Nearlyfreespeech is a great service though not a 100% independent as your still relying on them. I think the closest you can get to 100% independent without running your own internet infrastructure is either port forwarding from your home (if allowed) or hosting a website through TOR which isn't too hard. You just have to download the browser and edit a config file (torrc) with the port you want on the network. Not ideal of course though because anyone who wants to visit your website will need the tor browser and explaining to people that your website is on the "dark web" is a little hard to do.
I am a little surprised that doing so isn't more popular on in the indie web scene though as you do it on hardware you own, from your home, and the tor network protects people from knowing your servers ip address if that's something you care about. You could even go to your domain provider and have one of your domains redirect to your .onion address so people don't need to memorize it.
There also used to be the beaker browser which let you create and host your own website directly from the browser but that project got shut down. Hopefully something similar will show up at some point. Maybe a website creating plugin for tor would be enough to make it more popular.
> You could even go to your domain provider and have one of your domains redirect to your .onion address so people don't need to memorize it.
Apparently [1] there are also ways that Tor Browser supports, for directing visitors to the onion address via the “normal” internet:
- Onion-Location
> The Onion-Location method was introduced on Tor Browser 9.5 as a way for service operators announce their Onion Services in their regular HTTPS sites. It's specified under tor-browser-spec's Proposal 100 - "Onion redirects using Onion-Location HTTP header".
- Alt-Svc
> Similar to Onion-Location, the Alt-Svc method also uses an HTTP Header (the Alt-Svc Header, specified by RFC 7838), which means that the user first need to access the regular site before their browser discovers the alternate Onion Service address.
> But contrary to Onion-Location, the Alt-Svc method:
> - Does not support an HTML tag, as it relies entirely in the Alt-Svc Header.
> - Is fully transparent: all the discovery and upgrade happens automatically, without user intervention.
- Additionally, they also speak of future possibilities for DNS or DNSSEC-based Onion Association.
Indeed. I also depend on my power company, the entire global supply chain to provide me with computers to purchase, copper mines for the networking cables I use, oil fields all over the globe for the plastic, etc etc etc.
I encountered juniors straight out of school who don’t know what tar is, or rsync, or what a symlink is.
It’s all learnable and everyone starts somewhere. But you’d think natural curiosity would kick in and they’d have picked up some of this on their own by the time they have a job.
I didn't even know about tar or rsync until I started to use Linux, and I don't really see how else one get to the point where you need to know about them. And even symlinks are still in my mind as 'shortcuts but [...]' (even though the other way around is probably more accurate). Even as a dev, it's very possible to go through life without touching Linux.
If they were Windows game developers, they wouldn’t have to touch any of that. I guess it depends on where their interests lie and what platform they developed on.
But here’s one I heard literally two days ago: we counted three engineers (out of many) who knew that physical memory was not actually a giant flat space of contiguous addresses, and that there were multiple layers of address-mapping and region-joining glue logic between a program and the hardware, including in os libraries, and even inside the hardware.
Maybe knowing such information is archaic or useless for most engineers. But the good ones (or at least a certain flavor of the good ones) ask questions that lead them there.
This will get worse with new generations. They grow up on tables and phones where file system is a completely foreign concept. You need an app for everything.
It's sad that we need this new concept of "IndieWeb", as the whole Internet evolved into a monstrosity hosted and guardrailed by a handful of megacorporations. Hosting files became a privilege, when it should've been a (human) right all along.
edit: The tech to host yourself is obviously still there, but the _mindset_ changed to cloud only.
Github Pages is free hosting with domains and ssl, no bills, and has good longevity and prospects. I don't want to worry or think about a static site, and big players like Github and Cloudflare seem to fit that best.
Recently, I had to make a website for an event, so domain was needed, but what's cool with that is that the domain provider (Infomaniak, with which I am not affiliated btw), also provided 10 MB of storage which is large enough for a lot of things.
So for something like 5€ per year (still more than 1c per day...), you can get the domain and the website, which is not too bad
I don't get it. I've been doing this for over 20 years exactly the same way. I even ran a business. The server I rent is $2/month. I read nothing new in anything in that article.
