Carder.life - FAQ: Anonymous self-hosting set (2025)

In this article, I'll tell you about the self-hosted applications that can replace popular websites. Instead of trusting your data to a service provider, you can host alternatives to these services yourself. We will explore and deploy open-source applications on your own server. We will also consider using some of them through the Tor network. So, let’s get started!
Main Applications <ul><li>Nextcloud — Be your own cloud provider, including with encryption of your files, either server-side or end-to-end on the client.</li>
<li>Shadowsocks Server — Alternative to standard VPN protocols with obfuscated traffic. It allows you to avoid basic protocol blocks.</li>
<li>Bitwarden — Synchronization of encrypted passwords between your systems.</li>
<li>Gitea — Your own GitHub for team development.</li>
<li>Cryptgeon — Alternative to Privnote for storing messages/files encrypted in RAM. It works easily on an onion and deletes after reading.</li>
<li>Matrix Synapse — Your own server for communication in the encrypted federated Matrix network.</li>
<li>Picsur — Your own image hosting service with EXIF removal and anonymous uploads. It works easily on a Tor domain.</li>
</ul>
Installation and Setup
Nextcloud
This is almost the perfect option for a personal file synchronization server. There are clients for all popular systems, open-source code, numerous plugins and settings. Fully integrated systems for team project management, editing certain types of files, calendars, forms, tasks and much more. The easiest way to install this system on Ubuntu is using snap.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo snap install nextcloud</pre>
Next, we create an admin account. Replace "password" with a strong long password, especially if you plan to use encryption later.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo nextcloud.manual-install admin password</pre>
Great, now you can go to the server's IP address and log in. We can also set up an onion domain; for this, simply install Tor and edit /etc/tor/torrc.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo apt install tor</pre>
Add the following lines to torrc:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 66px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">HiddenServiceDir /var/lib/tor/onion_service/
HiddenServicePort 80 127.0.0.1:80
sudo service tor restart</pre>
After this procedure, you can obtain the onion domain on your server with the command:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">cat /var/lib/tor/onion_service/hostname</pre>
Upon first access through the onion domain, a message will be displayed stating that this is an untrusted domain. You will need to confirm.
https://i.imgur.com/2DYEGim.png
files on the server side - this is the Default Encryption Module plugin. You need to enable it. Or you can use the end-to-end encryption plugin from clients, which is obviously more secure if you don't trust the server. The first plugin just needs to be activated and in the server settings under security, enable the option for server-side encryption. After this, all newly uploaded files will be encrypted. Alternatively, you can enable end-to-end encryption by activating another module. Upon re-logging into any of your clients, it will request the option to enable encryption and provide a key.
Shadowsocks
The advantage of this protocol is that it's not detected by standard DPI, as it represents some noise. There are also more interesting new protocols like V2ray, Vless, Trojan, but we will not consider them here. The simplest way to set up a server for this protocol is as follows. Install Python pip and the package on the server.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 50px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">apt-get install python3-pip
pip install shadowsocks</pre>
Then edit the config with nano /etc/shadowsocks.json:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 146px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">{
"server":"0.0.0.0",
"server_port":8000,
"local_port":1080,
"password":"password",
"timeout":600,
"method":"chacha20"
}</pre>
Replace "password" with a strong password. For the encryption method, you can use "chacha20" or "aes256-gcm". AES is more proven, while ChaCha is new and faster on low-powered servers. Start your server with the command:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">ssserver -c /etc/shadowsocks.json -d start</pre>
After this, you can connect to the server from your mobile device or PC. For mobile devices, the easiest clients to use are v2ray-ng or shadowsocks. They should be available on F-Droid. For iOS, you can use the Outline app. You can enter the data manually, but it’s more convenient to connect by scanning a QR code. Here’s an example QR code generator based on your server data - https://phoenixlzx.github.io/shadowsocks-qrgen/
https://i.imgur.com/0yODH7s.png
Set the VPN mode in these applications and configure them for automatic VPN connection and to block network access without it. As a last resort, you can purchase Shadowsocks access from VPN providers that support it, for example, https://torguard.net/anonymouspremiumproxy.php. However, having your own server is certainly cheaper and better. Regarding the choice of a provider for your server, I recommend choosing a reputable hoster in safe countries with payment via Monero. This could be njalla, nicevps or flokinet.
