Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Hardcore IndieWeb: Run your own website 100% independently for only $0.01/day (neatnik.net)
183 points by cdrnsf 13 hours ago | hide | past | favorite | 130 comments
 help



Personally I have used GitHub pages and cloudflare pages for hosting static sites and have been very happy with them considering the zero cost involved.

I don't think there is much difference between paying nearlyfreespeech (which I have done in the past) Vs using GitHub or cloudflare - you are still reliant on a third party for actual hosting. I don't really see any value in self-hosting myself - apart from nerdy satisfaction etc, I don't see the need.

The important part in my mind is the fact that I am manually controlling the assets - the HTML the images etc. Simple files on disk.

The git integration with GitHub and cloudflare though is obviously a huge boon though as now I have an off-site backup, and publishing is even more seamless than the old FTP/sftp days - just push to master from within vscode where you are editing the files anyway and it'll be live in 30 seconds (as well as backed up).


When you pay for something, you stop being the product and become the customer instead. That's a big deal.

Same, but with GitLab pages.

Nearlyfreespeech is a great service though not a 100% independent as your still relying on them. I think the closest you can get to 100% independent without running your own internet infrastructure is either port forwarding from your home (if allowed) or hosting a website through TOR which isn't too hard. You just have to download the browser and edit a config file (torrc) with the port you want on the network. Not ideal of course though because anyone who wants to visit your website will need the tor browser and explaining to people that your website is on the "dark web" is a little hard to do.

I am a little surprised that doing so isn't more popular on in the indie web scene though as you do it on hardware you own, from your home, and the tor network protects people from knowing your servers ip address if that's something you care about. You could even go to your domain provider and have one of your domains redirect to your .onion address so people don't need to memorize it.

There also used to be the beaker browser which let you create and host your own website directly from the browser but that project got shut down. Hopefully something similar will show up at some point. Maybe a website creating plugin for tor would be enough to make it more popular.


+1. Why even pay the penny? Spinning a onion service is trivial...and...more secure than the clearwebz.

I've made a few easy to spin up services. Heck, you can even run it off your phone.

Nanogram https://gitlab.com/here_forawhile/nanogram

Spreadsheet Server https://gitlab.com/here_forawhile/spreadsheet

Library Server https://gitlab.com/here_forawhile/libraryserver

Torum (HN Clone) https://gitlab.com/here_forawhile/torum


I wonder if the fact that you linked to clear web source code links rather than onion links demonstrates why people might pay the penny…

Making something as easy as possible to try demonstrates why you need to pay a penny? I don't follow.

Yes, exactly. Because if you’d paid that penny for a server on the regular internet you would just link to the real site

Perhaps. Perhaps not…

A source repo link often gets more traction here than a link to what might turn out to be a closed, probably subscription based, service. The repo's main readme likely links direct to the product/ service/other main location [if the forge isn't being used as that] or demo location [if a public demo instance exists] should that be where I want to go immediately.

Though maybe posting both the repo link and a "live" link would be better still.


I just happen to not self-host my own code base. But your acting like I paid a penny for that, and self hosting git isn't possible, and we aren't on a forum which exists on the commercial internet.

What a silly deflection. The point is obvious: if it is as trivial as you are saying, why aren't you self-hosting?

I am? Just not my codebase lol. I don't see why the two ideas need conflated.

It's just "Show, don't tell". If you want to make the point that self-hosting is trivial, then give an example of site that you are hosting with your set up instead of just pointing to gitlab.

Ok, well here is an example of how easy it would be to set up your own torum for instance. 3 or 4 commands and it's up.

https://nonogra.ph/running-a-website-inside-a-website-07-15-...

I don't feel the need or want to share my services with the world to demonstrate that.


Why did you still not post an onion link? It's as if you feel people don't like onion links. Which is true, and it's why people don't post onion links.


Perfect is enemy of the good. Like you said, the only way to be truly independent if people ran their own infrastructure, and if all the hardware was as 100% FOSS.

Of all the compromises we have to do (relying on Telco providers, equipment manufacurers, etc), using Nearlyfreespeech is the less risky one. They have no history of abusing the trust users have placed on them, and service costs virtually nothing.


