I’ve wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.
Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.
I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can’t communicate with each other.
I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don’t anticipate a crush of people.
I know the basics of how to set up a NodeBB instance, and I’ve successfully backed up and restored an instance on another machine.
I’m not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that’s it.
Anything else I should know? Thanks!
EDIT:
I also have a domain, a couple of them, actually. They’re like potato chips; you can’t stop at just one.
I don’t plan on self-hosting email used for forum registration and announcements. I’m not a masochist.
You don’t need to put the server in the DMZ, just port forward port 80 and 443. Most routers these days ignore all requests to ports that aren’t open. And stick it behind Cloudflare, so you don’t have to expose your IP. Cloudflare also allows you to generate SSL certs that are good for a decade.
generating a decade long cert is a terrible idea.
what if a malicious actor gets your private keys and can spoof you now?
you’re fucked unless you work through the vendor to blacklist that cert, which is a huge pita.
certs should be done yearly at most. quarterly at best.
Plus certbot and acme easily auto renew the certs.
Yeah, it’s a huge PITA to just, you know, click the button to generate a new cert and revoke the old one.
amateur.
you’re going to get fucked by doing that one day, and it’s going to be months or longer before you realize it.
I just hope you’re not responsible for an actual business with poor security practices like that.
You’re just not a pleasant person, are you? Every time you’ve replied to one of my posts, it’s to be a twatwaffle.
An ignorant twatwaffle, considering you obviously have no idea how Cloudflare certs work. Which ends up making me look like I’m smarter than I really am, so thanks!
says the self proclaimed anarchist that fights for…civil rights? they teach you that at the anarchist meetings?
now I know for sure, you’re just trying very hard to act intelligent but have no idea what you’re actually doing.
now I feel bad for arguing with a child.
Well, if you were so smart yourself, you would know the Cloudflare certs aren’t for public use. The certs your site uses to communicate with the user are shared among multiple Cloudflare users, and aren’t accessible to anyone but Cloudflare. You can’t generate, revoke, view, or download them. The decade long certs you generate are for communication between your origin server and Cloudflare, they aren’t exposed to the public internet. If you use an Argo tunnel, which many selfhosters do, they’re used for the secure VPN tunnel between yourself and Cloudflare. Since all your traffic comes from Cloudflare, a smart user would whitelist those IPs and ignore web traffic from everything else if they weren’t going to use a tunnel. Even if someone got ahold of them, which is unlikely, they wouldn’t do anyone any good, because they would need access to your Cloudflare account as well to change the origin server.
But then, you aren’t so smart yourself. You’re just some random nobody on the internet that decided to start using their arsehole for speaking. And as is typical in such a situation, everything you say reeks of shit.
Now, do you want to continue embarrassing yourself? Because you’re not hurting my feelings by doing so.
I don’t use shit-tier products like cloudflare so I don’t bother knowing what their product line is or what it does.
not knowing how a platform specific product works doesn’t dictate intelligence.
also, in your original comment you said “SSL cert” and never mentioned it was a platform specific cert.
be clear when you say shit and people won’t misunderstand you and treat you like a fucking moron.
Obviously, when name Cloudflare specifically more than once, it can be so hard to tell which platform I mean. It’s an easy mistake to make if you don’t know how to read.
No, but using hostility as a way to distract from when you’ve gone and made yourself look like an idiot is certainly a defense commonly used by, as you put it, “fucking morons”. Now, is there any other pearls of wisdom you want to offer us, Mr. Trump, or was your eternally youthful ardor spent on that one emission?