Self-Hosting Notes: Two Years In
Two years ago I started self-hosting services I'd been using SaaS versions of. The motivation was partly cost, partly curiosity, partly a vague sense that I should understand the infrastructure I depend on. I've learned things — some expected, some not.
What I'm running
On two small VPS instances (one in Amsterdam, one in Helsinki): Miniflux (RSS reader), Vaultwarden (Bitwarden-compatible password manager), Forgejo (Git hosting for personal projects), Plausible (web analytics for this site), an nginx reverse proxy in front of all of it, and a handful of small custom services I've written myself. Backups via restic to Backblaze B2.
Everything runs in Docker Compose. Deployments are git pull && docker compose up -d. Monitoring is Uptime Kuma sending alerts to my phone when something is down.
What I gave up on
Self-hosted email. I tried. I spent two weekends on deliverability, SPF, DKIM, DMARC, and still had messages landing in spam at Gmail. The operational burden of keeping a mail server healthy — the reputation management, the IP warming, the constant checking — isn't worth it for personal use. I use Fastmail. No regrets.
Nextcloud. Too heavy for what I actually use it for, which is syncing a few directories across machines. I replaced it with Syncthing, which does that one thing with minimal overhead and zero web interface to maintain.
Self-hosted CI. Gitea Actions / Forgejo Actions is interesting but I don't have enough compute on my personal VPS to run it without impacting other services. I use GitHub Actions for projects that need CI. The self-hosted Git is for storage, not pipelines.
What surprised me
Uptime is fine. I expected more downtime than I've had. In two years the unplanned outages I can remember: one kernel panic that required a VPS reboot (provider's issue), one time I accidentally broke my nginx config during an update and had fifteen minutes of downtime before I noticed. That's it. Planned maintenance — updates, migrations — I do at quiet times and it takes minutes.
Updates are the main work. Running services means keeping them updated. I spend maybe two hours a month on this — checking for updates, pulling new images, verifying things still work. It's not difficult, but it doesn't go away. If you're not willing to do maintenance, self-hosting will slowly become a liability.
I stopped noticing the services. After about six months the self-hosted versions became just the versions I use. Miniflux is just my RSS reader. Vaultwarden is just my password manager. The novelty of running them yourself fades. What remains is the service, working, under your control. That turns out to be enough.
Tailscale changed things
I added Tailscale to my setup about a year in. Some services that were previously internet-accessible (with authentication) are now only accessible via Tailscale — internal dashboards, admin interfaces, services where I don't need external access. This meaningfully reduced my attack surface and simplified the nginx configuration for those services.
If you're self-hosting and not using a private network overlay like Tailscale, the authentication and exposure surface you're managing is larger than it needs to be.
Would I recommend it
For developers who are comfortable with Linux, Docker, and debugging things when they break: yes. The operational overhead is manageable and the skills you build are directly applicable to work. For anyone who doesn't want to spend occasional evenings looking at logs: probably not. SaaS exists for good reasons.