I am a big fan of self-hosted tools. I have a small side of me that believes that everyone should be hosting their own servers one day and running their own SMTP for email, calendar app, task manager, wordpress blog, etc. I do not think we are there yet… Installing your own service in the cloud or on a raspberry pi is still a bit of a hassle, not to mention exposing the service on the internet safely with a reverse proxy and a domain name. But I do think that we are getting there. I think that the day will come when it will be as easy as installing an app on your phone.

self-hosted services are terribly comfortable

That said… Today I would like to demonstrate how I started this movement by hosting a personal finance manager called Firefly III.

While there are many services that offer personal finance management on the cloud, as a resident of a country that has a very low connectivity to advanced API-driven financial data sharing and with the current state of the day-to-day data breaches, I prefer to keep my financial data on my own server.

Seriously, financial data is probably the most sensitive and most revealing data a person generate and owns. While the credit card companies and banks do have access a big chunk of this, they are usually regulated in such a manner that provides some barrier to access this data and be used against my best interests. Let us not even begin thinking about the risk of this data being leaked when it sits at some fintech startup that is barely regulated at best and at worst is cutting corners with security and encryption to move fast and secure that funding.

Where to host?

I started this journey with a raspberry pi that I bought online. Today these little servers appear to be over-hyped so should you choose to pursue this solution I advise you to lookup alternative solutions. I have since moved to a cloud server that I rent from a cloud provider. I will not go into the details of how to setup a server, but I will say that I am using a docker-compose file to run the service. I will also not go into the details of how to setup a reverse proxy and a domain name.

I chose digital ocean as my cloud provider for its simplicity and transparent billing. Since my usage is humble I wanted a service that will not surprise with some billing for cross-region traffic or some other hidden cost. I also wanted a service that will allow me to easily scale up if I need to. I am not affiliated with digital ocean in any way, but I do recommend them for this use case.

Installing Firefly III

After looking into three hosting options:

  1. Linux service
  2. Docker
  3. Kubernetes

I went with Docker because:

  1. I love my free time and I do not want to spend it on managing a server.
  2. I do not have any real need for Kubernetes… Even though its cool.

The example docker-compose on the Firefly III really did the trick. I modified it a bit to suit my needs and I was up and running in no time.

Getting a domain

I bought a domain with GoDaddy and set up a subdomain to use for Firefly III. Not that we are not going to expose the service directly to the internet but use a reverse proxy that will provide a layer of security and will allow us to use a single domain for multiple services.

Setting up a reverse proxy

I installed nginx on my server and configured it to proxy requests to the Firefly III service. I used letsencrypt to generate a certificate for the domain and configured nginx to use it. I also configured nginx to redirect all http requests to https.

Authentication

Now for the tricky part, I did not have any desire to manage my own users and passwords. I wanted to use another service to authenticate my users (my partner and I in this use-case). Since google are considered to be pretty safe, I chose theme to by my auth provider. Getting an Oauth key from google requires a Google Cloud account but the cool thing about this service is that it is free (at least for this use-case). The serviceI used for handling this is called oauth2_proxy. The repo is pretty well maintained and has a pretty good record in terms of vulnerabilities and handling . I did set it up as a Linus service but looking back I would probably use a docker container for this as well.

Connecting it all Together

Now that we have all the pieces in place, we need to connect them together. I used the following diagram to help me understand the flow of the requests and the services that are involved.

Firefly III Architecture

When accessing the domain I expect to hit a login page that will redirect me to google for authentication. Once authenticated, I will be redirected back to the proxy service that will validate the authentication and redirect me to the Firefly III service. The Firefly III service will then serve the UI and the API to the browser.

Summary

In the post we went over self-hosting up a personal finance management using cloud technology, containers, load balancers, authentication, authorization Some name dropping and links to the services I used (Absolutely no affiliation to any of these):

  1. Firefly III
  2. Digital Ocean
  3. [Docker](https://www.docker.com/
  4. GoDaddy
  5. LetsEncrypt
  6. Nginx
  7. Oauth2 Proxy
  8. Google Cloud

What next?

In the next post I will go over how I use Firefly III to manage my finances and how I use it to track my expenses and plan my budget. Stay tuned.