# Self-Hosting Guide: Cost-Effective Infrastructure
## Why Self-Host?
| Factor | Cloud | Self-Hosted |
|——–|——-|————-|
| Upfront cost | $0 | $2,000-10,000 |
| Monthly cost | $100-1000+ | $20-100 |
| Control | Limited | Full |
| Maintenance | Managed | You handle |
| Scalability | Instant | Hardware limits |
## When It Makes Sense
### Good Candidates for Self-Hosting
– **Homelab enthusiasts** — Learning and experimentation
– **Small businesses** — 5-50 users, predictable load
– **Privacy-focused** — Data sovereignty requirements
– **Cost optimization** — Long-term savings
– **Custom infrastructure** — Unique requirements
### Stick with Cloud
– Rapid scaling needs
– No DevOps capacity
– Mission-critical uptime
– Regulatory compliance (PCI, HIPAA)
## Hardware Recommendations
### Budget Build ($2,000)
| Component | Spec | Price |
|———–|——|——-|
| CPU | AMD Ryzen 7 5800X (8-core) | $250 |
| RAM | 64GB DDR4 | $200 |
| Storage | 2x 2TB NVMe | $200 |
| Case | Fractal Design | $100 |
| PSU | 650W 80+ Gold | $100 |
| Motherboard | B550 board | $150 |
| **Total** | | **~$1,000** |
### Mid-Range Build ($5,000)
| Component | Spec | Price |
|———–|——|——-|
| CPU | AMD Ryzen 9 5950X (16-core) | $500 |
| RAM | 128GB DDR4 | $400 |
| Boot SSD | 500GB NVMe | $50 |
| Storage | 4x 4TB HDD (NAS) | $400 |
| Cache SSD | 1TB NVMe | $80 |
| Case | Fractal Design | $150 |
| UPS | 1500VA | $200 |
| **Total** | | **~$1,780** |
### Pro Build ($10,000+)
– Consider enterprise hardware
– 10GbE networking
– Redundant power
– Hardware RAID controller
## Essential Services to Self-Host
### Infrastructure
| Service | Purpose | Resource |
|———|———|———-|
| Docker | Container runtime | 2-4GB RAM |
| Traefik | Reverse proxy | 512MB |
| Cockpit | Web UI | 1GB RAM |
| Prometheus | Monitoring | 2GB RAM |
### Development
| Service | Purpose | Resource |
|———|———|———-|
| Gitea | Git hosting | 1GB RAM |
| Drone CI | CI/CD | 2-4GB RAM |
| Registry | Docker registry | 1GB RAM |
### Productivity
| Service | Purpose | Resource |
|———|———|———-|
| Nextcloud | File sync | 2-4GB RAM |
| Paperless | Document management | 2GB RAM |
| Mealie | Recipe management | 1GB RAM |
### Media
| Service | Purpose | Resource |
|———|———|———-|
| Jellyfin | Media server | 2-4GB RAM |
| Radarr/Sonarr | Media management | 1GB RAM |
## Networking Setup
### Basic Network Diagram
“`
Internet
↓
Router (with port forwarding)
↓
Firewall (Pi-hole)
↓
Proxmox/Host
├→ VM: Traefik (reverse proxy)
├→ VM: Docker host
│ └→ Containers
└→ VM: Storage (TrueNAS)
“`
### Dynamic DNS
“`yaml
# ddclient configuration
protocol=dyndns2
use=web
server=domains.google.com
login=your-email
password=your-password
your-domain.duckdns.org
“`
### Remote Access
**Options:**
1. **Tailscale** — WireGuard-based, free for personal
2. **Cloudflare Tunnel** — Free, secure
3. **OpenVPN** — Self-hosted, more complex
4. **WireGuard** — Fast, modern
## Backup Strategy
### 3-2-1 Rule
– 3 copies of data
– 2 different media types
– 1 offsite
### Implementation
“`bash
#!/bin/bash
# Daily backup script
# Variables
BACKUP_DIR=”/mnt/backups”
SOURCE_DIR=”/mnt/data”
DATE=$(date +%Y%m%d)
# Create backup
tar -czf $BACKUP_DIR/backup-$DATE.tar.gz $SOURCE_DIR
# Keep only 7 days locally
find $BACKUP_DIR -name “backup-*.tar.gz” -mtime +7 -delete
# Sync to offsite (restic, rclone, etc.)
restic backup $BACKUP_DIR –repo s3:backups
“`
### Backup Tools
| Tool | Type | Cost |
|——|——|——|
| Restic | Incremental | Free |
| Borg | Incremental | Free |
| Duplicati | GUI backup | Free |
| Rclone | Cloud sync | Free |
## Security Hardening
### Network Segmentation
“`yaml
# Docker network isolation
networks:
frontend:
driver: bridge
backend:
driver: bridge
internal: true # No internet access
database:
driver: bridge
“`
### Firewall Rules
“`bash
# UFW rules
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp # SSH
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPS
# Fail2ban for SSH
apt install fail2ban
“`
### Regular Updates
“`bash
# Weekly update script
apt update && apt upgrade -y
docker compose pull
docker image prune -f
“`
## Monitoring
### Essential Metrics
– CPU/Memory/Disk
– Container health
– Network traffic
– Service uptime
– Backup status
### Stack
“`yaml
# docker-compose.yml for monitoring
services:
prometheus:
image: prom/prometheus
volumes:
– ./prometheus.yml:/etc/prometheus/prometheus.yml
ports:
– “9090:9090”
grafana:
image: grafana/grafana
ports:
– “3000:3000”
volumes:
– ./grafana:/etc/grafana/provisioning
node-exporter:
image: prom/node-exporter
ports:
– “9100:9100”
pid: host
“`
## Cost Analysis
### 5-Year Comparison
| Year | Cloud (mid-tier) | Self-Hosted |
|——|—————–|————-|
| 1 | $6,000 | $3,000 |
| 2 | $6,000 | $500 |
| 3 | $6,000 | $500 |
| 4 | $6,000 | $500 |
| 5 | $6,000 | $500 |
| **Total** | **$30,000** | **$5,000** |
**Savings:** $25,000 over 5 years
## Getting Started
### Week 1: Foundation
1. Set up Proxmox or bare metal
2. Configure networking
3. Set up Docker
4. Install Traefik
### Week 2: Core Services
1. Set up Git hosting
2. Configure backups
3. Set up monitoring
4. Add first production service
### Week 3: Migration
1. Migrate from cloud services
2. Test everything
3. Document setup
4. Configure remote access
## Conclusion
Self-hosting requires upfront investment and ongoing maintenance, but offers significant cost savings and complete control. Start small, learn as you go, and build from there.
**Key takeaway:** The best time to start self-hosting was 5 years ago. The second best time is today.