The moment I decided to stop renting my infrastructure

It was 2014. A client called me in a panic because their hosted email provider — a reasonably well-known Australian company — had gone under over the weekend. Their mail records pointed to servers that no longer existed. Three days of email, gone. Their website was hosted through the same company. Also gone.

What made it worse was that they had no control over their own domain. It was registered and managed through that hosting company as part of a bundle package. Getting the domain transferred required phone calls, statutory declarations, and about two weeks of bureaucracy during which their website was unreachable.

I'd already been running GNU/Linux since the early 2000s. I understood the server side. After that experience — cleaning up someone else's dependency on a business that had failed — I made a decision: wherever possible, I'd control my own infrastructure. Not because I distrust every service, but because I don't want my business continuity dependent on someone else's.

Every SaaS subscription is a dependency. Dependencies can fail, pivot, or disappear. Own what you can.

What I self-host

Here's the current stack, roughly in order of importance:

  • Email — Full mail stack handling all my domains. Postfix for SMTP, Dovecot for IMAP, with SPF, DKIM, and DMARC configured correctly.
  • Websites — Client sites and my own, served via Nginx. A mix of WordPress installs and static HTML.
  • DNS — Managed through Cloudflare (not technically self-hosted, but Cloudflare's free tier is excellent and I control the zone files completely).
  • Backups — Automated nightly database and file backups via cron, rotated and stored on a separate NAS as well as an offsite location.
  • Monitoring — Uptime monitoring for all client sites, with alerts that come to my phone if anything goes down.
  • Git — Private Gitea instance for code I don't want in GitHub.

The VPS setup

I run everything on a VPS — a Virtual Private Server — rather than dedicated hardware. For my workload, a VPS gives me the control of a dedicated server at a fraction of the cost. The server runs Ubuntu 22.04 LTS. I chose Ubuntu over Debian for this particular server because of the longer LTS support window and broader package availability, though either is a solid choice.

The base stack:

  • Nginx as the web server and reverse proxy. Fast, efficient with memory, excellent configuration model. I don't use Apache anymore — Nginx handles everything from simple static sites to proxying to PHP-FPM for WordPress.
  • PHP-FPM for WordPress sites. Running PHP as FastCGI Process Manager rather than as a module gives you better process isolation and resource control.
  • MariaDB for database. Drop-in MySQL replacement with a slightly better performance profile for typical WordPress workloads.
  • Let's Encrypt via Certbot for SSL certificates. Free, automated, renews via a cron job every 60 days. There is genuinely no reason to pay for an SSL certificate for a standard web property anymore.
  • UFW as the firewall. Simple rule management on top of iptables. Allow ports 22, 80, 443, and deny everything else.
  • Fail2ban watching the SSH and mail logs. Automatic IP banning after failed authentication attempts.

The certbot renewal cron entry looks like this:

0 3 * * * /usr/bin/certbot renew --quiet --post-hook "systemctl reload nginx"

Runs at 3am daily, only actually renews certificates within 30 days of expiry, and reloads Nginx when it does. Set and forget.

Self-hosted email: worth the pain?

This is the one that puts most people off, and I understand why. Email deliverability is genuinely complex. Getting your server's IP on a spam blacklist — even accidentally — can mean your outbound mail silently disappears. The ecosystem of SPF, DKIM, DMARC, and reverse DNS is not forgiving of misconfiguration.

But having done it for years, my honest assessment is: yes, it's worth it, with caveats.

My mail stack is Postfix for sending and receiving, Dovecot for IMAP access, and SpamAssassin plus Amavis for filtering. The complete configuration took me a weekend the first time. Now it runs itself, with cron jobs handling log rotation and a few alerting scripts I wrote that email me if the mail queue depth exceeds a threshold.

