Disclosure: This article contains affiliate links. If you purchase through our links we may earn a commission at no extra cost to you. We only recommend services we have personally evaluated.
The phrase "self hosting" has gone from niche homelab jargon to a mainstream conversation. Reddit's r/selfhosted crossed 400,000 members. The Hacker News thread "What do you self-host?" gets hundreds of comments every time it runs. The shift is real and the motivations are clear: Big Tech's privacy practices have eroded trust, SaaS subscription costs keep climbing, and the tools to run your own stack have never been more accessible.
This guide explains what self hosting actually is, why people do it, what you can realistically run yourself, and the one honest reason not to bother. If you're here because you want to reclaim control over your digital life without handing your data to corporations whose business model depends on analyzing it, you're in the right place.
What Self Hosting Is (And What It Isn't)
Self hosting means running software on infrastructure you control. That infrastructure can be:
- A VPS (virtual private server) rented in a data center — the most common and practical choice for beginners
- A Raspberry Pi or mini-PC at home — good for local network services, requires port forwarding and a dynamic DNS solution
- A dedicated server — overkill until you're running dozens of services
The key distinction is control. When you use Google Drive, Google runs the software on Google's hardware under Google's terms of service. When you self-host Nextcloud on a Contabo VPS, you run the software on hardware you've rented, under terms of service between you and the hosting provider — nobody has access to your files except you. No advertising model. No data brokering. No unilateral feature removal.
Self hosting is not:
- Running a piracy server or anything that violates your hosting provider's terms
- Automatically anonymous — your VPS provider knows who you are
- A replacement for every cloud service — some things (CDN, transactional email, large-scale object storage) are genuinely better handled by specialists
Why Self Host? The Four Real Reasons
1. Data Sovereignty
When a company folds, changes its terms, or gets acquired, your data is at risk. Google killed Google+ and took millions of photos with it. Microsoft deprecated OneDrive tiers. Dropbox introduced artificial limits years after users had structured their lives around the free tier. When you self-host, your data migration strategy is entirely in your hands.
2. Privacy by Architecture
You cannot leak data to advertising networks from a server you control. Nextcloud doesn't phone home with your file contents. Vaultwarden doesn't send your passwords anywhere. The privacy guarantee isn't a policy document — it's an architectural fact. Your data never touches a server you don't operate.
3. Long-Term Cost
The math shifts when you aggregate services. One Contabo VPS S at €4.99/month runs: a WireGuard VPN server, Nextcloud (files + calendar + contacts), Vaultwarden (passwords), Pi-hole or AdGuard Home (DNS ad-blocking), and a Bitwarden-compatible password manager. Running those commercially: Proton VPN Plus (€4.49/month) + Google One 2TB (€9.99/month) + 1Password (~€3.99/month) = ~€18.47/month. The self-hosted stack delivers the same result for €4.99/month. Over two years: €119 vs €443.
4. Exit From Big Tech's Ecosystem
This is the philosophical case. Every Google search, every Gmail, every Drive file contributes to a profile used to sell ads and influence behavior. Self hosting is the infrastructure-level opt-out. It's not complete — you likely still use a Google device or an iOS phone — but it removes the most data-rich services from the equation.
What You Can Realistically Self-Host
VPN with WireGuard
The most natural entry point into self hosting, and the focus of most guides on this site. WireGuard is a modern VPN protocol audited in 2019 (and repeatedly since), runs as a Linux kernel module, and operates at roughly 5% CPU overhead on a single core. You install it on a VPS, generate a configuration, scan a QR code on your phone, and route all your traffic through your private exit node.
The advantage over a commercial VPN: you are the sole user of the exit IP. No shared IP reputation issues. No log policy to trust. The limitation: you have one exit location. For that tradeoff, see our self-hosted VPN vs commercial VPN comparison — it's the first question most people hit.
Protocol choice matters too. If you're undecided between WireGuard and OpenVPN, our WireGuard vs OpenVPN guide covers the technical differences in depth.
Nextcloud — Files, Calendar, Contacts
Nextcloud is the most widely deployed self-hosted alternative to Google Drive/Google Workspace. It handles file sync (desktop + mobile clients), WebDAV, CalDAV, CardDAV, and has an extension ecosystem covering notes, kanban boards, collaborative documents, and video calls. The Nextcloud AIO (All-In-One) Docker image installs in a single command.
Storage is the variable: a VPS with 50–200 GB NVMe is enough for a personal setup. For a family photo library, attach an object storage bucket (Hetzner Object Storage at €0.006/GB/month or Contabo's own S3-compatible option).
Vaultwarden — Password Manager
Vaultwarden is an open-source, API-compatible reimplementation of Bitwarden's server. It's lightweight (runs on 256 MB RAM), fully compatible with Bitwarden's official clients on iOS, Android, Windows, macOS, and browsers, and supports passkeys, TOTP, organizations, and emergency access. Replacing 1Password or LastPass with Vaultwarden means your vault is on your server and nowhere else.
Bitwarden Send, AdGuard Home, Uptime Kuma
Beyond the core three, the self-hosted ecosystem covers DNS-level ad blocking (Pi-hole or AdGuard Home), monitoring dashboards (Uptime Kuma), link shorteners (Shlink), media servers (Jellyfin for films, Navidrome for music), and RSS aggregators (FreshRSS). A single 4 vCPU VPS runs all of them simultaneously with headroom to spare.
What's Harder to Self-Host
Email is the notable exception. Running your own mail server that actually delivers to Gmail inboxes requires managing DKIM, DMARC, SPF, reverse DNS, IP reputation, and a long list of anti-spam requirements. The time cost is disproportionate. Services like Proton Mail or Tutanota give you privacy-respecting email without the operational complexity.
