this post was submitted on 19 Oct 2023
2 points (100.0% liked)
Self-Hosted Main
504 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Personally I disagree. You might be running internal services you do not want to expose. It also is an active step to expose something. This way you are in control what is exposed and what isn’t.
Yeah until you realize that e.g. docker compose doesn’t care about ufw rules and expose defined ports anyway (yes, through the firewall) and now you can argue that an inexperienced user doesn’t know this and thinks that the ufw will protect him and give him a false sense of security. You should always make sure to bind internal services to 127.0.0.1 only period. Anyway that doesn’t mean ufw is useless, but that it should only be used for filtering more than the default port allow rules because like this you have no security advantage (e.g. I use ufw on my Proxmox servers to block outgoing connection to the lan by default and then explicitly allow connection to server x if needed )