I host everything I can on my own equipment, sans cloud.
E-mail, photo syncing, file servers, a Linux grid, document sharing… it’s a full-time job.
Doing has taught me more than reading ever will.
Aren’t you worried about security?
Yes, but hacks happen everywhere (iCloud for example). I enforce 2FA via a dedicated identity server everywhere, even for logging into this blog. I don’t drink ZTNA kool-aid too much, so most things stay behind a VPN (for example, domain controllers). Said VPN is also behind 2FA. It’s a reasonable approach.
Does it always work?
Nope. One of my posts got to #1 on Hacker News and even my WireGuard tunnels started collapsing. I’ll blame my ISP for my 7 Mbps connection on that occasion.
Fine, but why host email? That’s crazy complex.
- Because it matters a lot to me (so all the more reason)
- It’s not that hard to keep running
Alright, so how did I get here?
- You asked your DNS resolver where
ns2.arcza.net(my public name servers) probably said it’s at
188.8.131.52, an IP in a /29 block I rent from my ISP
- A Cisco ISR accepted your packets, and sent you on toward a DMZ firewall
- The firewall allowed your traffic into the DMZ
- You hit a DMZ load balancer which did TLS with your browser
- Another firewall allowed the load balancer though to the core network to a VM running NGINX, which generated this page