view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Cool idea. Just be aware, that there are a lot of shady people out there. I'm not sure I would publicly host services, which rely on tight security (like Vaultwarden). They will come and they will probe your system and it's security!
You might also want to remove Dockge from Uptime Kuma, no need to broadcast that publicly.
Yeah seeing all the attack vectors opened here freaks me out
Thank you for pointing these things out! I've removed Dockge from Uptime Kuma.
Let me know if you need any help with that. I'm still a beginner, but have used the last few months to learn about cyber security. It can be a daunting subject, but if you get the basics right, you're probably good. I also hosted without a care for years and was never hacked, but it can/will happen. Here are some pointers!
Get or use a firewall. Iptables, UFW and such are probably good enough. I myself use OPNsense. It can be integrated with Crowdsec, a popular intrusion prevention system. This can be quite a rabbit whole. In the end, you should be able to control who goes where in your network.
Restrict ssh access or don't allow it at all via internet. Close port 22 and use a VPN, if needed. Don't allow root access via Ssh, use sudo. Use keys and passphrase login for best security.
Update your stuff regularly. Weekly or bi-weekly, if you can.
Use two factor authentication, where possible. It can be a bit annoying, but improves things dramatically. Long passwords help to, I use random-word-other-word combinations.
If you haven't, think of a backup strategy. 3 redundant copys on 2 media, one off site.