Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-04-23 08:39:25 -04:00
Code Issues Packages Projects Releases Wiki Activity

update!: Add Self-hosted section to Recommendations

Browse Source 
Signed-off-by: redoomed1 <redoomed1@privacyguides.org>
This commit is contained in:
redoomed1 2025-03-20 09:43:19 -07:00 committed by GitHub
parent fcafb160a8
commit 0ce6e52c96
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 107 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
docs/self-hosted.md
View File

@ -1,7 +1,7 @@
---
title: Self-hosted Software and Services
icon: material-server-network
description: For our more technical readers, self-hosted software and services can provide additional privacy assurances by having maxmimum control over your data.
description: For our more technical readers, self-hosted software and services can provide additional privacy assurances by having maximum control over your data.
cover: router.webp
---
<small>Protects against the following threat(s):</small>
@ -25,7 +25,7 @@ Advanced system administrators may consider setting up their own email server. M
![Stalwart logo](assets/img/email/stalwart.svg){ align=right }
**Stalwart** is a newer mail server written in Rust which supports JMAP in addition to the standard IMAP, POP3, and SMTP. It has a wide variety of configuration options, but it also defaults to very reasonable settings (in terms of both security and features) making it easy to use immediately. It has web-based administration with TOTP 2FA support, and it allows you to enter your public PGP key to encrypt **all** incoming messages.
**Stalwart** is a newer mail server written in Rust which supports JMAP in addition to the standard IMAP, POP3, and SMTP. It has a wide variety of configuration options, but it also defaults to very reasonable settings in terms of both security and features, making it easy to use immediately. It has web-based administration with TOTP 2FA support, and it allows you to enter your public PGP key to encrypt **all** incoming messages.
[:octicons-home-16: Homepage](https://stalw.art){ .md-button .md-button--primary }
[:octicons-info-16:](https://stalw.art/docs/get-started){ .card-link title="Documentation" }
@ -34,7 +34,7 @@ Advanced system administrators may consider setting up their own email server. M
</div>
Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations, and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory on your domain, and if you use an email client which supports PGP and Web Key Directory for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](#proton-mail) users.
Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations, and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory on your domain, and if you use an email client which supports PGP and Web Key Directory for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](email-clients.md) (or find an open-source webmail to self-host, like Nextcloud's Mail app). We use Stalwart for our own internal email at *Privacy Guides*.
@ -90,7 +90,7 @@ Addy.io is an email aliasing service which lets you create 10 domain aliases on
![Peergos logo](assets/img/cloud/peergos.svg){ align=right }
**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private. It is built on top of [IPFS (InterPlanetary File System)](https://ipfs.tech), a peer-to-peer architecture that protects against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
**Peergos** provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private. It is built on top of [IPFS (InterPlanetary File System)](https://ipfs.tech), a peer-to-peer architecture that protects against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
[:octicons-info-16: More Info](cloud.md#peergos){ .md-button .md-button--primary }
[:octicons-home-16:](https://peergos.org){ .card-link title="Homepage" }
@ -100,3 +100,106 @@ Addy.io is an email aliasing service which lets you create 10 domain aliases on
Peergos is primarily a web app, but you can self-host the server either as a local cache for your remote Peergos account, or as a standalone storage server which negates the need to register for a remote account and subscription. The Peergos server is a `.jar` file, which means the Java 17+ Runtime Environment ([OpenJDK download](https://azul.com/downloads)) should be installed on your machine to get it working.
Running a local version of Peergos alongside a registered account on their paid, hosted service allows you to access your Peergos storage without any reliance on DNS or TLS certificate authorities, and keep a copy of your data backed up to their cloud. The user experience should be the same whether you run their desktop server or just use their hosted web interface.
## :material/dns: DNS Filtering
A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed.
### Pi-hole
<div class="admonition recommendation" markdown>
![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right }
**Pi-hole** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements.
Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content.
[:octicons-home-16: Homepage](https://pi-hole.net){ .md-button .md-button--primary }
[:octicons-eye-16:](https://pi-hole.net/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.pi-hole.net){ .card-link title="Documentation" }
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title="Contribute" }
</div>
### AdGuard Home
<div class="admonition recommendation" markdown>
![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right }
**AdGuard Home** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements.
AdGuard Home features a polished web interface to view insights and manage blocked content.
[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title="Documentation" }
[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" }
</div>
## :material/image: Photo Management
### Ente Photos
<div class="admonition recommendation" markdown>
![Ente logo](assets/img/photo-management/ente.svg#only-light){ align=right }
![Ente logo](assets/img/photo-management/ente-dark.svg#only-dark){ align=right }
**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side.
The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-info-16: More Info](photo-management.md#ente-photos){ .md-button .md-button--primary }
[:octicons-home-16:](https://ente.io){ .card-link title="Homepage" }
</div>
### Stingle
<div class="admonition recommendation" markdown>
![Stingle logo](assets/img/photo-management/stingle.png#only-light){ align=right }
![Stingle logo](assets/img/photo-management/stingle-dark.png#only-dark){ align=right }
**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos.
[:octicons-info-16: More Info](photo-management.md#stingle){ .md-button .md-button--primary }
[:octicons-home-16:](https://stingle.org){ .card-link title="Homepage" }
</div>
### PhotoPrism
<div class="admonition recommendation" markdown>
![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right }
**PhotoPrism** is a platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include E2EE, so it's best hosted on a server that you trust and is under your control.
[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
</div>
## :material/search-web: Search Engines
### Stingle
<div class="admonition recommendation" markdown>
![SearXNG logo](assets/img/search-engines/searxng.svg){ align=right }
**SearXNG** is an open-source metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
[:octicons-info-16: More Info](search-engines.md#searxng){ .md-button .md-button--primary }
[:octicons-home-16:](https://searxng.org){ .card-link title="Homepage" }
</div>
It is important that you have other people using your instance so that the queries would blend in. You should be careful with where and how you are hosting SearXNG, as people looking up illegal content on your instance could draw unwanted attention from authorities.