Self-hosting used to be a niche hobby for sysadmins with too much spare time and an unhealthy attachment to home servers. In 2026, it's having a quiet renaissance — partly because cloud subscriptions add up to silly money, partly because privacy actually matters now, and partly because Docker made running half a dozen services on one box almost embarrassingly easy. This guide covers what's worth self-hosting, how to architect it on a single VPS, and the gotchas that send first-time self-hosters back to SaaS.
What's in this guide
- Why self-host in 2026
- What's actually worth self-hosting
- VPS vs home server: pick a side
- Sizing your VPS for self-hosting
- A clean self-hosted stack architecture
- The popular self-hosted apps, ranked by effort/value
- Security considerations specific to self-hosting
- Mistakes that send people back to SaaS
- FAQ
Why self-host in 2026
The case for self-hosting got stronger in the last three years, and not because the software got cosmetically nicer. It got stronger for boring economic and structural reasons.
Subscriptions stack up. A typical professional has a Notion subscription, a Dropbox or Google Drive subscription, a 1Password account, a Spotify or Apple Music account, a streaming TV bundle or two, and probably a half-dozen other recurring SaaS items. Add it up — most people are spending $50-100 a month on stuff that, in aggregate, replaces with one $5/mo VPS and a Sunday afternoon of setup.
The "platform risk" lesson finally landed. Whenever a major platform shuts down a popular product (Google has done this enough times to have a memorial site), you remember that nothing you don't host yourself is permanent. Self-hosting trades convenience for ownership. Many people decided in the last few years that the trade is worth making for at least their important data.
Privacy is not paranoid anymore. Mainstream apps mine the data they hold. Self-hosted alternatives don't, almost by definition — there's no business model that requires it.
Docker (or really, Docker Compose) made it possible for normal humans. Five years ago, self-hosting Nextcloud meant installing Apache, PHP, MariaDB, configuring all three, and then debugging the result for a week. Today it's three lines of YAML in a docker-compose file and 30 seconds of docker compose up -d. The whole genre got dramatically more accessible.
What's actually worth self-hosting
Not everything benefits from self-hosting. Here's our honest split.
Worth self-hosting (high value, manageable effort)
- Password manager: Bitwarden / Vaultwarden. Replaces 1Password / LastPass / Dashlane. Saves $36-120/year, gives you full control over your most sensitive data. Setup guide.
- File sync and storage: Nextcloud. Replaces Dropbox, Google Drive, iCloud. Includes file sync, sharing, calendar, contacts, photo backup. Setup guide.
- Media streaming: Jellyfin or Plex. Stream your own media library to any device, no monthly fee. Setup guide.
- Network ad-blocking: Pi-hole or AdGuard Home. Blocks ads at the DNS level for every device on your network. Setup guide.
- VPN: WireGuard. Personal VPN for privacy and accessing your home network from anywhere. Setup guide.
- Read-it-later / RSS: Wallabag, FreshRSS, Miniflux. Replaces Pocket, Instapaper, Feedly.
Worth self-hosting if you're technical (medium effort)
- Email: Postfix + Dovecot, or Mailcow / Mailu. The biggest payoff (full control of your email) and the biggest landmine (deliverability is hard, IPs get blocklisted). Only do this if you're willing to maintain it. Email server guide.
- Code hosting: Gitea or Forgejo. Replaces GitHub for personal repos. Fast, lightweight, all your code on your server.
- CI/CD: Drone, Woodpecker, or self-hosted GitHub Actions runners. Replaces paid GitHub Actions minutes for heavy users.
- Documentation / wiki: Outline, Wiki.js, BookStack. Replaces Confluence, Notion (sort of).
- Mastodon / fediverse: If you want to be part of the decentralized social web, running your own small instance is a real option. Resource-heavy on the database side.
Probably not worth self-hosting
- Search: Self-hosted SearxNG works but the free Brave/Kagi options are good enough that the convenience win is small.
- Maps: OpenStreetMap tile servers can be self-hosted but are massively storage-heavy. The web alternatives are fine.
- Backup destination for everything: A self-hosted backup target is fine, but you need a second backup destination (3-2-1 rule). Don't put all your backups on the box that's also serving as your primary storage.
VPS vs home server: pick a side
Self-hosters split into two camps: VPS hosters and home-server hosters. Both are valid; the trade-offs are different.
