Risks of self-hosting a public-facing forum?
-
it's settled law that you are absolved of responsibility if you don't moderate.
You chose to ignore OP's point.
let’s stop pretending the law actually matters for the people in power.
-
You chose to ignore OP's point.
let’s stop pretending the law actually matters for the people in power.
i mean... we're talking about civil torts here, not constitutional law. i think you can still count on a court to throw this out even with a pro se defense.
-
generating a decade long cert is a terrible idea.
what if a malicious actor gets your private keys and can spoof you now?
you're fucked unless you work through the vendor to blacklist that cert, which is a huge pita.
certs should be done yearly at most. quarterly at best.
Plus certbot and acme easily auto renew the certs.
-
I've wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.
Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.
I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can't communicate with each other.
I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don't anticipate a crush of people.
I know the basics of how to set up a NodeBB instance, and I've successfully backed up and restored an instance on another machine.
I'm not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that's it.
Anything else I should know? Thanks!
Its so cheap to just get a vps from a littlecreekhosting deal, I checked them all on lowendtalk and its the cheapest for highest specs, you do have to comment your invoice to double ram, but its 4 core 8gb ram for 3.50 a month and 8core 16gb 7$ cogent amd epyc, and solid ssd space 140-160 idr exactly, they have multiple deals posted, the one with the prices I mention is the best one, they also had windows vps deals. Spent way too long testing hella, its not the best ping out there for me since I'm fairly far but I'm not hosting gameservers so its a non issue.
There are many other deals on lowendtalk but they are typically for way less resources or way more expensive for a lot more resources
-
I don't use shit-tier products like cloudflare so I don't bother knowing what their product line is or what it does.
not knowing how a platform specific product works doesn't dictate intelligence.
also, in your original comment you said "SSL cert" and never mentioned it was a platform specific cert.
be clear when you say shit and people won't misunderstand you and treat you like a fucking moron.
be clear when you say shit and people won’t misunderstand you and treat you like a fucking moron.
Obviously, when name Cloudflare specifically more than once, it can be so hard to tell which platform I mean. It's an easy mistake to make if you don't know how to read.
not knowing how a platform specific product works doesn’t dictate intelligence.
No, but using hostility as a way to distract from when you've gone and made yourself look like an idiot is certainly a defense commonly used by, as you put it, "fucking morons". Now, is there any other pearls of wisdom you want to offer us, Mr. Trump, or was your eternally youthful ardor spent on that one emission?
-
Somehow 4chan admins have largely escaped legal consequences for this stuff, and I don't think it's just because of sec230.
Not a fan of 4chan, but I do note both their and the pirate bay's operation scheme.
I mean, in most cases this isn't criminal law (in the US at least), so it means you have to attract enough attention of a corporation since they're usually the only ones who can afford the legal costs to file the DMCA requests and responses for copyright violation. And with many other civil issues, often corporations with the money for it, don't have standing to sue, and if they did, would be required to sue each individual in the appropriate jurisdiction.
With the removal of Section 230, these costs will go down significantly as a single user's violation could be enough to bankrupt or shut down an entire site of violating content or, if serious criminal violations like child porn, put the person who hosts the site in prison who, will be much easier to identify and sue in a single jurisdiction or arrest than a random internet user.
-
Its so cheap to just get a vps from a littlecreekhosting deal, I checked them all on lowendtalk and its the cheapest for highest specs, you do have to comment your invoice to double ram, but its 4 core 8gb ram for 3.50 a month and 8core 16gb 7$ cogent amd epyc, and solid ssd space 140-160 idr exactly, they have multiple deals posted, the one with the prices I mention is the best one, they also had windows vps deals. Spent way too long testing hella, its not the best ping out there for me since I'm fairly far but I'm not hosting gameservers so its a non issue.
There are many other deals on lowendtalk but they are typically for way less resources or way more expensive for a lot more resources
I've had good luck with these guys:
https://cloudfanatic.net/pricing/I think they would fall in the less resources category. But they offer unlimited data transfer, and you can use any distro you want. I run slackware btw.
-
I've wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.
Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.
I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can't communicate with each other.
I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don't anticipate a crush of people.
I know the basics of how to set up a NodeBB instance, and I've successfully backed up and restored an instance on another machine.
I'm not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that's it.
Anything else I should know? Thanks!
-
Doesn't Cloudflare cost money for DDoS protection?
You get some coverage for free but if you're really getting slammed I wish to stay up they're not going to do everything for free. I believe They click here to prove you're not a butt is gratis.
-
Don't do it.
Hosting a public service with no real knowledge of security can only end badly.
Get a vpc, do it there, learn from mistakes.
It's more than just HTTPS, you also need proper authentication, regular updates, emergency updates for critical vulnerabilities, ideally some sort of monitoring to detect potential misuse of the service or any escalations from the service to the OS.
