A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I use Mikrotik RB5009 because it's easy and very powerful. It has zerotier and wireguard built in. I'm slowly getting into OPNSense, but I'm not too familiar with it yet.
I also run ubiquiti wifi, but am planning on changing to another system in the future.
My core switch is a unifi 24 enterprise. It's the only affordable and semi quiet switch that is multigig, POE, and semi layer 3.
I currently run 6 vlans. Users, servers, management, IoT, LAN only, and DMZ.
Can only agree on Mikrotik routers. All are using RouterOS, which works the same on all their devices, from routers to switches and access points.
They are relatively cheap for the capabilites you're getting. They have their own scripting language, two APIs (their new one is REST-based).
GUI (winbox is recommended, and plays nice with wine. Wouldn't recommend web interface, just cumbersome) and CLI exists.
They have a lot of builtin functionality, like DHCP server, DNS server with static configuration, and even file sharing. Some models are powerful enough to run Docker images on (yes, that's builtin...).
We're running a couple of hundred and don't have much problem with them.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| AP | WiFi Access Point |
| CGNAT | Carrier-Grade NAT |
| DNS | Domain Name Service/System |
| HA | Home Assistant automation software |
| ~ | High Availability |
| IP | Internet Protocol |
| IoT | Internet of Things for device controllers |
| NAT | Network Address Translation |
| PCIe | Peripheral Component Interconnect Express |
| SSD | Solid State Drive mass storage |
| VPS | Virtual Private Server (opposed to shared hosting) |
9 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #41 for this sub, first seen 14th Aug 2023, 10:45] [FAQ] [Full list] [Contact] [Source code]
Wait since when does a tilde mean high availability?
Damn good bot
I have a Dell OptiPlex 7050 acting as a router. But I don't do any port forwarding. Instead, I have an Oracle Always Free VM that is connected to my server via a WireGuard tunnel. The cloud VM acts as reverse proxy to all of the services that I host. The OptiPlex 7050 is running OpenBSD.
It might be overkill and some sysadmin don't like using them but Ubiquity with their Unifi model is all I'm using at home. USG as my router/firewall, 24-port 500w PoE switch, unifi cloud key for interface, and an AP-AC-Pro for WiFi access.
+1 for Ubiquiti here too. My network is a fair bit smaller, but I have a regular Dream Machine for WiFi, router and firewall, and just an 8 port poe switch for two AP-AC-Pros and two cameras. The ecosystem is very expandable too, so I can easily add devices if I'm running out of capacity.
They're a little pricier, but definitely worth it IMO for something that just works with minimal tinkering. Networking setup is quite easy as well, Mactelecom networks on YT has some great videos on that.
I use unifi access points for wifi, and have an OpnSense router/firewall running on my server (proxmox).
That works really well, only negative ting is that if I reboot my server the internet is down while doing that. But that doesn't happen very often.
I can vouch for MikroTik also. I have no access to fiber, so my choice was to get crappy Huawei or ZTE with limited customisation option or get MikroTik. I have bought Chateau 5G AX. I was able to bypass mobile CGNAT with Wireguard tunnel to a virtual MikroTik on cheap VPS, as my mobile provider does not offer static IP for non business customers. I am also running reverse proxy on my server to access my network directly thanks to Wireguard tunnel. You can edit nearly everything on MikroTik router (including MAC address on any interface and even spoof IMEI number when it has LTE like mine).
I'm using a thinclient (Fujitsu S920), slapped an Intel Pro/1000 NIC in there and installed opnsense. Hardware cost for both used was around €80. Wifi is handled by a TP-Link access point.
It's a big boy router/firewall, and it's been quite a learning experience but very fun.
Same. Quad port Intel NIC.
There are some subtile differences that are good to know when looking for one on the second hand market: https://forums.serverbuilds.net/t/demystifying-intel-pro-1000-quad-port-nics/2401
How much wifi and open-source do you really want?