> You could even go to your domain provider and have one of your domains redirect to your .onion address so people don't need to memorize it.

Apparently [1] there are also ways that Tor Browser supports, for directing visitors to the onion address via the “normal” internet:

- Onion-Location

> The Onion-Location method was introduced on Tor Browser 9.5 as a way for service operators announce their Onion Services in their regular HTTPS sites. It's specified under tor-browser-spec's Proposal 100 - "Onion redirects using Onion-Location HTTP header".

- Alt-Svc

> Similar to Onion-Location, the Alt-Svc method also uses an HTTP Header (the Alt-Svc Header, specified by RFC 7838), which means that the user first need to access the regular site before their browser discovers the alternate Onion Service address.

> But contrary to Onion-Location, the Alt-Svc method:

> - Does not support an HTML tag, as it relies entirely in the Alt-Svc Header.

> - Is fully transparent: all the discovery and upgrade happens automatically, without user intervention.

- Additionally, they also speak of future possibilities for DNS or DNSSEC-based Onion Association.

[1]: https://onionservices.torproject.org/research/proposals/usab...


Nah, then you're still dependent on Tor. The most independent way is to publish your blog on your own p2p network ;)

Tor is not a single point of failure: It is a p2p network.

How many directory authorities does Tor have and how many are needed for a consensus?

That's what I meant. How can you claim to be independent if you aren't even running your own network?

> port forwarding from your home

Not 100% independent then. You still depend on your isp.


Indeed. I also depend on my power company, the entire global supply chain to provide me with computers to purchase, copper mines for the networking cables I use, oil fields all over the globe for the plastic, etc etc etc.

Something, something, if you want to make an apple pie from scratch you first have to invent the universe.

This is a pretty weird article/movement. The greatest hurdle is almost definitely a domain name, which if you want to own the content you have to get. Which even the cheapest would cost you around 6$ a year. (I'm ignoring the "tk" tld, which is kind of a honeypot)

And you can host for a static site for free in a million places. CDNs free tiers are enough for individuals.

I don't get the preoccupation with hosting your own server, what matters is that you own your own identifier (in this case a domain name) whatever it points is vastly less important.


> I don't get the preoccupation with hosting your own server

The field of software engineering is dominated by the smart people that do something not because they have to but out of curiosity.

I've hired a bunch of people and I was always looking for curiosity and drive most of all. A degree doesn't help you if you don't care.


> The field of software engineering is dominated by the smart people that do something not because they have to but out of curiosity.

Emphasis mine.

We wish. I think the state of tech pretty conclusively demonstrates those people aren’t the ones who dominate. Money and power hungry tech bros do, which is why everything is shit and exploitative.


The tech bros are the ones that control the companies, not the field of software engineering.

What part of this pretty weird article proposed hosting your own server?

6USD per year adds about 0.016USD per day. Definitely more, still pretty cheap.

Kind of funny that this is like some strange new concept... Having a web server and putting your stuff on it.

We are a long removed from when putting something in your public_html folder would instantly give you a personal web site. Not that I am saying people should still hand write html or anything but it was a very quick and natural way to participate back in the day. (A unix account usually gave you automatic p2p chat too using finger to see if your buddy was online and talk/ytalk to talk to them.) This was little less than magic at the time even when your friend was sitting on the terminal right next to you.

Considering many people doesn't know what a file is, keeping the spirit alive is important, I think.

This will get worse with new generations. They grow up on tables and phones where file system is a completely foreign concept. You need an app for everything.

It's not like the preceding generations were any different, until they had to do work on a PC.

I encountered juniors straight out of school who don’t know what tar is, or rsync, or what a symlink is.

It’s all learnable and everyone starts somewhere. But you’d think natural curiosity would kick in and they’d have picked up some of this on their own by the time they have a job.


I didn't even know about tar or rsync until I started to use Linux, and I don't really see how else one get to the point where you need to know about them. And even symlinks are still in my mind as 'shortcuts but [...]' (even though the other way around is probably more accurate). Even as a dev, it's very possible to go through life without touching Linux.