Bitwarden
This is a convenient service for encrypted synchronization of your passwords. Of course, the safest option is some local Keepass (and synchronize it through your encrypted cloud), but if you frequently change devices, you might consider a more convenient option. Fortunately, you are not required to use their own server. You can deploy your own Bitwarden server and use it in any of their applications. The simplest way to use this script for installation on Debian and Ubuntu systems is found here: https://github.com/bitwarden/self-ho...n/bitwarden.sh - download it, make it executable and install Bitwarden. You should have Docker and Docker Compose installed on your system.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 82px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo apt install git
git clone https://github.com/bitwarden/self-host.git
chmod a+x run.sh
./run.sh install</pre>
You will be prompted for necessary information, such as your domain and whether to create an HTTPS certificate. You will also need to obtain an ID and key for your email from here: https://bitwarden.com/host/ and enter them during the installation process. To start the server, enter:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">./run.sh start</pre>
Your Bitwarden has an admin panel and a web interface; we can expose it on an onion domain using the standard method through /etc/tor/torrc, as described in the Nextcloud instructions, if necessary. However, it's most convenient to use their clients for mobile systems and browser plugins.
Gitea
This is a full-fledged open-source Git service with multi-user development capabilities, private repositories, tags, projects and much more. For basic installation, you can deploy it using Docker: https://phoenixnap.com/kb/gitea-docker. There is also a slightly outdated repository with settings for use through onion: https://github.com/AnimusPEXUS/hiddengitea. However, you can also deploy it using the first instruction on the server's IP address and simply work with it through a Tor proxy using commands like these. You must have Tor installed on your system.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 50px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">git -c http.proxy=socks5h://127.0.0.1:9050 clone ...
git -c http.proxy=socks5h://127.0.0.1:9050 push origin master</pre>
Since Gitea doesn't use file encryption, except for HTTPS traffic to the server, I recommend using full disk encryption on your server during installation. Alternatively, you can consider these tools for encrypting Git: https://opensource.com/article/19/2/...ment-tools-git
Cryptgeon
This is a full-fledged alternative to services for one-time links. It has open-source code, which you can deploy on your server. Its advantages include that encryption occurs with your key on the client side and the server itself doesn't know the data uploaded to it. Additionally, all files and messages are stored in RAM and nothing is written to disk. By the way, I don't recommend rebooting to avoid losing anything. It also has a console client that can connect to a standard server or your own to quickly generate an encrypted link. Client installation:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 82px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">npx cryptgeon
# Or install globally
npm -g install cryptgeon
cryptgeon</pre>
Examples of usage can be found here: https://github.com/cupcakearmy/crypt.../cli/README.md
Server installation: the simplest way is through Docker:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">docker run cupcakearmy/cryptgeon</pre>
After this, the Cryptgeon interface will be available on your server's IP. The interface works perfectly through the onion domain. Just keep in mind that it uses JS scripts for encryption on the client side. To create a Tor domain, forward the port as per the first instruction with Nextcloud.
Matrix Synapse
This is an excellent alternative to Jabber, an encrypted federated protocol. By default, when you use Matrix clients like Element, you connect to the standard server. However, it's best to deploy your own, especially within a team or for multiple users. To install on a server with Ubuntu, enter:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 50px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/matrix-org.list</pre>
Here we import the Matrix keys and their repository.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 50px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo apt update
sudo apt install matrix-synapse-py3</pre>
Next, we install the Matrix server. It's written in Python. You will be prompted for a domain. Enter your domain and it will ask whether to send anonymous statistics; respond with "no". Next, start the server.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 50px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo systemctl start matrix-synapse
sudo systemctl enable matrix-synapse</pre>
Now, modify the configuration file:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo nano /etc/matrix-synapse/homeserver.yaml</pre>
It should look like this. Just set the IP address to your server's IP and replace the word "secret" with a strong long string of random characters.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 226px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
bind_addresses: ['127.0.0.1']
resources:
- names: [client, federation]
compress: false
enable_registration: false
registration_shared_secret: "secret"</pre>
Restart the server.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo systemctl restart matrix-synapse</pre>
Now, register an admin account:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml https://localhost:8008</pre>