I self host my site [1] on an old Mac mini in a Swift backend and sqlite database. Only thing I rely upon someone for is Cloudflare tunnels for free. I could replace that with port forwarding but so far, this way is pretty good.
Yup, I have a similar setup where I use a Wireguard VPN to tunnel traffic to a tiny public facing Caddy server, which proxies the traffic to the server under my own roof. No Cloudflare!
I have something similar. I use Cloudflare tunnels too but also their CDN which is free (for now).
That's the only thing I haven't really been able to figure out how to do on my own. Back in the day, hosting a static site from my crappy DSL connection was basically no problem and most people who were accessing my site were probably in my timezone. Now with how big the web is and how many bots there are, I worry about the quality of self hosting without a CDN.
Cloudflare tunnels are pretty cool. Do you segregate your server from your home domain too? Little weird having cloudflared on my home network. It make things a little more annoying but I haven’t bothered to fix it since I dev on the same production server.
> Cloudflare tunnels for free. I could replace that with port forwarding
You could replace it with something better, like pangolin, either their cloud or even self host it too, and that way you can tunnel to other stuff like if you have a media server where you can watch your movies from anywhere in the world.
Well this is great, even going further and hosting the site itself and serve it instead of webhosts, but, now we have domains issue, a domain registrar hijacking your domain, which is your life work, email, etc., so there’s a need to have a free tld that’s uncontrollable by any entity, .onion isn’t practical obviously.
There's no such thing as a TLD that's uncontrollable by any entity. How would you imagine such a thing working? Whatever you imagine: how does it stand up to me editing the hosts file, or the browser's source code?
>There's no such thing as a TLD that's uncontrollable by any entity.
Think .crypto but without the ability to upgrade the smart contract to censor domains. The registry is spread out across a whole decentralized network of computers of which has another decentralized network of computers that proxy requests exists.
>how does it stand up to me editing the hosts file, or the browser's source code?
No one can force you to resolve domains YOU don't want to. You can of course blow up your computer and then you definitely can't resolve the domain. What people mean is that the user is free to still resolve it if they want.
> The registry is spread out across a whole decentralized network of computers of which has another decentralized network of computers that proxy requests exists.
Ultimately, someone has to be in control of who is or is not part of that decentralized network that is the registry. (Or, alternatively phrased, how are you preventing me from saying "I'm part of the .crypto registry, totes.")
Aside from that, the root nameservers is still an entity that is controlled (by ICANN, specifically).
It's good advice, but one need not even include the "upload it to a web server" these days now that home connections are so fast. Install some static webserver on your desktop computer (nginx, caddy, whatever), forward the port 80 at your router to it's lanip:80, and just save .html and files to the web directory using your normal desktop interface. It doesn't matter if you shut off the computer sometimes. Uptime doesn't matter. Optionally file transfer (rsync, etc) this local copy to a VPS or something like the author suggests.
Indieweb receiving of webmention only requires the ability to log HTTP POSTs to some url endpoint. Or you can use one of third party services servers to receive that interact with your website via with 3rd party javascript applications you include on your webpage. Sending webmention can be done with cURL, even HTML forms, or again, 3rd party JS includes.
However, it'll also bring all the bots and "wild west" of the internet to your house when you run your web server from home, and for anyone who has a couple of spare dollars, it's a much wiser choice to run a small VPS elsewhere to weather the storm.
[Internet facing router with up to date firmware] --> HTTPS --> [separate VLAN DMZ] --> [my hardcore IndieWeb VM/k8s/bare-metal whatever] --> [x No outbound access / paranoid local firewall inside the VM x]
[My home computer] --> SSH --> [my hardcore IndieWeb local cloud]
In 20 years of managing server fleets, I always had the pleasure of watching bots taking a dig at my server(s) the moment I give their public IPs and enable their interfaces.
For someone who knows what they are doing, it's more like mosquito noise, a mere nuisance, but even then, using a rock solid system with all updates installed carries the risk of having a zero-day.
If your server is networked to the rest of the house, and if somebody manages to get in, then it's all fun(!).
