Selfhosted

49219 readers

961 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

[email protected]

Got any security advice for setting up a locally hosted website/external service? (lemmy.world)

submitted 4 weeks ago* (last edited 4 weeks ago) by [email protected] to c/[email protected]

23 comments fedilink hide all child comments

Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.

Am I basically in the clear? What more do I need to do to protect my site and local network? I'm so scared of hackers and shit I do not want to be an easy target.

I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 3 weeks ago* (last edited 3 weeks ago) (10 children)

Fail2ban ufw nftables

port forward only the bare minimum (80 443)

Expose docker ports with 127.0.0.1:8000:8000 then port forward with caddy server on the host

Edit: add nftables

[–] [email protected] 4 points 3 weeks ago* (last edited 3 weeks ago) (9 children)

This is dangerous advice because docker is well-known for undoing UFW’s iptable rules. It’s mitigated by binding to localhost, but still way too easy for people to shoot themselves in the foot by using the two together.

[–] [email protected] 1 points 3 weeks ago

Do not open those ports hosting is way to cheap now to take that risk!

load more comments (8 replies)