Hi there, I’ve been reading up on selfhosting for a couple of weeks now and I got my feet wet with a couple of things.

However, before really getting serious with it, I feel I need to get down the basics and make sure that my server will not end up a security hazard. My final goal would be to self-host my socials (Mastodon, Lemmy, Matrix) - just for myself.

What basic security do I need to have in place, considering these services? I’ll be running this on a VPS and so far I consider the following: disable password login (login with ssh key only) then set up nginx, fail2ban, and a basic firewall. I’d try to close all ports that are not required for the services I run. I’ll also change ssh port from 22 to something else and close port 22 as well.

Would this be a sufficient basis, or am I missing something crucial?

Bonus question: do you know of good tutorials to learn the above stuff? I’ve been following the guides on DigitalOcean (e.g. https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-20-04) and they seem decent enough - but I think I’ll need to get into more depth than that :)

  • animist@lemmy.one
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    While I do completely agree, changing ports is more about getting rid of low-hanging fruit so some script kiddie doesn’t get into 22. But again I do agree with everything you said.

    • Rikudou_Sage@lemmings.world
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Just firewall the port and there’s no difference for your hypothetical script kiddies. Don’t ever do security by obscurity.

    • PlexSheep@feddit.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Of you have Skript kiddies logging in successfully on 22, you have way different problems.

      Of course, changing a port number is not a good security improvement even in the realm of security through obscurity.