I don’t bother with a proxy host or with LetsEncrypt, though I guess you could use LetsEncrypt perfectly well. Back when I was doing this, LetsEncrypt didn’t exist and you had to actually pay for public certificates, so using locally generated free ones saved money. It also had a minor(?) security advantage in that if the private server key somehow leaked, it wouldn’t let people impersonate our internet domain.
For the private CA I simply used the crappy CA.pl script that comes with OpenSSL or did at the time. There are much better ways to do it, especially at any kind of scale, but CA.pl sufficed dealing with a few development machines.
Mxroute.com look for a discount offer since they have lots of good ones.
There is a famous Erik Naggum rant about XML at, no wait, I better not link it but you can find it with a search engine if you want, which means you don’t get to complain to me about it since you are the one who went looking for it. Very NSFW and VERY politically incorrect. Naggum died in 2009 but anyone who published a thing like that today would be raked over the coals.
I wouldn’t count on google drive doing anything in particular after expiration, unless that is expressly part of the product description. Just because you can observe it happening now doesn’t mean you can expect it to keep happening. For that matter, Google cancels products all the time. So I wouldn’t even rely on the paid plan not being withdrawn at some inconvenient moment. If you really want to use it, then best strategy is probably use it as long as it lasts, but have some plan B in mind if it goes away.
Oneprovider.com shows lots of offers in Istanbul, though servers are expensive there compared to a place like Hetzner:
https://oneprovider.com/search?&cities[]=62&price=0&price_max=9999999999999999&price_any=0
1.1 USD/mo for 2TB is basically a giveaway or free plan, i.e. you’re the product not the customer. So I’d be suspicious. How much storage are you looking for? Hetzner unfortunately jumps from 3.2 euro/1TB to 11 euro/5TB. So 2TB is kind of a bad spot on that scale. But if google drive is working for you and your stuff is encrypted, why not keep it?
Tbh you get jerked around less with paid plans. I’m happy with Hetzner Storage Box. I have 5TB there for 10 euro/month. I’d never use Google Drive. borgbase.com has a 10GB “free forever” plan and I could see parking some stuff there, but 10GB is pretty small and IDK the conditions. Why not use a VPS provider with better storage options?
It was ok at the time, and if it isn’t ok now, that means you want to run something that is too bloated for its own good.
Really though, special hardware for this doesn’t make too much sense. A raspberry pi with two ethernet interfaces would be great, but if you can live with ethernet plus wifi, the current rpi’s will do it. Otherwise there are lots of similar boards that really do have two ethernet.
I have not really felt much use for self hosted server hardware at home. I use VPS’s for that and it’s less hassle. Maybe it doesn’t count as completely self hosted, but conceptually it’s a miniature colo box.
Oh man, what a mess. It is just not worth it if you’re only adding 1 or 2 TB. Also you don’t say what kind of data you want to store on this system. If it’s media files (static once written) that can simplify things.
I’d say don’t mess with external drives at all. Your simplest path is upgrade your 1TB internal SSD to 2TB or 4TB. Those aren’t too expensive, and you get SSD storage. Yes you may as well use LUKS unless you want to get fancier. I have some thoughts about key management but haven’t implemented them in practice, so talk about that would be theoretical.
RAID is for when you have data that changes, like databases where you frequently add rows or do updates, so you are up to date if a drive crashes just after an update. It also lets you keep the system running while you hot swap the crashed drive. If you don’t mind taking your storage offline while you restore from a backup, and you don’t mind having to recreate the most recent data, you don’t need RAID.
I simply keep my static stuff and backups on a Hetzner StorageBox, encrypted with Borg Backup. That eliminates all the hassles of RAID, buying hardware and keeping it at home, etc. I can remote mount it (read only) with sshfs with all cryptography happening on the client side (in practice I don’t do that very often). There’s no need to use an encrypted file system on the server, or for the server to ever see plaintext. Of course StorageBox is not self hosted, but you could do something similar with a bare iron storage server. Anyway I think it’s difficult to beat this for economy until you have tens or maybe 100’s of TB of data.
Do encrypted backups with Borgbackup or similar. That means the server never sees the plaintext or the decryption keys. The encryption happens on the client. Since it’s public-key encryption (separate keys for encryption and decryption), the client doesn’t need the decryption key either, except when restoring. So your backup can be automated without secret keys.
I don’t understand the bonus question, and there are a lot of subtlties to multi-person secure chat. Does the user agent really have to be a web browser instead of, say, an ssh terminal? What do you expect to use instead of web sockets, in a browser?
On different occasions I’ve used irc or nextcloud chat, neither of whichis ideal. Plus ytalk but that is 2-person only. There used to be fairly busy discussion on the moderncrypto.org messaging forum but I think that is quiet now.
/u/positive_intentions@lemmy.ml might be interested too.
This all sounds like too many levels of hair. If you really want to serve from home and have the upstream bandwidth for it, then reverse proxy to a cheap VPS seems like the easiest approach. I lost interest in that ages ago, partly because of crappy home internet. I have played with the idea of colo’ing a server at a data center but in the end, it’s simpler to use VPS and/or rental dedicated servers, so I do that instead. Whether that counts as self hosting is up to you, I guess.
Do you want something that also has CDN like Cloudflare? Bunny.net is good, but way more expensive than a cheap VPS if you use a lot of traffic.
Very reliable hard drives don’t exist whatever the price. You need RAID. But, look at backblaze drive reliability statistics to identify some obvious problem drives to avoid. It would help if you said what you are trying to do with the drives, what capacity you want, etc.