this post was submitted on 25 Feb 2024
35 points (100.0% liked)

Free and Open Source Software

17937 readers
112 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

I am developing a platform, the details don't matter, but it's a system the hosts personal data. As a result, I want to avoid hosting users in any way, and I am trying to make it as easy to self-host as possible.

I have some experience self hosting applications and I have some intuuition what to do or don't, but I wanted to see if I can pull from the collective wisdom.

Got any good resources to share? Any tips? Or, maybe some bad experiences or things to avoid?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] mox@lemmy.sdf.org 5 points 8 months ago (1 children)

One thing that goes a long way toward making self-hosting easy is to minimise dependencies.

In order of preference (best to worst):

  • Your language's standard library.
  • Those that are installed by default on most linux distros.
  • Those that are available in the main package repos of most distros.
  • Those that come from a community package archive. (AUR, PyPI, etc.)

Mind the version numbers, too; try not to depend on library features that aren't widely packaged/deployed yet.

Bonus points for supporting multiple OS, like the various BSD flavours.

Being conservative with dependencies makes it more likely that someone will be willing to install, package, or administer your software. It also helps limit the attack surface, potentially avoiding exploits in the future.

[โ€“] souperk@reddthat.com 2 points 8 months ago (1 children)

Great point, I always consider dependencies from a security perspective, but for management/setup sometimes I am like "the devops are going to figure it out"...

To clarify, would an example be supporting sqlite, so people won't have to deploy postgres unless they need to?

My plan is to offer a docker-compose configuration people can tinker with. I had the mindset that whatever happens in the container stays in the container, but your comment made me realize I should be mindful of other installation methods. Thanks ๐Ÿ™

[โ€“] mox@lemmy.sdf.org 1 points 8 months ago

Supporting SQLite as an option for people with modest needs is not a bad idea. As long as you keep your SQL simple and avoid vendor-specific extensions, adding support for it at any point shouldn't be difficult.

Providing a Docker config is fine, but I would never lean on it as a substitute for conservative dependency choices and good build scripts. Many people don't use it and never will. If you instead design your software to be easily built/installed/packaged natively for any distro, then it will reach more users, and as a side effect, will also be easy to package for just about any container system (Docker, Kubernetes, LXC, etc.)