This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/514sid on 2025-06-20 20:32:24+00:00.

When you’re about to self-host something, especially if it’s going to be exposed to the internet, how do you make sure it’s actually secure?

Some things I’m wondering:

• Do you check if the docs cover how to properly set up reverse proxies, CORS policies, security headers etc. before using the app?
• How much do you trust the community or GitHub issues to get a sense of how secure it is?
• Does anyone actually look through the code? Not just for malicious stuff, but things like bad defaults or missing security features?
• What do you consider a red flag that makes you avoid a project?

I’m not talking about advanced audits — just the basic checks you do before deciding to run something on your own setup.

Curious how others handle this.