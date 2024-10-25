Key Takeaways Network-wide firewalls like OPNsense and pfSense are useful but can cause Internet outages when the host machine goes offline.

Using a password manager like Vaultwarden or Bitwarden is crucial, but uptime can be an issue.

Hosting a website or email server at home can be complex and risky, but they're valuable learning projects.

If you’re into home labs, few things are as satisfying as discovering new self-hosted apps to your repertoire of FOSS services. Since most of the essential self-hosted tools support Docker containers, it’s possible to spin them up without too many complications.

That said, there are a couple of services that even hardened veterans caution against running on your home lab. Don’t get me wrong, there are plenty of perks to running these services. But it’s just that they’re afflicted with some issues that make it a little hard to recommend them to anyone who’s not a hardcore DIY enthusiast.

4 Network-wide firewalls

Ultra-helpful, except when they bring your Internet down

Armed with a battalion of settings and toggles, OPNsense and pfSense are perfect when you wish to enforce hardened security rules across all the devices in your home network. Heck, you can even create a VPN with these tools to securely access your local server from unsecured networks.

Unfortunately, network-wide firewalls have a major Achilles Heel. Every time your home lab goes down, you won’t be able to access the Internet until the container or virtual machine running pfSense/OPNsense starts running. Thankfully, a quick solution to the availability conundrum is to create a high-availability cluster comprising three nodes, as this would ensure your Internet and other services remain operational in case of hardware failure or other mishaps.

3 Password manager

You don’t want to get marooned without access to your passkeys

Setting different passwords for your accounts can help lower the threat of security breaches, though you might encounter some trouble recalling them without the aid of a password manager. If you’re worried about the privacy of your passkey manager, you can check out the self-hosted versions of Vaultwarden and Bitwarden.

Unfortunately, password management servers bear the same curse as self-hosted firewalls. When your home lab goes offline, it’ll be impossible to access your saved passwords. So, if you want a more robust means to manage your credentials, you’d need to deploy at least three instances of your Vaultwarden/Bitwarden machine on separate devices to ensure 100% uptime.

2 Website exposed to the Internet

Far too many security issues

Whether you’re a novice web developer attempting to get some hands-on experience or an experienced veteran looking for a fun project, building a LAMP or a Flask web server can serve as a solid workout for your coding muscles. While there’s no harm in accessing it over a LAN connection, exposing your self-hosted website on the Internet is rife with security issues. That’s because once it’s out there on the Internet, your website is vulnerable to all sorts of human and bot-based attacks.

Sure, there are plenty of ways to safeguard your precious home server. But it’s nearly impossible to completely isolate your host machine from the website, even after disabling unnecessary ports and routing the traffic across proxy services. And that’s before you consider the high-availability issues of running a full-fledged website on your home lab.

1 Email server

Extremely complex to set up - and even more difficult to manage

There’s no doubt that hardcore DIY enthusiasts would find self-hosting their own mail server a fun project. It’s also true that you’ll learn a lot about messaging protocols, proxy systems, firewalls, and a host of other network settings when you attempt to build an email platform.

But for most users, establishing a full-on email server is quite a major undertaking. Even if you do manage to get past the initial hurdles of email spoofing, reverse DNS, and authentication, it’s entirely possible for email clients to label your messages as spam. That’s assuming your emails reach the sender in the first place. Throw in the fragile nature of a custom-built email server, and it’s clear why this project is infamous as the black sheep of the self-hosting community.

They’re all fantastic projects, though

Although I’ve only talked about the cons of these services, it wouldn't be fair to write them off as unusable. Despite their risks, I consider my pfSense VM an essential part of my home server, and the same holds for the Vaultwarden container running on my Raspberry Pi. Likewise, exposing a website to the Internet is a solid learning experience for tech enthusiasts, and you can cut down many of the security issues with the help of a VPS solution. Heck, even an email server is a solid home project, though you’ll need the patience of a saint and the skills of a tech god for this endeavor.