This is an automated archive made by the Lemmit Bot.
The original was posted on /r/selfhosted by /u/digitalindependent on 2023-07-04 22:18:22+00:00.
I see so many recommendations for Cloudflare tunnels because they are easy, reliable and basically free. Call me old-fashioned, but I just can’t warm up to the idea of giving away ownership of a major part of my Setup: reaching my services. They seem to work great, so I am happy for everybody who’s happy. It’s just not for me.
On the other side I see many beginners shying away from running their own VPS, mainly for security reasons. But securing a VPS isn’t that hard. At least against the usual automated attacks.
This is a guide for the people that are just starting out. This is the checklist:
- set a good root password
- create a new user that can sudo (with a good pw!)
- disable root logins
- set up fail2ban (controversial)
- set up ufw and block ports
- optional: set up ssh keys
This checklist is all about encouraging beginners and people who haven’t run a publicly exposed Linux machine to run their own VPS and giving them a reliable basic setup that they can build on. I hope that will help them make the first step and grow from there.
My reasoning for ssh keys not being mandatory: I have heard and read from many beginners that made mistakes with their ssh key management. Not backing up properly, not securing the keys properly… so even though I use ssh keys nearly everywhere and disable password based logins, I’m not sure this is the way to go for everybody.
So I only recommend ssh keys, they are not part of the core checklist. Fail2ban can provide a not too much worse level of security (if set up properly) and logging in with passwords might be more „natural“ for some beginners and less of a hurdle to get started.
What do you think? Would you add anything?
Link to video:
You must log in or register to comment.