Home server: a Raspberry Pi, NUC, or refurbished mini-PC
Pros: No monthly cost beyond electricity. Storage is cheap (your own SSDs/HDDs). Fast LAN access for things like media streaming. No bandwidth fees ever.
Cons: Your home internet connection is your bottleneck. Most consumer ISPs upload at 20-50 Mbps, which isn't enough to share Nextcloud or stream Jellyfin to multiple users. Power cuts and ISP outages take you down. Hardware fails and you're the one buying replacements. Remote access requires WireGuard, Tailscale, or port forwarding (each with security considerations).
VPS: an internet-hosted box
Pros: Fast symmetric upload (matches download). Always-on, never-takes-a-power-cut. No hardware to maintain. Can be in a region with fast access to wherever you are. Storage and compute upgrades are clicks, not shopping trips.
Cons: Monthly cost. Bandwidth metered (though generous on quality hosts). Storage is more expensive than home spinning rust if you need terabytes.
The honest pick
If you're self-hosting things that need fast remote access (Bitwarden, Nextcloud, Jellyfin streamed to friends, mail) — VPS wins. If you're self-hosting big media libraries that only you access, on a fast home connection — home server wins. Many self-hosters end up running both: a VPS for the always-online services, a home box for the big-storage stuff. They can talk to each other via WireGuard.
Sizing your VPS for self-hosting
Self-hosting workloads are surprisingly light most of the time and surprisingly spiky some of the time. Here's the honest sizing guide.
1GB RAM, 1 vCPU, 25GB NVMe (~$4/mo)
Plenty for: Vaultwarden, Pi-hole, WireGuard, FreshRSS, a couple of small services. The 25GB disk is fine if you're not storing media. OliveVPS Starter sits in this tier.
2GB RAM, 1-2 vCPU, 60GB NVMe (~$8/mo)
The sweet spot for most self-hosters. Comfortably runs Nextcloud (small file collection), Vaultwarden, Pi-hole, WireGuard, and a Gitea or Mastodon instance — all on one box, with room to breathe. OliveVPS Pro.
4GB RAM, 2 vCPU, 120GB NVMe (~$16/mo)
Adds Jellyfin (with light transcoding), more headroom for Nextcloud with bigger files, room for a Postgres database, and a couple of side projects without thinking about RAM. OliveVPS Premium.
8GB+ and beyond
Real Mastodon instances, big Postgres workloads, multiple Java apps, ML inference. Most self-hosters don't need this; if you do, you already know.
RAM is the most common bottleneck, not CPU. Modern self-hosted apps are mostly idle in CPU terms but each holds 50-300MB of resident memory. Six containers x 200MB each = 1.2GB before any actual work. Plan for that.
A clean self-hosted stack architecture
Most self-hosters end up with the same basic architecture, and it works. Here's the shape.
Layer 1: Reverse proxy (Nginx or Caddy)
One web server in front of everything, handling HTTPS termination, routing requests to the right backend container, and dealing with Let's Encrypt certificates. Caddy auto-configures HTTPS by default and is the easiest pick for self-hosters; Nginx is more powerful and more customizable. Either is fine.
Layer 2: Docker Compose
One docker-compose.yml per app, organized in a directory tree like:
~/services/
├── bitwarden/
│ └── docker-compose.yml
├── nextcloud/
│ └── docker-compose.yml
├── jellyfin/
│ └── docker-compose.yml
└── caddy/
├── Caddyfile
└── docker-compose.ymlEach service stays isolated; you bring them up or down independently. Our Docker setup guide covers the install side.
Layer 3: Persistent storage in named volumes
Map all important data into named Docker volumes (or bind-mounts to a known path), so backups can target one directory and capture everything. Don't store data inside containers themselves — when the container restarts, anything not in a volume is gone.
Layer 4: Backups (offsite)
Daily restic or borgbackup of your data directory to S3-compatible storage (Backblaze B2, Cloudflare R2, Hetzner Storage Box) or a different VPS entirely. The backup section in our Linux VPS guide goes deeper.
Layer 5: Authentication (optional but nice)
If you're hosting more than two or three services, consider an SSO layer like Authelia or Authentik in front. One login covers everything; 2FA is centralized; lockouts are easier to manage.
The popular self-hosted apps, ranked by effort/value
From "do this first" to "wait until you're comfortable":
- Vaultwarden (Bitwarden): 30 minutes to set up, replaces a $36/yr subscription. Highest value-per-effort. Guide.
