New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
1 CPU, 2GB, 20GB SSD with unlimited transfer.
No how-to, but it's a 5 minute install just following the documentation on the website.
Hosting all of our companies data.
Hosting company data? On a LowEndVPS?
You, Sir, have a pair of gigantic balls.
one for Gotify + BitWarden(VaultWarden)
another for AnonAddy
2 others for Reddit bots.
another for some control panels
another for a small website.
I have 3 for idling atm until I finish working on things to put on them.
I used to have a lot more VPS, a lot of the stuff is now hosted on my home servers (either at my place or my parents')
4x Oracle Cloud
1 for Cloudron with Vaultwarden and not sure what the second app will be
1 for Netmaker relay server
1 for Nebula lighthouse
1 with Yacht with nothing on it yet
1x Google Cloud which will most likely be used as a ssh jump host.
2x 2TB from HostHatch for backups
1x UltraVPS promo which will be cancelled soon, it hosts my first Yunohost instance I set up when I got into selfhosting
1x gullo $1 NAT in NY as a relay for Nebula
1x WebHorizon NAT in NY as a backup for gullo's.
1x VirMach that I'm not sure what I'm gonna use it for.
Mailcow
Seatable
Adguard
Bastion host
Wireguard
Smokeping
Trying out new apps on r/selfhosted
What do you use for BastionHost?
Hosthatch SG server that I got during sale with 8GB ram, setup nginx gateway adn tailscale connecting all my other VPS-es with modsecurity. so any communication from public net happens via private tailscale IP and have restricted only to cloudflare IPs.
Edit: I use this host to SSH into any other host as well.. all my other VPS-es allow SSH traffic only from this particular IP and one other I use as backup in case HH goes down.
Forgot to mention , Matrix server and Filerun
This thread is awesome, now i have purpose with my idle vps.
You mean your nginx? I run a setup like this, but with tailscale only. I will probably replace it with Netmaker soon.
I actually run a SWAG container with some python script to disable default docker firewall behavior. So only cloudflare IPs are allowed in SWAG and UFW.. what's the difference in using Tailscale vs Netmaker?
Netmaker is fully open source and uses kernel Wireguard, which is faster and more performant. It also doesn't require a Google, Microsoft or GitHub account.
I'm still on the process of setting it up and I will see how it goes. Nebula is another option for it, but not based on Wireguard.
What script are you using to avoid docker messing with your firewall? Right now I'm using this: https://github.com/chaifeng/ufw-docker
Using this
some providers provide large bandwidth. how to spend it?
Nice setup.
So basically everything goes CF -> HH SG --tailscale--> VPS where the app is hosted?
Doesn't adding that many hops add some latency? Do you do some heavy caching on the HH VPS?
There are two used as proxies, one for my website, and some MQTT servers for my IOT toys, most of which are idle.
I don't think you should plan to scan 103.143.76.160, it's my honeypot.
If you scan it, you will not be able to access my other servers.
I plan in a way that critical apps are within the same region keeping low latency, anything non-critical will have some latency and I'm fine with it.
YABS then idle for 364 days.
Ok thanks. But everything goes through your SG nginx? Do you have a failover in case @hosthatch 's node goes down?
how to be sure cpu, i/o and network isnt being stolen in next 364 days?
Oh, size doesn't matter, but material does. "What is the floor in your office made of, so that the weight of your balls doesn't crush it?"
Vpn mostly. My isp has some shit route to certain HE routers in US west so I have to set up always on split tunnel to get around this.
Idling. I use VPS for idling like champs.
Yeah have one reserved instance from AWS just in case things go bad.
@Galeej interesting setup!
This is an awesome project, I usually have no issues with ufw-docker itself as my IPs never change, but this seems an easier approach and it's easier to understand, usually my containers only receive traffic, so that's nice. I appreciate.
You're saying none of the providers here are good enough to host a live site?
I don't believe I mentioned a 'live site'. Neither did the post I replied to.
The post I replied to mentioned 'all our companies data'. That could be interpreted in many ways, but took it to mean financial records, HR information, possibly personal data. I personally would not host that on a LowEndVPS.
There is plenty of stuff you can put on a LET provider. Things like financial information probably not.