For 20 years this was not really an issue. From 2010 to 2020 there wasn't a single nginx cve that applied to my simple static setup. There were literally only a handful of remote CVE at all. With the advent of LLM AI exploit finding there have been 2 CVE this year that I had to look in to. Neither actually applied to me, but it is a different world out there.
That said, the practice of running a modern corporate web browser that auto-executes all programs sent to it from arbitrary unknown third parties is a way, way, way bigger and more common and likely attack surface than a simple static webserver serving files in directories.
You need a static IP address for this to work is the downside, and depending on where you live and who your provider it it can be difficult and/or expensive.
You can programmatically update DNS whenever your dynamic IP changes. One issue though is that some residential ISPs prohibit webhosting in their terms.
you can go ipv6 only, any good isp will give you a static /56 for free. practically none of your users have ipv4 only devices when every major os has been dual stack by default for like 15 years. if your isp cant give you one its time to switch as soon as you can.
Ehh my ISP at home is still ipv4 only. The amount of ipv6 capable connections only just passed 50% worldwide a few months ago.
I don't think ipv6 only is feasible yet unless your audience is exclusively in Asia where ipv6 uptake is much higher due to them running out of ipv4 years ago
Fixed IP would be a way to go. Some people pick dynamic dns server so they can periodically update if their IP changes. But IMO it's just too complicated. I don't think there's a good way to go around ISP restrictions, especially in USA.
I host my site on my own home server, but I do have a proxy ec2 server to tunnel public traffic via wireguard back to my home server. This keeps things a bit more protected and my router/home network not directly exposed. I'm also not locked into AWS, I just use them for convenience, but could get any other cheap proxy to run wireguard. No dependency on tailscale either, it's just nicer interface to wireguard. Wireguard config is like 5 lines btw.
Nearlyfreespeech is a great service though not a 100% independent as your still relying on them. I think the closest you can get to 100% independent without running your own internet infrastructure is either port forwarding from your home (if allowed) or hosting a website through TOR which isn't too hard. You just have to download the browser and edit a config file (torrc) with the port you want on the network. Not ideal of course though because anyone who wants to visit your website will need the tor browser and explaining to people that your website is on the "dark web" is a little hard to do.
I am a little surprised that doing so isn't more popular on in the indie web scene though as you do it on hardware you own, from your home, and the tor network protects people from knowing your servers ip address if that's something you care about. You could even go to your domain provider and have one of your domains redirect to your .onion address so people don't need to memorize it.
There also used to be the beaker browser which let you create and host your own website directly from the browser but that project got shut down. Hopefully something similar will show up at some point. Maybe a website creating plugin for tor would be enough to make it more popular.
> You could even go to your domain provider and have one of your domains redirect to your .onion address so people don't need to memorize it.
Apparently [1] there are also ways that Tor Browser supports, for directing visitors to the onion address via the “normal” internet:
- Onion-Location
> The Onion-Location method was introduced on Tor Browser 9.5 as a way for service operators announce their Onion Services in their regular HTTPS sites. It's specified under tor-browser-spec's Proposal 100 - "Onion redirects using Onion-Location HTTP header".
- Alt-Svc
> Similar to Onion-Location, the Alt-Svc method also uses an HTTP Header (the Alt-Svc Header, specified by RFC 7838), which means that the user first need to access the regular site before their browser discovers the alternate Onion Service address.
> But contrary to Onion-Location, the Alt-Svc method:
> - Does not support an HTML tag, as it relies entirely in the Alt-Svc Header.
> - Is fully transparent: all the discovery and upgrade happens automatically, without user intervention.
- Additionally, they also speak of future possibilities for DNS or DNSSEC-based Onion Association.
[1]: https://onionservices.torproject.org/research/proposals/usab...
+1. Why even pay the penny? Spinning a onion service is trivial...and...more secure than the clearwebz.
I've made a few easy to spin up services. Heck, you can even run it off your phone.
