this post was submitted on 02 Apr 2025
123 points (98.4% liked)

Selfhosted

60587 readers
1425 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Inspired by this comment to try to learn what I'm missing.

  • Cloudflare proxy
  • Reverse Proxy
  • Fail2ban
  • Docker containers on their own networks

Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?

you are viewing a single comment's thread
view the rest of the comments
[–] MTK@lemmy.world 6 points 1 year ago

in the context of the comment you referenced:

Definitely have the server on its own VLAN. It shouldn't have any access to other devices that are not related to the services and I would also add some sort of security software.

If you have a public service that you expect to have multiple users on you definitely should have some level of monitoring whether it is just the application logs from the forum that you want to host or further have some sort of EDR on the server.

Things I would do if I was hosting a public forum:

  • Reverse proxy
  • fail2ban
  • dedicated server that does not have any personal data or other services that are sensitive
  • complete network isolation with VLAN
  • send application logs to ELK
  • clamAV

And if the user base grows I would also add:

  • EDR such as velociraptor
  • an external firewall / ips
  • possibly move from docker to VM for further isolation (not likely)