this post was submitted on 18 Feb 2024
71 points (91.8% liked)

Selfhosted

40113 readers
1852 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
71
What does your current setup look like? (lemm.ee)
submitted 8 months ago by [email protected] to c/[email protected]
101 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 8 months ago* (last edited 8 months ago) (1 children)

It's a work in progress, but https://wiki.gardiol.org (which is OFC self-hosted)

Anyway, beefy HP laptop with 32gb ram and Xeon CPU to run all services. 3 RAID-1 (Linux sw raid) usb3 volumes to host all services and data.

Two isp's: Vodafone FVA 5G (data capped) for general navigation and Fastweb FTTC (low speed but uncapped) for backup access and torrent/Usenet downloads.

Gentoo Linux all the way and podman, but as much limited as possible: only immich (that's impossible to host on bare metal due to devs questionable choices).

Services: WebDAV/webcal/etc wiki, more stuff, arrs, immich, podfetch, and a few more.

All behind nginx reverse proxy.

99% bare metal.

Self developed simple dashboard

External access via ssh tunnels to vps

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (2 children)

That public wiki gives me the security heebie-jeebies. 🤭

[–] [email protected] 1 points 8 months ago (1 children)

Why?

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago)

Not saying it's not secure, just that I'd have constant doubts whether I've covered all the bases if I were doing it. Especially ensuring an intruder can't compromise anything else if they take it over via some security exploit in PHP or DocuWiki itself.

[–] [email protected] 1 points 8 months ago

The service runs as an unpriviledged user, even if, at worst, an intruder would delete or replace the wiki itself. Even the php-fpm behind it runs as that unpriviledged user and is not shared with any other service.

I doubt an attacker could do anything worse than DoS on the wiki itself.