Technology · Security & sovereignty
Self-Hosting Instead of Subscribing: The Return of the Home Server
Photos, films, smart home, cloud storage: more people bring their services home. Getting started with self-hosting – hardware, costs and the secure way in.
By Boaz Lichtenstein

It almost always starts with one subscription too many: cloud storage gets more expensive, the streaming service thins out its catalogue, the photo service changes its terms. And at some point, the question surfaces: why does my digital life actually sit on someone else’s servers? The answer is one of the most interesting tech movements of recent years: self-hosting – from niche hobby to a growing counter-movement against subscription fatigue and data handover.
Key takeaways
- Self-hosting means running services like photos, files or smart-home control on your own hardware instead of someone else’s cloud.
- Container technology has massively lowered the barrier to entry: a service today is a configuration template, not a weekend project.
- On the cost side, you’re taking on time investment, backup responsibility and your own admin duties – anyone unwilling to carry those is better off with a paid service.
- The single most important security rule: access on the move only via VPN, never through ports left open to the internet.
- The sensible starting point is small – with a service whose failure wouldn’t hurt – and only grows toward sensitive services like photos afterwards.
What people are bringing home
The classics have become surprisingly practical for everyday use: photos (Immich, a fully-fledged Google Photos alternative with AI search on your own hardware), files and calendar (Nextcloud), media (Jellyfin as your own streaming service for your film collection), smart home (Home Assistant as a vendor-independent hub that switches locally rather than in the cloud), and dozens of small helpers, from a network-wide ad blocker to a self-hosted password manager (see our password manager basics). Container technology has massively lowered the barrier to entry: a service today is a configuration file, not a weekend project – ready-made templates for the common applications can be up and running in a few minutes, with no programming knowledge required.
The honest cost calculation
Self-hosting trades subscription fees for responsibility. On the credit side: full data control, no price increases, no discontinued services, surprisingly low running costs with efficient hardware. On the debit side – and it belongs in every honest recommendation – time (setup, updates, the occasional troubleshooting session), backup duty (if you host your own photos, you’re your own backup provider – the 3-2-1 rule with an off-site copy isn’t optional for self-hosters, it’s mandatory) and family support (you’re now the admin, even if other people in the household use the service). Anyone unwilling to carry these costs is better off with a paid, privacy-friendly service than with a neglected server that eventually fails without anyone noticing.
Worked example: cloud subscription versus your own server
A photo and file cloud subscription with several terabytes of storage costs roughly €100 to €150 a year, depending on provider and volume – year after year, with no end date. A used mini PC to get started costs around €150 to €250 as a one-off, plus roughly €150 for two hard drives; ongoing electricity costs for a frugal device run roughly €20 to €40 a year. After about two years, the purchase has typically paid for itself – provided your own time for setup and maintenance isn’t priced in, because that’s the real cost item that’s hard to put a euro figure on.
Comparing hardware options
The choice of hardware determines both the barrier to entry and future expandability:
| Hardware | Barrier to entry | Strength | Limit |
|---|---|---|---|
| Used mini PC | Low | Cheap, low-power, surprisingly capable | Storage often limited, restricted expansion |
| Ready-made NAS (2 bays) | Very low | Manufacturer apps, simple to use | Less flexible for unusual services |
| Single-board computer | Low | Extremely low power, ideal for one or two small services | Too weak for several demanding services at once |
| Used server/workstation | Medium | Plenty of power and storage | Higher power draw, louder in operation |
More important than raw compute power across all four options is idle power draw, because the device runs around the clock – a frugal mini PC or a two-bay NAS typically draws only 10 to 25 watts in normal operation.
The sensible way in, in 6 steps
- Start small: a service whose failure wouldn’t hurt – a network-wide ad blocker or a media library, say.
- Choose hardware to fit your needs: see the comparison above; when in doubt, favour a model with free expansion bays for later.
- Plan for backups from the start: the 3-2-1 structure should be in place before the first sensitive service (photos, documents) goes live.
- Migrate photos alongside your existing service: don’t cancel it immediately – switch only once the backup and routine are solid.
- Set up outside access exclusively via VPN: WireGuard or Tailscale instead of open ports – see also our article on VPNs.
- Establish an update routine: fixed dates for system and container updates, so security holes don’t stay open unnoticed.
Security: the single most important rule
The biggest risk in self-hosting isn’t the software itself, but carelessly exposing services directly to the open internet – every open port is a potential entry point that gets scanned automatically for vulnerabilities, often within hours of being opened. The safe ground rule is therefore: access on the move always via a VPN, never through ports forwarded to the router. Anyone who follows this one rule, installs updates regularly, and has a working backup often runs a setup that’s more secure in practice than the privacy state of some free cloud services would suggest – there, too, your data isn’t under your own control, it’s just under someone else’s rather than none at all.
From experience: a second, often overlooked building block is network segmentation. Anyone running smart-home devices, guest Wi-Fi and the home server on one shared network gives every compromised device potential access to all the others. A separate VLAN, or at least a dedicated guest Wi-Fi for insecure IoT devices, usually costs just a few clicks in the router menu and noticeably reduces the attack surface, entirely independent of the server’s own security.
The most common mistakes in self-hosting
- Making services reachable directly via open ports. Fix: set up VPN-only access for remote use.
- Starting immediately with the most sensitive service (photos, documents). Fix: build routine first with a non-critical service.
- No backup for the home server itself. Fix: the NAS is storage, not a backup – an off-site copy is mandatory, not optional.
- Postponing updates because “it’s running fine”. Fix: set fixed update dates before a hole gets exploited.
- Getting the family used to the service with no fallback. Fix: cancel the old service only once you trust the stability and the backup.
The bottom line
Self-hosting isn’t an ideology, it’s a trade-off: time and responsibility against data control and independence from price hikes. Anyone who starts small, plans for backup and VPN from the beginning, and only gradually takes on more sensitive services, builds a setup that delivers real sovereignty rather than frustration – and learns more about modern infrastructure along the way than any course could teach. The next sensible step isn’t the most ambitious project, it’s the least conspicuous one: a service whose failure tonight wouldn’t be noticed by anyone.