How to Self-Host Everything: A 2026 Beginner's Guide

You’re probably paying $50+ per month for cloud services right now — email, file storage, password managers, project management tools, all of it scattered across a dozen companies. I know I was. Then I realized: what if you could replace all of that with a single $5/month server that you actually control?

That’s self-hosting. You run your own services on your own hardware (or a cheap rented VPS). In 2026, it’s genuinely easier than ever. You don’t need a CS degree or a basement full of servers. You need a VPS, some Docker basics, and maybe an hour of your time.

Let’s get you set up.

Why Self-Host in 2026?

Look, the case is pretty solid these days:

Privacy is getting personal. Regulations keep tightening, but companies find loopholes anyway. Put your data on your own server and suddenly that whole compliance headache vanishes.

SaaS gets expensive. Notion started cheap. Slack started cheap. GitHub started cheap. Now? They’re all premium-priced. Self-hosted alternatives? Still free, and they stay that way.

AI training on your data is getting creepy. Most SaaS products now train on your data by default. Even the ones with opt-out buttons sometimes ignore you. Your data on your server? No ambiguity there.

Everything good gets worse eventually. I’ve watched products I loved gradually degrade as companies optimized for shareholders instead of users. Call it enshittification if you want — it’s real. Self-hosting is the antidote.

What You’ll Need

Short shopping list:

1. A VPS (Virtual Private Server)

A VPS is basically a virtual machine in the cloud. Your own little server, rented monthly.

Here’s what people actually use:

Provider	Cheapest Plan	RAM	Storage	Location
Hetzner	~€4.50/mo	2 GB	20 GB	EU/US
Contabo	~€4.50/mo	4 GB	50 GB	EU/US/Asia
Netcup	~€3.50/mo	2 GB	40 GB	EU
Oracle Cloud	Free tier	1 GB	50 GB	Global
DigitalOcean	$6/mo	1 GB	25 GB	Global

I’d recommend Hetzner for beginners. Their 2GB ARM servers are solid, cheap, and the performance-per-euro is hard to beat.

If you want more bang for your buck, Contabo is the dark horse. You get double the RAM and storage of competitors at the same price. The self-hosting community loves them for heavier apps like Nextcloud or media servers.

Real talk: Don’t go below 2 GB RAM. I’ve seen people try, and they always regret it when they want to run multiple Docker containers. 2 GB is the sweet spot for beginners.

2. A Domain Name

You’ll need a domain to point at your server. A .dev domain costs about $12/year. Use Cloudflare as your registrar — they sell at cost with zero markup.

3. Enough Terminal Knowledge to be Dangerous

You’ll need to SSH into your server and run basic commands. If cd, ls, and nano aren’t familiar, spend 30 minutes on a Linux basics tutorial first. Promise you won’t regret it.

Step 1: Set Up Your VPS

You’ve bought a VPS. You’ve got an IP address and SSH credentials. Now let’s secure it properly.

Connect via SSH

ssh root@your-server-ip

Make It Secure (This Part Matters)

Skip this section and you’ll get hacked. I’ve watched people set up brilliant self-hosted stacks and then lose everything because they didn’t harden their server. Don’t be that person.

# First, update everything
apt update && apt upgrade -y

# Create a non-root user for day-to-day work
adduser deploy
usermod -aG sudo deploy

# Set up SSH key authentication (way better than passwords)
mkdir -p /home/deploy/.ssh
echo "your-ssh-public-key" >> /home/deploy/.ssh/authorized_keys
chmod 700 /home/deploy/.ssh
chmod 600 /home/deploy/.ssh/authorized_keys
chown -R deploy:deploy /home/deploy/.ssh

# Disable root login and password auth
nano /etc/ssh/sshd_config
# Find these lines and change them:
# PermitRootLogin no
# PasswordAuthentication no
systemctl restart sshd

Set Up the Firewall

apt install ufw -y
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp    # SSH
ufw allow 80/tcp    # HTTP
ufw allow 443/tcp   # HTTPS
ufw enable

This blocks everything except what you explicitly allow. Good practice.

Install Fail2ban

apt install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban

Fail2ban watches for bad login attempts and automatically bans IPs that are clearly up to no good. It’s like a bouncer for your server.

