I’ve been using desec.io since it’s european, non profit and privacy oriented. Bring your own domain though. Works well, although my caddy plugin has problems getting certs sometimes. My pangolin instance never has any issues getting certs so might be caddy desec plugin specific.
Im using debian btw and non zfs system, so mileage may of course vary.
Two 4tb disks in raid 1 is a waste of money for most selfhosters. Unless you really want to avoid downtime due to disk failure. (and even then you could get a power outage or a network failure). A second disk will protect you from disk failure but not from other forms of data loss (like you fucking up something and erasing all of your family photos).
Do you also plan to buy some cold storage medium and cloud storage or a remote backup server or something (for 3+2+1 backups)? thats way more important.
Ive got an office pc with a 9th gen intel i3 4 core, 16gb RAM, you can propably find one for 100-200 dollars. Ive installed a 4TB NVMe into it.
For nightly remote backups i have a pi with another 4TB NVMe(overkill for sure, you could use pretty much anything for this) and for cold store i have 4TB external that i plug in when i remember.
I run docker and immich, nextcloud+office, jellyfin + a bunch of smaller services. I could perhaps use a little bit a better gpu for jellyfin transcoding sometimes with certain 4k files. Otherwise no need for upgrades.
Im running my own instance. But yeah, videos from google servers won’t load behind a proxy. Or they might work for a while but then wont and then you have to switch vpn servers which is very annoying.
I use a small wireless logitech keyboard-mousepad so it works very well. I had to make exceptions in the router for googles video severs to bypass the vpn though.
My phone is on a wireguard tunnel into my router which puts my wireguard vpn in the same forewall zone as my home LAN. Internet access is routed through the tunnel and then through another tunnel to protonvpn and from there to the www. It was a bit elaborate to set up but it works. Wouldnt really recommend the setup for everyone, it was a bit of a pain in the ass to get working. I used Openwrt and policy based routimg plus wireguard for the tunnels into and put of the router.
Oh i have vaultwarden as well nowadays
As someone who went through this after trumps 2nd term and power grabs i can give you my process:
Fast forward 6 months: My router is now running OpenWRT. With a few necessary exceptions my network access is always through ProtonVPN. My external devices are connected via wireguard to the router when not on home wifi and only after that reach the www. I have 24/7 access to my services from everywhere. My main server is now an old office mini pc running about 10 services. Im using borg for nightly snapshots(its a bit like apple time machine) and after that everything is backed up to another server at a friends house via rsync and ssh. I have a third mini computer whose purpose is to be my tv’s UI with access to services like the national broadcasts web ui and my own jellyfin and invidious (adless youtube client) The tv does not have an internet connection anymore. I even made a custom land page that automatically opens full screen in a browser when open my tv.
The point is: this builds gradually and you have fun doing it. …until it breaks :D The most painful parts involved networking so you can settle for LAN only at first to keep things simple
I actually got a call from the survey these are based on. While i dont know how they compile the answers into a score, i felt the questions were quite relevant.
Also, i feel finns score high because we are culturally modest people who enjoy the simple things in life. Are we physiologically experiencing more happiness than others? Maybe not. But we propably score high on measurements of how content people say they are. ”Cant compain”
My duckdns domain was deemed untrustworthy and i hit the firewall with it.
Spinning up a pangolin instance on a vps and getting a proper .fi (finland) domain fixed it. Plus it’s pretty bad form exposing ports directly instead of using a reverse proxy (and im guessing youre not using something like fail2ban and crowdsec and geoblocking either to keep the bots out.) Pangolin is an “all in one” solution that uses traefik for reverse proxy, handles certs automatically and almost automates the setup of Crowdsec for you. I highly recommend it. Can be used locally too if needed.