences) on your blog, and then post it here. I would read it.
Should you self-host on your own computer? Probably not. There's a lot of issues, from the dangers of having open ports on your network, to the practical problems of availability.
Should you self host on a managed server? You can, if you want, but it will cost money.
This is the part that's really shocked me diving down the self hosting rabbit hole. The amount of "oops shot yourself in the face" hurdles you can run headlong into are crazy. There's lots of tools to make things easier, but the moment you want something a little different than the guide you might be following stuff can get heavy fast.
It's one of the great losses of the Internet over time. Years ago it was just amazing to put a server and host to the world from your PC, it felt amazing to be able to do it. There were bad actors then, sure, but just not at the volume and sophistication we have today. Now, the Internet feels hostile, and it's only with great consideration we can open our networks to outside traffic.
While I agree the feeling of the Internet being a more dangerous place is unmistakably there, I think it's important to realize the state of cybersecurity of years past was already awful if not even worse (remember the time when getting your computer instantly infected upon connecting to the Internet with no user input was a very real risk if you weren't careful in ensuring you had an operational anti-virus and a reasonably up to date OS before connecting to the Internet? Windows XP is remembered fondly now but its era was when this risk was at its worst). I think it's more accurate to say that we're more aware of the risks now than the past being actually safer, and with the physical and digital aspects of our lives intersecting more than they used to, the stakes should you fall prey to malware or some other form of cyberattack are also higher.
For what it's worth, there's Yunohost which offers an easier step into self hosting while establishing some baseline security that is probably good enough for the motivated layman (for example, fail2ban is provided and set up for you, and rule 0 of cybersecurity, keep your system up to date, is made easier by yunohost's web interface). I'm using it myself, and while I have some gripes with it and will probably switch to a fully custom self hosted setup when I move away from a raspberry pi and to a more powerful mini PC as my server, it's definitely serviceable as a way to discover what you can achieve with self hosting while giving you a greater awareness of how to set things up correctly and safely when/if you decide to roll your own setup later on.
That being said, your computer's safety is absolutely a legitimate concern and it makes sense to delegate the actual hosting to a third party just for the sake of shielding yourself should the worst happen. Exposing myself through self hosting is a risk I personally accept as I value control of my hardware more, but that is not necessarily sensible for everyone.
It will cost money, but you can get on a small tier instance on Hetzner for around €4/mo, which is nice because of you screw it up, you can just wipe it out and start again. It's also nice because they don't have 10 billion cloud offerings. Pretty much just the basics, so everything you see in the menu is probably something worth your time to understand, where AWS has so many offerings it's very difficult to distinguish them or understand which ones you need without spending a lot of time on it. So a good option if you want to learn about system administration.
That said, if your goal is to get a small blog out there efficiently and cheaply, you probably can't beat using something like AstroJS to build a static site and deeply it as a static site in an S3 bucket or as a site on Cloudflare Pages (h/t @mattsayer).
I second Hetzner. Can’t really beat the value if you’re somewhat server savvy. Been a customer there for 7 years and they’ve always been pretty solid.
The only con I have is customer service can be a little bit slow and matter of fact. But I haven’t had to contact support in over 3 years.
Oh hey, I wasn't familiar with Hetzner but looking at their site--as someone who clicked into this thread because I was also debating self-hosting a blog--the lowest level which would be all I need is only $2/mo and comes with a domain name. That seems like a pretty good deal and much more painless than trying to self-host. I'm going to take a serious look at this, thanks!
(I recently started an account on WhiteWind because I was interested in a free, basic blogging platform built on ATProto, but honestly I don't think it's mature enough to do work for me yet. This looks like what I can get on with in the meantime.)
You can also get about the same with Oracle’s free tier!
https://www.oracle.com/cloud/free/
I self host mine and I don't think it's that big of a deal. Nginx, an open port and a DNS record gets you there.
Lock your shit down and you'll be fine.
