I spent 1 entire week of my channel, which I could have spent doing better things learning about making a server the right way. Using solely information on the internet and leveraging what power I have as a content creator and I’m throwing in the towel and am close to deterring people from making their website. Obviously it’s impossible to make the “perfect” website, but I’m going to break down why it’s near impossible to have a website today.
Bot Protection
One of the growing problems with posting content on the internet is AI. This includes the torrent of garbage that hits your server. I doubt there are people visiting my website from outdated versions of Internet Explorer or attempting to visit common WordPress PHP exploits that totally exist on your website.
Recently, generative AI has changed this for the worst where now every tech company boarding the AI train wants to scrape your website for data. This results in your website getting hammered by AI trying mine your artwork and text content for who knows what and this isn’t counting the mainstream crawlers like Google, Microsoft, and Perplexity are doing!
Unfortunately, modern problems call for modern solutions and whatever you pick in today’s day and age must have a way to integrate AI blocking. There are two programs for this: Anubis and Cloudflare. If you don’t implement either, you are doing yourself a disservice. “B… B… But Cloudflare controls so much of the internet,” tell these gatekeepers to touch grass.
Containers: Choices and Restrictions
The worst way to build a server is using native distribution repositories and there are still many people brainwashed into thinking that this is the only way to do things, both from Linux losers online and in documentation. This is where containers come in as universal ways to package applications in the way the original application developer intended.
For example, as of time of writing, Debian 13 (trixie) was released, but with an outdated version of Podman. Mere days later, Podman receives a new release. This is further proof of Debian shooting themselves in the foot where the version of Podman in Debian 12 (bookworm) had no Quadlet support, which is essential to updates, maintaining feature parity with Docker, and includes bug fixes.
The problems have less to do with containers themselves but rather the two standards competing for attention: Docker and Podman. Of the two, Podman is the better choice as it doesn’t require root privileges but also mostly backwards compatible.
The issues come in when certain programs are not made with Podman in mind because they are targeting features that are only available in Docker. For example, if you want to run Traefik, you have to use a Docker container because of the way Traefik expects things to be done the Docker way.
This is compounded by distribution modifications or hindrances, further most server distributions running outdated versions of Podman that won’t support Quadlets, which autostart your containers on login. Granted, making Quadlets requires a script to do this correctly, but this is a reason distributions matter a lot and I don’t have a good solution to these mismatched versions, especially given server software is always out of date.
Website Name & Server Software
The problem is the actual implementation process is very bad and poorly explained. It’s one thing for Anubis as a community project, but it’s another for a multimillion dollar company like Cloudflare.
For example, this documentation Cloudflare page tells you to fix a setting in your dashboard, so I spent 4 hours searching online through the dashboard. Turns out the problem is with how the proxy is going to my container and I have no clue what it is.
The first problem to building a website comes with server software. The technical term is “reverse proxy,” which is where you declare to a computer where you want everything pointed. One of the most popular of the bunch is nginx.
nginx is one of the oldest internet reverse proxies, but because it’s older, there’s a lot problems with the default configuration. For one, nginx will report your version on the default error page. This often rats out your Linux distribution and if you are vulnerable to any of crippling security issues.
The lesson nginx will teach you is to redirect your error pages. If you use a static site builder or another solution, you need change your error or redirect pages to be something else. This is compounded there are virtually no tutorials to setup Cloudflare with nginx online and spawned many competitors because people couldn’t be bothered to deal with nginx since it was made in an era where these flaws weren’t problems.
The alternatives include Traefik and Caddy. The worst by far is Caddy, which is sad because I found it very easy to setup by itself. The problem is integrating Cloudflare with Caddy requires building from source another module just to get Cloudflare to work properly and the moment this happened, it caused my server to crash. Turns out, despite the image optimization I’ve done to the files on my website is not enough and building Caddy modules eats up all my memory.
Now there are people who say Cloudflare Pages is much better, but this introduces a different problem. Cloudflare Pages requires posting this information on a Git server, which is likely controlled by someone else (GitHub/GitLab) since you came crawling here. The problem is the last thing I want is every mistake and typo I ever make to be published in a record for the rest of eternity. Beyond that, services like GitHub have already shown they will gladly mine information from your repositories and use it to train Microsoft’s artificial intelligence. No thanks.
The Real Failure of Self-Hosting
All of this boils down to I cannot build an effective website. In order to host a website, you need a Linux distro with everything updated, but also sane enough not to break. You also need a reverse proxy with support for bot protection so your content doesn’t get stolen and your website stays up. But there’s one last major problem with all these things: this information is gatekept: both by those who are experts in the field and by idiots online who believe containers are the devil and you should avoid systemd and learn binary to write a crontab instead.
