this post was submitted on 28 Jun 2023
2 points (62.5% liked)

Selfhosted

41327 readers
339 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
2
How to monetize services? (self.selfhosted)
submitted 2 years ago* (last edited 2 years ago) by somegeek to c/[email protected]
 

Hi guys. how can I monetize my rustdesk servers? like, imagine I tell client X to pay 1$/month for using my server, how can I authenticate users? (prevent others from using the server so only people who are paying can use).

CONTEXT: I live in a country with very limited internet (like china) so using public servers is not good. I would also have to be able to maintain the costs of the server. so this is not illegal and not unethical.

top 15 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 2 years ago* (last edited 2 years ago) (1 children)

Not to sound like a wet blanket, but I think you'll find it hard to make enough money to cancel out your power bill, development and admin time compared to big box names like AWS, digital ocean, etc. It could also open you up to legal problems. If someone you don't know wants to pay you (someone with no reputation they shouldn't trust with their money and data) then you probably don't want the data they are trying to host any where near your servers (use your imagination...).

That said, if you're serious or want a learning exercise look for:

  • identity management/authentication - SSO or Oauth for an authentication layer. examples: Keycloak, Oauth proxy.
  • resource monitoring - Metrics, monitoring, logging. some of this is just for maintaining availability of your service but you may need metrics for usage billing or cutting off access if they go over allotments. Examples: ELK stack, Prometheus, grafana, Loki, datadog
  • API gateway - api rate limitingbased on identity, e.g. user Bob is only allowed to make 1000 API calls a month . Examples: 3scale.
  • domain specific resource access policies - this is where it gets tricky. Depending on what application you are offering as a service, there may be access/limitation policies built in you could use or generic external options. If not, you'll need to come up with a method on your own like an authorization proxy that intercepts requests and approves or denies based on identity and usage metrics. A decent API gateway solution should allow for this customization.

I am not aware of an out of the box solutions that solve all of these problems, but there are many solutions for specific parts of this hypothetical system which is what I tried to provide with some example tech names to start your search. It's not a simple problem, but it's one basically every internet company has solved on some level.

I think there are croud-source compute reselling services you can enroll your systems in but I'm blanking on names and again you'll be lucky to break even on power.

[–] somegeek 1 points 2 years ago

thanks you. as for the data argument, rustdesk almost has no data, it's like a proxy between clients. I'll look into the cues you said. thank you.

[–] [email protected] 3 points 2 years ago (1 children)

I wouldn't try selling services that are hosted on your residential internet connection. What happens when it goes down? Is your setup redundant? Etc.

[–] somegeek 2 points 2 years ago

I didn't say they are on my residential internet.

[–] [email protected] 3 points 2 years ago (2 children)

If there is a way to handle auth, then you can maybe put it behind a SSO platform (Keycloak, fusionauth, authlia, etc) and slap a billing system (not familiar with open source solutions here, I used to use commercial solutions like Blesta and WHMCS) to activate/deactivate user accounts. You’d need to do a lot of the expropriation and heavy lifting yourself though.

[–] somegeek 1 points 2 years ago

thanks! that seems great!

[–] [email protected] 2 points 2 years ago (1 children)

im using keycloak but that may be overkill for you.

[–] somegeek 1 points 2 years ago

thank you. I will look into it

[–] [email protected] 2 points 2 years ago (1 children)

Assuming you have more than a handful clients, you'll probably want some sort of CRM/billing system to keep track of who's paid. And then you'll want a centralized IAM tool where you can provision new accounts or deactivate ones that stop paying.

That also depends on whether the underlying service supports some sort of sso/login federation.

You can also just do everything by hand for the beginning, until it takes up too much time.

[–] somegeek 1 points 2 years ago

thanks. rustdesk doesn't have any authentication except for keys, which is generated for each server. someone suggested that I could spin up a server and key for each client.

[–] [email protected] 2 points 2 years ago

API keys are generally how this is done. You create an account system with billing and then allow account holders to generate API keys that must be included in every request. On your side you look up their account via the API key and check billing status before responding to the request.

If you don't have a lot of clients you could handle billing and key generation manually.

[–] [email protected] 1 points 2 years ago

I know nothing about how it works under the hood, but it sounds like you need to let a user register only when they pay, deactivate the account when they stopped and don't let users without account to use the server.

load more comments
view more: next ›