Hi everyone, I posted about my Safebox project earlier, but now I’d like to hear your thoughts on something a bit broader. I’ve been noticing a pattern in self-hosting communities, and I’m curious if others see it too.
Whenever someone asks for a more beginner-friendly solution, something with a UI, automated setup, or fewer manual configs, there’s often a response like: “If you can’t configure Docker, reverse proxies, and Yaml files, you shouldn’t be self-hosting.”
Sometimes it feels like a portion of the community views complexity as a badge of honour. Don’t get me wrong, I love the technical side of self-hosting. I enjoy tinkering, breaking things, fixing them, learning along the way. That’s how most of us got into it.
But if we want more people to own their data, escape Big Tech, and embrace open-source alternatives, shouldn’t we welcome solutions that lower the entry barrier?
There’s room for:
- people who want full control and custom setups
- people who want semi-manual but guided
- people who want it to work with minimal friction
Just like not every Linux user compiles from source, but they’re still Linux users.
Where do you stand? Should self-hosting stay DIY only or is there value in easier, more accessible ways to self-host?
Safebox aims to make self-hosting more approachable without sacrificing data ownership, so I genuinely want your honest take before releasing it more widely.
Some technical highlights of the project, for those interested:
Safebox runs on Linux, macOS, and Windows, supports both x86 and ARM64 (including Raspberry Pi, Banana Pi, and others), and handles domain/subdomain setup, Let’s Encrypt certificates, DNS configuration, reverse proxy (nginx), and also offers WireGuard-based remote access.
The project is currently in beta, and we’d really appreciate feedback from anyone interested in testing it, whether it’s about usability, stability, features, design, or honestly anything at all. You can find all the info about beta testing on our Discord channel.
If you’d like to try it out, check the Github repo: https://github.com/safeboxnetwork/framework-scheduler
Website: https://safebox.network/
Discord: https://discord.gg/aBP8bz6N8J
Thanks in advance to anyone who gives it a look or shares their thoughts.
I’m struggling to understand what this is and why someone should use it
Safebox is basically a framework to help you install and manage self hosted apps. It also includes features like remote access, backup, monitoring, and disk management (the last three are still in development). Safebox handles all the setup for you, DNS configuration, SSL certificates, and so on. If you want remote access, all you need to do is provide a domain (it can be an existing one, or you can register it with us). Of course, you can still use it locally, remote access is just an optional feature.
For people who don’t want to deal with the technical side, or who are still learning but want to try out self-hosting, I think Safebox makes things a lot easier and gives them a solid starting point
I think you are aiming for people that don’t want to learn maintenance work. This means you have to take care of that part.
This means protect the OS from crashing when an app fill up the disk. Security. Upgrade the applications and the OS itself. Perform backup and rollback if something goes wrong. Add/removal off harddisks. Handle hardware failure and inform the user what they need to replace. Migrating to a new server.
Yes, that is kind of the case. Our goal and plan for the future is to offer an alternative with features you mentioned above. Safebox is currently in mvp state with limited features. If you take a look at the actual dashboard you can notice “monitoring” and “disk management” features alongside “backup”(both on Lan and geo-redundant between fellow users) will be available and updates for the OS and apps are already working it can be found (temporarily) under “notifications”. At the moment we looking for early user feedbacks and testing demand.
No thanks, Discord is proprietary.
Safebox is currently in mvp state, heavily under developement, and we looking for early user feedbacks. We created the dc server as a way to recieve these feedbacks and to lay the foundation for the future community.
Yeah and Discord is proprietary, no thanks.
These platforms are a gateway drug to open source.
I got more folks into Linux using Reddit than I have anywhere else.
But add a bridge bot.
A couple points:
- Your website does not properly convey the technical context of Safebox. Docker is a complex platform, and asking someone to install it point blank on any OS, while also championing ease-of-access feels at odds here.
- There is a severe lack of documentation about the tool. Discord is not an appropriate means to find these documents if they exist. It is rarely okay as a support channel.