Ask yourself this: If this was your first time driving a car, would you rather do it in an empty parking lot where at worst you will damage the car. Or would you rather do it in a busy street where at worst you can kill someone?
-
be clear when you say shit and people won’t misunderstand you and treat you like a fucking moron.
Obviously, when name Cloudflare specifically more than once, it can be so hard to tell which platform I mean. It's an easy mistake to make if you don't know how to read.
not knowing how a platform specific product works doesn’t dictate intelligence.
No, but using hostility as a way to distract from when you've gone and made yourself look like an idiot is certainly a defense commonly used by, as you put it, "fucking morons". Now, is there any other pearls of wisdom you want to offer us, Mr. Trump, or was your eternally youthful ardor spent on that one emission?
take a chill pill and come back to read from start to finish.
you were the first one to respond with hostility, prick. I commented on how it's a bad idea to have SSL certs last for a decade.
that's when you responded with heavy sarcasm, like a angsty child.
maybe if you didn't have tissue paper for skin you could see how much of a petulant child you are. I can even see how fragile your ego is from all your interactions with others.
I don't know what's more pathetic, your overwhelming desire to be right or your desperate need to prove you're smarter than somebody else.
some friendly advice before I block you forever. if you think everyone around you is an asshole, you're the asshole.
-
take a chill pill and come back to read from start to finish.
you were the first one to respond with hostility, prick. I commented on how it's a bad idea to have SSL certs last for a decade.
that's when you responded with heavy sarcasm, like a angsty child.
maybe if you didn't have tissue paper for skin you could see how much of a petulant child you are. I can even see how fragile your ego is from all your interactions with others.
I don't know what's more pathetic, your overwhelming desire to be right or your desperate need to prove you're smarter than somebody else.
some friendly advice before I block you forever. if you think everyone around you is an asshole, you're the asshole.
if you think everyone around you is an asshole, you’re the asshole.
Most people I run across aren't assholes, you're just an exception.
-
Its so cheap to just get a vps from a littlecreekhosting deal, I checked them all on lowendtalk and its the cheapest for highest specs, you do have to comment your invoice to double ram, but its 4 core 8gb ram for 3.50 a month and 8core 16gb 7$ cogent amd epyc, and solid ssd space 140-160 idr exactly, they have multiple deals posted, the one with the prices I mention is the best one, they also had windows vps deals. Spent way too long testing hella, its not the best ping out there for me since I'm fairly far but I'm not hosting gameservers so its a non issue.
There are many other deals on lowendtalk but they are typically for way less resources or way more expensive for a lot more resources
Its so cheap to just get a vps from a littlecreekhosting deal
This site seems suspicious as hell. Incredibly basic site, no info on where they're located, and the "About Us" links aren't even links. There's no About Us page.
-
I have not, I tend to avoid services and diy it
-
Its so cheap to just get a vps from a littlecreekhosting deal, I checked them all on lowendtalk and its the cheapest for highest specs, you do have to comment your invoice to double ram, but its 4 core 8gb ram for 3.50 a month and 8core 16gb 7$ cogent amd epyc, and solid ssd space 140-160 idr exactly, they have multiple deals posted, the one with the prices I mention is the best one, they also had windows vps deals. Spent way too long testing hella, its not the best ping out there for me since I'm fairly far but I'm not hosting gameservers so its a non issue.
There are many other deals on lowendtalk but they are typically for way less resources or way more expensive for a lot more resources
OP asks for not doing exactly that though.
-
Sounds like hosting outside the US is a possible solution. Many things to be careful of, regardless.
Don't chose china or russia though
-
just cloudflare tunnel it - i set one up the other day and it works super well, proving external access to a locally hosted service all without having to set up your own SsL certs and worrying about exposing private ips or ports
I looked up Cloudflare tunnels and tried setting one up. Some things future readers may want to know:
- You have to set Cloudflare as your domain's authoritative nameservers.
- You need to set up an account (not a problem) but also have to register a payment method, even for the free tier (no me gusta).
- Regarding NodeBB specifically, if you set up a tunnel, you can access the forum, even over HTTPS, but it fails when you try to log in. A few minutes of searching leads me to believe it has something to do with web sockets, and the solution requires you to partially expose your IP address, defeating the principle purpose for me to use cloudflare in the first place.
-
i mean... we're talking about civil torts here, not constitutional law. i think you can still count on a court to throw this out even with a pro se defense.
I surely hope so.
-
Its so cheap to just get a vps from a littlecreekhosting deal
This site seems suspicious as hell. Incredibly basic site, no info on where they're located, and the "About Us" links aren't even links. There's no About Us page.
its one of the more trusted ones on lowendtalk?
-
OP asks for not doing exactly that though.
its just way less risky and not that expensive tho? I had the same idea as op til I realized that fit my needs and gave a lot more resources than hetzner.