If you are willing to go with commercial hardware + open source firmware (OpenWRT) you might want to check the table of hardware of OpenWrt at https://openwrt.org/toh/views/toh_available_16128_ax-wifi and https://openwrt.org/toh/views/toh_available_864_ac-wifi. One solid pick for the future might be the Netgear WAX2* line. One of those models is now fully supported the others are on the way. If you don't mind having older wifi a Netgear R7800 is solid.
If you want full open-source hardware and software you need a more exotic brand like this https://www.banana-pi.org/en/bananapi-router/.
Both solutions will lead to OpenWRT when it comes to software, it is better than any commercial firmware but there's a catch about open-source wifi. The best performing wifi chips are Broadcom and those don't usually see open-source software support**. MediaTek is the open-source alternative and while they work fine they can't, unfortunately, beat Broadcom. As most hardware is Broadcom they have hacks that go behind the published wifi standards and get it go a few megabytes/second faster and/or improve the range a bit.
** DD-WRT is another "open-source" firmware that has a specific agreement with Broadcom to allow them to use their proprietary drivers and distribute them as blob with their firmware. While it works don't expect compatibility with newer hardware nor a bug free solution like OpenWRT is.
I have a Turris Omnia (https://turris.com). Comes with their custom OpenWrt out of the box so can do everything that can, with some extra features. Hardware is pretty good: two wifi cards, one of which can do 802.11ax, 6 GBit ethernet ports, 1 SFP port, 2GB RAM, 8GB EMMC flash, supports adding a PCIe SSD. You can also pretty easily install your own OS on it if you want to, personally I have it booting off of a PCIe SSD with NixOS on it.
I use an N5105 generic mini pc running proxmox and opnsense. You can get them fairly cheaply from Aliexpress. They’re particularly low power and come with 4-6 gigabit network ports. I have two containers, the second of which hosts my Home Assistant instance. As an added bonus they often don’t have a fan.
For wifi I use Ubiquity wifi 6 Lite APs with the controller running under home assistant.
For several years I've been using an ASUS RT-68AC running Merlin for my router/AP. Honestly no complaints.
I've recently switched to using OpnSense for my router on an old Dell mini PC and switched the ASUS to AP only mode.
I've never trusted vendors like Asus for their routers. I'm currently using PC Engines APU2E4 with OpenBSD. This setup support everything I can think of.
Depending on how in depth you want your firewall, packet inspection, etc to be and your internet access speed, you may want a commercial grade router. You can also probably use an old PC and add a dual gigabit NIC to it and load up opnsense or pfsense or some other router/firewall distribution. From there, add a stand alone switch and a standalone wifi AP (or router in AP mode). The reason I bring up using a commercial device or an older desktop is because packet inspection, filtering, etc at line speed on a gigabit connection won't be possible with a lot of low powered devices.
I used to do this (was using an old Intel core i5 second gen with added RAM and a dual port gigabit NIC) but it was a lot to keep up with. I have since moved on to an Asus router (RT-AX86U) with the AsusWRT-Merlin software package. The only functionality I really lost was suricata for IDS. The AsusWRT distro comes with some proprietary stuff (that I think you can turn off) but it's also very "open" in terms of just running Linux underneath. This means you can set up things like VLANS, use iptables, etc.
AsusWRT-Merlin adds some niceties (including a nice add on system that will expand into web based interfaces for certain things you might usually do from command line, better/expanded firewalling, and even adguardhome installer for DNS-based malware/spyware/ad blocking... kinda like pihole but lots of people like it better). The maintainer of that package corresponds frequently with Asus (to the point that some of his stuff is merged back into the official AsusWRT at some points).
I can confirm that the model I mentioned above is able to do all the firewalling, QoS, adguard DNS filtering, etc at gigabit speeds. It also has some sort of IDS and a few other protections, but they are part of the proprietary bits (Asus licensed via TrendMicro I believe).
What do you use for a wireless access point?
Eero.
Interesting, I'd never heard of them, thanks!