Large media libraries work better with attached storage than a base VPS plan. Budget for object storage if your self-hosted Jellyfin needs 2+ TB.
Choosing a VPS for Self Hosting
The VPS is the foundation of a cloud self-hosted setup. The requirements for running a typical self-hosted stack (WireGuard + Nextcloud + Vaultwarden + AdGuard) are modest:
| Resource | Minimum | Comfortable |
|---|---|---|
| vCPU | 1 | 2–4 |
| RAM | 2 GB | 4–8 GB |
| Storage | 20 GB | 50–100 GB |
| Bandwidth | 1 TB/month | 5+ TB/month |
| Monthly cost | ~€4–6 | €5–10 |
For European self-hosters, Contabo VPS S consistently wins the value calculation: 4 vCPU, 8 GB RAM, 50 GB NVMe, and 32 TB/month bandwidth for €4.99/month on a 24-month plan. German jurisdiction (GDPR), AMD EPYC processors, and datacenter options in Nuremberg and Munich. It's the server we reference across VPNSmith's own guides because we've run it for 14 months and measured it.
Get Contabo VPS S — €4.99/month, start your self-hosted stack →
For a full comparison of Contabo, Hetzner, and OVH across 12 criteria including uptime, API access, snapshot pricing, and IP reputation, see our cheapest VPS for WireGuard VPN 2026 breakdown.
Security Basics You Must Not Skip
Self hosting gives you control, which means security is also your responsibility. Three non-negotiable steps before opening any service to the internet:
1. Harden SSH access
Disable password authentication, use SSH keys, change the default port (22), and install fail2ban. These four steps eliminate the vast majority of automated brute-force attacks. On a fresh Debian or Ubuntu VPS, this takes about 15 minutes.
2. Use a reverse proxy with automatic TLS
Never expose self-hosted services on raw HTTP. Caddy or Traefik handle Let's Encrypt certificate provisioning automatically. You point your domain at the VPS, configure the reverse proxy, and all your services get HTTPS with auto-renewing certificates. No manual certificate management.
3. Keep everything updated
Docker containers don't update themselves. Set up Watchtower (automatic container updates) or schedule a weekly manual pull/restart cycle. Unpatched software on a public IP is the number one cause of self-hosted server compromise.
A domain name: optional but strongly recommended. A subdomain (cloud.yourdomain.com, vault.yourdomain.com) makes your setup dramatically easier to manage than raw IP addresses. Namecheap and Cloudflare both offer domains under €10/year with solid DNS management.
Beginner Mistakes to Avoid
Exposing everything to the public internet immediately. Start with a WireGuard VPN tunnel, then access all your other self-hosted services through the tunnel. You can run Nextcloud on your VPS without exposing it to the world — access it over your WireGuard connection. This dramatically reduces your attack surface.
Using default credentials. Every self-hosted app has an admin password. Change it immediately on first login. Use a generated password from your vault, not a pattern you reuse.
No backups. Self-hosting means you're the backup strategy. At minimum: daily snapshots of your VPS (Contabo includes snapshot capability), and weekly offsite exports of your most critical data (Vaultwarden vault export to encrypted local storage). A server that hasn't been backed up is a server waiting to be lost.
Underestimating the initial time investment. The first setup will take a weekend. That's normal and expected. After the initial configuration, a healthy self-hosted stack needs perhaps 30–60 minutes of maintenance per month — updates, log checks, occasional troubleshooting.
When Self Hosting Is NOT the Right Choice
Be honest with yourself about these scenarios:
You need multi-country VPN exit nodes. A single VPS gives you one location. If you need to appear in the US one day and Japan the next for streaming or work, a commercial VPN like Proton VPN (11,000+ servers in 117 countries) is straightforwardly better for this specific use case.
Your threat model includes nation-state adversaries. A VPS has a paper trail: payment method, IP address, account registration. If you're a journalist or activist in a high-risk context, the threat model guide from EFF is more relevant than this one. Tor, Tails, and operational security training matter more than self-hosting.
You want zero maintenance. Self hosting requires maintenance. If you genuinely don't want to think about your infrastructure, a trusted commercial service (Proton's ecosystem is our recommendation for the privacy-conscious non-technical user) is the correct choice.
You need email. Just don't self-host email. Use Proton Mail.
VPN Self Hosting as the Natural Entry Point
If you're new to self hosting and unsure where to start, start with a VPN. It's the simplest service to configure, delivers immediate and tangible privacy benefits, and teaches you the fundamental skills — VPS provisioning, SSH, basic Linux, firewall rules, domain setup — that you'll reuse for every other self-hosted service.
VPNSmith's guides walk you through the complete process:
- Self-hosted VPN vs. commercial VPN — make the right choice for your profile before you spend anything
- WireGuard vs. OpenVPN: which to choose — pick the right protocol before you configure anything
- Cheapest VPS for WireGuard 2026 — the infrastructure decision, ranked by real cost
Once your VPN is running, the jump to Nextcloud or Vaultwarden is small. The VPS is already there. The SSH access is configured. The domain is pointed. You add a Docker service, configure a reverse proxy block, and a new self-hosted tool is live. The first service is 80% of the work. Every subsequent service is additive.
Self hosting won't make the internet perfectly private. But it removes the most invasive actors from your most sensitive data — your files, your passwords, your DNS queries, your internet traffic. For €4.99/month and a weekend of setup, that's one of the highest privacy-per-euro investments you can make.
Start with Contabo VPS S — €4.99/month, 2-year plan →
★ Datacenter Nuremberg GDPR · ✓ IPv4 dédiée incluse · 200+ Mbps garantis
Get Contabo30 jours satisfait ou remboursé→