Nanogram https://gitlab.com/here_forawhile/nanogram
Spreadsheet Server https://gitlab.com/here_forawhile/spreadsheet
Library Server https://gitlab.com/here_forawhile/libraryserver
Torum (HN Clone) https://gitlab.com/here_forawhile/torum
I wonder if the fact that you linked to clear web source code links rather than onion links demonstrates why people might pay the penny…
Making something as easy as possible to try demonstrates why you need to pay a penny? I don't follow.
> port forwarding from your home
Not 100% independent then. You still depend on your isp.
Indeed. I also depend on my power company, the entire global supply chain to provide me with computers to purchase, copper mines for the networking cables I use, oil fields all over the globe for the plastic, etc etc etc.
Something, something, if you want to make an apple pie from scratch you first have to invent the universe.
Kind of funny that this is like some strange new concept... Having a web server and putting your stuff on it.
Considering many people doesn't know what a file is, keeping the spirit alive is important, I think.
I encountered juniors straight out of school who don’t know what tar is, or rsync, or what a symlink is.
It’s all learnable and everyone starts somewhere. But you’d think natural curiosity would kick in and they’d have picked up some of this on their own by the time they have a job.
I didn't even know about tar or rsync until I started to use Linux, and I don't really see how else one get to the point where you need to know about them. And even symlinks are still in my mind as 'shortcuts but [...]' (even though the other way around is probably more accurate). Even as a dev, it's very possible to go through life without touching Linux.
If they were Windows game developers, they wouldn’t have to touch any of that. I guess it depends on where their interests lie and what platform they developed on.
Ok, sure, windows.
But here’s one I heard literally two days ago: we counted three engineers (out of many) who knew that physical memory was not actually a giant flat space of contiguous addresses, and that there were multiple layers of address-mapping and region-joining glue logic between a program and the hardware, including in os libraries, and even inside the hardware.
Maybe knowing such information is archaic or useless for most engineers. But the good ones (or at least a certain flavor of the good ones) ask questions that lead them there.
But physical memory is a giant flat space of contiguous addresses. Do you mean virtual memory?
If all you do is write code for Windows, why would you need to know what any of that is?
Because Steam... /s
This will get worse with new generations. They grow up on tables and phones where file system is a completely foreign concept. You need an app for everything.
The lack of basic computer knowledge I’ve seen from developers is terrifying.
It's almost inspiring how far someone can get without understanding really basic stuff about how an operating system operates.
The article was a lot of words just to say that.
It's sad that we need this new concept of "IndieWeb", as the whole Internet evolved into a monstrosity hosted and guardrailed by a handful of megacorporations. Hosting files became a privilege, when it should've been a (human) right all along.
edit: The tech to host yourself is obviously still there, but the _mindset_ changed to cloud only.
Oh, wait until the kids learn about hardware.
Self-plug here.
I built a comment js plugin which hosts all data inside a git repo. https://github.com/est/req4cmt (as long as your git service accept http)
It runs a Cloudflare Worker for free. The data backup/migration is basically git clone & push
There's another twitter-replacement, also based on git. https://github.com/est/gitweets
Demo https://f.est.im/ it supports comments via git notes :D
$0.01/day ? They are all completely free thanks to Cloudflare Workers / Github Pages.
> run 100% independently
> For just $0.01/day, you can run a static website at NearlyFreeSpeech.net
I respect the spotlight on hosting your own websites, but it's not much different from the usual Vercel/Netlify/GitHub/Cloudflare static hosting.
What if I want a database, feedback form, social media previews, good SEO? Article says nothing about it. Perhaps that's what makes a website "indie"?
You have access to php and a database there.
I get your point, but I still remember that guy who got a $100k Netlify bill for his free plan.
It is nice to see a site preaching this that isn't hosted by Cloudflare or GitHub Pages
Github Pages is free hosting with domains and ssl, no bills, and has good longevity and prospects. I don't want to worry or think about a static site, and big players like Github and Cloudflare seem to fit that best.
What’s your preference?
I also “preach” GitHub pages a lot but I’ve also written about hosting on a Raspberry Pi in my bedroom.
https://joeldare.com/private-analytics-and-my-raspberry-pi-4...
I appreciate Cloudflare for keeping all the piracy sites running, though.
