Self Host Everything

adam112.com // self-hosting // privacy // open web culture

A field guide for owning your digital home base, replacing rented platforms where practical, reducing surveillance exposure, and publishing on your own site before tossing crumbs to the platforms.

Open Web POSSE Linux Docker Backups Privacy Digital Sovereignty Privacy Decentralized Web Surveillance Resistance

$ whoami

You are not required to live inside somebody else's app, despite what the app would prefer. Own the domain, own the archive, control the publishing point, and use the big platforms as pipes, not landlords.

$ doctrine

Website first. Feeds second. Platforms last, where they can behave themselves.

POSSE Philosophy

Publish on your own site

Your domain is the canonical source. Blog posts, notes, essays, media pages, photos, and project updates should live somewhere you control, not in a platform's rented broom closet.

IndieWeb POSSE

Syndicate elsewhere

Post outward to Mastodon, Bluesky, Threads, Facebook, LinkedIn, YouTube, newsletters, or wherever your people are currently being sorted into behavioral buckets. The copy points home.

Start IndieWeb

Preserve the archive

Platforms die, change rules, break links, bury posts, and lock accounts, usually while calling it an improvement. Your site should be the durable record.

Why IndieWeb

Operating rule

Do not build your identity on rented land. Use rented land for reach, not ownership. The landlord has quarterly goals.

Start Here

Beginner route: managed self-hosting

Best for people who want control without becoming a full-time sysadmin, which remains a respectable way to lose a weekend.

YunoHost: install and manage common self-hosted apps with a web admin panel.
Cloudron: polished app platform for self-hosted services.
Umbrel: home server OS with a consumer-friendly app store.
Cosmos: self-hosted home cloud and reverse proxy platform.

Power user route: Linux plus containers

Best for people comfortable with SSH, DNS, reverse proxies, backups, and the occasional quiet staring contest with a log file.

Docker Compose for repeatable app stacks.
Portainer for web-based container management.
Nginx Proxy Manager for easy reverse proxy and SSL.
Caddy for automatic HTTPS and simple web serving.

# basic pattern
mkdir -p ~/selfhost/apps
cd ~/selfhost/apps

# each service gets its own folder
mkdir nextcloud vaultwarden gitea ghost uptime-kuma

# keep your compose files versioned
git init
git add .
git commit -m "initial self-hosting stack"

Open Source Alternatives

Category	Instead of	Self-hosted options	Notes
Cloud files	Google Drive, Dropbox, OneDrive	Nextcloud, ownCloud, Seafile	Start here if you want the biggest practical win without constructing a command-line shrine.
Passwords	LastPass, 1Password	Vaultwarden, Bitwarden self-hosted	Use strong backups and 2FA. Password vaults are high-value targets, which is a polite way of saying do not wing it.
Photos	Google Photos, iCloud Photos	Immich, PhotoPrism	Immich is excellent, but watch release notes and back up the library. Family photos are not beta-test confetti.
Notes	Evernote, Notion	Joplin, Outline, SilverBullet	Markdown-first systems age better than proprietary databases. Plain text has survived more empires than most venture-funded note apps.
RSS	Algorithmic feeds	FreshRSS, Miniflux	RSS is how you take the internet back from engagement slop, one blessedly boring feed at a time.
Video	YouTube dependency	PeerTube, Jellyfin	Use YouTube for reach, but keep your own library and embeds. A platform is not an archive just because it currently loads.
Bookmarks	Pocket, browser lock-in	Linkding, Linkding GitHub, Shiori	Good bookmarks become a personal intelligence archive. Bad bookmarks become a digital junk drawer with better typography.
Git	GitHub-only workflow	Gitea, Forgejo, GitLab self-managed	Mirror public repos outward. Keep canonical repos under your control, because corporate benevolence is not a backup strategy.
Analytics	Google Analytics	Plausible, Matomo, Umami	Privacy-respecting analytics are usually enough. You probably do not need to know a visitor's shoe size to improve a webpage.
Search	Algolia, commercial search	Meilisearch, Typesense	Useful for personal archives, docs, and project hubs.
Forms	Typeform, Google Forms	Formbricks, OhMyForm	Great for intake forms, surveys, and small org workflows. Less glamorous than AI, more likely to be useful by Friday.
Status	Statuspage	Uptime Kuma, Cachet	Monitor your sites, services, DNS, and certificates. Silence is not uptime, it is just silence.

