Selfhosted

40113 readers

851 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

How can I keep my forwarded port secure? (kbin.earth)

submitted 2 months ago by strawberry@kbin.earth to c/selfhosted@lemmy.world

67 comments fedilink hide all child comments

I just setup a minecraft server on an old laptop, but to make it acessible i needed to open up a port. Currently, these are the ufw rules i have. when my friends want to connect, i will have them find their public ip and ill whilelist only them. is this secure enough? thanks

`Status: active

To Action From

22/tcp ALLOW Anywhere Anywhere ALLOW my.pcs.local.ip`

also, minecraft is installed under a separate user, without root privlege

(page 2) 20 comments

sorted by: hot top controversial new old

[–] Decronym@lemmy.decronym.xyz 2 points 2 months ago* (last edited 2 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters	More Letters
DNS	Domain Name Service/System
IP	Internet Protocol
SSH	Secure Shell for remote terminal access
SSO	Single Sign-On
TCP	Transmission Control Protocol, most often over IP
VPN	Virtual Private Network
VPS	Virtual Private Server (opposed to shared hosting)

7 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.

[Thread #959 for this sub, first seen 8th Sep 2024, 20:35] [FAQ] [Full list] [Contact] [Source code]

[–] StrawberryPigtails@lemmy.sdf.org 1 points 2 months ago (4 children)

The simplest way to do this, is to put the server on a private vpn (I use Tailscale, there are others) and expose ports only to the vpn. Then you share access to the vpn with your friends.

With Tailscale, this is as simple as sending them a share link for the host. They will need to have an account at Tailscale, and have the client running, but they will then be able to access the host with a static ip address.

As a general rule of thumb, nothing should be exposed to the public internet unless you want that service to be public access and then you need to keep it up to date. If a vulnerability doesn’t currently exist for the service, one will sooner rather than later. SSH, especially password only ssh, can be broken into fairly easily. If you must expose ssh to the public internet for whatever reason, you need to be using IP white lists, password protected keys, change the default port, and turn off service advertisements and ping responses. I’m probably missing something. When someone scans your server randomly, they should see nothing. And if they fail login they should be ip blocked.

load more comments (4 replies)

[–] mfat@lemdro.id 1 points 2 months ago

Noob here can you please explain what the 2nd line does? Thanks!

load more comments