If you've built any open source software ever, it's pretty hard not to know of tar, even if you don't know exactly what it is. I think it's reasonable to expect anyone interested in computers would be familiar with common compression tools, let alone a CS major.

> I think it's reasonable to expect anyone interested in computers would be familiar with common compression tools

So 7zip and Winrar?

I joke, but only halfway. If you're only normal Windows user, you'd never hear of anything else (unless you want to go back to Winzip, which does still exist, but I've never heard of anyone using it any more).


If they were Windows game developers, they wouldn’t have to touch any of that. I guess it depends on where their interests lie and what platform they developed on.

Ok, sure, windows.

But here’s one I heard literally two days ago: we counted three engineers (out of many) who knew that physical memory was not actually a giant flat space of contiguous addresses, and that there were multiple layers of address-mapping and region-joining glue logic between a program and the hardware, including in os libraries, and even inside the hardware.

Maybe knowing such information is archaic or useless for most engineers. But the good ones (or at least a certain flavor of the good ones) ask questions that lead them there.


I wrote x86 assembly back when we were switching from real mode to protected mode, and I still have a feeling that I would not have been able to answer whatever question you asked there in a way that would satisfy you.

I also could no longer tell you how to balance a binary tree or implement Quicksort.


But physical memory is a giant flat space of contiguous addresses. Do you mean virtual memory?

How could it be? For example, each memory stick doesn't know beforehand what other memory sticks it will be used with, so the "physical" addressing of the memory on each stick has to be independent of the others, i.e. a local address, that gets mapped to a virtual one.

But that's not relevant? What would be relevant if, depending on where your bits are stored, acces time is significantly slower. If, regardless of where my data goes, my access time is constant then I do not care as a dev?

That's the abstraction I'm working with when coding. Which is necessary because in most cases this should be an implementation detail.


If all you do is write code for Windows, why would you need to know what any of that is?

Because Steam... /s

The lack of basic computer knowledge I’ve seen from developers is terrifying.

It's almost inspiring how far someone can get without understanding really basic stuff about how an operating system operates.

The article was a lot of words just to say that.

It's sad that we need this new concept of "IndieWeb", as the whole Internet evolved into a monstrosity hosted and guardrailed by a handful of megacorporations. Hosting files became a privilege, when it should've been a (human) right all along.

edit: The tech to host yourself is obviously still there, but the _mindset_ changed to cloud only.


> edit: The tech to host yourself is obviously still there, but the _mindset_ changed to cloud only.

Sadly with CGNAT, port blocks, hosting any server being a terms of service violation...


Non-cloud shared hosting costs $2 per month

Oh, wait until the kids learn about hardware.

> run 100% independently

> For just $0.01/day, you can run a static website at NearlyFreeSpeech.net

I respect the spotlight on hosting your own websites, but it's not much different from the usual Vercel/Netlify/GitHub/Cloudflare static hosting.

What if I want a database, feedback form, social media previews, good SEO? Article says nothing about it. Perhaps that's what makes a website "indie"?


You have access to php and a database there.

NFS supports dynamic websites (giving you access to a full Linux system with many programming languages), though you’ll have to pay more.

I get your point, but I still remember that guy who got a $100k Netlify bill for his free plan.

I'm building an Astro starter template that also makes it easy to start your own website / blog: https://github.com/BryanHogan/astro-starter-template

Astro is a framework that uses no JavaScript by default. I also use just HTML and CSS, so no bloated additional frameworks or styling libraries.

All blog content is written as Markdown or .mdx files, so it's easy to write and move to any other tool if you wish to do so.

You can host it for free using any major provider since it's just a static website (e.g., GitHub Pages, Cloudflare, etc.).

Making it similar to my own website which is on: https://bryanhogan.com/

(Repo: https://github.com/BryanHogan/bryanhogan )


Self-plug here.

I built a comment js plugin which hosts all data inside a git repo. https://github.com/est/req4cmt (as long as your git service accept http)

It runs a Cloudflare Worker for free. The data backup/migration is basically git clone & push

There's another twitter-replacement, also based on git. https://github.com/est/gitweets

Demo https://f.est.im/ it supports comments via git notes :D

$0.01/day ? They are all completely free thanks to Cloudflare Workers / Github Pages.


