(This is a repost of this reddit post https://www.reddit.com/r/selfhosted/comments/1fbv41n/what_are_the_things_that_makes_a_selfhostable/, I wanna ask this here just in case folks in this community also have some thoughts about it)

What are the things that makes a selfhostable app/project project good? Maybe another way to phrase this question is, what are the things that makes a project easier to self-host?

I have been developing an application that focuses on being easy to selfhost. I have been looking around for existing and already good project such as paperless-ngx, Immich, etc.

From what I gather the most important thing are:

  • Good docs, this is probably the most important. The developer must document how to self-host
  • Less runtime dependency–I’m not sure about this one, but the less it depends on other services the better
  • Optional OIDC–I’m even less sure about this one, and I’m also not sure about implementing this feature on my own app as it’s difficult to develop. It seems that after reading this subreddit/community, I concluded that lots of people here prefer to separate identity/user pool and app service. This means running a separate service for authentication and authorization.

What do you think? Another question is, are there any more good project that can be used as a good example of selfhostable app?

Thank you


Some redditors responded on the post:

  • easy to install, try, and configure with sane defaults
  • availabiity of image on dockerhub
  • screenshots
  • good GUI

I also came across this comment from Hacker News lately, and I think about it a lot

https://news.ycombinator.com/item?id=40523806

This is what self-hosted software should be. An app, self-contained, (essentially) a single file with minimal dependencies.

Not something so complex that it requires docker. Not something that requires you to install a separate database. Not something that depends on redis and other external services.

I’ve turned down many self-hosted options due to the complexity of the setup and maintenance.

Do you agree with this?

  • Shimitar@feddit.it
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 days ago

    Has docker compose file for deployment

    Can be hosted on sub-path and not only subdomain

    Can easily be integrated into SSO lime authelia

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    18
    ·
    edit-2
    7 days ago

    Not something so complex that it requires docker.

    I disagree. Docker makes things a lot easier and I’m going to use it regardless.

    My rule is pretty simple: not PHP. PHP requires configuring a web server, so either that’s embedded in the docker image, (violates the “do one thing” rule of docker) or it’s pushed onto the user. This falls under the dependencies part, but I uniquely hate dealing with standalone web servers and I don’t mind configuring databases, so I called it out.

    I actually tried switching to OCIS from Nextcloud specifically to avoid PHP, but OCIS is even more complex so I bailed.

    Give me an example configuration that works out of the box and detailed documentation about options and I’ll be happy. Don’t make me configure a web server any particular way, and do let me handle TLS myself. If you do that, I’ll probably check it out.

  • sylver_dragon@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    1
    ·
    7 days ago

    My list of items I look for:

    • A docker image is available. Not some sort of make or build script which make gods know what changes to my system, even if the end result is a docker image. Just have a docker image out on Dockerhub or a Dockerfile as part of the project. A docker-compose.yaml file is a nice bonus.
    • Two factor auth. I understand this is hard, but if you are actually building something you want people to seriously use, it needs to be seriously secured. Bonus points for working with my YubiKey.
    • Good authentication logging. I may be an outlier on this one, but I actually look at the audit logs for my services. Having a log of authentication activity (successes and failures) is important to me. I use both fail2ban to block off IPs which get up to any fuckery and I manually blackhole entire ASNs when it seems they are sourcing a lot of attacks. Give me timestamps (in ISO8601 format, all other formats are wrong), IP address, username, success or failure (as a independent field, not buried in a message or other string) and any client information you can (e.g. User-Agent strings).
    • Good error logging. Look, I kinda suck, I’m gonna break stuff. When I do, it’s nice to have solid logging giving me an idea of what I broke and to provide a standardized error code to search on. It also means that, when I give up and post it as an issue to your github page, I can provide you with some useful context.

    As for that hackernews response, I’d categorically disagree with most of it.

    An app, self-contained, (essentially) a single file with minimal dependencies.

    Ya…no. Complex stuff is complex. And a lot of good stuff is complex. My main, self-hosted app is NextCloud. Trying to run that as some monolithic app would be brain-dead stupid. Just for the sake of maintainability, it is going to need to be a fairly sprawling list of files and folders. And it’s going to be dependent on some sort of web server software. And that is a very good place to NOT roll your own. Good web server software is hard, secure web server software is damn near impossible. Let the large projects (Apache/Nginx) handle that bit for you.

    Not something so complex that it requires docker.

    “Requires docker” may be a bit much. But, there is a reason people like to containerize stuff, it avoids a lot of problems. And supporting whatever random setup people have just sucks. I can understand just putting a project out as a container and telling people to fuck off with their magical snowflake setup. There is a reason flatpak is gaining popularity.
    Honestly, I see docker as a way to reduce complexity in my setup. I don’t have to worry about dependencies or having the right version of some library on my OS. I don’t worry about different apps needing different versions of the same library. I don’t need to maintain different virtual python environments for different apps. The containers “just work”. Hell, I regularly dockerize dedicated game servers just for my wife and I to play on.

