Another Try (at Self Hosting)

Published:	2025-11-06 (Thursday) at 10:19
Updated:	2025-11-27 (Thursday) at 11:47
Tags:	Dev SelfHosting

Changelog

2025-11-06 - This had the wrong tag. I also added a clarification about ssh, after this useful post from @lmika and added a callout to make it easier to find the steps I took so far to secure the server.
2025-11-27 - Added SelfHosting tag

If you're here to check what I might've missed when securing the VPS: Look for the paragraph starting with "Setting up the VPS wasn't that hard."

I'm in the middle of moving my things off of Cloudflare and on to a VPS with OVHCloud. OVH is a European (French to be precise) Hosting company that offers everything I need and is maybe not as problematic as Cloudflare. I wrote about this recently Where To Go From Here.

I initially ruled out OVH because I somehow perceived them as too expensive. But as is often the case: Publishing something - even if nobody reacts - gives some clarity. And so I now am fine with paying OVH around 15€/month for a VPS capable of running Coolify, all the pieces to run my blog (static site, small api, db, kv), and maybe some other stuff and some s3 buckets for assets/media/backups.

Coolify itself is a pretty nifty tool which hopefully alleviates the need for a "managed" cloud solution. It's an app that makes it easy to deploy on push but it can do a bunch more things. One of them is it provides also a web app with which I can monitor the state of things without having to climb onto the server using ssh. It's not like I'm against that. I'm a programmer by trade, so my daily work consists of using the shell to get things done. But I always felt that GUIs for administration of operations is just easier and less error prone.^[1]

Setting up the VPS wasn't that hard. The last time I had to do it from scratch was a while ago, but I basically followed the advice of OVH: change SSH port, only allow SSH using keys^[2], block ports on the server/use a firewall, install fail2ban^[3], setup a firewall at the hoster level, since ufw and docker don't actually work together all that well (TIL).

Of course, not having been self hosting for a while means I am almost certainly unaware of other security problems.^[4]

That's why I prefer to use VS Code's Kubernetes Plugin or the Rancher Web UI over using kubectl directly, for example. ↩︎
I'm using 1Password's SSH Agent btw. ↩︎
I setup fail2ban for coolify using this guide. ↩︎
So in other words: If you know of something I should maybe be doing: I would be grateful if you'd let me know! ↩︎

← Previous
DailyDogo 1440 🐶
Next →
DailyDogo 1441 🐶