Self Host Everything

adam112.com // self-hosting // privacy // open web culture

A tech nerd field guide for owning your digital home base, replacing rented platforms where practical, reducing surveillance exposure, and following the POSSE model: publish on your own site first, then syndicate elsewhere.

Open Web POSSE Linux Docker Backups Privacy Digital Sovereignty Privacy Decentralized Web Surveillance Resistance

$ whoami

You are not required to live inside somebody else's app. You can own the domain, own the archive, control the publishing point, and still use the big platforms as distribution pipes.

$ doctrine

Website first. Feeds second. Platforms last.

POSSE Philosophy

Publish on your own site

Your domain is the canonical source. Blog posts, notes, essays, media pages, photos, and project updates should live somewhere you control.

IndieWeb POSSE

Syndicate elsewhere

Post outward to Mastodon, Bluesky, Threads, Facebook, LinkedIn, YouTube, newsletters, or wherever your people are. The copy points home.

Start IndieWeb

Preserve the archive

Platforms die, change rules, break links, bury posts, and lock accounts. Your site should be the durable record.

Why IndieWeb

Operating rule

Do not build your identity on rented land. Use rented land for reach, not ownership.

Start Here

Beginner route: managed self-hosting

Best for people who want control without becoming a full-time sysadmin.

YunoHost: install and manage common self-hosted apps with a web admin panel.
Cloudron: polished app platform for self-hosted services.
Umbrel: home server OS with a consumer-friendly app store.
Cosmos: self-hosted home cloud and reverse proxy platform.

Power user route: Linux plus containers

Best for people comfortable with SSH, DNS, reverse proxies, and backups.

Docker Compose for repeatable app stacks.
Portainer for web-based container management.
Nginx Proxy Manager for easy reverse proxy and SSL.
Caddy for automatic HTTPS and simple web serving.

# basic pattern
mkdir -p ~/selfhost/apps
cd ~/selfhost/apps

# each service gets its own folder
mkdir nextcloud vaultwarden gitea ghost uptime-kuma

# keep your compose files versioned
git init
git add .
git commit -m "initial self-hosting stack"

Open Source Alternatives

Category	Instead of	Self-hosted options	Notes
Cloud files	Google Drive, Dropbox, OneDrive	Nextcloud, ownCloud, Seafile	Start here if you want the biggest practical win.
Passwords	LastPass, 1Password	Vaultwarden, Bitwarden self-hosted	Use strong backups and 2FA. Password vaults are high-value targets.
Photos	Google Photos, iCloud Photos	Immich, PhotoPrism	Immich is excellent, but watch release notes and backup the library.
Notes	Evernote, Notion	Joplin, Outline, SilverBullet	Markdown-first systems age better than proprietary databases.
RSS	Algorithmic feeds	FreshRSS, Miniflux	RSS is how you take the internet back from engagement slop.
Video	YouTube dependency	PeerTube, Jellyfin	Use YouTube for reach, but keep your own library and embeds.
Bookmarks	Pocket, browser lock-in	Linkding, Linkding GitHub, Shiori	Good bookmarks become a personal intelligence archive.
Git	GitHub-only workflow	Gitea, Forgejo, GitLab self-managed	Mirror public repos outward. Keep canonical repos under your control.
Analytics	Google Analytics	Plausible, Matomo, Umami	Privacy-respecting analytics are usually enough.
Search	Algolia, commercial search	Meilisearch, Typesense	Useful for personal archives, docs, and project hubs.
Forms	Typeform, Google Forms	Formbricks, OhMyForm	Great for intake forms, surveys, and small org workflows.
Status	Statuspage	Uptime Kuma, Cachet	Monitor your sites, services, DNS, and certificates.

Suggested Stack

1. Domain and DNS Buy a domain you control. Use DNS intentionally. Keep registrar, DNS, and hosting credentials secure.

2. Personal website Static site, WordPress, Ghost, Kirby, Eleventy, Hugo, Astro, or plain HTML. The exact engine matters less than owning the canonical URL.

3. Feed layer Publish RSS and Atom. Add JSON Feed if you want. Make it easy for people to follow without an algorithm.

4. Syndication layer Share canonical links to Mastodon, Bluesky, LinkedIn, YouTube, Facebook, newsletters, and wherever else your audience lives.

5. Home lab or VPS Use a VPS for public services. Use a home server for private services. Do not expose random dashboards to the open internet.

6. Backups and recovery Back up volumes, databases, config files, secrets, and media. Test restores. Untested backups are folklore.

Security Baseline

Do not expose everything

Put admin panels behind VPN, Tailscale, WireGuard, or private access. Public internet exposure should be deliberate.

Tailscale Docs

Patch the stack

Track updates for the OS, containers, apps, reverse proxy, and dependencies. Convenience without patching becomes liability.

Docker Docs

Backup like it matters

Use 3 copies, 2 media types, and 1 offsite copy. Include database dumps, config files, and encryption keys.

Restic

Hard truth

Self-hosting does not magically make you private or secure. It gives you control, and control means you inherit the maintenance burden.

