- 9 min read

Should you self-host?

Anytime one of the big cloud providers has an outage, like Cloudflare a few weeks ago or AWS in October, and sites and businesses go down, there are calls for everyone to just self-host. But what does self-hosting mean, and should you do it?

What is self-hosting

The strict definition of self-hosting means running your applications and services on your own hardware under your control. Whether that's on a Raspberry Pi next to your DSL or cable router, or on beefy servers in your own company datacenter.

But I want to extend the definition to also include running your applications on servers you rent (e.g. as VMs or dedicated servers from Hetzner or any of the myriad hosting providers out there). In that diluted form of self-hosting, you control the applications, but not the hardware.

To illustrate what self-hosting means, let me give some examples:

Instead of buying your Microsoft 365 licenses with Exchange Server in the cloud, you run your own email server with Postfix and Dovecot.

Instead of letting Cloudflare or GitHub Pages host your static website, you spin up a cheap Virtual Private Server (VPS) and host it there yourself.

Instead of storing your precious photos in services like Google Photos, you run your own Immich instance to keep your images safe and private.

But why would we want to self-host? The go-to solution today is to get your application as a service (called Software-as-a-Service, SaaS) from a provider. Be that Microsoft 365 or Google Workspace for email services and Office, or something like Salesforce as a CRM solution.

The arguments are that a provider has more expertise and know-how, they can provide 24/7 operations and, thanks to economies of scale, can do the same job more cheaply. It often is just not feasible to have that experience in-house, especially for small companies whose focus is not on IT. Or it would be too expensive to provide it at the same quality level as an experienced provider (again mostly due to economies of scale).

But at the same time, these providers, be they the big ones like Microsoft or Amazon, or small specialized ones, are not perfect. They don't have a magic spell, or, as we like to say in Germany, they also only cook with water. They will have problems and outages. And it feels like these are getting bigger and more frequent. Of course that's not to say that you would do any better if you ran everything yourself. The difference is that if Cloudflare or Amazon make a mistake, half the internet goes down. If you make a mistake with your self-hosted web or email server, only you go down. Outsourcing your IT services doesn't magically make everything perfect. But neither does running everything yourself.

The question of self-hosting for me comes down to a number of points:

  • Do you have the technical knowledge and expertise to provide the service (or are willing to learn)
  • Do you have the necessary equipment (for example: if you want to self-host big GPT models, you'll need powerful and expensive graphics cards)
  • Can you provide the service for an acceptable cost (not necessarily equal cost as other factors might justify higher costs)
  • Can you provide an acceptable level of reliability and availability
  • Can you provide an appropriate level of security (it wouldn't do to self-host your data only to have it stolen immediately)

To answer whether you should self-host, I want to split it into two scenarios: Should individuals self-host and should companies self-host.

Self-hosting for individuals

Self-hosting is best suited for technically proficient people. It doesn't mean you need to be an expert, but you should be willing to learn. And that for me is one of the two main arguments for self-hosting: To learn, to understand the concepts and technologies behind such an application.

I've already configured and run my own DNS servers and my own email (SMTP and IMAP) server. Not because it's cheaper or better. In hardware costs alone I've spent far more than if I had bought these services from companies. Not to mention the investment of my personal time. But it has helped me more deeply understand how these technologies work, admittedly often through failure.

The second argument for self-hosting for me is independence. Running your own services (even if it is on rented hardware from a provider) makes you more independent. There are numerous stories around the internet about people getting their Google or Microsoft accounts blocked for misunderstandings or technical failures and being unable to talk to a knowledgeable human to resolve the issue. As an individual you will have a hard time fighting for your rights with big companies, simply because you are one of millions and you don't make them enough money to justify the effort.

This does not mean you need to completely go the self-hosting route, but at least understand what it entails and move a few steps in that direction. Maybe have your own email domain that you host with a provider. If the provider cancels your contract, you can move the domain to another one and be up again. If Google blocks you and your Gmail address is the center of your digital life, you have a real problem.

Email is a good example where self-hosting is probably not a good idea. Doing it right is hard, or you risk becoming an unwilling distributor of spam or are unable to send mail as other providers block you for non-conformance to established standards. But hosting an Immich instance for your photos, that's far easier. Although exposing your private family pictures is also not what you want, so always take care.

Self-hosting for companies

For companies it mostly boils down to a question of cost. What does it cost to self-host, what does it cost to pay a provider, then factor in other arguments and compare.

Unless you're a very technical or large enough company, buying services like email will mostly be cheaper than self-hosting them. So the question is rather, how much weight do other factors have.

Even if you want to self-host, you might not be able to hire the needed experts. Whether because they're scarce on the market, too expensive. Or because the good ones don't want to work for you (they might prefer bigger companies with bigger and more advanced teams to being the sole sysadmin for you).

Equipment is another point. Can you buy the servers or specialized hardware needed (e.g. graphics cards for LLM inference). Do you have the space to house and run them (electricity, cooling, maybe several sites for redundancy). Do you have a stable, high-bandwidth internet connection (unless you have a dedicated business fiber connection, don't even think about it).