If you're really concerned, host it on a separate machine from everything else. You could even put that on a separate network than your other machines, a sort of quarantine zone. Then, worst case, you can just blow it away (maybe literally, if you somehow manage to get ransomwared).
One thing to note is it may be against your isp's TOS to self host, whether they will actually notice or do anything about it is probably pretty low though. I've been hosting a Minecraft server for ages and mine hasn't come after me, though it is in their TOS
Of course I have like 4 people connecting to me, if your blog is massive then it might be easier to spot
My ISP blocks inbound requests to ports 80 and 443, among a few others. Technically you can set up a site on something like port 81, but that becomes slightly inconvenient and ugly.
I remember reading a great post awhile back about how we could have solved huge quantities of issues if we just allowed DNS to resolve ports as well.
Wish I could remember the source.
Netlify will bill you for DDOS attacks even when you're on their "free" plan. At the bare minimum I'd recommend switching to Cloudflare Pages or GitHub Pages.
This has recently changed, the Free plan will now deactivate your site until the next billing period if you exceed a quota. I believe the Starter plan will auto-bill for exceeding a quota though.
From /pricing FAQ:
The cost difference is basically nothing, so this clearly isn't about the money - it's about something else. The fun, perhaps? In which case, do whatever you think is more fun.
I self-host my own services on a VPS. Self-hosting on your own hardware is opening a whole can of worms that is IMO not worth 4€/month, unless that is a goal in itself. It sounds like you're more concerned about "owning" your pages to stay privacy-conscious, so a VPS is probably the best solution for now.
If you are up for learning self-hosting on Linux, I recommend:
Alternatively you can go for Codeberg Pages instead if you don't want to mess with a VPS.
If the question already popped in to your head, I'd say go for it.
The thing I would be concerned about is security. Your server could get hacked through the blog (either by some security vulnerability ie. in software library, by some flaw you could make in your setup, by security vulnerability in blogging platform...).
I don't want to discourage you, quite the opposite in fact!
I wouldn’t go into self hosting on own hardware at home as a first step. It can be fun but I would say it has more problems than benefits. You can go far with renting a small VPS with Linux for like $5 a month which is usually cheaper than most blog hosting solutions.
I run a static site Jekyll blog on a VPS and having your own server allows for playing around with other self hosting things. Like your own RSS server for example like FreshRSS.
Personally I would, if anything, be more concerned about CDNs on the reliability front. Whenever they malfunction, so does every website that depends on them. This happens rarely, but when it does, we get the mainstream media wondering why a huge chunk of the Internet randomly fell over. Oops. If you don't depend on a CDN, that removes a single point of failure. As for privacy, I suppose that's also better than the alternative in the strict sense, though at this point given how ubiquitous CDNs already are this is on the level of trying to dunk ice into a river of flowing lava to cool it down. If you're already self-hosting other services, I don't think it would hurt to go for it and find out if it's a good solution. I personally haven't encountered any specific complications with my own self-hosted blog, then again I started very recently and my blog has virtually no audience, nor do I explicitly intend to build one up so that's probably not indicative of anything useful to you ¯\_(ツ)_/¯
I understand your point about CDN failure, but I usually state that as a feature and not a bug. Most sites that rely on a CDN are less noticeable than Amazon, NYTimes, or Reddit. If those sites are down, you have a pretty good cover story - we use the same sort of tech that these big sites use, and the outage hit a lot of places!
Actually, that’s very useful to me since I also have no audience and no intention to try to build one! 🤣
I self host my blog using WordPress. I chose WordPress as it's a common technology, and once in a while someone will ask me to help with their WordPress site so I should familiarize myself with it.
The problem now is that as many wrote, Mastodon will DDoS your site. Once I post my blog content on Mastodon the site will get hundreds of request per seconds, which is way more than the usual next-to-nothing traffic. I don't want to use a CDN on this site either as it is not true self hosting. Now my strategy is I either post on Mastodon or Facebook first, then wait for a day or two before posting it on the other site.