Or even Vercel/Netlify
I created Neat CSS for some Hardcore IndieWeb users (though I’ve never used that name before now).
https://neat.joeldare.com
You’ll also find a free email course where I walk you through how I create a site using it. Link on that page.
Recently, I had to make a website for an event, so domain was needed, but what's cool with that is that the domain provider (Infomaniak, with which I am not affiliated btw), also provided 10 MB of storage which is large enough for a lot of things. So for something like 5€ per year (still more than 1c per day...), you can get the domain and the website, which is not too bad
I don't get it. I've been doing this for over 20 years exactly the same way. I even ran a business. The server I rent is $2/month. I read nothing new in anything in that article.
I don't get it.
I see a lot of young software engineers who don’t realize how much you can do on your own and how simple it is.
Very cool! I run a set of ssh-based services over at https://pico.sh and love seeing all the indie web content on HN!
Sftp is still very useful even in 2026
This article is a great example for anyone in their 50’s who is worried about not having relevant skills anymore.
Although calling it hardcore makes it sound like porn. Too bad they had to add that term for something painfully not hardcore.
Azure has a free tier that is fairly generous.
Also the Always Free Oracle Cloud tier is pretty generous. You can spin up a VM or two with it.
I opened this up thinking the same thing using NFS, and lo and behold that's what the author used.
I self host my site [1] on an old Mac mini in a Swift backend and sqlite database. Only thing I rely upon someone for is Cloudflare tunnels for free. I could replace that with port forwarding but so far, this way is pretty good.
[1] https://limereader.com/
Yup, I have a similar setup where I use a Wireguard VPN to tunnel traffic to a tiny public facing Caddy server, which proxies the traffic to the server under my own roof. No Cloudflare!
I have something similar. I use Cloudflare tunnels too but also their CDN which is free (for now).
That's the only thing I haven't really been able to figure out how to do on my own. Back in the day, hosting a static site from my crappy DSL connection was basically no problem and most people who were accessing my site were probably in my timezone. Now with how big the web is and how many bots there are, I worry about the quality of self hosting without a CDN.
Cloudflare tunnels are pretty cool. Do you segregate your server from your home domain too? Little weird having cloudflared on my home network. It make things a little more annoying but I haven’t bothered to fix it since I dev on the same production server.
My server is a different computer which only does this. It's not on my personal computer.
> Cloudflare tunnels for free. I could replace that with port forwarding
You could replace it with something better, like pangolin, either their cloud or even self host it too, and that way you can tunnel to other stuff like if you have a media server where you can watch your movies from anywhere in the world.
Yeah I find it a bit funny when people self host to get away from cloud and then use Cloudflare tunnels.
CF tunnels will ban your account if you used it to watch a movie due to DMCA/copyrights.
Is this really true? "A friend of mine" has been running a Jellyfin server behind Cloudflare tunnels for years and hasn't had any issue.
same here, except a 5 yrs old raspberry pi hanging off a power adapter on the floor.
Well this is great, even going further and hosting the site itself and serve it instead of webhosts, but, now we have domains issue, a domain registrar hijacking your domain, which is your life work, email, etc., so there’s a need to have a free tld that’s uncontrollable by any entity, .onion isn’t practical obviously.
There's no such thing as a TLD that's uncontrollable by any entity. How would you imagine such a thing working? Whatever you imagine: how does it stand up to me editing the hosts file, or the browser's source code?
>There's no such thing as a TLD that's uncontrollable by any entity.
Think .crypto but without the ability to upgrade the smart contract to censor domains. The registry is spread out across a whole decentralized network of computers of which has another decentralized network of computers that proxy requests exists.
>how does it stand up to me editing the hosts file, or the browser's source code?
No one can force you to resolve domains YOU don't want to. You can of course blow up your computer and then you definitely can't resolve the domain. What people mean is that the user is free to still resolve it if they want.
> The registry is spread out across a whole decentralized network of computers of which has another decentralized network of computers that proxy requests exists.
Ultimately, someone has to be in control of who is or is not part of that decentralized network that is the registry. (Or, alternatively phrased, how are you preventing me from saying "I'm part of the .crypto registry, totes.")
