Selfhosted

60093 readers

969 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam.
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
Submission headline should match the article title.
No trolling.
Promotion posts require your active participation in selfhosting or related communities, or the post will be removed. No more than 10% of your posts or comments may be self-promotional, or your post will be removed. F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, and your account is at least 7 days old, your post is exempt from this rule as long as you continue to engage in comments.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

hosting forgejo publicly (feddit.org)

submitted 2 months ago by arschflugkoerper@feddit.org to c/selfhosted@lemmy.world

20 comments fedilink hide all child comments

I am experimenting with using forgejo instead of GitHub for my personal projects. So far I like it, however I would like to make it available to the outside world at some point.

I was wondering what kind of traps I should avoid. The following things come to mind so far:

Forgejo Actions seem like a massive potential security risk, however I do not intend to enable sign up for other
OpenID appears to be a thing for forgejo, I do not know how it works and it seems like it would allow access to my instance even with registering disabled
I would put the instance behind a nginx as reverse proxy, but how do you keep bot traffic to a minimum? Anubis?

I feel like there are a ton of things I have not thought of, which is why I am holding off on making anything available without a VPN so far.

you are viewing a single comment's thread
view the rest of the comments

[–] hendrik@palaver.p3x.de 14 points 2 months ago* (last edited 2 months ago)

If it's just you, and you're fine with the regular login... Just disable signup and don't add more authentication mechanisms like oauth/openID.

I'm using nginx as a reverse proxy as well. For now, I added a lot of "deny" directives to ban all the address ranges from Tencent, Alibaba, OpenAI. It's not a 100% solution, but works well enough for me. I'm mostly worried about AI crawlers causing too much load on my server. And it stopped since, so I don't think I'm gonna need Anubis and all these extra things in front if my applications. If you like you can look into solutions like a web application firewall like Crowdsec.