this post was submitted on 27 Oct 2023
2 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I started to create my very own website. I originally had it on a raspberry pi 3b but upgraded to an optiplex 9020 usff , 1tb SSD, 8gb ddr3 running Ubuntu Server LTS

I've spent more time on the backend than actually designing my site because I'm worried about security. This website and server will only be accessible within my network. So I'd like to know if the ufw rules I set up are a good start.

ufw default deny incoming

ufe default allow outgoing

ufw allow from 192.168.1.0/24 to any port 22 proto tcp

ufw allow from 192.168.1.0/24 to any port 80,443 proto tcp
ufw limit 22/tcp

I've also installed fail2ban.

I've also managed to install webmin, but I also want to install cockpit, grafana, Prometheus, loki, and promtail but I don't want to overwhelm myself.

My optiplex sits beside my router while I ssh from my laptop and work on it. Any recommendations for securing my server or monitor it would be very helpful as chatgpt is the only teacher I have until I stumbled on this subs.

top 1 comments
sorted by: hot top controversial new old

This website and server will only be accessible within my network

If this is the case then your security is already a done deal. No real need for ufw (though you could argue that it is a good thing to have either way). You have no need for fail2ban if it is internal server, nobody can connect to it outside of your internal network, meaning you might only manage to ban yourself by accident.