    Not something that requires you to install a separate database.

    Oh goodie, let’s all create our own database formats and re-learn the lessons of the '90s about how hard databases actually are! No really, fuck off with that noise. If your app needs a small database backend, maybe try SQLite. But, some things just need a real database. And as with web servers, rolling your own is usually a bad plan.

    Not something that depends on redis and other external services.

    Again, sometimes you just need to have certain functionality and there is no point re-inventing the wheel every time. Breaking those discrete things out into other microservices can make sense. Sure, this means you are now beholden to everything that other service does; but, your app will never be an island. You are always going to be using libraries that other people wrote. Just try to avoid too much sprawl. Every dependency you spin up means your users are now maintaining an extra application. And you should probably build a bit of checking into your app to ensure that those dependencies are in sync. It really sucks to upgrade a service and have it fail, only to discover that one of it’s dependencies needed to be upgraded manually first, and now the whole thing is corrupt and needs to be restored from backup. Yes, users should read the release notes, they never do.
    The corollary here is to be careful about setting your users up for a supply chain attack. Every dependency or external library you add is one more place for your application to be attacked. And just because the actual vulnerability is in SomeCoolLib.js, it’s still your app getting hacked. You chose that library, you’re now beholden to everything it gets wrong.

    At the end of it all, I’d say the best app to write is the one you are interested in writing. The internet is littered with lots of good intentions and interesting starts. There is a lot less software which is actually feature complete and useful. If you lose interest, because you are so busy trying to please a whole bunch of idiots on the other side of the internet, you will never actually release anything. You do you, and fuck all the haters. If what you put out is interesting and useful, us users will show up and figure out how to use it. We’ll also bitch and moan, no matter how great your app is. It’s what users do. Do listen, feedback is useful. But, also remember that opinions are like assholes: everyone has one, and most of them stink.

  • bandwidthcrisis@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    7 days ago

    Before even getting to documentation, I see so many projects that don’t have a short summary of what they do (and maybe what to not expect them to do).

    As an example, Home Assistant. I can tell that it involves home automation, so can I replace Google Home with it? It seems like it doesn’t do voice recognition without add-ons and it can work with Google Assistant. Do I still need accounts with the providers of smart appliances, or can it control my bulbs directly?

    None of that is very clear from the website.

    I’ve seen plenty of other projects where it’s assumed there’s no need to explain it’s overall purpose.

  • T156@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    6 days ago

    Ease of installation/use, I think, is the main big one, and one of the biggest obstacles.

    People who want to give self-hosting a try aren’t going to be particularly fond of having to jump through a whole bunch of different configs, and manually set everything up.

    They want something that they can just set up and go, without having to deal with server hosting, services, and all of that. Something you can just run on your computer, leave it be, and use it with relatively little fuss.


    Second to that, would definitely be a case of better documentation/screenshots. A lot of self-hosted things, like Lemmy, didn’t provide much documentation of what the actual user side of it does, only what you need to do to set it up, which isn’t going to make me want to use the software, if I have no idea what it’s supposed to do, and how it compares to other things that do the same.

  • Matt@lemmy.ml
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    6 days ago

    Not something so complex that it requires a docker

    Docker is the thing that sandboxes your services from the host OS. I’d rather use Podman because of the true non-root mode, but Docker is still based. Plus, you can use Docker Swarm if you don’t want to switch to Kubernetes (though you don’t have easy storage integration for persistence).

    • jabjoe@feddit.uk
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2
      ·
      6 days ago

      The problem is when Docker is used to gift wrap a mess. Then there are rotting dependencies in the containers. The nice thing about Debian packaged things is the maintainer is forced to do things properly. Even more so if they get it into the repos.

      My preference is Debian Stable in LXC or even KVM for services. I only go for Docker if that is the recommended option. There is stuff out there where the recommend way is their VM image which is full of their soup of Dockers.

      Docker is in my pile of technologies I don’t really like or approve of, but don’t have the energy to really fight.

    • daddy32@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      6 days ago

      Docker is also the thing that allows the distribution of the app as “single file with minimal dependencies”.

      • ancoraunamoka@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 days ago

        Not a single app, not minimal dependencies. It’s a file that gets processed and creates many gigabites of leftovers, with an enormous runtime and piles of abstractions

  • Showroom7561@lemmy.ca
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    7 days ago

    For me, it’s screenshots.

    I can’t even count how many self-hosted or open source projects I’ve wanted to check out, and the project page is just text.

    If I don’t know exactly what I’m getting into in the first 10 seconds, I’m onto something else, especially when it’s something heavily based on UI/UX with frequent interaction.

    EDIT: Also, I’m a fan of docker apps to run off my Synology NAS, but it better come with step-by-step instructions, or I won’t bother. There are some good resources for detailed instructions for various self-hosted/NAS/docker related content, but it’s nice when a project actually has this in their documentation.

    • schizo@forum.uncomfortable.business
      link
      fedilink
      English
      arrow-up
      4
      ·
      7 days ago

      10000% this.

      Tell me what it does, and SHOW me what it does.

