hpr_transcripts/hpr3532.txt

Episode: 3532
Title: HPR3532: Self-hosting in small scale E0: Disclaimer and general idea
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3532/hpr3532.mp3
Transcribed: 2025-10-25 01:03:35

---

This is Hacker Public Radio Episode 3532 for Tuesday the 15th of February 2022.
Today's show is entitled, Self-hosting in Smalls Klee Zero, Disclaimer and General
Idea.
It is the first show by Newhost TAC on 751, and is about 9 minutes long, and carries
a clean flag.
The summary is, this end is just explanation of the general idea, and introducing
useful communities around the topic.
Hello everyone, TAC of 751 speaking.
I would like to apologize beforehand for the quality, as I am trying to wrap my head
around, recording, and basically giving a talk like this is highly unlikely of me.
So with that said, I am by no means professional at the moment, and just trying to share what
I learned about self-hosting.
And today episode is just a starter of a series, where I am trying to explain how to
self-host services on your land without exposing too much on the wide and dangerous internet
to keep your attack surface as small as you can.
Because I had some really bad time, because I made some poor choices.
So with that said, I am trying to apply the infrastructure as a cold principles, and
easy way to record what I mean behind it, that as a runtime I am trying to use Docker
for everything.
And using the Docker Compose, which is a neat solution, where you basically able to define
a wall service stack in one file, and how they connect to each other.
And which container has internet connection, which is separated from the network, you
can do segmentation in this case, where containers can see only each other, for example, without
any internet connection.
And that can prevent many, many issues.
The other neat feature is if you own a public domain, and you have a DNS provider, which
is supported by Let's Encrypt.
You can request a white card certificate for that domain without any DNS record involved,
just the API keys for the DNS provider, so that the DNS challenge by Let's Encrypt
can be done, which set both other solutions, I would say.
And with that you will have a white card certificate, as I said before, and you can serve
up on your LAN.
And with the help of a local DNS server, you can resolve that domain to a local LAN IP address.
And that way, you don't need to fiddle around with a ding root certificate or a self-signed
certificate to every single device every time.
And then you have to redo it at least in two years, because some operations systems like
the iOS and basically all the Apple operation systems has a requirement of certificate where
the expired date is less than a year, and the root certificate expired date is less than
two years, otherwise it wouldn't even allow to audit as a trusted certificate, which is
a pain in the bomb.
The next thing is, and as I said before, you will need the DNS server on your LAN to do
the domain resolves, and you have to set your devices to use that DNS server as the primary
DNS, and you can choose any as a secondary, as a fallback in case your DNS server is not
responding or any other issues.
And then we can add to this infrastructure a VPN solution as well.
I'm going to speak later about their scale and via guard.
Well via guard is a really neat solution, and their scale is based upon via guard with enhanced
features like really good security features, but there's some downsides as well, because
you will need to use a public, it called lighthouse, which is basically a service which helps
the client finding each other, and you can set your configurations with the command line
and on their online interface, which need only out-indicated with GitHub, Facebook or Gmail
I believe, but I will speak about that later in more detail in probably in the next episode.
And I wanted to talk about a few communities which are helpful at the very least, and
they have really good resources and tutorials, and one of them is linuxserver.io.
The community builds and hosts their Docker images, which have a few neat ones.
They have, for example, jellyfin, which is a plaques alternative.
They have sync thing, they have their own via guard solution, next cloud, swag, and this
is one of them which I'm going to speak in more detail because this is one of the neatest
one, because it is a modified engine next.
Server, which applies for certificates and renewing them automatically, and you basically
just need to edit the Docker Compose file on first start and modify a configuration file
afterward, and when you want to put a service behind the reverse proxy, you just have to
use their templates and modify them to your needs.
I will speak about this one as well later because this will be one of the pillars of our
project.
And the next one is Home Assistant.
This one is basically, as it says, a home automation service, which is fully open source.
I think it was acquired by Nebuchasse recently, but they working with a patch license, and
most of their code is written in Python.
So it's easy to make integrations and your own plugins and your own automation, and
you can run it on basically in Raspberry Pi.
They recommend 3 or 4, but I would say Raspberry Pi 4 is more than capable of running this.
It mostly depends what you want to, or what extent you want to use it, as with many services.
By the end of this series, I would like to end up with a GitHub or GitLab repository with
scenarios and example configuration files, which you can then download and replicate it yourself.
I believe a few links in the show notes where you can check out these communities and
a few interesting services, which can be useful in a small infrastructure for a family,
the more a small company I would say.
You've been listening to Hecker Public Radio at HeckerPublicRadio.org.
Today's show was contributed by an HBR listener like yourself.
If you ever thought of recording a podcast, then click on our contributing to find out
how easy it really is.
Hosting for HBR is kindly provided by an honesthost.com, the internet archive and our sync.net.
Unless otherwise stated, today's show is released under Creative Commons, Attribution, Share
Like it's Dito Tonyell License.
Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-26 10:54:13 +00:00			`Episode: 3532`
			`Title: HPR3532: Self-hosting in small scale E0: Disclaimer and general idea`
			`Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3532/hpr3532.mp3`
			`Transcribed: 2025-10-25 01:03:35`

