←back to thread

Self-Hosting like it's 2025

(kiranet.org)
221 points finnlab | 1 comments | 01 Apr 25 10:11 UTC | HN request time: 0s | source
Show context
0xEF ◴[01 Apr 25 11:51 UTC] No.43545644[source]
I love the idea of self-hosting, especially since I keep a number of very tiny websites/projects going at any given time, so resources would not really be too much of an issue for me.

What stops me is security. I simply do not know enough about securing a self-hosted site on real hardware in my home and despite actively continuing to learn, it seems like the more I learn about it, the more questions I have. My identity is fairly public at this point, so if I say the wrong thing to the wrong person on HN or whatever, do I need to worry about someone much smarter than me setting up camp on my home network and ruining my life? That may sound really stupid to many of you, but this is the type of anxiety that stops the under-informed from trying stuff like this and turning to services like Akamai/Linode or DO that make things fairly painless in terms of setup, monitoring and protection.

That said, I'm 110% open to reading/watching any resources people have that help teach newbies how to protect their assets when self-hosting.

replies(13): >>43545681 #>>43545687 #>>43545733 #>>43545739 #>>43546101 #>>43546191 #>>43546239 #>>43546265 #>>43546590 #>>43552531 #>>43555038 #>>43555405 #>>43556435 #
palata ◴[01 Apr 25 11:56 UTC] No.43545687[source]
I agree with this: I personally don't need tutorials for hosting stuff, rather tutorials about securing it properly.
replies(1): >>43545821 #
Aachen ◴[01 Apr 25 12:13 UTC] No.43545821[source]
Could you give an example of a guide that helped you self host a system or service by telling you how to do the security? One that shows what information would be missing from a regular setup tutorial?

I'm a security consultant so this is not a problem I have. To me it seems very straightforward and like most things are secure by default (with the exceptions being notorious enough that I'd know of it), so I'm interested in the other perspective

replies(2): >>43546857 #>>43547817 #
0xEF ◴[01 Apr 25 15:16 UTC] No.43547817[source]
I'm not the person you asked, but if some security researcher such as yourself needs a million-dollar service to sell, I'll offer that I would pay decent money for a webapp or something where I can list all the things in my stack or project and it spits out a list of known and possible vulnerabilities that I should check default configs for, update, patch, etc.

My thinking is this; if I'm willing to fork over dollars to a VPS hosting service for peace-of-mind, then paying for a service that helps me understand what I'm doing when it comes to self-hosting should also be on the table as an alternative.

That said, I have no idea how viable of a business model that would be, or if it would even be able to be developed and upkept with reliable info. Or, maybe it already exists, but on an enterprise level that I cannot afford for some dumb little blogs.

replies(1): >>43551860 #
1. Aachen ◴[01 Apr 25 22:11 UTC] No.43551860{3}[source]
The CVE database is free. Or maybe NVD are the ones publishing this mapping of CVEs to software packages and versions, but either way, a site like cvedetails will give you this information. I'm less sure where you could subscribe to these for all software thingies you run (maybe cvedetails already has that)