🌱🏠 the easiest way to grow IT yourself
Greenhouse is a specialized cloud service designed to make self-hosting your own website, email,
web services, etc, as easy as possible.
We don't ask you to compromise on privacy or security: it's your server, we simply make it reliably accessible on the internet.
what we do
Greenhouse enables your own web server (running on your computer within your own home or business) to be accessible on the internet in seconds, with no credit card required to get started.
Unlike most other services, we don't try to take ownership of your site or your users' data away from you. Our technology is designed so that we couldn't spy on you or your users even if we wanted to.
Greenhouse is a 🐃GPLv3-licensed open-source project currently in development by SequentialRead. We provide everything you need to get your own server online for your home, organization, or business.
Why would anyone want to use a cloud service for self-hosting?
Isn't that an oxymoron? Why do I need this?
In short, because it makes self-hosting ✨ radically easier ✨. It's cheap, reliable,
and it works every time, no matter who or where you are.
Running servers from home isn't easy, especially if you're not a computer whiz. Trying to host a reliable web site or email server from scratch might seem impossibly hard. Or it might work at first, but then inexplicably stop working months later. But no matter who you are or where you live, as long as you have an internet connection, you can run your own reliable web site or web service with Greenhouse! We handle the complicated public internet networking configuration for you, alleviating the worst pain points associated with self-hosting.
For the technically inclined;
Greenhouse eliminates the need to purchase/aquire, configure, test & maintain a router, firewall, domain name, TLS certificates and/or VPN tunnel.
We do this by providing domain name registration, DNS record management, and TCP reverse tunnel as a service.
You, the server operator, use the service by signing up for an account and then launching our easy-to-set-up Greenhouse client application on your server computer.
The open-source client application ( greenhouse daemon 🌱🏠😈 ) runs an embedded instance of Caddy Server to automatically obtain TLS certificates from 🔒 Let's Encrypt & secure your web traffic with TLS / HTTPS.
how we do it — what makes greenhouse different
Greenhouse provides a network gateway that allows internet users to connect to your server(s).
Greenhouse provides all of the neccesary network configuration to host a server on the public internet,
but it leaves all of the data storage and web-serving up to your system.
You retain exclusive ownership and control over your data, web traffic, and processes.
Almost all other cloud service providers offer exclusively custodial services, meaning they technically own all of the data and encryption keys related to your application.
Our unique security model means we couldn't access your systems or "wiretap" your web traffic even if we wanted to. This differentiates our product from mainstream cloud services like cloudflare and digitalocean.
Threshold 🏔️⛰️🛤️⛰️🏔️ (the Greenhouse network gateway software), only routes secure connections and doesn't require access to your TLS (Transport Layer Security) encryption keys, so it can't see or interfere with your users' web traffic. You can think of Threshold's data privileges similarly to how you might think about your ISP (Internet Service Provider): they both provide network connections, so they can see who's connecting to who, but thanks to TLS, they can't access the contents of those connections.
We don't charge any mandatory monthly fees, meaning you only pay for the bandwidth you actually use. If your server is not very popular or it doesn't handle large media files like audio, images, and videos, you could pay as little as $0.50 (fifty cents) for a whole year of service! You can also set billing alarms to warn you if you start getting billed for more traffic than you expected, and set billing circuitbreakers to limit the amount your account can be charged by our service.
Greenhouse was born because we wanted to try to make self-hosting web servers radically easier, so it was designed to be as cheap and user-friendly as possible. You don't have to be a tech expert to use it, it's meant to be for everyone.
greenhouse is in development 🔧
The service isn't done yet. Much of the core functionality is working, but must-have features like payments, billing, and the CLI (Command Line Interface) need to be completed before Greenhouse can launch in alpha or beta.
"As a user, I want my server to be online 😀"
2 minutes 46 seconds
In this screencast, I am acting as a potential user of the greenhouse service who wants to publish a server on the internet.
