this post was submitted on 13 Aug 2025
64 points (98.5% liked)

Selfhosted

59939 readers
285 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
64
Securing a 'public' service for family (lemmy.world)
submitted 10 months ago* (last edited 10 months ago) by IanTwenty@lemmy.world to c/selfhosted@lemmy.world
37 comments fedilink hide all child comments
 

Edit: thanks for all your help and replies, this is a such a great community!

I would like to host a public service for some family, probably Peertube so we can share some videos. Invite only.

There's no way I'm going to get everyone onto a VPN, it's a non-starter though I would prefer it.

I am thinking to use a VPS with anubis and either crowdsec or fail2ban (or both?!) in front of Peertube. Will apply as much hardening as I can muster behind that: things in containers, systemd hardening, SELinux/Apparmor enabled/tuned, separate users for services, the usual. All ports shut except 80/443, firewall up.

Despite all this I expect it will get scanned and attacked as it will have to expose ports 80/443 to the world so for family it will just work.

Is there anything else I should consider for security? Is Peertube the weakest link in the chain? (a little concerned their min password length is 6 it seems and no 2fa). So long as I keep whole thing up-to-date is it as secure as anybody can manage these days (without resorting to VPN)?

Is it all too much hassle and I should look for a company that offers hosted Peertube so they can worry about it?

Thanks for any and all advice.

you are viewing a single comment's thread
view the rest of the comments
[–] cantankerous_cashew@lemmy.world 2 points 10 months ago (1 children)

unethical life pro tip, but you can use the free tier of Cloudflare tunnels + Access to accomplish this. While technically against the ToS, I have been doing this with jellyfin for an over a year now, I don't cache anything, and my overall bandwidth usage is low it's probably not very noticeable. If I get banned at some point I'll just create a new free account ¯\_(ツ)_/¯

[–] KairuByte@lemmy.dbzer0.com 3 points 10 months ago

How is it against the ToS? I’ve never bothered to look that deeply into their rules, but this is exactly what I do now >.>