Howdy
by Piotr Romanowski
Hello lovely people of HBSC!
Somehow I came across your website and I really liked the idea of my own
server. In fact I am planning to replace the social media with something of
my own website, like in the good old days :)
Fast forward to now, I have my own raspberry pi connected to the net,
running an nginx which hosts my very own page. I set up a domain with
CloudFlare as my DDNS provider, all looks fine.
Now, this is were things got a bit scary for me. In my access logs I
noticed I have some bot traffic, which reminded me of the necessity of
securing the website. Nothing special, just some scanning for known
vulnerabilities which resulted in nice 400 errors in log files.
I followed this guide:
https://geekflare.com/nginx-webserver-security-hardening-guide/
which basically means I have an SSL certificate from Let's Encrypt, removed
unwanted HTTP methods, I added some HTTP headers to prevent XSS attacks,
then I set up UFW on the drive to only accept traffic on ports 22 and 80.
Now, my question is, how far do you go as far as security is concerned? How
secure is this whole home server thing? Should I take any web security
courses to do this? What is your approach?
Best regards,
Piotr Romanowski
3 months
Re: Hi all!
by Dave Nelson (dave@dalek.zone)
Hi, Ryan. If you want to migrate your server filesystem from hard system
to hard system, then I guess a VM is the only solution.
Yes, I guess registrars are unavoidable, although there are a couple of
free registrars out there if you're not fussy about what the domain name
is... But I'd say that Namecheap is the cheapest one I've seen and gives
you total freedom.
Cloudflare is free for a little personal blog. But another good DNS
service that would be free for a single-zone usage is Zonomi.com...
Zonomi also offers the ability to host a home-based server on a floating
IP address, via a Linux utility script (or executable, I don't remember)
which you host on your Linux box and that keeps Zonomi updated with your
current IP address.
I watched some of your Europe 360 video... Looks like it was fun. Have
you ever tried couchsurfing.com? (When/if the world gets back to being
travelable again...)
---
All the best,
Dave
On 2020-05-06 10:27, Ryan Jacobs wrote:
> Hi Dave,
>
> I chose to use a VM because I wanted to separate my "machine" from the
> physical hardware. Migrations are a lot smoother when the whole image
> is
> a single file. Additionally, the network throttling works flawlessly. I
> have the uplink and downlink both set to 10 Mbit/s.
>
> Here's what my domain / IP stack looks like:
>
> * Bought the domain from Namecheap.com (I think registrars are
> unavoidable? Maybe there's a cool service where people email each
> other "domain-name.special -> IP address" mappings.)
>
> * Linked the nameserver record to Cloudflare (I liked their
> dashboard
> / API, but would prefer to move away from their DNS if possible. I
> don't use their proxy service anymore either.)
>
> * Bought a $3.50/month VPS from Vultr.com
> * The Vultr VPS runs FRP (https://github.com/fatedier/frp)
> (I can post configs if people are interested. I use it to relay
> both raw SSH/TCP traffic as well as proxied HTTP/S requests on
> Port 80/443. My internal VPSs are run on KVM and all the traffic
> is tunneled through this Vultr box, so it *almost* looks like
> they
> are public nodes. I have to manually open ports though.)
>
> I've been playing around with `erldns`. Once I'm confident with using
> it, I'll add it as high priority nameserver -- (clients will fallback
> to
> Cloudflare's NS if I happen to bork `erldns`.)
>
> I really, really would like to go 100% self-hosted. I think you're
> right
> about the rarity of DDOS attacks against me though. It's just that I
> live in a house with 4-5 roommates and I would feel god awful if our
> ISP
> connection got hammered because I exposed our IP address.
>
> -- Ryan
>
> On 5/5/20 2:02 PM, Dave Nelson (dave(a)dalek.zone) wrote:
>> Why are you running your server in a VM? You could install Linux and
>> safely expose the server to the world. What solution are you using to
>> present your floating IP via a domain name or subdomain name? If you
>> have a floating IP, you needn't really worry too much about DOS
>> attacks.
>> They *are* possible but, in my own experience, they rarely happen if
>> you're not posting some extremely controversial content.
>>
>> ---
>> All the best,
>>
>> Dave
>>
>> On 2020-05-05 22:44, e via HBSC wrote:
>>> Hi Ryan and everyone else out there,
>>>
>>> I really like what you've done with your txt only blog. Definitiely
>>> an
>>> elegent and lightweight solution so I'm looking forward to reading
>>> through you're posts.
>>>
>>> e
>>>
>>>
>>> Ryan Jacobs writes:
>>>
>>>> Hi everyone,
>>>>
>>>> I saw your website on Hacker News a couple of days ago and thought I
>>>> would join your mailing list. I just moved my web hosting to
>>>> *almost*
>>>> 100% self-hosted. (I documented it here for those curious:
>>>> https://blog.notryan.com/009.txt)
>>>>
>>>> Anyways, how many people do you guys have?
>>>>
>>>> -- Ryan
>>>>
>>>> _______________________________________________
>>>> HBSC mailing list -- hbsc(a)we.lurk.org
>>>> To unsubscribe send an email to hbsc-leave(a)we.lurk.org
>>> _______________________________________________
>>> HBSC mailing list -- hbsc(a)we.lurk.org
>>> To unsubscribe send an email to
>>> hbsc-leave(a)we.lurk.org_______________________________________________
>> HBSC mailing list -- hbsc(a)we.lurk.org
>> To unsubscribe send an email to hbsc-leave(a)we.lurk.org
>>
3 months, 1 week
Hi all!
by Ryan Jacobs
Hi everyone,
I saw your website on Hacker News a couple of days ago and thought I
would join your mailing list. I just moved my web hosting to *almost*
100% self-hosted. (I documented it here for those curious:
https://blog.notryan.com/009.txt)
Anyways, how many people do you guys have?
-- Ryan
3 months, 1 week
