←back to thread

Self-Hosting like it's 2025

(kiranet.org)
221 points finnlab | 2 comments | 01 Apr 25 10:11 UTC | HN request time: 0s | source
Show context
0xEF ◴[01 Apr 25 11:51 UTC] No.43545644[source]
I love the idea of self-hosting, especially since I keep a number of very tiny websites/projects going at any given time, so resources would not really be too much of an issue for me.

What stops me is security. I simply do not know enough about securing a self-hosted site on real hardware in my home and despite actively continuing to learn, it seems like the more I learn about it, the more questions I have. My identity is fairly public at this point, so if I say the wrong thing to the wrong person on HN or whatever, do I need to worry about someone much smarter than me setting up camp on my home network and ruining my life? That may sound really stupid to many of you, but this is the type of anxiety that stops the under-informed from trying stuff like this and turning to services like Akamai/Linode or DO that make things fairly painless in terms of setup, monitoring and protection.

That said, I'm 110% open to reading/watching any resources people have that help teach newbies how to protect their assets when self-hosting.

replies(13): >>43545681 #>>43545687 #>>43545733 #>>43545739 #>>43546101 #>>43546191 #>>43546239 #>>43546265 #>>43546590 #>>43552531 #>>43555038 #>>43555405 #>>43556435 #
UK-Al05 ◴[01 Apr 25 12:58 UTC] No.43546265[source]
Isn't 95% of it just blocking every port except the service you want to expose, and then making sure everything is up to date and the service is built in a secure way.

WAF's etc just hide the fact the code in your service is full of holes.

replies(1): >>43547852 #
1. sceptic123 ◴[01 Apr 25 15:19 UTC] No.43547852[source]
What's the 5% that's not blocking ports for services you want to expose?

Ensuring your infra is built in a secure way is as important as ensuring your service is built in a secure way.

replies(1): >>43551171 #
2. majewsky ◴[01 Apr 25 20:48 UTC] No.43551171[source]
Part of it is that you may get (D)DoSed and then your ISP may be any amount of pissed at you for taking on significant ingress traffic on a residential network.