Risks of self-hosting a public-facing forum?
-
Doesn't Cloudflare cost money for DDoS protection?
You get some coverage for free but if you're really getting slammed I wish to stay up they're not going to do everything for free. I believe They click here to prove you're not a butt is gratis.
-
Don't do it.
Hosting a public service with no real knowledge of security can only end badly.
Get a vpc, do it there, learn from mistakes.
It's more than just HTTPS, you also need proper authentication, regular updates, emergency updates for critical vulnerabilities, ideally some sort of monitoring to detect potential misuse of the service or any escalations from the service to the OS.
Ask yourself this: If this was your first time driving a car, would you rather do it in an empty parking lot where at worst you will damage the car. Or would you rather do it in a busy street where at worst you can kill someone?
-
be clear when you say shit and people won’t misunderstand you and treat you like a fucking moron.
Obviously, when name Cloudflare specifically more than once, it can be so hard to tell which platform I mean. It's an easy mistake to make if you don't know how to read.
not knowing how a platform specific product works doesn’t dictate intelligence.
No, but using hostility as a way to distract from when you've gone and made yourself look like an idiot is certainly a defense commonly used by, as you put it, "fucking morons". Now, is there any other pearls of wisdom you want to offer us, Mr. Trump, or was your eternally youthful ardor spent on that one emission?
take a chill pill and come back to read from start to finish.
you were the first one to respond with hostility, prick. I commented on how it's a bad idea to have SSL certs last for a decade.
that's when you responded with heavy sarcasm, like a angsty child.
maybe if you didn't have tissue paper for skin you could see how much of a petulant child you are. I can even see how fragile your ego is from all your interactions with others.
I don't know what's more pathetic, your overwhelming desire to be right or your desperate need to prove you're smarter than somebody else.
some friendly advice before I block you forever. if you think everyone around you is an asshole, you're the asshole.
-
take a chill pill and come back to read from start to finish.
you were the first one to respond with hostility, prick. I commented on how it's a bad idea to have SSL certs last for a decade.
that's when you responded with heavy sarcasm, like a angsty child.
maybe if you didn't have tissue paper for skin you could see how much of a petulant child you are. I can even see how fragile your ego is from all your interactions with others.
I don't know what's more pathetic, your overwhelming desire to be right or your desperate need to prove you're smarter than somebody else.
some friendly advice before I block you forever. if you think everyone around you is an asshole, you're the asshole.
if you think everyone around you is an asshole, you’re the asshole.
Most people I run across aren't assholes, you're just an exception.
-
Its so cheap to just get a vps from a littlecreekhosting deal, I checked them all on lowendtalk and its the cheapest for highest specs, you do have to comment your invoice to double ram, but its 4 core 8gb ram for 3.50 a month and 8core 16gb 7$ cogent amd epyc, and solid ssd space 140-160 idr exactly, they have multiple deals posted, the one with the prices I mention is the best one, they also had windows vps deals. Spent way too long testing hella, its not the best ping out there for me since I'm fairly far but I'm not hosting gameservers so its a non issue.
There are many other deals on lowendtalk but they are typically for way less resources or way more expensive for a lot more resources
Its so cheap to just get a vps from a littlecreekhosting deal
This site seems suspicious as hell. Incredibly basic site, no info on where they're located, and the "About Us" links aren't even links. There's no About Us page.
-
I have not, I tend to avoid services and diy it
-
Its so cheap to just get a vps from a littlecreekhosting deal, I checked them all on lowendtalk and its the cheapest for highest specs, you do have to comment your invoice to double ram, but its 4 core 8gb ram for 3.50 a month and 8core 16gb 7$ cogent amd epyc, and solid ssd space 140-160 idr exactly, they have multiple deals posted, the one with the prices I mention is the best one, they also had windows vps deals. Spent way too long testing hella, its not the best ping out there for me since I'm fairly far but I'm not hosting gameservers so its a non issue.
There are many other deals on lowendtalk but they are typically for way less resources or way more expensive for a lot more resources
OP asks for not doing exactly that though.
-
Sounds like hosting outside the US is a possible solution. Many things to be careful of, regardless.
Don't chose china or russia though
-
just cloudflare tunnel it - i set one up the other day and it works super well, proving external access to a locally hosted service all without having to set up your own SsL certs and worrying about exposing private ips or ports
I looked up Cloudflare tunnels and tried setting one up. Some things future readers may want to know:
- You have to set Cloudflare as your domain's authoritative nameservers.
- You need to set up an account (not a problem) but also have to register a payment method, even for the free tier (no me gusta).
