Note: I’ve since upgraded to using a Cloudflare tunnel, which means no more updating IPs and no more having open ports on the router. Read more on how I set up a Cloudflare tunnel.
A little over a year ago I took a spare Raspberry Pi – a very small, very cheap computer – and set it up to publish my both my main domain, schwanksta.com, and this blog you’re reading.
I wrote about why at the time: I wanted to be my own publisher, and even though I wasn’t spending much on my web host at the time I figured I could save some money. Plus, I just wanted to try it out.
There’s a global shortage of the little computers right now, so getting one might be tough. But you can run a web server on just about any spare computer, including some Network Attached Storage devices.
Because you can do it a million different ways, I don’t want to get into the technical details of setting up a Raspberry Pi or a web server (I use unglamorous technology here, nginx and Jekyll) but I do want to share what really makes this possible for me: Cloudflare’s dynamic DNS and proxying.
Using Cloudflare gets you:
Dynamic DNS. Domain names are like aliases to your server’s IP address. If you have a home network though, your IP address changes from time to time. Cloudflare makes it easy to periodically transmit your IP to the service, so it knows where to access your content.
Security. When someone accesses your site on Cloudflare, they’re not connecting your server directly – Cloudflare grabs a copy of the page and assets and puts them in its cache. People only ever see the service’s copy, and never touch or see your home IP as a result.
Speed and DDoS mitigation. Cloudflare is fast, serving up your pages from its global distribution network and protecting your server from being flooded with requests.
This isn’t meant to be an ad, but the service solves a bunch of problems for free. It even comes with optional privacy-focused analytics.
The main technical process for linking your home server to your domain name is getting dynamic DNS to work. I use
ddclient set to run as a daemon every few minutes, so there’s little downtime if my IP changes. However, I ran into what seems to be an oddly common issue given the tool’s purpose: sometimes it fails to find the public IP. You can use a simple shell script as a workaround. To use that script, you need to tell
ddclient to run it by making sure your
ddclient.conf has the line starting with
use=cmd here (based on this writeup):
## ## Global Config ## daemon=300 ssl=yes ## ## Cloudflare Config ## protocol=cloudflare use=cmd, cmd=/home/pi/checkip.sh, cmd-skip='IP Address' # found after IP Address login=CLOUDFLARE_EMAIL_HERE password=CLOUDFLARE_API_KEY_HERE zone=schwanksta.com schwanksta.com www.schwanksta.com words.schwanksta.com
Two other things I do: to keep the server’s SSL certificate up-to-date, I run
certbot renew every month as a cron:
0 5 */30 * * certbot renew --nginx -q
And I keep the system updated by running upgrades once a week:
0 7 * * 1 apt-get install unattended-upgrades
Lastly, Pis run on SD cards, which have a limited number of writes you can make to them over a lifetime. I’d suggest plugging in an external hard drive, or if you have a NAS, mounting it and writing your site files there. You don’t want your site disappearing because your SD card went kaput.
If you do decide to set up your own server, you’ll probably also want to use one of two methods to make it so only Cloudflare can access your server. If anyone thinks I’m doing something extremely stupid here, please let me know.
As my former colleague Alastair Coote said on Twitter, it would be nice if this sort of thing were simpler and it were easier for people to run their own services on the internet. There’s something delightful in getting down to the basics of how computers communicate with each other, and it would push us further toward an internet with less power centralized in a few distribution platforms (though Cloudflare is a major one itself). It might help people feel more in control of their online presence as well.
With…whatever is happening at Twitter…people are thinking a bit more critically about the kind of internet they want. Do they join the Fediverse and toot on Mastodon? Write more blog posts? Invent new protocols? Bring back Yo? It can be instructive and eye-opening to strip back the layers of how we publish or interact online, and running your own server is a way of doing that. Who knows what ideas might come of it?
Anyway, if anyone else ends up self-hosting their site and/or you have other tips or tricks for this or any other kind of home server, let me know!
PS: Matt Hodges noted on Twitter that you may be able to do this more securely by using Cloudflare’s “zero trust” tunnel. I haven’t tried it yet, but it seems like a good option that takes care of a few security issues.