I am wanting to self host a fediverse instance. I don’t hope to make it big. Hoping for 200 users at most, and I won’t advertise it heavily so it’ll probably be a while before it gets there.
Is it a bad idea to host something like this on local hardware at home? I have a lot of local-only self hosted services, and I wouldn’t want those to be compromised.
But my biggest fear is overloading my network. I already don’t get the fastest signal in some parts of my house, and I am worried the extra traffic might put more pressure on the network.
What are your thoughts on hosting local? Should I just avoid the headache and host on public instance?
On a technical level, user count matters less than the user count and comment count of the instances you subscribe to. Too many subscriptions can overwhelm smaller instances and saturate a network from the perspective of Packets Per Second and your ISPs routing capacity - not to mention your router. Additionally, most ISPs block traffic traffic going to your house on Port 80 - so you’d likely need to put it behind a cloudflare tunnel for anything resembling reliability. Your ISP may be different and it’s always worth asking what restrictions they have on self-hosted services (non-business use-cases specifically). Otherwise going with your ISP’s business plan is likely a must. Outside of that, yes, you’ll need a beefy router or switch (or multiple) to handle the constant packets coming into your network.
Then there’s a security aspect. What happens if you’re site is breached in a way that an attacker gains remote execution? Did you make sure to isolate this network from the rest of your devices? If not, you’re in for a world of hurt.
These are all issues that are mitigated and easier to navigate on a VPS or cloud provider.
As for the non-technical issues:
There’s also the problem of moderation. What I mean by that is that, as a server owner you WILL end up needing to quarantine, report, and submit illegal images to the authorities. Even if you use a whitelist of only the most respectable instances. It might not happen soon, but it’s only a matter of time before your instance happens to be subscribed to a popular external community while it gets a nasty attack. Leaving you to deal with a stressful cleanup.
When you run this on a homelab on consumer hardware, it’s easier for certain government entities to claim that you were not performing your due diligence and may even be complicit in the content’s proliferation. Now, of course, proving such a thing is always the crux, but in my view I’d rather have my site running on things that look as official as possible. The closer it resembles what an actual business might do, the better I think I’d fare under a more targeted attack - from a legal/compliance standpoint.
That’s a long winded way of saying “if you have to ask, you’re not ready”
Eh, but then he won’t learn anything. I’ve never found that response acceptable. It just perpetuates the problem. To each their own though!
I understand this policy of needing to report them to official authorities is a new thing they now added out of fear of losing their grip of control on social media when people swarm to private instances.
My standards however will always remain on “No government has any business in private stuff.” Just like everybody follows default trafficlaws on private parkings, but in reality they are just rules of the owner and unless you do damage the police can’t do anything for driving wrongly on them. Same goes inside a store. Government has no say in how internals are handled and will only be allowed to note damage and allow the owner to press charges, if they so chose. I’m just drawing that basic right further to everything, including any privately setup software.
I kinda also feel that if I have to go and involve government authorities, it takes away a large basic reason to even go private. I’m not paying servercosts to still having to deal with government [insert bad word here]…
Governments can suck it and I’ll just deal with my own issues. There is absolutely no way in hell I’m going to voluntarily contact any government [insert different bad word here] for things I am doing in private. They can go stand on their heads for all I care…
NB: This is in no way an attack towards you or what you commented, voting it up even cause you were very helpful and I do agree in general it’s best to give the legals and leave it up to people to choose to follow that or not, I just needed to get this frustration about government control in private setups off my chest… 😅
Your biggest fear should be something like the CSAM attack from a few months ago. I doubt you have tens of thousands to spend on a lawyer.
That’s why I killed my instance.
You could just disable pict-rs, I believe.
Did that instance have public registration? What speaks against having it for private (family) use only, as a gateway to the public instances?
Public registration has nothing to do with federation. My instance required admin approval for all new registrations. Illegal content is much more likely to come through federation than from inside.
IMHO, the few reasons to host your own instance largely disappeared with 0.19 and the risks were never worth the rewards to run a tiny instance. Things are likely to continue improving with future releases. Which is why sdf.org became my main.
I run my own Pixelfed and Lemmy instances on not so young consumer grade hardware and it’s fine, but I am the only user. I would not want to have to deal with other users’ complaints, bad behavior, or other BS.
I’m doing what you want to do now. I’m running lemmy.fan on a NAS with really good hardware on a fiber connection. My ISP provides symmetric bandwidth and doesn’t block anything, though emails can’t be sent with a local smtp server since most places don’t trust the IP addresses of residential subscribers.
I learned a ton, I’m enjoying running things, and though it’s an open instance I don’t advertise it. I say go for it. Experiment and have fun. If it sucks and you hate it you just stop the containers.
Though now its been advertised 🤣
Lucky! I wish I had symmetrical fiber with all the ports available.
I totally have a server capable of hosting a LOT of things but lack the upload to make use of it. I’m considering transferring to a rack mount and sending it to be colocated at a datacenter within driving distance.
Realistically, how much bandwidth does Lemmy need if pict-rs is disabled, if you tested that?
I am thinking of something a bit crazy if freenom shows up working again. Since my only internet connection is mobile data, I am thinking about the possibility of hosting Lemmy in Termux and using a Cloudflare tunnel. The biggest problem is probably bandwidth. It varies between 0.02-6Mbps, hanging around 1Mbps for most of the day.But I am not sure if Lemmy could even run in Termux in the first place.
Probably a stupid idea regardless.Definitely not stupid.
But my biggest fear is overloading my network. I already don’t get the fastest signal in some parts of my house, and I am worried the extra traffic might put more pressure on the network.
This line concerns me. How experienced are you with servers and networking? Your WiFi network should be fine unless you have your server on WiFi - which you absolutely should not. Ethernet only.
If you set this up limit it to just yourself and friends to start. Get a feel for it before exposing it to strangers.
I have it on WiFi unfortunately.
If I put it the server on Ethernet, would it no longer impact the WiFi connection of any other device? I guess it makes sense that it wouldn’t.
Extending Ethernet to the server won’t be trivial, but I think you’re right I might have to do it.
Either that or maybe a separate wifi network so it can have the network to itself.
You can always start with it where it is and start small - get comfortable with hosting and how the server will behave. You don’t need to solve all the problems at once.
You may want to also look at offloading media with pict-rs to a object storage like an S3 API compliant bucket. Otherwise, you’ll find Lemmy soaks up lots of storage.
That’s part of my concern behind going with local setup. I have a lot of unused HDD storage.
Cloudflare R2 is the cheapest here, it’s free for some gigabytes and egress is free too.
To be honest, I’d just disable image uploads…
R2 is $0.015/GB, B2 is $0.005/GB and it also has free egress when put behind cloudflare.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CSAM Child Sexual Abuse Material IP Internet Protocol NAS Network-Attached Storage VPS Virtual Private Server (opposed to shared hosting)
4 acronyms in this thread; the most compressed thread commented on today has 3 acronyms.
[Thread #337 for this sub, first seen 5th Dec 2023, 02:25] [FAQ] [Full list] [Contact] [Source code]
You missed one:
ISP - Internet Service Provider
Could be a target of intentional or unintentional DDOS.
I’m fairly sure the obligation to report goes back as far as the DMCA at least. That law gave carriers and hosting providers certain limited liability against user generated content provided they had reasonable moderation policies and acted promptly to take down content either subject to copyright complaints or other legal demands. Basically a you’re ok as a host if somebody does something bad, just so long as you clean up the mess as soon as you become aware.