We shall Self-Host
Domain - Reverse Proxy- Security Self-Hosting is fun but remember to be careful out there. Follow these minimum guidelines. DNSSEC, SSH Firewall and other things to set up
The scary but interesting step
Installing the fundamental services
You can not have more then one service on a port - FACT.
You can have many services on the same port in a server - FACT.
Domain First of all we need to spend some euros to buy a domain name.
I use Namecheap, but shop around for the best deal There is usually two prices: 1. year and renewal, check both to see which is the cheapest.
Then sign up for a free Cloudflare account and set the DNSSEC and SSL/TLS I use Full (strict) using Origin Certificates, set all other parameters following their excellent guides and some common sence.
Networks our ISP is what it is but we can set up our own firewalls - and we will set up them every ware. We will only open the needed ports all other we drop. We use SSH and keys to sign in to VM's. We always use a non root user to operate the VM's. We lock the access to local network only for SSH. Setting up a tunnel would be safe - no port open at all.
Reverse Proxy. We need a reverse proxy to send users on port 443 (HTTPS) to these services running on port 80 (HTTP) infograph.example.com to service info-graph, www.example.com to service www and info.mysite.io to service mysite ...
Use authentication like Authelia and 2FA.
And that is not all -we do it using Let's encrypts certificates!
Security
The www is more like a Wild West for Weirdos. Anything goes and there are many bad and sic people out there. We need to be alert! We need to secure the VM !
What shall we do to be secure:
- We will not open ports
- We use signed HTTPS (not self signed)
- We use strict firewall rules
- We read the logs
- We use keys with ssh
- No root login to the VM
- No password login to the VM
- We use Fail2ban or CrowdSec
- Use DuckDuckGo - Search engine to protect your privacy
- Use secure Browsers that respects your privacy - Vivaldi, Firefox ...