      Because guessing what the hell your thing looks like and behaves like is going to get me to bounce pretty much immediately because you’ve now made it where I have to figure out how to deploy your shit if I want to know. And, uh, generally, if you have no screenshots, you have no good documentation and thus it’s going to suuuuck.

  • Appoxo@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    7 days ago

    I’ve turned down many self-hosted options due to the complexity of >the setup and maintenance.

    Do you agree with this?

    No.
    I like my services and stack.
    From the *arrs and Jellyfin, HortusFox, Unifi Network Application (though it should run with just a SQL-Lite DB) over many things else.
    Yes, databases are annoying but if the service that wants it is sane I have no problem doing it.

    What does grind my gears is when services have many breaking changes (e.g. Immich). If it wasnt for that I would be more open to finally start with that and maybe install good and working immich service.

    The things redditors mentioned are very good already. Primarily screenshots.
    Please, please always add screenshots to let me have a general idea of the UI.
    At the very least a demo instance if you can’t be bothered to add screenshots (yes, I have seen many services that would rather share a demo instance than screenshots…)

    • hono4kami@slrpnk.netOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 days ago

      The things redditors mentioned are very good already. Primarily screenshots. Please, please always add screenshots to let me have a general idea of the UI.

      I’ve read this mentioned many times. Is it really that bad XD

  • InnerScientist@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    7 days ago

    One thing that makes a project good is knowing what it does, I’ve seen quite a few projects where they talk about all the features and technology and how to configure it but not a word about what it actually does, what problems it solves and so on.

    I won’t self host your program if you don’t even tell me what it does, don’t make me search and clue together large parts of the documentation just to find if I want it. A simple explanation is enough but somehow I’ve seen quite a few programs that don’t have it.

  • vividspecter@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    6 days ago

    Not something so complex that it requires docker. Not something that requires you to install a separate database. Not something that depends on redis and other external services.

    This comment is a bit silly. Databases just make sense for many services, although many could just use sqlite which would be fine (and many do). Redis etc is usually optional and might increase performance in some cases.

    I wouldn’t be a fan of something requiring docker, but it’s often just the easiest way to deploy these types of services (and the easiest way to install it as a user).

    Anyway, I’ll echo that clear, up-to-date documentation is nice. I shouldn’t have to search through actual code or the bug/issues section to find current information (but I get this is very challenging). And I’d rather projects didn’t make Discord a source of documentation (especially not the primary one).

    I’ll add that having a NixOS module is a big plus for me, but I don’t expect the developers themselves to maintain this.

    • ancoraunamoka@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 days ago

      Unless you are a business with millions of users, I would be really skeptical of redis improving performance. At the end of the day, any simple KV store can replace it. It’s not like postgres where having sqlite in it’s place means not only a different performance profile, but also different semantics, sql dialect, rpc protocol, etc

  • PerogiBoi@lemmy.ca
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    7 days ago

    Documentation, screenshots, a forum, one click installer or simple line to paste into the terminal.

  • Passerby6497@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    7 days ago

    Configuration by config file is preferred but not mandatory for me, but a docker image is mandatory for me to even try the app anymore. And the ability to backup and restore state is key, preferably in such a way that I can write my backup to a mounted smb share rather than writing locally and copying to the network.

    I’m running everything on commodity or 2nd hand gear, so failures aren’t unheard of. I had one of my micro PCs cook itself this year, and the majority of my services on that box fit that mold (mostly), so I got them back up pretty quick. Though, I did run into issues with container backups not working (because they write the backup like a database, so it has to be a local write for a db lock) and had to start from scratch .

  • mel@jlai.lu
    link
    fedilink
    English
    arrow-up
    3
    ·
    7 days ago

    I totally disagree with the quote from hackernews. Having the option to use sqlite is nice to test it, but going with postgresql or mariadb allows you to have better performance if you use rdbms. Also, packaging with containers allows to have one standardized image for support if some third party packaging (from a distro repo) is bugging to test it further. To me, a good gui really depends on what service is provided. For kanidm (IAM), I don’t care this much of a web admin panel, the cli is really intuitive and if you need some graph views of your users, you can generate some diagram files. Considering OIDC/LDAP, I’d rather have OIDC implemented for two reasons : I can point my users to the (really minimalist) kanidm ui where they have a button for each app allowed. Also, the login informations are only stored in kanidm, no spreading of login password.

    I saw a comment about not needing to rely on many third services but I partly disagree with it. Using nextcloud as a mixed example, using elastic search for full text search is better than reimplementing it, but the notify_push should not be as separated as it is (it is here because I understood, apache-php and websockets does not mix well).

    All in all, the main criterias for me are :

    • SSO with OIDC, but ldap is good enough
    • Good documentation
    • easy deployment to test, prod deployment can be more advanced
    • Not reimplement the weel eg if you need full text search, meilisearch or elastic can do it better than you will, so don’t try to much (a simple grep for a test instance is enough)
    • If you need to store files, having remote stores is nice to have (webdav or s3)