this post was submitted on 02 Apr 2025
123 points (98.4% liked)

Selfhosted

60048 readers
835 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
123
What steps do you take to secure your server and your selfhosted services? (lemmy.selfhostcat.com)
submitted 1 year ago* (last edited 1 year ago) by ocean@lemmy.selfhostcat.com to c/selfhosted@lemmy.world
57 comments fedilink hide all child comments
 

Inspired by this comment to try to learn what I'm missing.

  • Cloudflare proxy
  • Reverse Proxy
  • Fail2ban
  • Docker containers on their own networks

Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?

you are viewing a single comment's thread
view the rest of the comments
[–] xcutie@linux.community 4 points 1 year ago

To add some points, that I do:

  • Proper logging: So I could realize something unusual is going on
  • rootless podman container: harder to escalate privileges and gain root
  • Apparmor: same, plus it could trigger suspicious log entries