Step 2: Install Docker

Docker is everything in modern self-hosting. It lets you run apps in isolated containers — no dependency chaos, super easy updates, backups are trivial.

curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker deploy
sudo apt install docker-compose-plugin -y

docker --version
docker compose version

Log out and back in for the group changes to take effect. (That last bit is important — don’t skip it.)

Step 3: Set Up a Reverse Proxy

A reverse proxy handles SSL, routes traffic to your apps, and manages load balancing. Traefik is the standard for Docker setups.

Create a Docker network first:

docker network create proxy

Now the Traefik config:

mkdir -p ~/traefik
cd ~/traefik

# docker-compose.yml
services:
  traefik:
    image: traefik:v3.3
    container_name: traefik
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./acme.json:/acme.json
    networks:
      - proxy

networks:
  proxy:
    external: true

# traefik.yml
api:
  dashboard: false

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"

providers:
  docker:
    exposedByDefault: false

certificatesResolvers:
  letsencrypt:
    acme:
      email: [email protected]
      storage: /acme.json
      httpChallenge:
        entryPoint: web

touch acme.json
chmod 600 acme.json
docker compose up -d

That’s it. Traefik will automatically discover your Docker containers and provision SSL certificates from Let’s Encrypt.

Step 4: Deploy Your First App

Let’s deploy Uptime Kuma — a beautiful self-hosted monitoring tool. It’s perfect for your first app because it gives you immediate value (you’ll actually use it to monitor your other services).

mkdir -p ~/apps/uptime-kuma
cd ~/apps/uptime-kuma

# docker-compose.yml
services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    container_name: uptime-kuma
    restart: unless-stopped
    volumes:
      - ./data:/app/data
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.uptime.rule=Host(`status.yourdomain.com`)"
      - "traefik.http.routers.uptime.tls=true"
      - "traefik.http.routers.uptime.tls.certresolver=letsencrypt"

networks:
  proxy:
    external: true

Point your DNS (status.yourdomain.com) to your server, then:

docker compose up -d

Within a minute you’ll have a monitoring dashboard at https://status.yourdomain.com with a valid SSL certificate. No extra configuration needed.

Step 5: Build Your Stack

Now you know the pattern. Docker Compose + Traefik labels = deployed app. Everything else follows the same formula.

Here’s a solid starter stack:

App	Replaces	RAM
Vaultwarden	Bitwarden/1Password	~50 MB
Nextcloud	Google Drive/Dropbox	~200 MB
Uptime Kuma	Pingdom/UptimeRobot	~100 MB
Plausible	Google Analytics	~200 MB
Gitea/Forgejo	GitHub (private repos)	~150 MB

All of these run comfortably on 2 GB RAM. Add them one by one.

Example: Vaultwarden (Password Manager)

# ~/apps/vaultwarden/docker-compose.yml
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    volumes:
      - ./data:/data
    environment:
      - SIGNUPS_ALLOWED=false
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.vault.rule=Host(`vault.yourdomain.com`)"
      - "traefik.http.routers.vault.tls=true"
      - "traefik.http.routers.vault.tls.certresolver=letsencrypt"

networks:
  proxy:
    external: true

Important: Set SIGNUPS_ALLOWED=false after creating your account. You don’t want random internet people creating accounts on your password manager.

Step 6: Backups (Seriously, Don’t Skip This)

Self-hosting without backups is like driving without a seatbelt. I learned this the hard way — lost a day of data once because I was lazy. Don’t be me.

Simple Automated Backups

#!/bin/bash
# backup.sh — Run daily via cron

BACKUP_DIR="/home/deploy/backups"
DATE=$(date +%Y-%m-%d)

mkdir -p "$BACKUP_DIR"

# Stop each app, backup, restart
for app in uptime-kuma vaultwarden nextcloud; do
    cd "/home/deploy/apps/$app"
    docker compose stop
    tar czf "$BACKUP_DIR/${app}-${DATE}.tar.gz" ./data
    docker compose start
done

# Keep only last 7 days (don't bloat your disk)
find "$BACKUP_DIR" -name "*.tar.gz" -mtime +7 -delete

# Optional: sync to remote storage
# rclone sync "$BACKUP_DIR" remote:backups/

# Add to crontab to run daily at 3 AM
crontab -e
# Add this line:
# 0 3 * * * /home/deploy/backup.sh

For truly safe backups, sync to Backblaze B2 (super cheap object storage) or another VPS using rclone.

