Selfhosted

59939 readers

274 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam.
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
Submission headline should match the article title.
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

Securing a 'public' service for family (lemmy.world)

submitted 10 months ago* (last edited 10 months ago) by IanTwenty@lemmy.world to c/selfhosted@lemmy.world

37 comments fedilink hide all child comments

Edit: thanks for all your help and replies, this is a such a great community!

I would like to host a public service for some family, probably Peertube so we can share some videos. Invite only.

There's no way I'm going to get everyone onto a VPN, it's a non-starter though I would prefer it.

I am thinking to use a VPS with anubis and either crowdsec or fail2ban (or both?!) in front of Peertube. Will apply as much hardening as I can muster behind that: things in containers, systemd hardening, SELinux/Apparmor enabled/tuned, separate users for services, the usual. All ports shut except 80/443, firewall up.

Despite all this I expect it will get scanned and attacked as it will have to expose ports 80/443 to the world so for family it will just work.

Is there anything else I should consider for security? Is Peertube the weakest link in the chain? (a little concerned their min password length is 6 it seems and no 2fa). So long as I keep whole thing up-to-date is it as secure as anybody can manage these days (without resorting to VPN)?

Is it all too much hassle and I should look for a company that offers hosted Peertube so they can worry about it?

Thanks for any and all advice.

you are viewing a single comment's thread
view the rest of the comments

[–] rtxn@lemmy.world 10 points 10 months ago (1 children)

Bro is also concerned about attacks on exposed well-known ports, in which case bro can use Tailscale Funnel to expose a service without exposing a port. Besides, bro can make up bro's own mind.

[–] IanTwenty@lemmy.world 3 points 10 months ago

Hey thanks for this. Yep I've got too many users and most are not technical so it's just a huge headache to get them all onto VPN not matter how simple. That said I'd consider tailscale/funnel for other projects and it's always good to hear what others are using.