I host everything I can on my own equipment and don’t use cloud services.
E-mail, document sharing, auto photo uploads from my iPhone, all my files, my code a Kubernetes grid, and more.
Aren’t you worried about security?
Yes, but hacks happen everywhere (iCloud for example). I enforce 2FA via a dedicated identity server everywhere, even for logging into this blog. I don’t drink ZTNA kool-aid too much, so most things stay behind a VPN (for example, domain controllers). Said VPN is also behind 2FA. It’s a reasonable approach.
Does it always work?
Nope. One of my posts got to #1 on Hacker News and even my WireGuard tunnels started collapsing. I’ll blame my ISP for my 7 Mbps connection on that occasion.
Fine, but why host email? That’s crazy complex.
- Because it matters a lot to me (so all the more reason)
- It’s not that hard to keep running
Alright, so how did I get here?
- You asked your DNS resolver where
blog.abctaylor.com
is ns1
orns2.arcza.net
(my public name servers) probably said it’s at82.71.78.1
, an IP in a /29 block I rent from my ISP- A Cisco ISR accepted your packets, and sent you on toward a DMZ firewall
- The firewall allowed your traffic into the DMZ
- You hit a DMZ load balancer which did TLS with your browser
- Another firewall allowed the load balancer though to the core network to a VM running NGINX, which generated this page