For reference, I used a burner account to download various documentation from Red Hat about how to use containers and Podman. Red Hat generally has very good documentation and Podman is no exception. While Podman has good documentation, in no way does it get you started with the information that actually matters. There’s no assistance in writing a Dockerfile, which you will have to write in order to publish your website. Guides for this are scarce, but it’s pretty easy to figure out how these work because many random strangers on GitHub publishes their Dockerfiles for all to see and they are a great reference for you to reverse engineer what is basically a shell script.
The problem comes in bringing all these messy aspects of server making together. I have browsed virtually every single page on YouTube, Google, or anything AI has touched and it is impossible to find information on how to get Cloudflare to stop infinitely redirecting your website to oblivion. You’ll find someone who set up Cloudflare with Caddy or installing nginx in a Podman container, but nobody does it correctly, marrying your reverse proxy, Podman container, and Cloudflare firewall. Reading Cloudflare’s documentation is so poorly written I cannot ascertain what to do to begin with and Podman is just as bad.
I also ran another test and as a content creator, I am privileged with a very technically savvy audience who are bright about these kinds of topics. So as a social experiment and also an act of desperation, I posted a calm cry for help on all of my social media accounts: Mastodon, X (Formerly Twitter), Bluesky, and my YouTube Community page. I have hundreds of followers across my social media and thousands of subscribers and only 1 person responded referring to a TechnoTim video that was actually not that bad as long as I suck it up and use Docker instead of Podman. But it was only 1 comment to a content creator. I’m sick and tired of people saying “ask around on a forum” because I have burner accounts that have gone ghosted numerous times on Matrix and Discord, why should it be different for anyone else?
This is the real problem with self-hosting communities. Compounded by information constantly changing, people won’t even give you answers to basic problems. Tell me what to do, don’t give me cryptic advice or tell me to read documentation. I have a high BS tolerance, but this broke the camel’s back. I scoured all of Google, YouTube, Reddit, Cloudflare/nginx/Caddy forums and I’m very close to throwing in the towel. If it wasn’t for the people who give me money to do YouTube, I wouldn’t even bother.
Sources:
These are all of the links I read for the nothing I accomplished. To protect my own privacy, I have not linked any Discord, Matrix, or forum conversations I did. Needless to the say, many of my questions went unanswered or I was talked down to. I used burner accounts to simulate the experience most people would experience and did not wish to be given special treatment.
- One of the first Google searches I got for using Caddy and Cloudflare. When this article was originally written, it was probably fine. Since then, Caddy has made major changes to prevent most of the instructions from working. Not only that, but the “easiest” advice is to use a self-signed certificate (which did not work) or upload some root certificate nonsense (which also did not work).
- This YouTube video by @beamnetworks1 on nginx and Cloudflare HTTPS certificates at 7:27, except this is a self-signed certificate and does not work anyway. I got nothing but 502 errors and rejections because it wasn’t using an auto-generated HTTPS certificate. Give up all this origin server junk.
- A Reddit thread from r/selfhosted (Onion Link) about Traefik’s documentation. Many users have complained about poorly written documentation (yes!) and why you should give up and just use Caddy. This led down another rabbithole about nginx proxy manager and information about it was much more limited and it did not bypass the Docker problem either.
- A blog post about native installations of Caddy. The problem with this guide is it focuses on using native distribution packages and doesn’t discuss containers at all.
- A incredibly long GitHub guide to use Caddy
- Podlet, a script to create container startup files AKA Quadlets for Podman containers
- A sample podlet from the Universal Blue forums
- A forum post about Traefik and Podman. Basically, this guy was just told to RTFM politely and make a Quadlet, so see above. They weren’t even directed to the correct variables for their Quadlet. Icing on the cake, the issue was auto-closed by the moderation bot and nobody has asked this question since. What great help.
- Cloudflare’s root certificate, which buried in developer documentation and not available to download from the dashboard. To make this worse, this is the first thing you are presented when you look up how to do basic reverse proxy stuff and might as well be worthless.
- While I was editing this video and working on future content, I found an article on Fedora Magazine about podman auto-update, which is functionally similar to what Podlet is. At least it appears to be, I haven’t had time to test it.
The following were shared with me because of my influence.
- A guide by Daniel Melzak for making a Caddy Dockerfile. My personal Dockerfile does not do the Hugo building, as that already occurs on my personal computer. This is also missing the Cloudflare integration and update management.
- TechnoTim’s video Traefik 3 and FREE Wildcard Certificates with Docker
Video References
- Google I/O ‘25 Keynote
- Niccolò Ve’s video: “Open Source Infrastructure has an AI problem” (YouTube Link)
- Microsoft Build Day 1 Keynote. This version is edited to remove protesters who interrupted the beginning of the presentation.
Track Listing
- Kei Morimoto - Utopia
- gooset - Recharging
- Sonic Mania - Metallic Madness Zone Act 1
- Sonic Mania - Metallic Madness Zone Act 2
- Outro: Khaim - Neon Lamp