The critical configurations for deliverability:

  • Reverse DNS (PTR record) — Your server's IP must resolve back to your mail server's hostname. Your VPS provider can set this. Without it, your mail will be rejected or spam-folded by major providers.
  • SPF record — A TXT record on your domain listing which servers are authorised to send mail for it. v=spf1 ip4:YOUR.SERVER.IP -all is the basic form.
  • DKIM — Cryptographic signature added to outbound mail, verified against a public key published in DNS. Postfix + OpenDKIM handles this. Required for good deliverability to Gmail and Microsoft 365.
  • DMARC — Policy that ties SPF and DKIM together and tells receiving servers what to do with mail that fails validation. Start with p=none and monitoring mode before moving to quarantine or reject.

For clients who don't want the complexity, I recommend Mailcow — a Docker-based mail stack that wraps all of the above in a reasonable admin interface. It's still self-hosted, but the configuration complexity is much lower.

Static sites vs WordPress on your own server

I use both, for different purposes. The decision framework is straightforward:

Static HTML when the content changes infrequently, the client doesn't need to edit it themselves, or performance is paramount. A static site served by Nginx is essentially impossible to slow down under normal traffic conditions. There's no PHP process, no database query, no plugin chain — just Nginx reading a file and sending it. It's also dramatically simpler to secure: no WordPress login page to brute-force, no plugin vulnerabilities to patch.

WordPress when the client needs to manage their own content, when there's a complex content model (WooCommerce, membership, custom post types), or when the publishing cadence is high. WordPress has its security overhead, but on a properly configured server — fail2ban watching the login page, WP core auto-updates enabled, plugins kept current — it's manageable.

I've moved several of my own sites to static HTML recently and the performance difference is stark. PageSpeed scores that were 75 on a fast WordPress install jumped to 97+ as static sites on the same server.

The GNU/Linux advantage

I run GNU/Linux on my desktop, on my servers, and have for over twenty years. The relevance to self-hosting is direct: when you're comfortable in a terminal, running your own infrastructure becomes approachable rather than intimidating.

The tools are excellent and almost entirely free: Nginx, Postfix, Certbot, MariaDB, cron, ssh, rsync, tar. These are stable, well-documented tools with decades of refinement behind them. They don't require vendor lock-in, they don't phone home, and they don't change their pricing model.

The other GNU/Linux advantage is automation. Shell scripts and cron jobs can handle what would require paid SaaS features on a managed platform. My nightly backup script is 40 lines of bash. It dumps all databases, tarballs the web roots, encrypts the archive, copies it to the NAS via rsync, and emails me a status line. It has run every night for four years.

Costs compared to SaaS

Let me be concrete about what this costs compared to equivalent SaaS.

My VPS: roughly $20 AUD/month for a 2-core, 4GB RAM server in Sydney. On that server I run email for five domains, around fifteen websites (mix of static and WordPress), and the supporting services above.

Equivalent SaaS costs:

  • Google Workspace for email, five users: $150/month
  • WP Engine or similar managed WordPress hosting for 15 sites: $400+/month
  • A monitoring SaaS like Pingdom at scale: $50/month
  • A managed backup solution: $30/month

That's over $600/month in SaaS versus $20/month for a VPS I control. The trade-off is my time — initial setup and ongoing maintenance. But once a Linux server is properly configured, ongoing maintenance is low. Most months I spend less than an hour on infrastructure maintenance, usually just security updates via apt upgrade.

The time investment was higher upfront. Learning Postfix properly took time. Understanding Nginx configuration took time. That learning has compounded in value every year since.

Is it for everyone?

No, and I won't pretend otherwise. Self-hosting requires a particular kind of comfort with systems, with troubleshooting, with accepting that at 2am on a Saturday your mail server might have a problem and you are the support team.

For a small business owner whose core competency is plumbing or accounting or hospitality, managed hosting is the right answer. Pay someone competent to handle the infrastructure. Focus on your actual business.

But if you're a developer, a systems-minded person, or just someone who cares deeply about owning their own digital infrastructure — self-hosting on GNU/Linux is entirely achievable. The documentation is excellent, the community is large, and the sense of control over your own systems is genuinely satisfying in a way that paying a monthly SaaS bill never is.

If you're thinking about moving in this direction and want to talk through what makes sense for your situation, get in touch.