Just a call out for sdf.org.

Perhaps useful for those training developers mentioned in some posts here who need the TIL experience with unix based systems. Free shell account on a netbsd unix, and I recollect that a small one-off donation provides access to Web space and other enhancements. Choose the login name wisely as that becomes the subdomain for the Web space.


Personal, but I’d rather learn and own a process.

1. Learn how you can get HTML generated from a human-readable and writer-friendly format, say, Markdown (plain-text). This can be Pandoc, a macOS/Win wrapper desktop UI over Pandoc, and many other tools that do this.

2. Learn the process (and the tools) to upload, or sync to a service that hosts the HTML (CSS+JS).

3. Learn the simple steps of owning of a domain, and updating the DNS to point to the right services, such as Github Pages, CloudFlare Pages, etc.

As you are not dependent on a particular tool/service/platform/company, you can walk out and host your files (the website content) elsewhere.

The post-processing of the raw (Markdown) articles/posts to HTML can be then automated with Static Site Generator if someone is willing to learn a little more on top of the above steps.

Of course, it is a fun and good thing to know HTML but that should be optional to the target of “Run your own website 100% independently.” With Github and Cloudfalre, you can hve it for $0 monthly. If they go kaput or stops free, someone will come up - walk out and walk in elsewhere.


From the article:

> When your posts are individual HTML files (not Markdown files or database entries), they can finally be seen as the individual web pages that they truly are. And that means that you can really lean into making all of your posts unique! They don’t all have to be cookie-cutter paper-doll clones of one another; that’s just a bi-product of modern web publishing tools and the cultural influence that they have on our concept of a “blog”. You can now go ahead and make every blog post as special and individual as you’d like. Each post can have its own personality, baked right into its HTML. Individual style, individual appearance, even individual layout. Literally everything is possible with this approach.


I have to push against this slightly.

HTML is human-readable and writer friendly. Humans - not even all of them CS students - were reading HTML,JS and CSS on websites and writing it all by hand in text editors for years before the "proper tooling" came along. It really isn't that difficult, especially if you're just dealing with simple websites, doubly so if you're on HN, you probably work with more complex languages on a regular basis.

If you really want to "learn and own a process" and be "100% independent" you should at least be able to understand and work with web languages natively.

Static site generators are nice (I use Nikola) and tools make things easier but but it's still dependency on third party tools if you don't understand or can't otherwise work with the output.


I’ve been using xmit.co for my static websites and it works fantastic (also free but I donate to the author yearly).

Recently, I had to make a website for an event, so domain was needed, but what's cool with that is that the domain provider (Infomaniak, with which I am not affiliated btw), also provided 10 MB of storage which is large enough for a lot of things. So for something like 5€ per year (still more than 1c per day...), you can get the domain and the website, which is not too bad

I come at it from a slightly different angle.

I write technical blog posts with visualizations and live demos. That usually means embedding a bit of custom javascript in the page for the demo. Or shipping custom wasm to enable extreme semantic model compression.

I do this by pushing content from my machine to github pages which is wired up to my subdomain.

If github pages stops being a good, free option for this, I will find another. Not sure I would call this "hardcore" really.


It is nice to see a site preaching this that isn't hosted by Cloudflare or GitHub Pages

Github Pages is free hosting with domains and ssl, no bills, and has good longevity and prospects. I don't want to worry or think about a static site, and big players like Github and Cloudflare seem to fit that best.

What’s your preference?

I also “preach” GitHub pages a lot but I’ve also written about hosting on a Raspberry Pi in my bedroom.

https://joeldare.com/private-analytics-and-my-raspberry-pi-4...


Literally anything that isn't big tech.

Small tech is fine. Self hosting is fine. VPSes are fine (don't use "clouds").


I appreciate Cloudflare for keeping all the piracy sites running, though.