			`---`

			`This is Hacker Public Radio Episode 3532 for Tuesday the 15th of February 2022.`
			`Today's show is entitled, Self-hosting in Smalls Klee Zero, Disclaimer and General`
			`Idea.`
			`It is the first show by Newhost TAC on 751, and is about 9 minutes long, and carries`
			`a clean flag.`
			`The summary is, this end is just explanation of the general idea, and introducing`
			`useful communities around the topic.`
			`Hello everyone, TAC of 751 speaking.`
			`I would like to apologize beforehand for the quality, as I am trying to wrap my head`
			`around, recording, and basically giving a talk like this is highly unlikely of me.`
			`So with that said, I am by no means professional at the moment, and just trying to share what`
			`I learned about self-hosting.`
			`And today episode is just a starter of a series, where I am trying to explain how to`
			`self-host services on your land without exposing too much on the wide and dangerous internet`
			`to keep your attack surface as small as you can.`
			`Because I had some really bad time, because I made some poor choices.`
			`So with that said, I am trying to apply the infrastructure as a cold principles, and`
			`easy way to record what I mean behind it, that as a runtime I am trying to use Docker`
			`for everything.`
			`And using the Docker Compose, which is a neat solution, where you basically able to define`
			`a wall service stack in one file, and how they connect to each other.`
			`And which container has internet connection, which is separated from the network, you`
			`can do segmentation in this case, where containers can see only each other, for example, without`
			`any internet connection.`
			`And that can prevent many, many issues.`
			`The other neat feature is if you own a public domain, and you have a DNS provider, which`
			`is supported by Let's Encrypt.`
			`You can request a white card certificate for that domain without any DNS record involved,`
			`just the API keys for the DNS provider, so that the DNS challenge by Let's Encrypt`
			`can be done, which set both other solutions, I would say.`
			`And with that you will have a white card certificate, as I said before, and you can serve`
			`up on your LAN.`
			`And with the help of a local DNS server, you can resolve that domain to a local LAN IP address.`
			`And that way, you don't need to fiddle around with a ding root certificate or a self-signed`
			`certificate to every single device every time.`
			`And then you have to redo it at least in two years, because some operations systems like`
			`the iOS and basically all the Apple operation systems has a requirement of certificate where`
			`the expired date is less than a year, and the root certificate expired date is less than`
			`two years, otherwise it wouldn't even allow to audit as a trusted certificate, which is`
			`a pain in the bomb.`
			`The next thing is, and as I said before, you will need the DNS server on your LAN to do`
			`the domain resolves, and you have to set your devices to use that DNS server as the primary`
			`DNS, and you can choose any as a secondary, as a fallback in case your DNS server is not`
			`responding or any other issues.`
			`And then we can add to this infrastructure a VPN solution as well.`
			`I'm going to speak later about their scale and via guard.`
			`Well via guard is a really neat solution, and their scale is based upon via guard with enhanced`
			`features like really good security features, but there's some downsides as well, because`
			`you will need to use a public, it called lighthouse, which is basically a service which helps`
			`the client finding each other, and you can set your configurations with the command line`
			`and on their online interface, which need only out-indicated with GitHub, Facebook or Gmail`
			`I believe, but I will speak about that later in more detail in probably in the next episode.`
			`And I wanted to talk about a few communities which are helpful at the very least, and`
			`they have really good resources and tutorials, and one of them is linuxserver.io.`
			`The community builds and hosts their Docker images, which have a few neat ones.`
			`They have, for example, jellyfin, which is a plaques alternative.`
			`They have sync thing, they have their own via guard solution, next cloud, swag, and this`
			`is one of them which I'm going to speak in more detail because this is one of the neatest`
			`one, because it is a modified engine next.`
			`Server, which applies for certificates and renewing them automatically, and you basically`
			`just need to edit the Docker Compose file on first start and modify a configuration file`
			`afterward, and when you want to put a service behind the reverse proxy, you just have to`
			`use their templates and modify them to your needs.`
			`I will speak about this one as well later because this will be one of the pillars of our`
			`project.`
			`And the next one is Home Assistant.`
			`This one is basically, as it says, a home automation service, which is fully open source.`
			`I think it was acquired by Nebuchasse recently, but they working with a patch license, and`
			`most of their code is written in Python.`
			`So it's easy to make integrations and your own plugins and your own automation, and`
			`you can run it on basically in Raspberry Pi.`
			`They recommend 3 or 4, but I would say Raspberry Pi 4 is more than capable of running this.`
			`It mostly depends what you want to, or what extent you want to use it, as with many services.`
			`By the end of this series, I would like to end up with a GitHub or GitLab repository with`
			`scenarios and example configuration files, which you can then download and replicate it yourself.`
			`I believe a few links in the show notes where you can check out these communities and`
			`a few interesting services, which can be useful in a small infrastructure for a family,`
			`the more a small company I would say.`
			`You've been listening to Hecker Public Radio at HeckerPublicRadio.org.`
			`Today's show was contributed by an HBR listener like yourself.`
			`If you ever thought of recording a podcast, then click on our contributing to find out`
			`how easy it really is.`
			`Hosting for HBR is kindly provided by an honesthost.com, the internet archive and our sync.net.`
			`Unless otherwise stated, today's show is released under Creative Commons, Attribution, Share`
			`Like it's Dito Tonyell License.`