Hi, you guys might know me from these three posts. After reading all of the comments, I’ve decided to purchase a Mini PC to host public instances of privacy-respecting services.

I’m here to bring some good news: I got it working perfectly! You can visit reallyaweso.me today and get a list of services that I’m hosting!

All services are deployed via Docker and proxied through Cloudflare. You might ask: “Why Cloudflare?”. It’s because I can’t port forward things on my home network. It really sucks that I’m depending on Cloudflare to do the port forwarding for me, but it is what it is.

If you want me to host a specific service that you want, feel free to comment on this post!

I would really appreciate it if you guys could checkout some services that I’m hosting, as I don’t know if everything went smoothly or not. Thank you guys so much for helping me on this journey!!

  • @[email protected]
    link
    fedilink
    English
    48
    edit-2
    8 months ago

    Cool idea. Just be aware, that there are a lot of shady people out there. I’m not sure I would publicly host services, which rely on tight security (like Vaultwarden). They will come and they will probe your system and it’s security!

    You might also want to remove Dockge from Uptime Kuma, no need to broadcast that publicly.

    • @TrickDacy
      link
      English
      258 months ago

      Yeah seeing all the attack vectors opened here freaks me out

      • @[email protected]
        link
        fedilink
        English
        14
        edit-2
        8 months ago

        Let me know if you need any help with that. I’m still a beginner, but have used the last few months to learn about cyber security. It can be a daunting subject, but if you get the basics right, you’re probably good. I also hosted without a care for years and was never hacked, but it can/will happen. Here are some pointers!

        Get or use a firewall. Iptables, UFW and such are probably good enough. I myself use OPNsense. It can be integrated with Crowdsec, a popular intrusion prevention system. This can be quite a rabbit whole. In the end, you should be able to control who goes where in your network.

        Restrict ssh access or don’t allow it at all via internet. Close port 22 and use a VPN, if needed. Don’t allow root access via Ssh, use sudo. Use keys and passphrase login for best security.

        Update your stuff regularly. Weekly or bi-weekly, if you can.

        Use two factor authentication, where possible. It can be a bit annoying, but improves things dramatically. Long passwords help to, I use random-word-other-word combinations.

        If you haven’t, think of a backup strategy. 3 redundant copys on 2 media, one off site.