But the more important and often hard to quantify point is: Can you afford the vendor lock-in that outsourcing to a provider brings? It doesn't have to be the fear of getting cut off due to sanctions (I expand on this in the next section). In reality it is mostly about pricing and quality. What if your provider doubles their prices? What if they discontinue features you rely on, or their service becomes too unreliable. Depending on the service, switching providers might be very costly. So this needs to be factored into any cost comparison.

My recommendation to companies is to go a middle route: Complete self-hosting is normally overkill and not practical, but make sure you have a certain independence and can move or take over if needed.

This means always understanding the service and technology you are using, and always keeping a migration plan in the back of your mind. This is most easily done by using open standards. A simple example: If you need database services, go for a provider that offers PostgreSQL instead of their own proprietary solution. Instead of buying the complete Microsoft 365 suite, maybe get email services from a normal email provider and a file-sharing and collaboration application based on Nextcloud from another provider. That way you might have some friction loss, but you spread your company over several providers. And applications based on open standards or open-source implementations make it easier to migrate if needed without crippling the company. That also makes pricing negotiation more fair, if the counterpart knows you are not a captive audience.

Sovereignty

The last year the topic of digital sovereignty has gotten an enormous boost, mostly due to the political situation in the USA and the more realistic threat of being cut off from American cloud providers and software. Just a few days ago there was the story of a judge at the International Criminal Court being cut off from modern digital life because the USA imposed sanctions on him.

More and more companies in Europe are at least thinking about the topic of digital sovereignty and about moving away from American cloud providers. Self-hosting would be the ultimate consequence of that. If you host and manage your own applications, no single company can easily shut you down. But is this step really necessary?

On one hand, moving from say AWS to European competitor STACKIT would move you mostly out of the influence of American cloud providers and the risk of the USA playing political games. But on the other hand you are just moving your dependence onto another company that you need to trust not to do bad things.

In my opinion, going full self-hosting in response to the current political situation would be impractical from both a technological and an economic perspective. But companies should take steps to reduce their dependence. Which I believe they can do with two actions:

  • Diversification: Don't just rely on one provider for everything, split the load around, so that one provider going bad or being forced by the government to shut you down does not cripple you completely.
  • Rely on open standards: Anything that is built on open standards or APIs can be more easily moved to another provider. It might not be without cost or downtime, but at least you have the option without going bankrupt.

Companies should stay realistic. Neither running around like a headless chicken and desperately setting up self-hosting, nor sticking your head in the sand and pretending everything is fine is the answer. Find a middle ground, plan ahead to not be completely surprised and helpless if something happens, and take at least a few steps to make you more independent.

My story

Having talked about self-hosting a lot, I'd like to explain a bit about my personal situation in regard to this topic.

I do a lot of self-hosting. Both in my HomeLab running in my apartment, and on rented virtual servers (my current provider is netcup and I also use Hetzner).

For email, I go both routes. I have my own primary domain that I use with Uberspace, but I also run my own email server for other domains for the learning experience.

I also host important applications myself, Bitwarden/Vaultwarden as password manager and Nextcloud as file-sharing app and for calendar and note taking.

This blog is hosted on Cloudflare. Mostly because it fits the free tier and is easy to use, and I get bot and DDoS protection on top. And it's a fun way to learn about Cloudflare offerings. But I have the technology in place to self-host it if needed. Should I ever have a problem with Cloudflare, I can point my domain's DNS entries somewhere else and be back online in no time.

For Git I again go take both routes. Most of my personal private stuff is hosted on GitLab.com, for CI/CD I run GitLab Runners on my HomeLab. But I also run my own Forgejo instance and mirror all my repositories. So if GitLab ever kicks me out or I lose the data there, I'm covered. Open-source stuff is on GitHub, mostly because it's the de facto standard choice. Although there have been more moves to Codeberg lately.

Other applications I have written myself (like a ToDo list or a recipe database), mostly because it is fun and I can build them exactly how I want and need them. And of course I host these myself.

Depending on which provider would cut me off, I would still suffer, but in such a scenario I could more or less easily move without my digital life being lost or severely crippled. And even more important, I have learned and am still learning a ton of stuff. And it's great fun.

Conclusion

The internet was initially designed as a decentralized network with many independent entities and nodes forming a global network. Much of which is also the core of self-hosting. Nowadays this vision is rather blurred. Much of the internet is concentrated in the hands of a few providers: Cloudflare, Amazon AWS, Microsoft Azure, Google GCP. That all of them are American companies does not make it any better. This topic sparks heated debate. With expertise, efficiency, and cost on one side, and independence, diversification, and fear of monopolies on the other.

Reality is, the internet is not the same as it was many years ago. With bad actors (spam, DDoS, hacks) and companies that play fast and loose with standards and customers (for example the "Netzbremse" of Deutsche Telekom), the original vision is long gone and no longer practical. I personally find that sad, both from a technical and a political standpoint, but that is the reality.

In the end, self-hosting as a concept is one of understanding your technologies and being, at least partially, in control of them.

As a technical individual you should try to self-host to learn, but you don't need to be absolute or fanatic about it.

As a company, you don't need to build your own CyberBunker, but you should have agency in the technologies and services that drive your processes and be prepared.