Step 7: Updates and Maintenance

Keeping apps updated is crucial for security. You have options:

Watchtower (Automatic Updates)

# ~/apps/watchtower/docker-compose.yml
services:
  watchtower:
    image: containrrr/watchtower
    container_name: watchtower
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_SCHEDULE=0 0 4 * * *  # 4 AM daily
      - WATCHTOWER_NOTIFICATIONS=shoutrrr

Fair warning: Some people prefer manual updates for critical stuff like password managers. You can exclude containers with labels if you want finer control.

System Updates

# Weekly system update (add to cron if you want)
sudo apt update && sudo apt upgrade -y

The Easier Path (If Docker Feels Like Too Much)

Honest opinion? Docker and Traefik have a learning curve. If that’s intimidating, just use a platform that handles the complexity:

Coolify — Open-source Heroku/Vercel alternative. Gorgeous UI, one-click deployments.
CapRover — Still simple, but you have more control.
Dokku — Heroku-style CLI but on your own server.

These platforms handle reverse proxying, SSL, deployments, and all the headaches. Check out our Coolify vs CapRover vs Dokku comparison for details.

Gotchas to Avoid

Don’t do these things (I’ve seen people regret every one):

Don’t expose admin panels to the internet without authentication. Use Traefik’s basic auth or Authelia.
Don’t forget DNS takes time. Usually minutes, but up to 48 hours sometimes.
Don’t run everything as root. It’s tempting and terrible. Use a dedicated user.
Don’t skip the firewall. Open only what you need.
Don’t ignore resource usage. Check htop regularly and set up alerts with Uptime Kuma.

What’s Next?

You’ve got the foundation. From here:

Add more apps to your stack (see our 5 Apps You Should Self-Host Right Now)
Set up monitoring and alerts
Configure offsite backups
Add SSO with Authelia or Authentik
Set up a VPN with WireGuard for secure remote access
Use a VPN to protect your connections — accessing your server from public Wi-Fi without a VPN is asking for trouble. A VPN with WireGuard support (like NordVPN) encrypts everything and can even create mesh tunnels between your devices and servers.

Self-hosting is a journey, not a destination. Start small, learn as you go, and enjoy actually owning your infrastructure.

Welcome to the self-hosted life. 🖥️

FAQ: Self-Hosting for Beginners

Is self-hosting hard?

Not really. Docker Compose + Traefik are simpler than most people think. Most folks get through this guide in 1-2 hours and have a working setup.

What’s the cheapest VPS to actually use?

$6-8/month: Hetzner, DigitalOcean, Vultr (2-4 GB RAM, enough for 5-10 apps)

Skip the $2-3 tier unless you really know what you’re doing. Shared storage, sketchy uptime — not worth the headache.

Can I self-host if I’m not technical?

Honestly, yes. If you can follow a tutorial and run terminal commands, you can self-host. No need for a CS degree.

What if my server gets hacked?

That’s why the security section exists. Do the basics (SSH keys, firewall, Fail2ban) and you’ll block 99% of attacks. It’s not hard.

How much do I save?

Typical SaaS stack runs $100-200/month. Self-hosted version? $6-20/month. Do the math.

Do I need to master Docker?

Nope. This guide teaches you enough to use existing Docker images. You don’t need to build your own unless you want to.

Is my data actually private?

Yes. You control the server, so no company can snoop. But you’re also responsible for security and backups — that’s the tradeoff.

This sounds too complicated. Easier options?

Try Coolify, CapRover, or Dokku. They automate Docker and Traefik. Check our platform comparison for details.

Where should I host?

Hetzner (EU), DigitalOcean (US), Vultr (Global) are solid. Pick based on latency to your location and your privacy concerns.

Can I grow beyond one server?

Yes, but it gets complicated. Start with one VPS, learn Docker/Traefik, explore clustering later if you outgrow it.

How to Secure Your VPS: Essential Security Hardening — After you’ve got things running, lock it down tight.
5 Apps You Should Self-Host Right Now — Practical next steps. Each includes deployment instructions.
Coolify vs CapRover vs Dokku — Want to skip Docker? Compare the platforms.