jason

This is 100% the way to go. I spun up a new server for a public-facing site on my VPS and I wondered if I really needed fail2ban. Within ten minutes of setting it up it had already blocked four people.

Don’t open port 22 if you can help it. Use it on your local network and VPN in if you need to use it offsite.

I had to delete the directory and make sure the file existed and was named what it should be named, but then it worked. But yeah, should be a file.

Not sure if you can see this since beehaw defederated us, but just add/edit the following in your settings.yml file in the searxng folder. The following redirects only reddit & twitter:

enabled_plugins:
   - 'Hostname replace'

hostname_replace:
#   '(.*\.)?youtube\.com$': 'invidious.example.com'
#   '(.*\.)?youtu\.be$': 'invidious.example.com'
#   '(.*\.)?youtube-noocookie\.com$': 'yotter.example.com'
   '(.*\.)?reddit\.com$': 'teddit.net'
   '(.*\.)?redd\.it$': 'teddit.net'
   '(www\.)?twitter\.com$': 'nitter.net'
#   # to remove matching host names from result list, set value to false
#   'spam\.example\.com': false
   '(.*\.)?pinterest\.com': false
   '(.*\.)?instagram\.com': false

It would have to be a domain you actually own

Here’s a script to do it with several different DNS providers: https://github.com/acmesh-official/acme.sh I personally set the renew as a weekly cronjob and never have to think about it.

I use a reverse proxy so I can just use a hostname and not need a port. I run Jellyfin that way no problem, function-wise.

Additionally, not having a domain won’t necessarily protect you since you do have people out there scanning for ports and when they see 8096, they’re going to immediately know it’s a Jellyfin/Emby server and any vulnerabilities associated with those. If you use a reverse proxy, they only see 443 which is…pretty much every other site on the internet. That’s security through obscurity, I know, but it will help mitigate some of the easier attacks.

I’ll say that everything I have to have a port open for (mostly game servers) gets targeted by the internet at large despite the fact that I’ve published the address and port absolutely nowhere online and only shared it with close friends. I almost never get anyone trying to log in to my other services.

I have almost this exact setup (paperless-ngx on a LUKS encrypted drive, but mine is running on a VM in Proxmox) and I feel pretty good about the security. That being said, I only have it running on my home network and use a WireGuard VPN if I need to access it remotely. I can’t say I would feel as comfortable if I just had it open to the internet. Like, it’s probably ok, but then you’re relying on Paperless being your first and last line of defense.

Ghost is self-hostable, easy-to-use, and looks beautiful. (Good) themes are usually a one-time payment, and they definitely have photoblog ones.

I use both Ghost and Wordpress for my sites and, while it’s not as infinitely customizable as Wordpress, Ghost is also not as needlessly complex, vulnerable, or time-intensive.

I found I was using Wallabag as a bookmark manager so I installed Linkding and use it constantly, now. Different strokes, I guess.

Oh totally. It wasn’t a knock at the software at all. In fact. I’m surprised by how well this works as a drop-in replacement for Reddit for me and both Lemmy and Kbin are solid.

The reason I asked was that, with my single-user Mastodon instance, likes/boosts and comments are nearly always incomplete on my server just because of the way federation works. I was just wondering if that was something smaller instances had to deal with in perpetuity or if it was just a one-off issue that happened at the start.

The OP commented below saying that comments appeared to be loading instantaneously after that initial hiccup.

haha better than the 12GB and rising of my single-user Mastodon instance. And this is with deleting my media cache every night.

Do the comments ever load reliably? For me that would be a dealbreaker...