I would add cloudflare tunnels to avoid showing your ip to the world and easily setup some access rules
this post was submitted on 26 Nov 2023
4 points (100.0% liked)
Self-Hosted Main
502 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
founded 1 year ago
MODERATORS
Cloudflare It's definitely something I'll consider. Thx
Why cloudflare tunnels? If you already have a domain, and are going to use cloudflare, why add their dns nameservers to your registrar admin page, and use their dns for free?? That solves the issue of hosting at home and showing your ip to the world via any method using your domain name, all they'll see is cloudflare.
Very cool site! You're so right, hosting at home is so fun and actually super useful! My setup is soooo much easier to access and control now, and I've learned so much.
My self hosted site is at https://nintenuendo.tv heh, cheers to many more years of open-source!
Man that's sick! You have lot's of exposed services, can you expand what app you are running in https://shell.nintenuendo.tv/ ? Do you have any blog? Cheers
for the shell, that's an easy one, shellinabox, with a custom dark mode.
for the exposed services you describe, none are "exposed", they are hosted in nginx (meant to face the WAN, subdomained and not port forwarded) with fail2ban setup for custom filtering, and beyond that are proxied through cloudflare and their filtering for ddos etc. Most of my services are behind htpasswd hashed/salted pw's or ldap (right now just htpasswd for the local site), and the ones that arn't use token logins like plex, overseerr, etc. I'll be ok :)
The choice of router doesn't do much as most if not all home routers these days have built-in firewalls enough to block most intrusions on network without open ports. If self-hosting a website at home then make sure to secure the two web hosting ports (TCP port 80/443) with UFW, Fail2Ban, or even Port Knocking on for ex. Linux. Don't forward but limit access (locally) to SSH port. Encrypt your DNS (DoH, DoT, etc.) at home by running either AdGuard Home or Pi-hole.
Proxy DNS via Cloudflare & make sure to use full (strict) end-to-end SSL encryption (DNSSEC enabled). Also, use stronger security headers & SSL encryption parameters (minimum TLSv1.2, SSL ciphers, stapling & ECDH curve, etc.). Use a software firewall on your websites such as Wordfence, Sucuri, or BBQ Pro on Wordpress.
Don't overkill with your network setup. If you're just gonna be running a website that serves primarily cached & preloaded static pages then no use spending hundreds of dollars for it. Even a wireless Rasp. Pi Zero W is an overkill for such a setup.