- WireGuard VPN: 30 minutes, lets you securely access your VPS from anywhere. Guide.
- Pi-hole / AdGuard Home: 20 minutes, blocks ads network-wide. Guide.
- Nextcloud: 1 hour for first-time setup, replaces Dropbox + Google Calendar + Google Contacts. Guide.
- Jellyfin: 30 minutes if you have media ready, replaces Plex (which has been adding annoyances). Guide.
- Gitea / Forgejo: 30 minutes, gives you a private GitHub.
- Email server: 4-8 hours of careful setup, ongoing maintenance, real risk of deliverability problems. Only if you really want it. Guide.
The right VPS for self-hosting
NVMe storage so your apps don't crawl, dedicated CPU cores so your neighbors can't slow you down, and 20+ regions so you can host close to home. Starting at $3.99/mo.
See VPS Plans →Security considerations specific to self-hosting
Self-hosted services are internet-facing. They are getting scanned, right now, by bots that don't care who you are. Here's the minimum you need to know.
Don't expose admin panels directly. Many self-hosted apps have admin panels with default or weak credentials. Either change the credentials immediately, restrict the admin path to your IP, or put it behind a VPN. Bots find /admin, /wp-admin, and /login within minutes of a service appearing on the internet.
Use strong unique passwords (the irony of using your password manager to log into your password manager — set up Vaultwarden first).
Patch promptly. Self-hosted apps get vulnerabilities like everything else. Subscribe to release announcements for the apps you run, and aim to update within a week of a security release.
Layer authentication where it matters. An SSO front-end like Authelia means a single point of strength rather than a dozen weak points.
Backup your way out of ransomware. Ransomware that encrypts your VPS is rare but possible. The defense is offsite, immutable backups (versioned, can't be deleted from the VPS itself).
Mistakes that send people back to SaaS
We've seen the same patterns enough times to name them.
Self-hosting too much, too fast. Don't try to spin up Nextcloud, Bitwarden, Mastodon, Jellyfin, and a custom mail server in week one. Pick one service. Get it stable. Use it for a month. Then add the next.
Treating it like a deploy-and-forget setup. Self-hosted services need updates, occasional troubleshooting, and backups verified. If you can't commit ten minutes a week to maintenance, self-hosting isn't for you (and that's fine).
No backup, then a disk failure. The classic. Set up backups before you put real data into a self-hosted service.
Trying to host email without understanding deliverability. Self-hosted mail servers are a graduate-level project. Without proper SPF/DKIM/DMARC, reverse DNS, and an IP that hasn't been blocklisted, your "from" emails go to spam. Most beginners give up on this within two months.
Cheap-host syndrome. Saving $3/month by picking the cheapest possible VPS, only to spend an evening every week troubleshooting throttled CPU and slow storage. Cheap is fine. Worth-the-money is better.
FAQ
How much does it cost to self-host all my services?
Most self-hosters spend $5-15/month on a VPS that runs the popular services (Bitwarden, Nextcloud, Pi-hole, WireGuard, etc.). For comparison, the SaaS equivalents — Bitwarden Premium, Dropbox 2TB, Plex Pass, NordVPN, etc. — easily total $50-80/month. Self-hosting pays for itself in about a month for most users.
Is self-hosting hard?
Less than it used to be. With Docker Compose, most popular apps deploy in a few minutes. The hard parts are: keeping things updated, configuring backups, and debugging when something breaks. If you're comfortable using SSH and willing to read documentation, you can self-host. If cd and ls are unfamiliar, learn those first.
What's the best VPS for self-hosting?
The honest answer: any host with NVMe storage, KVM virtualization, dedicated CPU cores, and reasonable bandwidth allowances. Avoid OpenVZ-based hosts (Docker doesn't work right). Avoid hosts with surprise bandwidth bills. OliveVPS covers all four.
Can I self-host on a free tier?
Oracle Cloud Free Tier and Google Cloud Free Tier exist and people do use them. The catch: free tiers vanish without warning, get heavily oversubscribed, and the terms of service can change. If you're hosting things you actually rely on, the $4/mo for a real VPS is cheap insurance.
What about Docker security?
Docker containers share the host kernel. A container escape is rare but possible. Mitigations: use rootless Docker if you can, run containers as non-root users where the image supports it, keep the host kernel patched, and don't grant containers extra capabilities they don't need (no --privileged unless absolutely necessary).