Introduction
If you are new to the self hosting world, you probably will need to spend some time studying and trying to figure out things on your own. I created The Self Hosting art with the purpose of showing how I got my services working. Today I'll be doing the review of YunnoHost, a fully featured self hosting platform.
Installation
To get started, you will need a VPS with at least 512MB of ram and 16GB of disk space. You will also need Debian 11.
Once you have your VPS installed with Debian 11, you can simply install curl and run the script:
apt update
apt install curl
curl https://install.yunohost.org | bash
After running that, you can choose the default options and allow YnunoHost to manage your SSH as well.
The installation process is really easy on that part. Once it is done, you can go to: http://yourVPSIP to create a user and a password.
Keep in mind that this password will be used for your SSH user, your administration interface and the default user on the available apps. For that reason, I recommend using a really strong password.
Security
By default, YunnoHost comes with an optimized Fail2Ban installed. It will ban anyone trying to do too many logins on your admin interface, ssh and even on apps (e.g nextcloud).
I couldn't confirm in their documentation if Fail2Ban is enabled on all available apps, but based on the apps that I installed myself to test, it was always enabled (WordPress, Nextcloud, Roundcube).
Despite the installed firewall that allows only the necessary ports and fail2ban, many people criticize YunnoHost for not having more advanced app isolation like Sandstorm, which is a close competitor.
In my opinion, analyzing things this way is shallow. YunnoHost also doesn't allow apps to access system folders, so even if an app is hacked, it won't be easy to access core system files.
Some people might argue that it's possible to do a shell exploit if an app is vulnerable. Although it is possible, it will be necessary to have a major security flaw in the system in some essential component such as the Kernel or sudo.
The truth is that nothing is really 100% secure. Even if your apps were isolated, someone could find a exploit on the isolating technology and get access to the outside. For me, the security level provided by YunnoHost is more than enough.
Performance
This is one of the part where YunnoHost shine. Each app is packaged with performance and optimization in mind. Nextcloud for example comes by default using APCU, Redis and a configurable PHP FPM. The apps don't use a lot of disk space since they can share libraries and packages from the host system.
Ease of use
This is the strongest point ever for YunnoHost. You can easily add domains, install applications with a single click, deploy SSL, restart services, check the logs and update the system and your apps with one click!
That is really wonderful and saves a lot of time. It's also great for beginners. You can test any apps without worrying about crashing your VPS.
There is also an app called "unattended upgrades". It can perform automatic updates for YunnoHost, making your life even easier.
Email and XMPP by default
Another great point of YunnoHost is that once you set it you have a email server and a XMPP server. If you go to the diagnostics tool, it will send you all the necessary records to be up and running. The mail servers comes with anti spam software and fail2ban.
You can use mail clients or install a webmail if you prefer. This is great because doing the email setup is usually not really easy to pair with other applications
Conclusion
Be you experienced or be you a beginner, YunnoHost can help. I replaced two personal servers with YunnoHost. It had all the apps that I needed and made my life much easier to keep things secure on the internet.
I highly recommend you to install YunnoHost if you want a easy and safe way to self host.
Screenshots
Of course, I could not finish this post without some neat screenshots from one of my own YunnoHost instances:
You can also help with Monero, Litecoin, Bitcoin or Nano: Monero:837X2SppmrrPkBbpsy9HQU1RFxKhsBcn6GdQv2wR5wGoiw8ctfh6Rt36xaszveZHysYA5KSDBr51y5YuQ3YCV23sJS9nhqW BTC:bc1qrvgz7dzzlfllulakw87vzvtf7s2u8t0sxpjehr Litecoin:ltc1qycz6ssg6xjxttuld6l6ulzqdr3y70rm8wv2g9p Nano:nano_1jmd6dg4dbem7f3wrojr7g45ioe6eb5et3iq11f8urfxe8qausxipup8bhua
