this post was submitted on 01 Apr 2025
73 points (96.2% liked)

Selfhosted

45448 readers
259 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
73
Risks of self-hosting a public-facing forum? (lemmy.radio)
submitted 3 days ago* (last edited 11 hours ago) by early_riser@lemmy.radio to c/selfhosted@lemmy.world
64 comments fedilink hide all child comments
 

I've wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.

Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.

I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can't communicate with each other.

I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don't anticipate a crush of people.

I know the basics of how to set up a NodeBB instance, and I've successfully backed up and restored an instance on another machine.

I'm not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that's it.

Anything else I should know? Thanks!

EDIT:

I also have a domain, a couple of them, actually. They're like potato chips; you can't stop at just one.

I don't plan on self-hosting email used for forum registration and announcements. I'm not a masochist.

EDIT for future readers:

I think for now I'm not going to self host anything I intend to be accessed by the public. While I pay the internet bill, my name is on the account, and I own all the equipment, I'm not the only member of this household, so it would be somewhat inconsiderate of me to share our bandwidth with public traffic. In general I think those warning against self-hosting resources one intends to be accessed by the general public are pretty sound.

I tried the Cloudflare tunnel suggestion, but it doesn't seem to play nice with NodeBB. I can access the forum, even over HTTPS, but I can't log in. Some quick googling leads me to believe it has something to do with web sockets. The first fix I found involves exposing my IP, which defeats the purpose of using a cloudflare tunnel. There may be a way around it, but I frankly can't be bothered.

(page 2) 14 comments
sorted by: hot top controversial new old
[–] 3dmvr@lemm.ee -2 points 2 days ago* (last edited 2 days ago) (10 children)

Its so cheap to just get a vps from a littlecreekhosting deal, I checked them all on lowendtalk and its the cheapest for highest specs, you do have to comment your invoice to double ram, but its 4 core 8gb ram for 3.50 a month and 8core 16gb 7$ cogent amd epyc, and solid ssd space 140-160 idr exactly, they have multiple deals posted, the one with the prices I mention is the best one, they also had windows vps deals. Spent way too long testing hella, its not the best ping out there for me since I'm fairly far but I'm not hosting gameservers so its a non issue.

There are many other deals on lowendtalk but they are typically for way less resources or way more expensive for a lot more resources

load more comments (10 replies)
[–] RagingHungryPanda@lemm.ee 2 points 3 days ago

I have dynamic dns through cloudflare that provides a proxy ip address for me in addition to some protections.

After that I use a reverse proxy to route specific domain names to services. My router is set up to forward only ports 80 and 443 to that reverse proxy, so there's a good layer of safety there. There could be a weakness on the router, but at this point traffic is pretty limited.

After that, at least for your service, if you can have some control or throttling of signings and be more selective about who you let in, then that could help.

I say do it. Sure there's risk someone could put something on there you don't want, but I wouldn't say it's big enough to not do it.

[–] bjoern_tantau@swg-empire.de 2 points 3 days ago

Try to automate updates as much as possible so that new security bugs get fixed quickly.

[–] rice@lemmy.org 0 points 3 days ago* (last edited 3 days ago) (1 children)

Do it.

There's really not much that can end badly, someone gets in your network (unlikely anyone even knows it exists)? reformat all your shit. Just by knowing what a DMZ is you are already more qualified than half the people I've met self hosting

do you run a business out of your house? do you run a bunch of peoples personal info? does anyone else? If you answered no to all of these then there really isn't much that can "go wrong" you can just unplug your shit.

hosting email also isn't that big of a deal but your home ISP will block port 25, you need to have a "business" one for them to unblock it and even then sometimes have to directly request it. Things like mailcow docker make it dead easy.

and yea as the other guy said always update your stuff

[–] Onomatopoeia@lemmy.cafe 1 points 3 days ago (1 children)

Scans for open ports run continuously these days.

Ten years ago I opened a port for something for a couple days - for months after that I was getting regular scans against that port (and others).

At one point the scans were so constant it was killing my internet performance (poor little consumer router had no defense capability).

I don't think the scans ever fully stopped until I moved. Whoever has that IP now probably gets specifically scanned on occasion.

And just because you don't run a business doesn't mean you have nothing to lose.

DMZ should be enough... But routers have known flaws, so I'd be sure to verify whatever I'm using.

load more comments (1 replies)
[–] poVoq@slrpnk.net -1 points 3 days ago

Well, obviously if you host from your home ISP, people will be able to figure out your home's approximate location via a reverse IP search.

But otherwise go for it. It's not that hard to do and a nice learning experience.

load more comments
view more: ‹ prev next ›