this post was submitted on 25 Jun 2023
14 points (100.0% liked)

Selfhosted

40008 readers
669 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Any guides on how to host at home? I'm always afraid that opening ports in my home router means taking the heavy risk of being hacked. Does using something like CloudFlare help? I am a complete beginner.

Edit: Thanks for all the great response! They are very helpful.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago

Cloudflare yes. Even if you aren’t using tunnels it will help obfuscate your real ip. If you are hosting personal services you can also block access from countries you don’t expect to access them from.

Also it seems most bots scanning domains are checking www and the base domain url. I recommend pointing those at a vps or something like GitHub or substack if you don’t need it for something else.

Use a reverse proxy that 404s anything besides the subdomains you are actually using. Always use wildcard certs to avoid exposing subdomains and obfuscate your subdomains for common services to make them hard to guess.

Isolate your servers from the rest of your network with vlans if possible.

You will never be fully immune so all you can do is add more layers and roadblocks.