00:03I navigate to the greenhouse website
00:14I log into my account
00:28I create a new API token & copy it to the clipboard
00:42I run the desktop application
- For this demo it's run via the command line, but later it will be something the user can easily download from the greenhouse website and run/install from thier downloads folder.
00:48I paste the API token into the desktop application to register it with my greenhouse account.
00:51I create a new tunnel configuration and give it the
test1subdomain. I leave the default destination setting
01:05As an example for this demo, I use docker to run an instance of
nginxHTTP server on my laptop, listening on port 80
- Greenhouse can work with any server application. For example, if you are developing a
React application with
create-react-app(or any other local development server), you could use greenhouse to temporarily publish your local server on the internet
- Greenhouse can work with any server application. For example, if you are developing a React application with
01:15I connect to
localhostin the web browser to demonstrate that the nginx server is running & avaliable locally
01:25I apply the new tunnel configuration
01:39I browse to
https://test1.forest-n-johnson.greenhouseusers.com, demonstrating that my local nginx server is now published to the internet & secured by TLS. (It's using HTTPS, not HTTP)
01:45I create a new tunnel configuration with
test2as the subdomain & switch it to the "serve local files" destination type.
01:57I manually type in the path of the folder I want to publish:
- In the real application users will be able to open the file chooser and click on a folder instead.
- They will also be sternly warned that everything inside this folder is about to become published on the internet.
02:19I apply the new tunnel configuration
02:26I browse to
https://test2.forest-n-johnson.greenhouseusers.com, demonstrating that I can see a list of the files in the folder.
- Note that I renamed
index1.htmlfor the demo. Normally caddy would serve
index.htmldirectly as the default document for the folder, however because it has been renamed, caddy will generate its own directory listing page. Later on this directory listing and other file server settings will be customizable.
- Note that I renamed
02:38I navigate to
index1.htmlto display the chart.
This roadmap diagram shows the various tasks and features that are already completed or in progress, which ones are required for the initial alpha release, and which ones are required for the public beta release.
The above diagram was based on these rough notes:
greenhouse web application basics 🌱🏠
- bandwidth utilization graph
- manage API tokens
- port range allocation per tenant, for non-tls protocols like SSH
- billing alarms and billing limits
- stripe payments (metered billing)
- cryptocurrency payments
free subdomains feature 🛣️
- gandi client
- stored in database
- try to add greenhouseusers.com to mozilla public suffix list
- let's encrypt acme limitations research
pay for what you use multi-tenant TCP reverse tunnel server (threshold 🏔️⛰️🛤️⛰️🏔️)
- "elastic" cloud instance scale-up and scale-down automation
- multi-tenant threshold server
- bandwidth metric pipeline
- tell a tenants threshold clients that they have been moved to new servers
- tunnel health monitoring
- threshold client certificates tied to Greenhouse API tokens (certificate "revoked" when API token is disabled or deleted)
greenhouse daemon 🌱🏠😈
- embedded caddy supports TCP, TLS, and HTTPS, each w/ optional HAProxy "PROXY" protocol
- greenhouse tenant info api
- automatic tunnel connectivity test
- certificate issuance audit log & certificate transparency monitoring
- automatic certificate issuance test
- automatic end-to-end test
- multi-server management support
greenhouse desktop application 🌱🏠🖥️
- login w/ greenhouse API token
- create tunnels
- tunnels failed error handling
- selector GUIs for ports and folders
- tray icon
- cross-platform testing
- code signing
- advanced tunnel options (HAProxy PROXY protocol, failover stuff, etc)
- view logs
greenhouse CLI (command line interface) 🌱🏠🧑💻
- login w/ greenhouse API token
- tunnel configuration CRUD operations
- config files
support hosting email servers 📨
- threshold forward proxy implementation
- users can elect to get a dedicated threshold server IPv4 address
- fully managed DNS feature w/ domain registration
- greenhouse.server.garden website
- authenticate 3rd party domains before allowing threshold to forward for them (defense-in-depth security feature)
Icons made by Freepik, aquired from flaticon.com