[Newark] Looking for recommendations: VPS, domain and whether it's worth it?
Richard M Eggleston
Richard at richardeggleston.co.uk
Sun Mar 7 13:53:31 UTC 2021
Hi All
As a relative newbie, I have had a bit of success doing exactly what Craig asked on fully self hosted servers..
These servers are redundant Dell SFF PCs picked up from eBay for about 75-80 a throw There are 3 of them
I install Ubuntu (Thats my drug of choice) and then run them on my own network.
The services I run are
Nextcloud, cloud server
ZonemInder CCTV
SickGear TV Torrent snatcher
HomeAutomation which runs the IOT
Wekan ( A Trello-like Kanban board)
Bitwarden Password manager
A Plex Media Server
I have a couple of domains, and run each service as a subdomain (So nextcloud runs on nc.example.com <http://nc.example.com/>, zone minder runs on zm.example.com <http://zm.example.com/> )
All of the web traffic is redirected to my home IP address and the port 80 & 443 traffic is forwarded by the router 192.168.0.1 to 192.168.0.7 which runs apache2 and I use as a web-proxy, directing the appropriate sites further downstream
(I actually drop all port 80, plain http traffic and only allow https, and use free certificates given by lets encrypt using their certbot)
IMHO this has a couple of advantages
1) My data on my hardware
2) No/Low costs after initial outlay
And a couple of downsides
1) It can be time consuming to set up
2) It is vulnerable to hardware failure
I think 1 is a feature not a bug, what else am I doing during lockdown, and 2 can be ameliorated by a backup regime, either automatic or manual
If someone breaks in, was a question that I asked myself and came to the conclusion that most of the stuff I want to run is fairly secure out of the box, It is run behind https and firewalls, and teh greatest weakness of mine or any other systems is weak or reused passwords
Can this be done on VPS, yes, but I would suggest that doing it yourself is an excellent learning experience
If you contact me direct I am happy to let you have a look
Cheers
Richard
> On 6 Mar 2021, at 18:15, Craig Lynch via Newark <newark at mailman.lug.org.uk> wrote:
>
> There are a considerable amount of questions to read and consider here so grab a cuppa…
>
> I've been thinking about how to 'de-google' and 'un-facebook' oneself for a while now. As days pass and the extent to which on-line privacy invasion continues, I feel it is time I should do something about it for myself.
>
> I've seen a few videos and read articles on how to easily set up one's own VPS and such from the likes of these:
>
> * https://videos.lukesmith.xyz/videos/watch/591bf5dd-b02f-40f7-a2cc-b4929c52cb51 - Luke Smith setting up a VPS with a web server and mail-wizard in one take.
> * https://www.youtube.com/watch?v=dDddKmdLEdg - A walk through of installing Synapse+Riot+Jitsi from scratch on Debian.
> * https://join.lemmy.ml/docs/en/administration/administration.html - Information for setting up a Lemmy instance.
>
> just to scratch the surface of my browsing on the subject.
>
> Are there risks to running all of these together in a VPS for my own use? Of course, staying on top of it is the challenge, right?
> Maintaining such a server, (that would perhaps do all of these things for me) could be challenging for a number of reasons, primarily staying on top of security updates (I imagine that this can be easily automated), and secondarily, if I break it, I get to keep both pieces and finally the eternal worry of,
> "What if someone breaks in?"
> One will always be concerned about the data being stored on Someone Else's Computer™, since of course, that's part of why we're looking at this, and to that end, is it feasible to self host? Surely it can't be that traumatic to set up a personal server along with the DDNS requirement ?
> Modern consumer routers from ASUS and tp-link to name a couple (not a recommendation of either) seem to have DDNS services available within their firmware and as such, reaching a server on your home network can be easily achieved.
> Can one sensibly configure this such that a web facing server is kept separate from one's home network and 'the Internet' isn't let in?
>
> It seems there are ways to reduce the noise of people attempting to break in too:
>
> * https://withblue.ink/2016/07/15/stop-ssh-brute-force-attempts.html
> * https://www.techrepublic.com/article/how-to-block-ssh-attacks-on-linux-with-denyhosts/
> * https://fedoramagazine.org/protect-your-system-with-fail2ban-and-firewalld-blacklists/
>
> So, I ask for comment, is it worth it? Is it freeing to be in control of your own server and your data?
> Should one even bother with a server at all for IM and try to use something decentralised like jami:
> * https://jami.net
> and encourage others to do the same?
> There seems to be a million-and-one VPS and domain providers out there with all sorts of options to choose from; are there any particular VPS providers that you've had good experience with?
> If you have done this yourself already, what are your experiences of the set up, is it really as simple as the videos and such describe to do this in a truly secure manner?
> What about backup? Should one do this with the intent of backing it up from home, downloading from it regularly?
> Once things are locked down in terms of configuration, does the worry of break-ins become, less?
>
> Let me know what you think,
>
> C.
>
> --
> Newark mailing list
> Newark at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/newark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/newark/attachments/20210307/7f1dba54/attachment.html>
More information about the Newark
mailing list