Aside from that, the root nameservers is still an entity that is controlled (by ICANN, specifically).
It's good advice, but one need not even include the "upload it to a web server" these days now that home connections are so fast. Install some static webserver on your desktop computer (nginx, caddy, whatever), forward the port 80 at your router to it's lanip:80, and just save .html and files to the web directory using your normal desktop interface. It doesn't matter if you shut off the computer sometimes. Uptime doesn't matter. Optionally file transfer (rsync, etc) this local copy to a VPS or something like the author suggests.
Indieweb receiving of webmention only requires the ability to log HTTP POSTs to some url endpoint. Or you can use one of third party services servers to receive that interact with your website via with 3rd party javascript applications you include on your webpage. Sending webmention can be done with cURL, even HTML forms, or again, 3rd party JS includes.
However, it'll also bring all the bots and "wild west" of the internet to your house when you run your web server from home, and for anyone who has a couple of spare dollars, it's a much wiser choice to run a small VPS elsewhere to weather the storm.
[Internet facing router with up to date firmware] --> HTTPS --> [separate VLAN DMZ] --> [my hardcore IndieWeb VM/k8s/bare-metal whatever] --> [x No outbound access / paranoid local firewall inside the VM x]
[My home computer] --> SSH --> [my hardcore IndieWeb local cloud]
That's about it. Safe enough.
shrug
In 25 years of hosting a dozen domain names on a server on my home connection, this problem has not surfaced for me.
In 20 years of managing server fleets, I always had the pleasure of watching bots taking a dig at my server(s) the moment I give their public IPs and enable their interfaces.
For someone who knows what they are doing, it's more like mosquito noise, a mere nuisance, but even then, using a rock solid system with all updates installed carries the risk of having a zero-day.
If your server is networked to the rest of the house, and if somebody manages to get in, then it's all fun(!).
One time has to be the first and when you get hacked they're instantly inside your network unless you were smart enough to set up a DMZ or something.
Especially if you host something like wordpress with plugins you really have to be on the ball with updates.
For 20 years this was not really an issue. From 2010 to 2020 there wasn't a single nginx cve that applied to my simple static setup. There were literally only a handful of remote CVE at all. With the advent of LLM AI exploit finding there have been 2 CVE this year that I had to look in to. Neither actually applied to me, but it is a different world out there.
That said, the practice of running a modern corporate web browser that auto-executes all programs sent to it from arbitrary unknown third parties is a way, way, way bigger and more common and likely attack surface than a simple static webserver serving files in directories.
Yep, same here. fail2ban and some http 444 helps out.
You need a static IP address for this to work is the downside, and depending on where you live and who your provider it it can be difficult and/or expensive.
You can programmatically update DNS whenever your dynamic IP changes. One issue though is that some residential ISPs prohibit webhosting in their terms.
you can go ipv6 only, any good isp will give you a static /56 for free. practically none of your users have ipv4 only devices when every major os has been dual stack by default for like 15 years. if your isp cant give you one its time to switch as soon as you can.
My ISP is only ipv4. It doesn't matter if an OS technically support ipv6 or not.
Ehh my ISP at home is still ipv4 only. The amount of ipv6 capable connections only just passed 50% worldwide a few months ago.
I don't think ipv6 only is feasible yet unless your audience is exclusively in Asia where ipv6 uptake is much higher due to them running out of ipv4 years ago
now the real fun part is how to self-host it on a machine accessible on the net without services like cloudflare or tailscale tunnels.
Fixed IP would be a way to go. Some people pick dynamic dns server so they can periodically update if their IP changes. But IMO it's just too complicated. I don't think there's a good way to go around ISP restrictions, especially in USA.
I host my site on my own home server, but I do have a proxy ec2 server to tunnel public traffic via wireguard back to my home server. This keeps things a bit more protected and my router/home network not directly exposed. I'm also not locked into AWS, I just use them for convenience, but could get any other cheap proxy to run wireguard. No dependency on tailscale either, it's just nicer interface to wireguard. Wireguard config is like 5 lines btw.
It used to be as simple as getting a fixed IP but these days that is indeed a lot harder to get.
You can do it over TOR.