The issue is that almost zero phones have custom roms available, and android is just a bad operating system to begin with. It’s designed much more around tracking rather than something like a server. You can’t do basic things like close programs or uninstall software or even choose how the memory is used. Basically unusable as a server for anything other than a toy. If you do find a ron for your phone somehow, it will suffer from many of the exact same issues. No closing apps, no access to the networking layers, massive security flaws due to a chaotic software landscape.
Some cloud backups offer lifetime deals which can be a good second backup.
As for self hosting. You should buy a domain, use a dynamic DNS service. This doesn’t cost much but is very useful. Get a decent router that isn’t superhackable. Get something like fedora for your servers, the os.tree file system is good because if you break your machine with updates you can just roll back.
Randomize your ports, be careful what you expose behind open ports, be careful what you install on your server, and run stuff in containers. Also block port scanning.
As for learning you are just going to have to research. For servers you need to open ports for whatever you are using, like a webserver, file server, etc. you need to be mindful of security. Keep it updated. You should keep your server separate from your main machines if possible and disable your main machines ability to port scan your server by using a VPN or something on your server.
It’s not all that difficult. Just watch some videos and passively absorb this knowledge.
As for backups, you should invest in one of these lifetime plans from a cloud provider. Maybe create separate accounts that you only use for your server stuff to help keep the details from getting leaked. (Email accounts, passwords, etc) On top of this you should have a second backup which I recommend hosting yourself so you can learn. This way your data should be safe.
In your backup server, you should run mirror raid, this way if you lose a drive, you won’t lose your data. Parity raid is t quite as good because you could lose a second drive while rebuilding. It’s cheaper for the amount of space, but you can just invest in a couple of high density, enterprise level drives from a reputable brand. Run mirror raid, and backup your files. Throw in a small SSD for the OS, and a medium SSD for cache. You can go as cheap or expensive as you want.
Get some remote management software. Since you aren’t super technical, use a remote desktop system. Just make sure it’s a good one that is well maintained because this is a big single point of failure in your security.
If you install a web browser on your server, disable scripts and ads, and only use it to download stuff you need from GitHub or something. Try to avoid exposure to sites which may have vulnerabilities.
As for the server. Using VMs and containers, you can use it relatively safely for many things. You could even use cloudfare if you wanted for additional security so your servers actual IP is not ever in the wild. People will only see an IP for that particular port and server VM. This is a bit overkill maybe.
You can run a backup server, web servers, game servers, you can host your own DNS, you can run media servers, and even your own private VPN or local AI models. There is tons of stuff you can do with a server.
Also don’t forget to set a reminder to reregister your domain name!
The simplest setup would be an old computer with a bunch of hard drives attached, maybe an old desktop, maybe a laptop with a powered USB hub. This is all you really need to get started.
Cool, I have some ideas as well, like maybe write a script that hashes configuration files that needs a secret password to put into edit mode, if the config changes without being out into edit mode first, disconnect the server. Maybe use a raspberry pi that’s hidden from the network to do this. I know that wouldn’t work for large websites maybe because they can’t afford to go down for hours at a time, but it would give you an additional layer of security for sensitive stuff. I’m more into game programming but I know how exploits work and stuff. I’m pretty sure many types of things like this already exist in the market. One idea I had was pretty neat. Basically in your eula you reserve the right to hack back people that try to hack you, and you have an automated system that uses some known exploits to get a ping or maybe install a rootkit on anyone who is trying to mess around in your system. Later you can just get on and deanonymize them. This requires you actually spend time researching your own zero days. People in defcon hacking competitions do this. They are sort of masters with decompilers and hex editors.
Also doing basic things like running your webserver in a VM, and you can write some script or something to just block any IP that is port scanning I’m pretty sure. I would do that if I was hosting. Also remember to block port scanning in Firefox. It’s not enabled by default. This helps to keep you safe when you land on a scanning webpage.
Or get a raspberry pi