How safe/unsafe is it to host a website with a database on a Raspberry Pi?

Based on my older post, I got recommendations of getting a VPS to host a web app I’m planning to build.

I was wondering how safe/unsafe is it and also how performant/terrible would it be to host it on a Raspberry Pi that’s on my network at home. Given I have a really good network connection.

If it is relatively safe, what things should I look into to make it safer/more performant?

EDIT: Wow thanks! I wasn’t ready to get so many replies. After looking through them all, I came to the conclusion that a Pi is OK to host a small website, but the security aspect of it is not worth the trouble for an actual app on the web. I’ll host my stuff on a VPS. Thank you all so much!

Your thought should definitely be on security and not performance.

You can host a surprising amount of traffic on a microcontroller (and just to prove that, I once used an ESP32 as a reverse proxy for one of my sites), but you need to make sure that you know what you’re doing - and also be okay with attacks on your website meaning that your internet might go down.

@Dawson
OP should look into Cloudflared (Tunnel). Otherwise, hosting a public website on your home network without knowing exactly what you’re doing is near-suicidal.

Rey said:
@Dawson
OP should look into Cloudflared (Tunnel). Otherwise, hosting a public website on your home network without knowing exactly what you’re doing is near-suicidal.

Any books/guides to start reading into hosting, to make it less suicidal? :slight_smile:

@Heath
Would recommend saving the time and not self-hosting.

Shiloh said:
@Heath
Would recommend saving the time and not self-hosting.

I’m learning AWS right now, we had in university some networking labs to do (connecting 4-5 Linux instances etc.) tbh I know I won’t ever self-host in today’s age.

@Heath
The good thing about AWS is if you fuck up, worst case you lose a few instances, you can wipe them, spin up a few more, and try again. No harm, no foul.

If your home network gets compromised, it’s game over. Once shit hits the fan, good luck trusting any device in your household again…

@Rey

The good thing about AWS is if you fuck up, worst case you lose a few instances, you can wipe them, spin up a few more, and try again. No harm, no foul.

This is not really true. There are lots of horror stories of people waking up to avoidable 5+ figure bills on cloud providers. Having done cloud consulting for a few years, I can attest that there are plenty of ways to do that.

I would strongly advise OP and other less familiar people to start with something like a $5 VPS rather than a managed service like AWS.

@Nile
I was thinking more about security issues but absolutely also true lol. Google Cloud has a forever free VPS I always recommend people check out first.

Rey said:
@Nile
I was thinking more about security issues but absolutely also true lol. Google Cloud has a forever free VPS I always recommend people check out first.

Ah, gotcha, that makes sense :beers:

Rey said:
@Nile
I was thinking more about security issues but absolutely also true lol. Google Cloud has a forever free VPS I always recommend people check out first.

This is my go-to.

@Heath
Just anything to make sure nothing that matters is anywhere near the raw ether coming in through your little plastic box buzzing away in the corner. Best bet is probably something like Cloudflared yeah, cause all the hard stuff is outsourced to people whose job it is to know what they’re doing and you just focus on the architecture and codebase.

@Heath
r/linuxupskillchallenge will give you the BASICS, and a decent foundation.

Payne said:
@Heath
r/linuxupskillchallenge will give you the BASICS, and a decent foundation.

Thank you! :slight_smile:

@Heath
I’m definitely not the guy to ask for that, I only know how dangerous doing it blind is from experience :weary:.

So from what I gather, yes, you can put a small website for a little group of users on a self-hosted Raspberry Pi.

Especially if your “clients” are geographically close to you.

However, I would be worried about the security of your home network if you don’t know what you’re doing. Don’t blindly follow a random tutorial and start opening ports on your internet box without being sure you understand what you are doing and what is your contingency plan in case something goes wrong.

@Pat
Yeah, from what I’ve gathered here so far, I’m nowhere near ready to do that sort of stuff! So I’ll get a VPS!

Morgan said:
@Pat
Yeah, from what I’ve gathered here so far, I’m nowhere near ready to do that sort of stuff! So I’ll get a VPS!

It’s a great option too.

Also, benchmark your app first to make sure you’re not paying too much.

Morgan said:
@Pat
Yeah, from what I’ve gathered here so far, I’m nowhere near ready to do that sort of stuff! So I’ll get a VPS!

If you’re just hosting a website, look into free tiers for Google Cloud, Oracle & AWS. The free VPS is more than enough processing power for that task and it won’t suck your wallet dry either.

@Pat
The problem isn’t opening ports on your router, it’s about what risk a compromised Raspberry Pi on your local network poses to everything else.