This command can also be used to register other accounts. You need to generate an HTTPS certificate.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 50px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo apt install certbot -y
certbot certonly --rsa-key-size 2048 --standalone --agree-tos --no-eff-email --email [email protected] -d matrix.example.com</pre>
You can use Nginx as a server.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 50px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo apt install nginx
sudo nano /etc/nginx/sites-available/matrix.conf</pre>
Here’s an example configuration:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 450px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">server {
listen 443 ssl;
server_name matrix.example.com;
ssl_certificate /etc/pki/certificates/matrix.crt;
ssl_certificate_key /etc/pki/certificates/matrix.key;
location /_matrix {
proxy_pass https://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 10M; # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
}
}
# This is used for Matrix Federation
server {
listen 8448 ssl;
server_name matrix.example.com;
ssl_certificate /etc/pki/certificates/matrix.crt;
ssl_certificate_key /etc/pki/certificates/matrix.key;
location / {
proxy_pass https://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
}
}</pre>
Just change the paths for the certificates if they are located elsewhere. SSL certificates are only needed for federation with other servers; they are not particularly necessary for local use.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 50px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo ln -s /etc/nginx/sites-available/matrix.conf /etc/nginx/sites-enabled/
sudo systemctl restart nginx</pre>
Modify the firewall configuration.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 66px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sudo ufw allow 8448
sudo ufw allow https
sudo ufw allow http</pre>
Your server is now running. If you navigate to https://matrix.yourdomain:8448, the start page should be displayed. If you have configured everything correctly, your server will also be able to communicate with other servers and your users can message users from other servers. You can also consider using verified public servers created by others: https://tatsumoto-ren.github.io/blog...x-servers.html
Picsur
This is a great way to host one-time images to share with other users or on forums. Why use someone else's hosting when you can deploy your own? For this, you need to have Docker installed. In a separate folder, create a compose file.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">nano docker-compose.yml</pre>
And inside, write the following:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 370px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">version: '3'
services:
picsur:
image: ghcr.io/caramelfur/picsur:latest
container_name: picsur
ports:
- '8080:8080'
environment:
PICSUR_DB_HOST: picsur_postgres
restart: unless-stopped
picsur_postgres:
image: postgres:14-alpine
container_name: picsur_postgres
environment:
POSTGRES_DB: picsur
POSTGRES_PASSWORD: picsur
POSTGRES_USER: picsur
restart: unless-stopped
volumes:
- picsur-data:/var/lib/postgresql/data
volumes:
picsur-data:</pre>
Change the passwords in the config to your own. Now, start it.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">docker compose up -d</pre>
Now, the Picsur interface will be available on your server's IP at port 8080. To host it on a Tor domain, simply forward port 8080 to port 80 of the onion domain using the standard instructions. Refer to the Nextcloud instructions for the Tor setup.
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 50px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">HiddenServiceDir /var/lib/tor/onion_service/
HiddenServicePort 80 127.0.0.1:8080</pre>
Now you will have an anonymous image hosting service on Tor.
Useful Services
Here, I'll list some useful services for use. There will also be some services for free hosting. These are not places to host permanently, but they may come in handy if you have a limited budget.
<ul><li>glitch.com - Here you can host any application or bot in many languages for a test run of 5 minutes, as well as static websites. Keep in mind that by default, the code is published in a format accessible to everyone.</li>
<li>moremins.com - A service for virtual numbers (SMS, calls) for a long time. Prices are extremely cheap. In most countries, it doesn't require any documents and allows payment in cryptocurrency.</li>
<li>noez.de - A decent provider for cryptocurrency with a trial KVM server. It's issued if all conditions are met: the IP address and country name must match and the country number must be able to receive calls. You can use the previous service for number verification.</li>
<li>infinityfree.com - Completely free eternal web hosting with a good reputation for static sites and PHP with a database.</li>
<li>pythonanywhere.com - A free host for small Python applications.</li>
<li>onionmail.org - Free email, both on onion and in the regular network. By default, sending messages is paid, while receiving is free. There is an option to set up forwarding to an external email.</li>
<li>cheapwindowsvps.com - Extremely cheap remote Windows desktops with payment in cryptocurrency.</li>
</ul> Conclusion
As we can see, there have long been ways to use secure self-hosted alternatives to the services of large companies and keep your personal data under your control. Once you have set them up, using them is no more complicated than any other services. Additionally, here is an interesting comparative table of email providers regarding anonymity: https://dismail.de/serverlist.html.