Privacy Doctrine

The retreat

The modern internet trains people to trade identity, attention, location, contacts, habits, and speech patterns for convenience. The answer is not paranoia. The answer is disciplined retreat: fewer surveillance platforms, more personal infrastructure, more open protocols, more local copies, more encryption, and a stronger canonical home on the open web.

Reduce collection

Use fewer accounts, fewer apps, fewer browser extensions, and fewer default cloud sync services. Every account is another data exhaust pipe.

Encrypt what matters

Use end-to-end encrypted tools where possible. Keep recovery codes offline. Protect devices first because endpoint compromise beats encryption.

Decentralize identity

Use your domain, your site, your feed, and your contact page as the durable identity layer. Social profiles should orbit the site, not replace it.

06A

Privacy Replacement Chart

Use Case	Mainstream Default	Privacy Focused Move	Self-Hosted or Open Option
Email	Gmail, Outlook, Yahoo	Proton Mail, Tuta, Mailbox.org	Self-hosting email is possible, but deliverability is a grind. Use Proton or similar unless you want that fight.
Calendar	Google Calendar, Outlook Calendar	Proton Calendar, Tuta Calendar	Radicale, Baikal, Nextcloud Calendar
Search	Google Search, Bing	DuckDuckGo, Startpage, Brave Search	SearXNG
Browser	Chrome, Edge	Firefox, Brave, LibreWolf	Hardened Firefox profiles, uBlock Origin, strict permissions, separate browser profiles by role.
Messaging	SMS, Facebook Messenger, Instagram DMs	Signal, SimpleX, Briar	Matrix via Synapse, Dendrite, or hosted instances.
Maps	Google Maps, Apple Maps	Organic Maps, OsmAnd	OpenStreetMap data and self-hosted tiles if you are serious.
Docs	Google Docs, Microsoft 365	CryptPad, ONLYOFFICE, Collabora	Nextcloud Office, self-hosted CryptPad, or local-first Markdown.
Video calls	Zoom, Google Meet, Teams	Jitsi Meet, Element Call	Self-host Jitsi only if you understand bandwidth and server load.
Mobile apps	Google Play only	F-Droid, direct APKs from trusted projects	Use fewer apps. Prefer web apps when they meet the need.
Operating system	Windows, stock Android	Linux Mint, Ubuntu, GrapheneOS	Pick the privacy jump you will actually maintain. Perfect is not the entry requirement.

06B

prism-break style escape map

migration logic

PRISM Break is useful because it thinks in categories: operating systems, browsers, email, messaging, search, maps, cloud storage, media, social networks, and server infrastructure. The point is not to replace everything overnight. The point is to identify the surveillance defaults in your life and move the highest-risk categories first.

Area	Surveillance default	Better direction	Notes for adam112.com readers
Operating system	Windows telemetry, locked mobile ecosystems	Debian, Fedora, FreeBSD, OpenBSD, GrapheneOS	Linux on desktop, GrapheneOS on Pixel, BSD if you know what you are getting into.
Home server	Everything in someone else’s cloud	FreedomBox, YunoHost, Proxmox, TrueNAS	Use a VPS for public pages. Use a home box for private services. Do not expose admin panels casually.
Web browser	Chrome as identity and tracking hub	Firefox, LibreWolf, Tor Browser, Brave	Separate browser profiles by mission: banking, admin, personal, research, and throwaway browsing.
Browser extensions	Adtech, scripts, invisible trackers	uBlock Origin, Privacy Badger, NoScript, ClearURLs	Do not install 40 extensions. Extensions can also spy. Use a small, trusted set.
Email	Gmail as archive, identity provider, and advertising profile	Proton Mail, Tuta, Mailbox.org, Fastmail	Use your own domain so your address survives provider changes. Self-hosting email is usually not worth it.
Aliases	One email address everywhere	SimpleLogin, addy.io, DuckDuckGo Email Protection	Aliases are one of the highest-value privacy upgrades. Use one per service.
Messaging	SMS, Meta DMs, platform inboxes	Signal, SimpleX, Matrix, Briar	SMS is for codes and logistics, not private conversations. Prefer Signal for normal humans.
Search	Google as default knowledge gateway	DuckDuckGo, Startpage, Brave Search, SearXNG	Search engines shape your worldview. Keep more than one in rotation.
Maps	Location history as a corporate dossier	OpenStreetMap, Organic Maps, OsmAnd	Offline maps are underrated. Download your region before you need it.
Cloud storage	Google Drive, OneDrive, Dropbox	Nextcloud, Seafile, Syncthing, Cryptomator	Syncthing is excellent for device-to-device sync. Cryptomator helps when you must use commercial cloud.
Documents	Google Docs, Microsoft 365	LibreOffice, CryptPad, ONLYOFFICE, Collabora Online	For personal knowledge, boring local files and Markdown are often better than giant web apps.
Social media	Algorithmic identity farms	Mastodon, Pixelfed, PeerTube, Friendica	Use social platforms as outposts. Keep your canonical posts on your own site.
Video	YouTube as sole archive	PeerTube, Odysee, Jellyfin	Use YouTube for reach if needed, but keep originals, transcripts, thumbnails, and descriptions locally.
RSS and reading	Algorithmic feed dependency	FreshRSS, Miniflux, Newsboat	RSS is still the backbone of a sane internet. Bring back deliberate reading.
Payments and shopping	Full card exposure everywhere	Privacy.com, bank virtual cards, aliases, compartmentalized accounts	Use virtual cards and email aliases together. Compartmentalization beats cleanup.
Analytics	Google Analytics everywhere	Plausible, Umami, Matomo	Collect less. Most sites do not need creepy analytics to be useful.