- I saw your post from a few days ago, but it was framed as a question about about gatekeeping specifically. The post also advertised Safebox. Given that the post no longer exists (but the comments sure do), I’m inclined to think you didn’t get quite the answer you were looking for.
I dove into self-hosting several years ago and ultimately I think I found the experience quite welcoming. I also don’t know that Safebox has a lot to offer over well-established alternatives these days like Unraid or TrueNAS, which have large user-bases and a depth of support articles to help admins better understand what they’re doing and how to do it. It’s true that not everyone would want to do this as a hobby. No one wants their services to break, or their data to be lost, and more tools that make it easier to prevent these scenarios are helpful. With that in mind, I am not left with a clear understanding of how Safebox is meant to provide safeguards here.
I used the word “admin” in the previous paragraph for good reason. Self-hosting makes you the administrator, and it means that you, the administrator, have the power to make mistakes. My recommendation is not to talk down to your users. Someone interested in self-hosting should be aware of the potential security implications of what they’re taking on, alongside the risk to their data and that breaking changes are something they can and will make along the way. If you really want to make self-hosting accessible, then the documentation for your tool needs to be accessible too.
Safebox runs on Linux, macOS, and Windows, supports both x86 and ARM64 (including Raspberry Pi, Banana Pi, and others), and handles domain/subdomain setup, Let’s Encrypt certificates, DNS configuration, reverse proxy (nginx), and also offers WireGuard-based remote access.
A user should be able to learn why these elements are important and how they work together. Talk about the limitations of running it on a raspberry pi vs a workstations or server. What’s a reverse proxy? Is WireGuard good? This doesn’t mean the average person needs to know how to configure detailed permissions or application configs, and if the goal is to provide a repository of pre-hardened Docker configs for use then that’s cool too, but there should never be a barrier to the information itself. Especially as it is relevant to the tool you’ve built.
I think that fundamentally, you’ve built a good tool that simplifies things someone who is already familiar with its components, and where it needs to improve is by expanding to help new users familiarize themselves. Education is as big a part of accessibility as the ease-of-setup.
Thanks your detailed feedback, I’ll try to go through all your points.
When we said Docker, we meant the desktop version, basically so anyone can try Safebox on their own desktop and check out the early product. We also added an auto docker install for server setups a few days ago.
You’re right about the docs, they’re still in the works, and proper documentation will be released soon.
That other post you mentioned got a bit too heated, so the mods took it down. Definitely wasn’t our intention to stir up tension, and it wasn’t about not liking the answer or linking it to the product. Right now we’re mainly looking for early feedback and for people curious enough to help test things out.
Thanks for explaining your point of view and your suggestions. It means a lot for us in this early state, and looking forward of any future feedback of your about the actual product.
As a non-coder interested in self hosting and somewhat aware of cybersecurity, this is the most relevant take for me.
An application that facilitates safe self-hosting of many different service is great, however for it to be actually safe and useful it must either be a cybersecurity service keeping up with the pace of threats (which is essentially the corporate closed source model) or from the ground up be an educational platform as much as an application. Documentation needs to not only be comprehensive, but also self-explanitory to a non-technical audience. It is not enough to state that a setting or feature exists, it must also be made clear why it should be used and what the consequences of different configurations are.
This approach is almost never done effectively by FOSS projects unfortunately. Fortunately I think we are at the point where it is completely feasible for this type of educational approach to be fully replicable and adaptable from a creative commons source to the specific content structure of the application user manual using LLMs (local ones). The big question is, what is the trusted commons source of this information? I suppose there are MIT and other top university courses published for open use online that could serve as the source material, but it seems like there is likely a better formatted “IT User Guide Wiki” and “Cybersecurity Risk and Exploit Alert List” with frequent updates out there that I’m not aware of, perhaps the annals of various cybersecurity and IT associations?
Anyway I’m aware this is basically calling for another big FOSS project to build a modular documentation generator, but man would it help a lot of these projects be viable for a wider audience and build a more literate public.
We created Safebox mainly to make self-hosting easier, and proper, complete documentation is definitely something we want to provide, it’s already in the works. We also thought a lot of people might learn from it, but the scope is huge, so we’re still figuring out the right balance.