Suggested Stack

1. Domain and DNS Buy a domain you control. Use DNS intentionally. Keep registrar, DNS, and hosting credentials secure, because losing the keys is a very modern form of self-own.

2. Personal website Static site, WordPress, Ghost, Kirby, Eleventy, Hugo, Astro, or plain HTML. The engine matters less than owning the canonical URL. The web does not award extra points for architectural drama.

3. Feed layer Publish RSS and Atom. Add JSON Feed if you want. Make it easy for people to follow without begging an algorithmic vending machine.

4. Syndication layer Share canonical links to Mastodon, Bluesky, LinkedIn, YouTube, Facebook, newsletters, and wherever else your audience has wandered off to this fiscal quarter.

5. Home lab or VPS Use a VPS for public services. Use a home server for private services. Do not expose random dashboards to the open internet unless you enjoy learning lessons from strangers.

6. Backups and recovery Back up volumes, databases, config files, secrets, and media. Test restores. Untested backups are folklore with a progress bar.

Security Baseline

Do not expose everything

Put admin panels behind VPN, Tailscale, WireGuard, or private access. Public internet exposure should be deliberate, not a side effect of optimism.

Tailscale Docs

Patch the stack

Track updates for the OS, containers, apps, reverse proxy, and dependencies. Convenience without patching eventually sends an invoice.

Docker Docs

Backup like it matters

Use 3 copies, 2 media types, and 1 offsite copy. Include database dumps, config files, and encryption keys. Future you deserves a fighting chance.

Restic

Hard truth

Self-hosting does not magically make you private or secure. It gives you control, and control means the maintenance burden has learned your name.

Privacy Doctrine

The retreat

The modern internet trains people to trade identity, attention, location, contacts, habits, and speech patterns for convenience. The answer is not paranoia. The answer is disciplined retreat: fewer surveillance platforms, more personal infrastructure, more open protocols, more local copies, more encryption, and a canonical home that is not squatting inside a feed.

Reduce collection

Use fewer accounts, fewer apps, fewer browser extensions, and fewer default cloud sync services. Every account is another data exhaust pipe with a cheerful onboarding screen.

Encrypt what matters

Use end-to-end encrypted tools where possible. Keep recovery codes offline. Protect devices first because endpoint compromise beats encryption and does not care about your principles.

Decentralize identity

Use your domain, your site, your feed, and your contact page as the durable identity layer. Social profiles should orbit the site, not replace it and start rearranging the furniture.

06A

Privacy Replacement Chart

Use Case	Mainstream Default	Privacy Focused Move	Self-Hosted or Open Option
Email	Gmail, Outlook, Yahoo	Proton Mail, Tuta, Mailbox.org	Self-hosting email is possible, but deliverability is a grind. Use Proton or similar unless you want that fight, in which case may God admire your paperwork.
Calendar	Google Calendar, Outlook Calendar	Proton Calendar, Tuta Calendar	Radicale, Baikal, Nextcloud Calendar
Search	Google Search, Bing	DuckDuckGo, Startpage, Brave Search	SearXNG
Browser	Chrome, Edge	Firefox, Brave, LibreWolf	Hardened Firefox profiles, uBlock Origin, strict permissions, separate browser profiles by role.
Messaging	SMS, Facebook Messenger, Instagram DMs	Signal, SimpleX, Briar	Matrix via Synapse, Dendrite, or hosted instances.
Maps	Google Maps, Apple Maps	Organic Maps, OsmAnd	OpenStreetMap data and self-hosted tiles if you are serious.
Docs	Google Docs, Microsoft 365	CryptPad, ONLYOFFICE, Collabora	Nextcloud Office, self-hosted CryptPad, or local-first Markdown.
Video calls	Zoom, Google Meet, Teams	Jitsi Meet, Element Call	Self-host Jitsi only if you understand bandwidth and server load.
Mobile apps	Google Play only	F-Droid, direct APKs from trusted projects	Use fewer apps. Prefer web apps when they meet the need.
Operating system	Windows, stock Android	Linux Mint, Ubuntu, GrapheneOS	Pick the privacy jump you will actually maintain. Perfect is not the entry requirement. Showing up is allowed.

