←back to thread

Self-Hosting like it's 2025

(kiranet.org)
221 points finnlab | 5 comments | 01 Apr 25 10:11 UTC | HN request time: 0.415s | source
1. aborsy ◴[01 Apr 25 12:06 UTC] No.43545751[source]
I can self host many applications, but their security must be outsourced to a company. I don’t have time to keep on top of vulnerabilities.

Cloudflare Tunnels is a step in the right direction, but it’s not end to end encrypted.

The question is then, how to secure self hosted apps with minimal configuration, in a way that is almost bulletproof?

replies(2): >>43545854 #>>43546213 #
2. Aachen ◴[01 Apr 25 12:18 UTC] No.43545854[source]
> security must be outsourced to a company. I don’t have time to keep on top of vulnerabilities.

If the software you host constantly has vulnerabilities and something like apt install unattended-upgrades doesn't resolve them, maybe the software simply isn't fit for hosting no matter what team you put on it. That hired team might as well just spend some time making it secure rather than "keeping on top of vulnerabilities"

replies(2): >>43546306 #>>43547318 #
3. interloxia ◴[01 Apr 25 12:53 UTC] No.43546213[source]
I don't need public access to my stuff so my strategy is to use zerotier taking care that services are only able to use the virtual network.

It's easy to manage and reason about.

4. aborsy ◴[01 Apr 25 13:02 UTC] No.43546306[source]
The concern is zero days. There are probably lots of easy zero days, patched across a host of software, once discovered in one.

The solution is a secure software in front. It could be Wireguard, but sometimes you don’t know your users or they don’t want to install anything.

5. nijave ◴[01 Apr 25 14:38 UTC] No.43547318[source]
There's only a handful of web apps packaged in the OS repo. Even wildly popular software like WordPress and Drupal you need to use their built in facilities or manually apply outside the OS update manager