I was wondering about the pros and cons about self hosting your services via Yunohost. I currently have all my services hosted in docker containers on a Debian homeserver. As I was planning on a fresh install, setting up an Ansible script to simplify backup & restoring and bake in a centralized user management system (currently I annoyingly have separate passwords for each service for my 5 users).
Now I was wondering if I could get some experience reports from Yunohost users. What are the problems you faced? Are you satisfied? Are there so many services you couldn't find that you rather went the selfhosted way and integrate Authelia or a similar service? Any ideas and feedback is welcome that can help make up my mind.
I tried Yunohost once, and everything worked as long as I stuck to the officially supported apps. The community forum was supportive within reason, and would respond with advice fairly quickly. When I reported an error with an unofficial app, however, I was instantly told off that I shouldn't expect any help.
Now, having used and admined my Linux desktop systems for a decade (without claiming to be an actual sysadmin), I nosed around the system a bit and to my eyes it seemed a right mess of app and user folders, permissions and containers. Surely, a combination of my limited understanding of server apps and a system that is made primarily for GUI use to make administration easier for beginners.
What I mean to say is, if you already run a set of working docker containers, you're probably more advanced than the intended Yunohost user. I was that half ounce more literate that I became frustrated with the GUI-centric setup, and imperial pounds too illiterate to actually muck around in the command line.
Look at it this way, Yunohost offers a fraction of the apps available on Docker, and not all of them are maintained. They do offer a graphic admin interface and out-of-the-box working setups (or did five years ago when I tried it).
It's a mature, well-maintained system and has a solid catalogue of well-maintained apps. I run Nextcloud, Navidrome, Calibre Web, a Matrix Server and Element (on different I.P.s), Wallabag, a Firefox sync server and a Collabora office suite (REALLY useful) on a ThinkCentre Tiny that I got from EBay for just over £100 (storage extra!) It's been running pretty seamlessly for over a year and I feel confident tinkering, doing routine things through the UI and getting a bit deeper with the CLI.
On the support, I've used a lot of FOSS support forums and I think YNH's is one of the best. They are not as polite or friendly as Nextcloud's and they will ignore irrelevant, snarky or duplicate questions, but if you have a genuine enquiry, they will hold your hand through a problem. I think they use a triage system and take shifts covering it. The XMPP chat, duplicated on Element, is also very helpful.
Personally, I have a fondness for Yunohost, in the same way I have a fondness for Debian and for Nextcloud. It is a well-organised group effort which requires some commitment and knowledge from users but not too much. It needs some attention but gives back more value than a user has to.put in. If I could learn all the ins-and-outs of network security, I might try a Docker set-up, just for boast-value, but with Yunohost I don't have to.
I tried it, but not knowing what was going on under the hood made me worried about how I would fix anything when it broke, and how timely updates to software would be. I also don't think it had any kind of central user management for the installed apps.
If you're already familiar with docker I would stick with that.
It has user-management, though. YunoHost comes with LDAP, provides email addresses to all users, a permission system to allow what groups of users can acces which services... And they integrate that into the individual services. That is, if they have some LDAP plugin. A decent amount of services can't be tied into their user system. But it works flawless for chat, Nextcloud and the main contenders...
Interesting, as I remember it didn't do integration with a lot of apps, so you end up with some that have auth and some that don't at all, and some that you have to manage auth internally.
If you stick to the apps that are indicated as being well supported it's good. The main reason I use it is because I'm part of a team that includes people not comfortable with the command line so having a web interface to manage a server means not everything falls on my shoulders.
Some of these points are inaccurate. Numbers 3 and 7 are definitely dependent on the app in question. I also rarely have to do anything in CLI, a recent update moved an issue I had with LE certs from the CLI to the web admin. As far as support, the forum can be inconsistent and the XMPP chat is more responsive. Dev team is in France though, so timezone can cause delays.
Also, you can run as many TLDs on a yunost instance as you can afford and your machinery can stand. I've got two IP addresses on mine: one for front end apps and one for backend.
I've run Yunohost for quite a while and a few of these are inaccurate
1). maybe, if you're putting it in a VPS. But there's also VPN, Tailscale, and I believe Headscale apps available
2). I've barely ever run the CLI, especially for Yunohost commands. Even for system and package updates, its not necessary. I do wish there was a built in terminal tho
3). eh, I mean sometimes but its per-app and its either-or. so typically I'll check the install page for subdomain and set that up. And remember, some of that is upstream constraints
4). yeah, that's the most annoying one, tbh. But the ones that are starred or maintained are typically very good,
5). I've had good times and bad on the forums, about par for FOSS. heard gokd things about the chat. And for maintained packaged, github issues are answered quickly IMHO
6). I mean, its 12 now and you want it stable. Update your sources.list if ya want
7). this is only true of some few apps, but almost always its listed in the install screen.
I kinda agree, but I've been very impressed with Cosmos Cloud. I ve got the full 400 package marketplace, and having all that on docker, auto-updates, and good user auth is nice.
I'm using it as a frontend/services and Yunohost as a backend/datacloud/DevOps since it seems to be more robust and reliable long-term. The user management, email, XMPP, and (mostly) transferrable auth is top notch, not to mention default hardening like fail2ban, GUI ssh port shift, LEcerts, etc. Just wish they'd add in a docker system like Cosmos, it'd really fix most of the problems, IMHO
I am a relatively new Yunohost user, and I’m a big fan. I’ve dabbled with Docker, but I’ve never been quite able to figure out how to make it work. Yunohost took the hard part away and made it pretty easy to set up.
That said, I don’t view it as a long term solution for me. I don’t like not really knowing entirely how it works, and I’ve had issues trying to configure the reverse proxy to connect it with a domain name. (I purchased one from Porkbun, which is apparently not supported.) Until I learn a little more, though, I like it.
If you have the knowledge to do what you're doing now, you have no need for Yunohost. It's janky at best and doesn't have much facility for advanced use. It wants you to do it their way only, which is fine if you're new at all this. Eventually, I think people just move on.
I was in a similar situation as you, with an existing docker solution, looking for something easier to manage. Yunohost had this hype behind it that I couldn't resist. At first it did seem easier with the official apps, but as soon as I needed anything outside the set boundary the dream collapsed. The final nail for me was not being able to get smb working.
Good thing I had kept my docker setup safe so it was easy to revert to it. It's more of a pain, but it's also more versatile and capable so I have no better choice at the moment. Portainer helps a lot.
One of the primary requirements for my latest project moving a bunch of stuff to self hosted is that if it has a GUI that is going to be internet facing, it either has to support OIDC or it has to be something low risk enough that I feel comfortable setting it up without much security and just setting up a single basic auth login with traefik. A few apps I had trouble finding, but worked most of it out.