06C

privacy directory shelf

PRISM Break

A classic directory built around replacing proprietary, surveillance-friendly services with free software and privacy-respecting alternatives.

open chart

Awesome Privacy

A large curated list of privacy-respecting services and tools, useful when you need more options than one chart can hold.

browse list

switching.software

Plain-language alternatives to common commercial software, especially useful for people trying to escape major tech ecosystems one app at a time.

find swaps

Privacy Guides

More conservative, security-minded recommendations with attention to threat modeling, realistic use, and project maturity.

read guides

PrivacyTools.io

A long-running privacy tools directory that grew from the post-Snowden privacy movement and still tracks encrypted software options.

open tools

Ethical.net

A broader ethical technology directory covering alternatives, digital rights, and healthier technology choices beyond strict security tools.

open resources

06D

30-day privacy retreat

days 1-3: map the exposure List your main accounts, email addresses, phone numbers, cloud services, social profiles, devices, and payment methods.

days 4-7: secure the keys Move to a password manager, replace reused passwords, enable 2FA, save recovery codes offline, and audit account recovery emails.

week 2: leave the worst defaults Change browser, search engine, email aliases, messaging habits, DNS, and basic device privacy settings.

week 3: reclaim the archive Export photos, videos, posts, bookmarks, docs, contacts, and calendars. Store local copies and back them up.

week 4: build the outpost Publish a personal domain, RSS feed, contact page, links page, and POSSE workflow. Social accounts become distribution, not home.

06E

Proton Migration Path

1. Start with mail

Move important personal mail to Proton Mail. Use your own domain if possible so you can leave later without changing your address everywhere.

Proton Mail

2. Add aliases

Use aliases for shopping, newsletters, public contact, and logins. Kill compromised aliases instead of replacing your whole identity.

SimpleLogin

3. Move selectively

Calendar, Drive, VPN, and Pass can follow, but do not blindly replace everything at once. Migrate by risk and frequency of use.

Proton Suite

Email reality check

Proton Mail is a strong privacy upgrade from surveillance-funded email, but email as a protocol still leaks metadata. For sensitive conversations, prefer Signal or another purpose-built encrypted messenger.

06F

Privacy Educators Worth Following

Naomi Brockwell TV

Practical privacy, security, data broker exposure, phone settings, online tracking, and surveillance education without requiring a PhD to follow it.

Watch NBTV

All Things Secured

Useful, accessible security and privacy tutorials for normal people who want better habits without becoming full-time security engineers.

Watch Channel

Techlore

Privacy tool comparisons, threat modeling, browser guidance, VPN skepticism, and realistic privacy education for different experience levels.

Watch Techlore

06G

Threat Model Before Tool Worship

Ask better questions

Who are you trying to protect yourself from?
What data matters most?
What accounts would hurt if lost?
What devices do you actually control?
What habits are leaking more than your tools?

Recommended order of operations

Password manager and unique passwords.
2FA using authenticator or hardware keys.
Private email and aliases.
Browser hardening and tracker blocking.
Encrypted messaging for real conversations.
Domain-owned personal site as canonical identity.

live news wire

news wire

Live headlines on online privacy, cybersecurity, self-hosting, data security, and the decentralized web. The feed uses Google News RSS searches through rss2json so headlines render directly on this page.

~/news/privacy-security-wire

loading privacy headlines...

direct Google News RSS

direct privacy feeds

direct security feeds

Resource Library

Directories

IndieWeb and POSSE

Server tutorials

Home lab

Privacy and identity

Communities

Migration Doctrine

What to self-host first

Static personal website
RSS reader
Bookmarks
Uptime monitor
File sync only after backups are solid
Password vault only after you understand restore procedures

What not to rush

Email, unless you enjoy deliverability pain
Anything with irreplaceable data and no backup plan
Public dashboards
Experimental apps exposed to the internet
Services that affect family members before you can support them

Manifesto

The point

Self-hosting is not about pretending every SaaS product is evil or that every person needs a server rack in the closet. It is about refusing to let your digital life be entirely mediated by companies that can throttle, delete, censor, enshittify, surveil, algorithmically distort, or monetize your work without your consent.

Own your name

A domain is the minimum viable unit of digital sovereignty.

Own your archive

Your writing, media, links, and notes should survive platform churn.

Use platforms tactically

Social networks are distribution. They are not home.