this post was submitted on 29 Dec 2023
111 points (96.6% liked)

Selfhosted

40086 readers
576 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I work in tech and am constantly finding solutions to problems, often on other people's tech blogs, that I think "I should write that down somewhere" and, well, I want to actually start doing that, but I don't want to pay someone else to host it.

I have a Synology NAS, a sweet domain name, and familiarity with both Docker and Cloudflare tunnels. Would I be opening myself up to a world of hurt if I hosted a publicly available website on my NAS using [insert simple blogging platform], in a Docker container and behind some sort of Cloudflare protection?

In theory that's enough levels of protection and isolation but I don't know enough about it to not be paranoid about everything getting popped and providing access to the wider NAS as a whole.

Update: Thanks for the replies, everyone, they've been really helpful and somewhat reassuring. I think I'm going to have a look at Github and Cloudflare's pages as my first port of call for my needs.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 25 points 10 months ago (3 children)

I know it's not technically "self" hosted but I'd get a cheap yearly VPS somewhere and run a webserver off of that.For me its worth the peace of mind to keep my network a temple instead of a bus terminal. I paid $13 usd for the year for mine

[–] [email protected] 8 points 10 months ago (1 children)

I believe Oracle is still offering to slice off a bit of compute for free that should accomplish OP's goal. I've used it to test a Jellyfin host among other things and for the price it can't be beat!

[–] [email protected] 0 points 10 months ago

I've been running a script every 60 seconds for 2 months now as a cron job and it still hasn't been able to create a VM in their US datacenter. I just have a log full of "insufficient host capacity" errors.

[–] [email protected] 3 points 10 months ago

+1 for VPS, the ionos ones are $2/mo and have unlimited bandwidth at 400mbps. That's basically the cost of electricity for a home server with orders of magnitude better reliability.

[–] [email protected] 2 points 10 months ago (2 children)

A VPS makes sense insofar as keeping things thoroughly isolated from my own systems, but the overhead of maintaining a box that's directly connected to the Internet like that isn't something I'm keen on and I'm not convinced I'd have the expertise to do it right from the outset.

[–] [email protected] 4 points 10 months ago* (last edited 10 months ago) (3 children)

Change the ssh port to something with 4-5 digits, disable ssh password Auth and use certificates only, don't expose any port other than ssh and 443.

If you're paranoid, use cloudflare as a proxy and set the VPS firewall to only accept incoming traffic from cloudflares ip list.

That's about it really.

[–] [email protected] 6 points 10 months ago* (last edited 10 months ago)

Changing port is security by obscurity and it doesn’t take much time for botnets to scan all of IPV4 space on all ports. See for example the ever updated list that’s available on Shodan.

Disable password login and use certificates as you’ve suggested already, add fail2ban to block random drive-bys, and you’re off to the races.

[–] [email protected] 2 points 10 months ago

The Oracle Cloud VPS only has SSH key authentication enabled by default. You can also set it to only allow SSH from your home IP in the virtual firewall before the machine is ever spun up.

Their current free ARM offering is 1 machine with 4-cores and 24gb RAM for life. You can also add another 2 AMD machines with 1-core and 1gb RAM and still be in their free-tier.

If you're going to set it up and take advantage of the ARM machine, make sure you pick a home location for your account that has multiple availability zones. San Fran right now only has 1 zone, so if the shared ARM instances are all used up, you'll have to wait a few days and try again. Phoenix I think has 3, so you can try with another zone right away.

[–] [email protected] 1 points 10 months ago

I guess I'm extremely paranoid then, my home IP doesn't change much and I just expose the port only to it from Oracle's site. I rarely touch mine though.

[–] [email protected] 1 points 10 months ago

I just restrict SSH to an internal VPN IP on all my servers (ZeroTier). 100% impossible to even try logging into them unless you've managed to crack into my network first.