For many years I have played around with a home lab server. I tinkered around with self-hosting my own cloud storage, blog, password management, etc., but I have always abandoned the idea for fear that I might end up losing everything.
Absent from my solutions has always been a good… actually, make that any… backup solution. I can’t comfortably go on with life knowing that I’m one lightning storm, or house fire, or hard drive crash away from losing my entire life’s collection of files. Certain files are just too important to eliminate. Therefore, I could not self-host unless I solved that issue.
Finally, my backup solution has been discovered. It’s a mix of two things:
- iDrive.com (business)
- iDrive is a ridiculously affordable file backup service. By “affordable”, I mean $20 for the first year with 2 TB. (This was a promo when I signed up and may or may not be present whenever you read this, but it will likely be nearly as good.)
- a free backup manager that connects to iDrive S3 storage, and pretty much any other storage type)
Duplicati encrypts everything before it is sent to iDrive so I can feel confident that my data is safe. Also, after the initial huge backup is complete, it only runs differential backups. This means that it only backs up files that changed. In other words, it won’t repeatedly send the same file day after day to build that day’s backup. Instead, it “knows” the file is already on the iDrive server and won’t resend it unless something about it changes.
With those pieces in place, I can safely proceed to self-host.
I have eliminated In Motion Hosting ($150/yr), Office 365 ($120/yr for the family plan), and 1Password ($120/yr for the family plan).
Here’s my new setup:
- Ubuntu Server
- NGINX Proxy Manager
- Vault Warden
Besides saving the subscription fees, my data becomes my own property, but it also becomes my own responsibility. So, I have better peace of mind knowing that my data is on a particular machine that I can touch with my hands, but I also have taken on the risk of keeping the data secure.
I use long passwords and two-factor authentication, plus fail2ban, which watches for multiple failed logins from a single source and then blocks that source after a predefined number of failed attempts.