Hosting my hobby projects from cheap HP mini desktop from my closet (Verizon Fios)

Why?

For me, self-hosting is like having my own personal playground where I can experiment, tinker, and learn. It's a great way to explore new technologies, try out different setups, and have fun with my projects.

As part of my job, I need to have deep understanding of developer experience. Best way to build this understanding is to be the developer, both initial experience with any development tool, as well as day to day of working with these systems. Self-hosting is in a way, building empathy with developer community. Understanding differences, and good/bad versions. My main reason is “learning”.

There are a bunch of other reasons one may choose to do this:

• Privacy: your data
• Full control: You own it (well, both good and bad)
• Cost-effective: (may not be always true, but mostly true)

You shouldn’t do this… But if you really want to…

I don’t suggest this route for majority of the people. It’s hard, you’ll hit walls way more frequent than you want. You have to be a warrior. If your reason is similar to mine, go for it. There is a strong determining factor though, your connectivity.

Let’s get started. I’ll start the connectivity, then hardware and software.

Sounds common but not so common: It’s a privilege to be on Fios

While high-speed internet has become more commonplace, it's still a privilege, especially in the United States. We’re (I’m) definitely taking it for granted. I use Verizon Fios is a fiber internet service. If it wasn’t for this, I wouldn’t self-host my stuff.

Big practical separation for Fios is how stable it is, regardless of the “mpbs/gbps” package you have. I used Fios in residential and office setup in New York City for years. I got off as I moved to different neighborhoods and I really really missed it when I didn’t have it, even though I got 1gbps service packages from other providers.

Back in the day when we used dial ups and trying to play Half Life (or Counter Strike) online, your connection speed mattered but “lag” mattered even more. I lived in Turkey back then and we had a cable internet provider vs adsl services and the difference was, you were getting super low lag/ping in cable network even though you were 1/4, 1/3th of the connection speed you had compared to other services that bragged how fast they were. Didn’t matter when playing online.

I have 300/300mbps, what’s called “symmetrical” connection. 300mbps is already way higher than average internet connectivity worldwide (although certain countries/cities regions have way faster networks, overall world citizen gets access to internet at lower speeds). But it would be ok even if it was slower, because it’s Fiber network and its symmetrical which means download and upload speeds are same. Often you see traditional ISPs advertise something ridiculous high speeds like 500mbps, but it’s often only referred to download speeds. And in majority of consumer scenarios this is fine. But you need the upload speed to be high and consistent/stable when you want to serve upstream.

Hardware

Since it’s hobby purposes, I initially searches some “old” server (like servers sitting on racks) on eBay. Then I realize it had million combination of hardware components, like CPU architectures, network interfaces. I quickly went down the rabbit hole of Reddit threads both fun and scary stories. These “serious” server hardware were electric eating, heating sources that are also giant, requires space kinda machines turned me off and I backed out quickly.

Then I explored mini pcs that are more common computers that could handle my applications really easily. Think like you’re looking for a computer that you could use, but instead you just host stuff and it sits somewhere in your home in a closet, without being a fire risk or a thing that you need to worry about how to keep it cool.

I bought a “HP Elite Desk Mini” which is a decent computer if I were to use it as my desktop. It’s 16GB memory, i7 quad core CPU, and have 510gb SSD. I think I bought it under $150 on Amazon. You can go fancier with much beefier machine with a few hundred dollars if you’re being much more serious about this. I’m thinking to buy another (same machine) and stack them.

The footprint of this machine is super small. It snuck under my Verizon router in a closet, almost zero noise and barely heats. I’m sure if I find an ARM version of this thing (or a raspberry pi) I can go smaller and almost no heat but I never seen over heating on these.

Wether this machine is a good or bad hardware decision, it’s debatable, but I’m really happy a few years in.

Software: Ubuntu & Docker

The first thing I did was to clean it up and install Ubuntu (LTS). Almost bare bones ubuntu then right away docker installed.

I have nginx and php on it for some early play of a Wordpress blog (not this one), but then abandoned it.

I run almost everything exclusively in docker (more on this below).

I try to update & upgrade ubuntu once a year. Nothing else.

Access: Cloudflare Zero Trust

The machine itself is completely closed to direct internet access. It’s IP Tables don’t allow connections even from local network (except SSH port accepts local network IP range).

Traditionally, machine needs to open ports to outside, then have a router port forwarding and set up all public IP sort things. More than 2 decades ago I did that with static IP from my ISP. Man, all the hustle…

Non of that is necessary anymore. I use Cloudflare Access, Tunnels which has an agent always running in the server, and from remote configuration, I can listen any internal port (without opening it up) and forward the port directly to a subdomain of my domains. This shortcuts the DNS work for me too. On top of that, most of my private apps run on subdomains that are protected by Cloudflare Zero Trust access (only me). I love Cloudflare’s this feature that solves 2-3 problems at once for me.

One might wonder, what happens if Cloudflare has an outage, and their Zero Trust tools stop working, does it open my apps to public all of a sudden? No, because my apps are not open the public in the first place. Zero Trust tunnel has to work in order to open it up to public, and if Zero Trust authentication is down, the subdomain will also not be accessible (because it’s proxied through Zero Trust “application” record.

Worst case scenario, I lose access to my private apps from outside. Even with that, I can SSH to my server and create a tunnel, port forwarding to the specific port the app is running.

In a normal day, I simply join to Zero Trust network using Cloudflare’s desktop app WARP, that replaces VPN for me.

All things considered, I’m sure there are still holes and paranoia in this plan. You can go through more traditional route that is not any different than hosting this instance in Digital Ocean or AWS and replicate what you think is “more secure”, but I’m pretty happy with the baseline Cloudflare brings, and solve a few unnecessary things I have to take care (like no need to do reverse proxy for all apps I’m running).

Deploy apps: Portainer + Gitops

I use portainer to both set up deployments and management of my containers. Portainer is essentially nice UI version of your docker command line tools. But where it shines is the gitops integration that integrates with github via webhooks, so when I push any change to any of my apps repos (which all have docker-compose.yml that includes their infra and application configurations), my apps gets re-deployed by portainer. This makes spinning up a new app, or an open source tool in my server, a breeze.

I covered portainer and its gitops integration in this article:
Portainer + gitops ❤️: A simple way to deploy and manage your self-hosted applications

---

This post was first published on my blog: https://mfyz.com/hosting-my-hobby-projects-from-cheap-hp-mini-desktop-from-my-closet-verizon-fios/