06B

prism-break style escape map

migration logic

PRISM Break is useful because it thinks in categories: operating systems, browsers, email, messaging, search, maps, cloud storage, media, social networks, and server infrastructure. The point is not to replace everything overnight in a heroic fit of spreadsheet enthusiasm. The point is to identify the surveillance defaults in your life and move the highest-risk categories first.

Area	Surveillance default	Better direction	Notes for adam112.com readers
Operating system	Windows telemetry, locked mobile ecosystems	Debian, Fedora, FreeBSD, OpenBSD, GrapheneOS	Linux on desktop, GrapheneOS on Pixel, BSD if you know what you are getting into, or enjoy finding out in public.
Home server	Everything in someone else’s cloud	FreedomBox, YunoHost, Proxmox, TrueNAS	Use a VPS for public pages. Use a home box for private services. Do not expose admin panels casually. The internet is not casual.
Web browser	Chrome as identity and tracking hub	Firefox, LibreWolf, Tor Browser, Brave	Separate browser profiles by mission: banking, admin, personal, research, and throwaway browsing.
Browser extensions	Adtech, scripts, invisible trackers	uBlock Origin, Privacy Badger, NoScript, ClearURLs	Do not install 40 extensions. Extensions can also spy. Use a small, trusted set, not a browser charm bracelet.
Email	Gmail as archive, identity provider, and advertising profile	Proton Mail, Tuta, Mailbox.org, Fastmail	Use your own domain so your address survives provider changes. Self-hosting email is usually not worth it unless you collect obscure punishments.
Aliases	One email address everywhere	SimpleLogin, addy.io, DuckDuckGo Email Protection	Aliases are one of the highest-value privacy upgrades. Use one per service. Let the spam rot in clearly labeled cages.
Messaging	SMS, Meta DMs, platform inboxes	Signal, SimpleX, Matrix, Briar	SMS is for codes and logistics, not private conversations. Prefer Signal for normal humans and people adjacent to normal humans.
Search	Google as default knowledge gateway	DuckDuckGo, Startpage, Brave Search, SearXNG	Search engines shape your worldview. Keep more than one in rotation. Monoculture is how you get intellectual scurvy.
Maps	Location history as a corporate dossier	OpenStreetMap, Organic Maps, OsmAnd	Offline maps are underrated. Download your region before you need it, not while standing in the rain with one bar of service.
Cloud storage	Google Drive, OneDrive, Dropbox	Nextcloud, Seafile, Syncthing, Cryptomator	Syncthing is excellent for device-to-device sync. Cryptomator helps when you must use commercial cloud.
Documents	Google Docs, Microsoft 365	LibreOffice, CryptPad, ONLYOFFICE, Collabora Online	For personal knowledge, boring local files and Markdown are often better than giant web apps. Boring survives acquisitions.
Social media	Algorithmic identity farms	Mastodon, Pixelfed, PeerTube, Friendica	Use social platforms as outposts. Keep your canonical posts on your own site. Outposts are useful. Empires get weird.
Video	YouTube as sole archive	PeerTube, Odysee, Jellyfin	Use YouTube for reach if needed, but keep originals, transcripts, thumbnails, and descriptions locally.
RSS and reading	Algorithmic feed dependency	FreshRSS, Miniflux, Newsboat	RSS is still the backbone of a sane internet. Bring back deliberate reading, a radical act now apparently.
Payments and shopping	Full card exposure everywhere	Privacy.com, bank virtual cards, aliases, compartmentalized accounts	Use virtual cards and email aliases together. Compartmentalization beats cleanup, especially after the horse has left the breached barn.
Analytics	Google Analytics everywhere	Plausible, Umami, Matomo	Collect less. Most sites do not need creepy analytics to be useful. Count visitors, not their souls.