Should we cover the basic concepts too? How deep should we go? Introducing the software itself is the easy part, explaining all the related concepts in a clear, non-technical way is the real challenge.
Our goal isn’t to turn Safebox into a full-on cybersecurity course, but we do want users to understand what’s happening and why certain features matter, so they don’t feel lost.
As for the sources you mentioned, I have to admit I’m not entirely sure either. During my university studies I only touched on cybersecurity partially, mostly around the risks users face and how they respond. Yes, there definitely needs to be some basic guidance on security, what the main risks are and how to keep yourself safe. Honestly, I think this could work even better as a community project, where different people can contribute their own approaches and share experiences on how they protect their setups and what has worked for them.
Sometimes it feels like a portion of the community views complexity as a badge of honour.
Its not this, it’s that there are very serious risks to self hosting (dataloss, hacks etc), and if they aren’t prepared for them, itll be catastrophic.
The gatekeeping isnt just for fun, there are actual risks and downsides.
As for prepackaging an appliance, we already have a model for how that plays out. There are millions of ISP provided routers and IoT things, and every other day there is a new breach involving them.
How can security be made accessible? I’m a noob at self-hosting (I can deploy Docker containers and all that). There are loads of guides for beginners. I haven’t found any accessible info about security to learn from in an incremental way. Surely the advice can’t be that self-hosting shouldn’t be done till you’ve done a undergraduate qualification worth of learning about cyber security first.
Honestly? It can’t, really. There’s some very accessible things people can do on the user side such as good password management practices, but even something as “simple” as firewall rules quickly devolves into technical stuff that most people have no idea how to deal with.
The reality is that the Internet, computers, applications are all incredibly complicated. How they interconnect is incredibly complicated, and the vast majority of people don’t even understand what an IP address is, what the function of DNS is, what a MAC address is and how it’s different than an IP address, etc. So, you can maybe point them to a guide that they can follow to set up wireguard to access their music folder when they’re out, maybe, but since every network is different, how do you make sure they’re setting it up securely without copying and pasting routes that make them less secure? You have to understand what you’re doing to be able to see if in a specific use case you’re not causing an issue.
I dunno. This is a really tough nut to crack. There’s no “guide to learning cyber security.” If you know nothing and want to learn more, you just have to learn about networking, Linux, firewalls, active directory, everything.
If you’re looking for something incremental all you’ll find is incremental learning of specific things. Like, look up the LPI Linux Essentials study guide if you want to just learn some Linux stuff. Then spin up a bunch of VMs of different distros to play with, and look at some other Linux stuff. And more Linux stuff, until you feel like you understand Linux pretty well. But, that doesn’t make you good at cyber security… Because there’s so much more than just knowing Linux. So no, there’s no incremental guide for what you’re looking for - you just have to learn many things, and you can come from whatever direction you want to start from.
If you want to learn safely then just don’t expose anything to the Internet. Keep it all local, and yeah you might introduce some insecure setups or applications, but you’re not really under any more threat of network intrusion than if you never started. That sucks though because we want to access our shit from outside the house, right? But that’s the choice, if you want to stay more secure until you’re more educated. And yeah, honestly it’s kind of undergraduate qualification level to start understanding things well enough. Sorry, that’s just the reality I think.
I dont know. I’m in an adjacent industry, and even amongst some of my colleagues who do have degrees, there are some significant knowledge gaps. Companies often have entire teams dedicated to cyber security, and still get this wrong.
There are just so many subtleties that need to be done right. I’m pretty certain that even my setup isnt properly secure, and the only reason things haven’t crashed down is pure luck.
The appliance model is probably the best way to enforce security practices for regular users, but that pushes significant control/responsibility back to the supplier (they must stay up to date with patches, force push out updates so no one is left behind, limit flexibility so everyones setup is relatively homogeneous). Done right (for security), that costs a lot of money, so likely a subscription model. And it rapidly becomes a “cloud” service that runs off your own electricity, which loses all the self hosting benefits.
