← Back to Blog

Five Mistakes I Made When I Started Self-Hosting (So You Don't Have To)

Published May 4, 2026 · 7 min read · Galaxy Cloud Solutions

I have been running my own servers for a while now and I have made most of the classic mistakes. I am going to tell you about five of them, not because it is fun to revisit embarrassing moments, but because every one of these is avoidable if someone tells you about it first. Nobody told me. Consider this the conversation I wish I had at the start.

⚡ VPS from $5/mo — Use code LAUNCH2026 for 50% off

1. I Did Not Set Up Backups Until After I Needed Them

This is the most common self-hosting mistake and I made it spectacularly. I had a server running for eight months before I set up automated backups. You can probably guess what happened. A botched update wiped the database. Everything I had built over those eight months was gone.

I rebuilt from memory and a handful of screenshots. It took a week. It was miserable. I set up automated daily backups that same night and have never skipped a day since.

Set up backups before you do anything else. Before you install your app, before you configure anything, set up backups. It is boring. Do it anyway.

2. I Ran Everything as Root

When you first get a VPS, you log in as root and it is kind of intoxicating. You have absolute power over this machine. You can do anything. You do everything as root because it is easy and nothing asks you for a password.

This is a terrible idea. Running as root means one compromised script, one misconfigured application, one moment of inattention wipes or exposes your entire server. The whole point of having a non-root user with sudo access is that it creates a friction layer between your normal activity and destructive commands. That friction has saved me more than once.

Create a non-root user on day one. Log in as that user. Use sudo when you need it.

3. I Left Port 22 Wide Open With Password Authentication

The default SSH configuration accepts password logins from any IP address in the world. Within hours of a new server going online, bots are already trying to brute force their way in. I know because I watched the auth logs once and genuinely could not believe how fast the attempts started.

Switching to SSH key authentication and disabling password logins takes about 10 minutes. It makes brute force attacks essentially impossible because there is no password to guess. I also moved SSH to a non-standard port, which reduces the bot noise considerably even though security-through-obscurity is not a real defense.

4. I Ignored Disk Space Until It Was 100% Full

Disk fills up in a boring and predictable way. Log files grow. Database tables accumulate data. Docker pulls images and does not clean them up. And then one day at an inconvenient moment your server stops working because there is literally no space left to write anything.

Set up a disk space alert at 80%. Seriously, just do it. Uptime Kuma can do this. A simple cron job that emails you when disk exceeds 80% works fine. The alert at 80% gives you time to investigate before you are in crisis mode at 100%.

5. I Over-Engineered Everything

This one took me the longest to admit. I spent weeks setting up a Docker Swarm cluster for a project that had twelve users. I configured Kubernetes for a personal blog. I set up a distributed database for an application that would have been fine with SQLite.

The desire to use interesting technology is real and understandable, but it costs you in complexity, debugging time, and mental overhead. Every layer of abstraction you add is something that can break and something you have to understand when it does.

Start with the simplest thing that works. A single server, a single database, a single process. Add complexity when the simple thing genuinely cannot handle your needs anymore, not because the complex thing is more interesting. You will build faster, break less, and sleep better.

The Common Thread

All five of these mistakes share something: I was in a hurry to get to the interesting parts and I skipped the boring foundations. Backups are boring. User management is boring. Monitoring disk space is boring. But they are what keep everything else running. The interesting parts are a lot more fun when the boring foundations are solid.

Related Articles

The Day I Accidentally Deleted My Entire Server How to Back Up a VPS How to Set Up an Ubuntu VPS for the First Time Self-Hosting vs The Cloud: What I Wish Someone Told Me

Start self-hosting the right way from $5/mo

Automated snapshots, Cloudflare DDoS protection, fail2ban pre-installed, and a one-click app installer. Use code LAUNCH2026 for 50% off your first month.

Get Started