this post was submitted on 01 Apr 2025
73 points (96.2% liked)

Selfhosted

45419 readers
523 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
HybridSarcasm@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
73
Risks of self-hosting a public-facing forum? (lemmy.radio)
submitted 2 days ago* (last edited 2 days ago) by early_riser@lemmy.radio to c/selfhosted@lemmy.world
55 comments fedilink hide all child comments
 

I've wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.

Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.

I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can't communicate with each other.

I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don't anticipate a crush of people.

I know the basics of how to set up a NodeBB instance, and I've successfully backed up and restored an instance on another machine.

I'm not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that's it.

Anything else I should know? Thanks!

EDIT:

I also have a domain, a couple of them, actually. They're like potato chips; you can't stop at just one.

I don't plan on self-hosting email used for forum registration and announcements. I'm not a masochist.

(page 2) 5 comments
sorted by: hot top controversial new old
[–] bjoern_tantau@swg-empire.de 2 points 2 days ago

Try to automate updates as much as possible so that new security bugs get fixed quickly.

[–] rice@lemmy.org 0 points 2 days ago* (last edited 2 days ago) (1 children)

Do it.

There's really not much that can end badly, someone gets in your network (unlikely anyone even knows it exists)? reformat all your shit. Just by knowing what a DMZ is you are already more qualified than half the people I've met self hosting

do you run a business out of your house? do you run a bunch of peoples personal info? does anyone else? If you answered no to all of these then there really isn't much that can "go wrong" you can just unplug your shit.

hosting email also isn't that big of a deal but your home ISP will block port 25, you need to have a "business" one for them to unblock it and even then sometimes have to directly request it. Things like mailcow docker make it dead easy.

and yea as the other guy said always update your stuff

[–] Onomatopoeia@lemmy.cafe 1 points 2 days ago (1 children)

Scans for open ports run continuously these days.

Ten years ago I opened a port for something for a couple days - for months after that I was getting regular scans against that port (and others).

At one point the scans were so constant it was killing my internet performance (poor little consumer router had no defense capability).

I don't think the scans ever fully stopped until I moved. Whoever has that IP now probably gets specifically scanned on occasion.

And just because you don't run a business doesn't mean you have nothing to lose.

DMZ should be enough... But routers have known flaws, so I'd be sure to verify whatever I'm using.

load more comments (1 replies)
[–] poVoq@slrpnk.net -1 points 2 days ago

Well, obviously if you host from your home ISP, people will be able to figure out your home's approximate location via a reverse IP search.

But otherwise go for it. It's not that hard to do and a nice learning experience.

load more comments
view more: ‹ prev next ›