OK, so I’ve spent a load of time on this today. Searching for “self-hosting security” mostly brings up mostly home surveillance camera results.
I’ve found this resource and have implemented his recommendations. Finally a good resource and I’m feeling much better after hardening SSH access, closing open ports in the firewall, installing Fail2Ban, etc.
I would encourage you to setup wireguard or tailscale, so that you dont have to expose SSH at all, but SSH hardening is definitely a good start.
Worth monitoring your SSH logs as well, that’ll give you an idea of how constant the automated attacks can be. Even when I was using a non-standard port, I was getting heaps of attacks.
I’ve got to figure that out still. Each step is a lot of learning and troubleshooting. I’ve changed the SSH port, deactivated root login, deactivated password login and left the passkey token on only my desktop PC with Fail2Ban. I’m waiting till I have another weekend I’m not at work to figure out VPN access. I’m using Synology reverse proxy so I hope I’m secure enough for now anyway.
Shoutout to that dude last week posting a fully public fileshare service because he wanted to “practice” selfhosting
Link?
It was on the Lemmy.world selfhosted sub but I’d rather not link it as it’s likely still open because the OP wasn’t listening to anyone and there’s probably some awful shit on there now.
It was down the last few times I checked
(sorry, could not resist)
Does the shirt become purple if I click it?
I think your project has admirable goals, but things like Cosmos Cloud and Casa OS already aim to address this. I think it would be useful for you to show what value proposition yours brings versus their apps, e.g. which parts of selfhosting you think your app handles better. I also agree with @flatfire@lemmy.ca in that much more documentation is needed so the user can educate themselves how the back end works.
Yeah, as I mentioned earlier, proper documentation is already in the works, and I hope that will make it clear how our project differs. Thanks for the suggestion!
Offline app is best. Tell others to try this first.
there’s often a response like: “If you can’t configure Docker, reverse proxies, and Yaml files, you shouldn’t be self-hosting.”
This is the part that I don’t like. Couple this with condescending labels like ‘normies’ et al, I can kind of understand why selfhosting is still something that only a small segment of the population engages in. I realize that people like to differentiate themselves from others. It doesn’t matter if you’re collecting stamps or you’re the tiddlywinks champion of the world, we like to draw a line between ‘us’ and ‘them’, which is a pretty poignant song by Pink Floyd btw.
As @CameronDev@programming.dev pointed out, there are very serious consequences to self hosting too. The first Linux server I stood up got taken over fairly quickly, and over night began attacking other servers. That’s serious shit and the owners of said servers don’t take it lightly, and rightfully so. The owners of the platform you may be hosting on don’t take it lightly either. So, yeah, there are some basics one needs to learn and implement before they can begin a successful, resilient, hardened, server, and it’s not a lot of point and click solutions. Again…shit’s complex. It’s why there are so many specialists in the field, but now you as the selfhoster have to wear all the admin hats.
The doors to selfhosting should swing wide for all, and I try to be as accommodating as I possibly can because I know how I struggle and have struggled with things from time to time.
Safebox looks pretty interesting. I’ve often thought, if I were a much younger man, I would’ve loved to produce a type of ‘server in a box’. But I am well past being a younger man, so I’ll leave that up to you young guns.
I believe self hosting should be made easier. Definitely easier to understand.
If its not going to be that, then the opinion that people should self host is flawed. Not everybody can self host. They don’t have the knowledge or time to commit to it. So either it’s wrong to not have a better entry to them or it’s wrong to say they should self host.
I don’t self host much. What I do I keep with local access only. Why? Because while I’m no dummy, I also am very out of touch with modern tech and don’t have the time or energy to learn what I need to for it to be done right.
deleted by creator
This is a cool project, I have quite a few questions! Are you planning an “app store” repo of supported software? Allowing us to add our own repos? Can i set up a reverse proxy/VPN tunneling using my own hardware, or is remote access only available through a Safebox subscription? If I can set it up is that manual, guided, or automatic? Why Docker instead of Podman?
Those are all very good questions that I’m sure many of us would like to know the answers to.
