this post was submitted on 08 Sep 2024
83 points (96.6% liked)

Selfhosted

39247 readers
311 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
HybridSarcasm@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
83
How can I keep my forwarded port secure? (kbin.earth)
submitted 1 week ago by strawberry@kbin.earth to c/selfhosted@lemmy.world
69 comments fedilink hide all child comments
 

I just setup a minecraft server on an old laptop, but to make it acessible i needed to open up a port. Currently, these are the ufw rules i have. when my friends want to connect, i will have them find their public ip and ill whilelist only them. is this secure enough? thanks

`Status: active

To Action From

22/tcp ALLOW Anywhere Anywhere ALLOW my.pcs.local.ip`

also, minecraft is installed under a separate user, without root privlege

(page 2) 20 comments
sorted by: hot top controversial new old
[–] Decronym@lemmy.decronym.xyz 2 points 1 week ago* (last edited 1 week ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
IP Internet Protocol
SSH Secure Shell for remote terminal access
SSO Single Sign-On
TCP Transmission Control Protocol, most often over IP
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

7 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.

[Thread #959 for this sub, first seen 8th Sep 2024, 20:35] [FAQ] [Full list] [Contact] [Source code]

[–] StrawberryPigtails@lemmy.sdf.org 1 points 1 week ago (4 children)

The simplest way to do this, is to put the server on a private vpn (I use Tailscale, there are others) and expose ports only to the vpn. Then you share access to the vpn with your friends.

With Tailscale, this is as simple as sending them a share link for the host. They will need to have an account at Tailscale, and have the client running, but they will then be able to access the host with a static ip address.

As a general rule of thumb, nothing should be exposed to the public internet unless you want that service to be public access and then you need to keep it up to date. If a vulnerability doesn’t currently exist for the service, one will sooner rather than later. SSH, especially password only ssh, can be broken into fairly easily. If you must expose ssh to the public internet for whatever reason, you need to be using IP white lists, password protected keys, change the default port, and turn off service advertisements and ping responses. I’m probably missing something. When someone scans your server randomly, they should see nothing. And if they fail login they should be ip blocked.

load more comments (4 replies)
[–] mfat@lemdro.id 1 points 1 week ago

Noob here can you please explain what the 2nd line does? Thanks!

load more comments
view more: ‹ prev next ›