Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
odie5533 2 days ago

Backups, OS upgrades, version upgrades, firewall management, DDoS management. I just find self-hosting to be excessive to do right.

n4bz0r 2 days ago | parent | next [-]

The concerns are valid, but I'd like to point out that managing all that isn't as frightening as it sounds.

If you do small scale (we're talking self-hosted git here after all), all these are either non-issue or a one-time issue.

Figuring out backups and firewall is the latter. Once figured out, you don't worry about that at all. Figuring these out isn't rocket science either.

As for the former. For minimum maintenance, I often run services in docker containers - one service (as in compose stack) per Debian VM. This makes OS upgrades very stable and, given docker is the only "3rd-party" package, they are very unlikely to break the system. That allows to set unattended-upgrades to upgrade everything.

With this approach most of the maintenance comes from managing containers' versions. It's a good practice to use fixed containers' versions which does mean there is some labor involved when it comes to upgrading them, but you don't always have to stick to the exact version. Many containers have tags for major versions and these are fairly safe to rely on for automatic upgrades. The manual part of the upgrades when a new major release comes out can be a really rare occasion.

If your services' containers don't do such versioning (GitLab and YouTrack are the examples of that), then you aren't as lucky, but bumping a version every few months or so shouldn't be too laborsome either.

Now, if DDoS is a concern, there is probably already the staff in place to deal with that. DDoS is mostly for popular public services to worry about, not for a private Gitea instance. Such pranks are costly to randomly poke around and require some actual incentive.

But why keep a private instance out in the open anyway? Put it behind a VPN and then you don't really have to account for security and upgrades as much.

supriyo-biswas 2 days ago | parent [-]

For the GP's DDOS concern, you could just expose the service through a Cloudflare tunnel or something.

chasd00 2 days ago | parent | prev | next [-]

tinkering with services and networks and the whole self-hosting concept is pretty fun for many people.

pheggs 2 days ago | parent | prev [-]

its not that hard though, and to be honest I trust myself more than a large org like microsoft to get that right