A few months ago I decided to self-host everything for my software house instead of paying for cloud infrastructure. Here’s what’s running on a Raspberry Pi 4B (4GB) at home:
Astro static site + nginx Full mail stack (Postfix + Dovecot + Roundcube) in Docker MariaDB with automated backups GoAccess analytics with custom Python bot/human separation Dynamic IP blocklist generated at every deploy Certbot managed on a separate Orange Pi Zero 3 (HAProxy + SSL termination)
The Orange Pi Zero 3 as a dedicated HAProxy node was the best €25 I spent — SSL overhead completely offloaded from the Pi, all subdomains routed through one config, clean network separation between “what faces the internet” and “what runs the services.” Storage: all boards boot from SSD via USB3. No SD cards in production. The ISP situation: Eolo wireless, 20Mbps down / 100Mbps upload. Yes, upload is 5x download. For a web server that’s actually ideal. Real stress test — June 22, 2026 A post on r/italy hit 20k views in 24 hours. Numbers that day:
555 human visitors (vs ~180 daily average) 151 unique IPs 72.2% return rate 9.98 MB bandwidth 0 downtime 0 errors in the mail stack
PageSpeed from Google’s infrastructure:
Desktop: Performance 100 / SEO 100 Mobile: Performance 97 / SEO 100
No CDN. No Cloudflare. No edge nodes. Just nginx on a Pi. The honest limitations:
Single point of failure — yes, if the Pi dies the site goes down Mail deliverability on residential ISP is hard (Brevo relay helps) No redundancy — we run backups, not replicas
All traffic data is live and public: stats.lake8.dev/geo.html Happy to answer questions on any part of the stack.
Honestly no — I didn’t feel it at all. The Pi was handling the spike silently in the background while I was working normally. Upload bandwidth on Eolo is 100Mbps, and a static Astro site serving mostly HTML/CSS is incredibly light. Peak day was 555 human visitors with 9.98MB total bandwidth — that’s nothing for a residential connection. The Cloudflare tunnel approach is smart especially without a static IP. We have a static IP included with Eolo (unusual for residential, I know) which simplifies things. For DDoS protection we rely on HAProxy on a separate Orange Pi Zero 3 doing rate limiting and our dynamic blocklist — but honestly at our scale a proper DDoS would still hurt. The “who knows about the future” concern about Cloudflare is real though. Building on free tiers of centralized services is convenient until it isn’t — which is part of why we went full self-hosted in the first place.