Or even Vercel/Netlify

this would work if we had free DNS. solving DNS to be trully decentralized and free is something for years I wish I had more time to work on and build

key properties:

1. everyone can be a registar. your localhost too

2. blockchain proof of ownership and discovery (certs, not proof-of-work, fast and cheap ledger)

3. everyone can be a CA (self-signed certs pinned in blockchain)

4. no fixation on static IPs (inspired by Cloudflare Tunnels, Tailscale). IPs are ephemeral.

5. blockchain/P2P discovery of domains

but it is all fantasy without real browsers support (Chrome, Safari). 99.999% of traffic is locked there, and both controlled by monopolies Google / Apple. and you cannot even build your own browser (Apple App Store will not allow it). Maybe alternative stores and some proxies / translation layer from normal web to this web would help.


Zooko's Triangle says you can't build a name resolution system that's secure, human readable, and decentralised.

DNS is secure (in Zooko's terms - means you can be certain a domain only has one correct resolution) and human readable.

.onion is secure and decentralised.

Petnames (as in I2P) or /etc/hosts are human readable and decentralised.

Also any centralised secure system will quickly have all the names squatted if they are free. It's bad enough at current prices. For instance every dictionary word under .com is already taken. If they cost nothing it would be every pronounceable sequence of up to 12 letters.

Nothing is actually stopping you running "weird DNS" on your home network if you implement the DNS protocol towards clients. I suggest you get familiar with the program Unbound. It's very common for networks to use alternative DNS if only to address the devices on the network.


You can’t build your own engine outside of the EU, but you can still build on top of the existing Safari engine. What you’re describing is technically possible.

However, why would a company build something just for a handful of people?


I guess if you are Epic games, and you do not want to be blocked or controlled by App Stores, or pay 30% paycut. maybe you would build and support independent (from google/apple monopoly) interenet stack.

or if you are EU/China and do not want google DNS and networkign layer owning entire EU/China

in all cases they would still want centralized control by each state/company.

how to align incentives of someone who can actually pull this off and still keep it decentralized is a big question.


so the only way to make this happen is independent SWEs build their own browser. AND significant portion of users will start use it exclusively AND it survives and crashes competition from OS controlled browsers (Chrome/Safari) AND OS does not block/remove them from OS controlled app stores (which they can and regularly do, just look at "Hey" or "Brave").

you got to go full own hardware stack. now only China can reallistically pull this off.

China has own hardward stack. (actually entirety of all hardware stacks. it is all build there). China has own playstores or higly regulated versions of Apple/Google play stores.

China has mini-apps ecosystem which is more resilient to App Store whims.

and pretty much China is only place that can reallistically negotiate and push back to Google/Apple.

nobody else can stand a chance.

so free web is only possible in China pretty much. and future of free web is there.


if it was up to corporate monopolies (MSFT, Google, Apple) they would shut down whole web and remove other browsers from OS they control, and be gatekeepers of entire internet unless govenrment threaten them break them up or block them.. oh wait.

exactly.

The cost doesn't really matter as much as the payment methods, especially at that price point.

Payment methods are inherently discriminatory.


> The methodology

No. That's the method.


I don't get it. I've been doing this for over 20 years exactly the same way. I even ran a business. The server I rent is $2/month. I read nothing new in anything in that article.

I don't get it.


I see a lot of young software engineers who don’t realize how much you can do on your own and how simple it is.

You are clearly not the target audience. Perhaps you can recognize that other more recent internet frequenters might appreciate the knowledge.

To me this "knowledge" seems to be a crutch. Real knowledge would show how to do it on their own as thousands of us have done for decades and still do today.

Very cool! I run a set of ssh-based services over at https://pico.sh and love seeing all the indie web content on HN!

Sftp is still very useful even in 2026


This article is a great example for anyone in their 50’s who is worried about not having relevant skills anymore.

Although calling it hardcore makes it sound like porn. Too bad they had to add that term for something painfully not hardcore.


I created Neat CSS for some Hardcore IndieWeb users (though I’ve never used that name before now).

https://neat.joeldare.com

You’ll also find a free email course where I walk you through how I create a site using it. Link on that page.


OK, if the reason to do this is to learn how HTML and web serving work, splurge and get a VPS. You’ll learn so much more.

Azure has a free tier that is fairly generous.

Also the Always Free Oracle Cloud tier is pretty generous. You can spin up a VM or two with it.

