this post was submitted on 25 Mar 2024
150 points (96.9% liked)

Selfhosted

40313 readers
237 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hi, you guys might know me from these three posts. After reading all of the comments, I've decided to purchase a Mini PC to host public instances of privacy-respecting services.

I'm here to bring some good news: I got it working perfectly! You can visit reallyaweso.me today and get a list of services that I'm hosting!

All services are deployed via Docker and proxied through Cloudflare. You might ask: "Why Cloudflare?". It's because I can't port forward things on my home network. It really sucks that I'm depending on Cloudflare to do the port forwarding for me, but it is what it is.

If you want me to host a specific service that you want, feel free to comment on this post!

I would really appreciate it if you guys could checkout some services that I'm hosting, as I don't know if everything went smoothly or not. Thank you guys so much for helping me on this journey!!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 48 points 8 months ago* (last edited 8 months ago) (2 children)

Cool idea. Just be aware, that there are a lot of shady people out there. I'm not sure I would publicly host services, which rely on tight security (like Vaultwarden). They will come and they will probe your system and it's security!

You might also want to remove Dockge from Uptime Kuma, no need to broadcast that publicly.

[–] [email protected] 25 points 8 months ago

Yeah seeing all the attack vectors opened here freaks me out

[–] [email protected] 9 points 8 months ago (1 children)

Thank you for pointing these things out! I've removed Dockge from Uptime Kuma.

[–] [email protected] 14 points 8 months ago* (last edited 8 months ago)

Let me know if you need any help with that. I'm still a beginner, but have used the last few months to learn about cyber security. It can be a daunting subject, but if you get the basics right, you're probably good. I also hosted without a care for years and was never hacked, but it can/will happen. Here are some pointers!

Get or use a firewall. Iptables, UFW and such are probably good enough. I myself use OPNsense. It can be integrated with Crowdsec, a popular intrusion prevention system. This can be quite a rabbit whole. In the end, you should be able to control who goes where in your network.

Restrict ssh access or don't allow it at all via internet. Close port 22 and use a VPN, if needed. Don't allow root access via Ssh, use sudo. Use keys and passphrase login for best security.

Update your stuff regularly. Weekly or bi-weekly, if you can.

Use two factor authentication, where possible. It can be a bit annoying, but improves things dramatically. Long passwords help to, I use random-word-other-word combinations.

If you haven't, think of a backup strategy. 3 redundant copys on 2 media, one off site.