06C

privacy directory shelf

PRISM Break

A classic directory for replacing proprietary, surveillance-friendly services with free software and privacy-respecting alternatives. Bring snacks, there are charts.

open chart

Awesome Privacy

A large curated list of privacy-respecting services and tools, useful when one chart cannot contain your escape plan.

browse list

switching.software

Plain-language alternatives to common commercial software, especially useful for escaping major tech ecosystems one app at a time, like a reasonable fugitive.

find swaps

Privacy Guides

More conservative, security-minded recommendations with attention to threat modeling, realistic use, and project maturity. Less sparkle, more sense.

read guides

PrivacyTools.io

A long-running privacy tools directory from the post-Snowden privacy movement, back when everyone briefly remembered that surveillance was bad.

open tools

Ethical.net

A broader ethical technology directory covering alternatives, digital rights, and healthier technology choices beyond strict security tools. Useful for humans, which remains the target audience.

open resources

06D

30-day privacy retreat

days 1-3: map the exposure List your main accounts, email addresses, phone numbers, cloud services, social profiles, devices, and payment methods.

days 4-7: secure the keys Move to a password manager, replace reused passwords, enable 2FA, save recovery codes offline, and audit account recovery emails. Yes, all of it. Sorry.

week 2: leave the worst defaults Change browser, search engine, email aliases, messaging habits, DNS, and basic device privacy settings.

week 3: reclaim the archive Export photos, videos, posts, bookmarks, docs, contacts, and calendars. Store local copies and back them up.

week 4: build the outpost Publish a personal domain, RSS feed, contact page, links page, and POSSE workflow. Social accounts become distribution, not home.

06E

Proton Migration Path

1. Start with mail

Move important personal mail to Proton Mail. Use your own domain if possible so you can leave later without changing your address everywhere, a small mercy in a collapsing circus.

Proton Mail

2. Add aliases

Use aliases for shopping, newsletters, public contact, and logins. Kill compromised aliases instead of replacing your whole identity, which is frowned upon by most governments.

SimpleLogin

3. Move selectively

Calendar, Drive, VPN, and Pass can follow, but do not blindly replace everything at once. Migrate by risk and frequency of use, not vibes and caffeine.

Proton Suite

Email reality check

Proton Mail is a strong privacy upgrade from surveillance-funded email, but email as a protocol still leaks metadata. For sensitive conversations, prefer Signal or another purpose-built encrypted messenger. Email is old, useful, and nosy.

06F

Privacy Educators Worth Following

Naomi Brockwell TV

Practical privacy, security, data broker exposure, phone settings, online tracking, and surveillance education without requiring a PhD or ceremonial hoodie.

Watch NBTV

All Things Secured

Useful, accessible security and privacy tutorials for normal people who want better habits without becoming full-time security engineers, a noble but exhausting fate.

Watch Channel

Techlore

Privacy tool comparisons, threat modeling, browser guidance, VPN skepticism, and realistic privacy education for different experience levels. Sensible, which is rarer than advertised.

Watch Techlore

06G

Threat Model Before Tool Worship

Ask better questions

Who are you trying to protect yourself from, specifically, not spiritually?
What data matters most?
What accounts would hurt if lost?
What devices do you actually control?
What habits are leaking more than your tools, because the call is often coming from inside the user?

Recommended order of operations

Password manager and unique passwords.
2FA using authenticator or hardware keys.
Private email and aliases.
Browser hardening and tracker blocking.
Encrypted messaging for real conversations.
Domain-owned personal site as canonical identity.

live news wire

news wire

Live headlines on online privacy, cybersecurity, self-hosting, data security, and the decentralized web. The feed uses Google News RSS searches through rss2json so headlines render directly on this page, unless the modern web decides to trip over its own shoelaces.

~/news/privacy-security-wire

loading privacy headlines...

direct Google News RSS

direct privacy feeds

direct security feeds

Resource Library

Directories

IndieWeb and POSSE

Server tutorials

Home lab

Privacy and identity

Communities

Migration Doctrine

What to self-host first

Static personal website
RSS reader
Bookmarks
Uptime monitor
File sync only after backups are solid
Password vault only after you understand restore procedures

What not to rush

Email, unless you enjoy deliverability pain
Anything with irreplaceable data and no backup plan
Public dashboards
Experimental apps exposed to the internet
Services that affect family members before you can support them

Manifesto

The point

Self-hosting is not about pretending every SaaS product is evil or that every person needs a server rack humming in the closet like a tiny weather system. It is about refusing to let your digital life be entirely mediated by companies that can throttle, delete, censor, enshittify, surveil, algorithmically distort, or monetize your work without your consent.

Own your name

A domain is the minimum viable unit of digital sovereignty. Also cheaper than most bad habits.

Own your archive

Your writing, media, links, and notes should survive platform churn, executive pivots, and whatever the product team calls progress this week.

Use platforms tactically

Social networks are distribution. They are not home. They are a bulletin board with a casino attached.