- Regarding NodeBB specifically, if you set up a tunnel, you can access the forum, even over HTTPS, but it fails when you try to log in. A few minutes of searching leads me to believe it has something to do with web sockets, and the solution requires you to partially expose your IP address, defeating the principle purpose for me to use cloudflare in the first place.
-
i mean... we're talking about civil torts here, not constitutional law. i think you can still count on a court to throw this out even with a pro se defense.
I surely hope so.
-
Its so cheap to just get a vps from a littlecreekhosting deal
This site seems suspicious as hell. Incredibly basic site, no info on where they're located, and the "About Us" links aren't even links. There's no About Us page.
its one of the more trusted ones on lowendtalk?
-
OP asks for not doing exactly that though.
its just way less risky and not that expensive tho? I had the same idea as op til I realized that fit my needs and gave a lot more resources than hetzner.
-
I've had good luck with these guys:
https://cloudfanatic.net/pricing/I think they would fall in the less resources category. But they offer unlimited data transfer, and you can use any distro you want. I run slackware btw.
Ill check them out, been curious about unlimited data transfer, does it allow torrenting done through their hosting
-
its one of the more trusted ones on lowendtalk?
No, I didn't say this "isn't a nice site". I said it's "suspicious as hell".
Having a working site and a navigable "About Us" page isn't "nice". It's the bare minimum I would expect of any legitimate nice or ugly site.
There's just a lot on their site that reeks of sloppy scammers.
-
No, I didn't say this "isn't a nice site". I said it's "suspicious as hell".
Having a working site and a navigable "About Us" page isn't "nice". It's the bare minimum I would expect of any legitimate nice or ugly site.
There's just a lot on their site that reeks of sloppy scammers.
well, i have a lot of stuff running on it fine for the last 3 months, and lowendtalk is what I trust, I made a thread there asking about it and ppl trusted them.
You use a virtualizer panel and they provision from cogent, its pretty straightforward what you're getting and you can stress test it or whatever? Do you only trust the major players like digital ocean, aws, etc.?
-
No, I didn't say this "isn't a nice site". I said it's "suspicious as hell".
Having a working site and a navigable "About Us" page isn't "nice". It's the bare minimum I would expect of any legitimate nice or ugly site.
There's just a lot on their site that reeks of sloppy scammers.
but thats the exact issue, the businesses with clean perfect sites tend to be the scams, while these where you need specific links off a forum like lownendtalm to even access the deal work well and are hella cheap in comparison? Racknerds also been great but way less resources, their deals also never go away if you get a link.
-
No, I didn't say this "isn't a nice site". I said it's "suspicious as hell".
Having a working site and a navigable "About Us" page isn't "nice". It's the bare minimum I would expect of any legitimate nice or ugly site.
There's just a lot on their site that reeks of sloppy scammers.
either waymy suggestion was to find a deal that suits your needs at low end talk over trying to self host anything otherppl will be accessing from your home, you wont find good deals just googling around, or even on reddit
-
I've wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.
Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.
I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can't communicate with each other.
I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don't anticipate a crush of people.
I know the basics of how to set up a NodeBB instance, and I've successfully backed up and restored an instance on another machine.
I'm not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that's it.
Anything else I should know? Thanks!
Risk of people uploading images that are illegal and you would end up being liable for hosting them. Risk of being hacked...
I don't know how big of a risk this really is these days... I used to host a PHPbb forum in the early 2000's off my personal computer and it didn't get any traffic beyond myself and the friends I told about it.
-
but thats the exact issue, the businesses with clean perfect sites tend to be the scams, while these where you need specific links off a forum like lownendtalm to even access the deal work well and are hella cheap in comparison? Racknerds also been great but way less resources, their deals also never go away if you get a link.
Three incoherent replies with jumbled run-on sentences.
the businesses with clean perfect sites tend to be the scams
Uhhh, no. Objectively no. A legit website is not going to have spelling mistakes and broken links. Looking professional and thorough is a direct lead to increased business. What you just said is completely false, and frankly idiotic.
Everything else you said (in all three replies) is just a jumbled mess of a brain dump that I'm not even going to try and address any of it.
-
I looked up Cloudflare tunnels and tried setting one up. Some things future readers may want to know:
- You have to set Cloudflare as your domain's authoritative nameservers.
- You need to set up an account (not a problem) but also have to register a payment method, even for the free tier (no me gusta).
- Regarding NodeBB specifically, if you set up a tunnel, you can access the forum, even over HTTPS, but it fails when you try to log in. A few minutes of searching leads me to believe it has something to do with web sockets, and the solution requires you to partially expose your IP address, defeating the principle purpose for me to use cloudflare in the first place.