I opened this up thinking the same thing using NFS, and lo and behold that's what the author used.

I self host my site [1] on an old Mac mini in a Swift backend and sqlite database. Only thing I rely upon someone for is Cloudflare tunnels for free. I could replace that with port forwarding but so far, this way is pretty good.

[1] https://limereader.com/


Yup, I have a similar setup where I use a Wireguard VPN to tunnel traffic to a tiny public facing Caddy server, which proxies the traffic to the server under my own roof. No Cloudflare!

I have something similar. I use Cloudflare tunnels too but also their CDN which is free (for now).

That's the only thing I haven't really been able to figure out how to do on my own. Back in the day, hosting a static site from my crappy DSL connection was basically no problem and most people who were accessing my site were probably in my timezone. Now with how big the web is and how many bots there are, I worry about the quality of self hosting without a CDN.


Cloudflare tunnels are pretty cool. Do you segregate your server from your home domain too? Little weird having cloudflared on my home network. It make things a little more annoying but I haven’t bothered to fix it since I dev on the same production server.

My server is a different computer which only does this. It's not on my personal computer.

> Cloudflare tunnels for free. I could replace that with port forwarding

You could replace it with something better, like pangolin, either their cloud or even self host it too, and that way you can tunnel to other stuff like if you have a media server where you can watch your movies from anywhere in the world.


Yeah I find it a bit funny when people self host to get away from cloud and then use Cloudflare tunnels.

CF tunnels will ban your account if you used it to watch a movie due to DMCA/copyrights.

Is this really true? "A friend of mine" has been running a Jellyfin server behind Cloudflare tunnels for years and hasn't had any issue.

I would guess they only take action when they get a DMCA complaint and that wouldn't happen if you only share privately with friends.

same here, except a 5 yrs old raspberry pi hanging off a power adapter on the floor.

Well this is great, even going further and hosting the site itself and serve it instead of webhosts, but, now we have domains issue, a domain registrar hijacking your domain, which is your life work, email, etc., so there’s a need to have a free tld that’s uncontrollable by any entity, .onion isn’t practical obviously.

There's no such thing as a TLD that's uncontrollable by any entity. How would you imagine such a thing working? Whatever you imagine: how does it stand up to me editing the hosts file, or the browser's source code?

>There's no such thing as a TLD that's uncontrollable by any entity.

Think .crypto but without the ability to upgrade the smart contract to censor domains. The registry is spread out across a whole decentralized network of computers of which has another decentralized network of computers that proxy requests exists.

>how does it stand up to me editing the hosts file, or the browser's source code?

No one can force you to resolve domains YOU don't want to. You can of course blow up your computer and then you definitely can't resolve the domain. What people mean is that the user is free to still resolve it if they want.


> The registry is spread out across a whole decentralized network of computers of which has another decentralized network of computers that proxy requests exists.

Ultimately, someone has to be in control of who is or is not part of that decentralized network that is the registry. (Or, alternatively phrased, how are you preventing me from saying "I'm part of the .crypto registry, totes.")

Aside from that, the root nameservers is still an entity that is controlled (by ICANN, specifically).


>Ultimately, someone has to be in control of who is or is not part of that decentralized network

Ethereum is an unpermissioned network. Anyone is free to join or leave at anytime.

>how are you preventing me from saying "I'm part of the .crypto registry, totes.")

The registry would be a smart contract. There doesn't fundamentally need to be an owner.

>how are you preventing me from saying "I'm part of the .crypto registry, totes.")

Name resolving doesn't have to be done by ICANN's domain name system. You can have alternates that do not depend on centralized servers.


you still need domain and static IP with this setup. and volumetric DDoS protection, ASN IP blocklists, and CDN — is not even mentioned here.

just use Cloudflare. get all this for free (except domain).


I'm just paying for the domain...

Old guy here, wild that people don't know this.

Like, I have fiber and a static IP. Never much thought about hosting a website from my house because it didn't seem all that special. Maybe I should?


Kind of similar to "tiiny.host" minus the custom domain and with a few file restrictions for the free tier but very similar.

It's good advice, but one need not even include the "upload it to a web server" these days now that home connections are so fast. Install some static webserver on your desktop computer (nginx, caddy, whatever), forward the port 80 at your router to it's lanip:80, and just save .html and files to the web directory using your normal desktop interface. It doesn't matter if you shut off the computer sometimes. Uptime doesn't matter. Optionally file transfer (rsync, etc) this local copy to a VPS or something like the author suggests.

Indieweb receiving of webmention only requires the ability to log HTTP POSTs to some url endpoint. Or you can use one of third party services servers to receive that interact with your website via with 3rd party javascript applications you include on your webpage. Sending webmention can be done with cURL, even HTML forms, or again, 3rd party JS includes.


However, it'll also bring all the bots and "wild west" of the internet to your house when you run your web server from home, and for anyone who has a couple of spare dollars, it's a much wiser choice to run a small VPS elsewhere to weather the storm.

[Internet facing router with up to date firmware] --> HTTPS --> [separate VLAN DMZ] --> [my hardcore IndieWeb VM/k8s/bare-metal whatever] --> [x No outbound access / paranoid local firewall inside the VM x]

[My home computer] --> SSH --> [my hardcore IndieWeb local cloud]

That's about it. Safe enough.


shrug

In 25 years of hosting a dozen domain names on a server on my home connection, this problem has not surfaced for me.


In 20 years of managing server fleets, I always had the pleasure of watching bots taking a dig at my server(s) the moment I give their public IPs and enable their interfaces.

For someone who knows what they are doing, it's more like mosquito noise, a mere nuisance, but even then, using a rock solid system with all updates installed carries the risk of having a zero-day.

If your server is networked to the rest of the house, and if somebody manages to get in, then it's all fun(!).


One time has to be the first and when you get hacked they're instantly inside your network unless you were smart enough to set up a DMZ or something.

Especially if you host something like wordpress with plugins you really have to be on the ball with updates.


For 20 years this was not really an issue. From 2010 to 2020 there wasn't a single nginx cve that applied to my simple static setup. There were literally only a handful of remote CVE at all. With the advent of LLM AI exploit finding there have been 2 CVE this year that I had to look in to. Neither actually applied to me, but it is a different world out there.

That said, the practice of running a modern corporate web browser that auto-executes all programs sent to it from arbitrary unknown third parties is a way, way, way bigger and more common and likely attack surface than a simple static webserver serving files in directories.


Ok fair enough yes a static site is really low risk. Usually it's more involved than that though.

Yep, same here. fail2ban and some http 444 helps out.

You need a static IP address for this to work is the downside, and depending on where you live and who your provider it it can be difficult and/or expensive.

You can programmatically update DNS whenever your dynamic IP changes. One issue though is that some residential ISPs prohibit webhosting in their terms.

you can go ipv6 only, any good isp will give you a static /56 for free. practically none of your users have ipv4 only devices when every major os has been dual stack by default for like 15 years. if your isp cant give you one its time to switch as soon as you can.

Ehh my ISP at home is still ipv4 only. The amount of ipv6 capable connections only just passed 50% worldwide a few months ago.

I don't think ipv6 only is feasible yet unless your audience is exclusively in Asia where ipv6 uptake is much higher due to them running out of ipv4 years ago


My ISP is only ipv4. It doesn't matter if an OS technically support ipv6 or not.

now the real fun part is how to self-host it on a machine accessible on the net without services like cloudflare or tailscale tunnels.

Fixed IP would be a way to go. Some people pick dynamic dns server so they can periodically update if their IP changes. But IMO it's just too complicated. I don't think there's a good way to go around ISP restrictions, especially in USA.

I host my site on my own home server, but I do have a proxy ec2 server to tunnel public traffic via wireguard back to my home server. This keeps things a bit more protected and my router/home network not directly exposed. I'm also not locked into AWS, I just use them for convenience, but could get any other cheap proxy to run wireguard. No dependency on tailscale either, it's just nicer interface to wireguard. Wireguard config is like 5 lines btw.


It used to be as simple as getting a fixed IP but these days that is indeed a lot harder to get.

You can do it over TOR.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: