I’ve wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.
Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.
I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can’t communicate with each other.
I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don’t anticipate a crush of people.
I know the basics of how to set up a NodeBB instance, and I’ve successfully backed up and restored an instance on another machine.
I’m not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that’s it.
Anything else I should know? Thanks!
EDIT:
I also have a domain, a couple of them, actually. They’re like potato chips; you can’t stop at just one.
I don’t plan on self-hosting email used for forum registration and announcements. I’m not a masochist.
You don’t need to put the server in the DMZ, just port forward port 80 and 443. Most routers these days ignore all requests to ports that aren’t open. And stick it behind Cloudflare, so you don’t have to expose your IP. Cloudflare also allows you to generate SSL certs that are good for a decade.
generating a decade long cert is a terrible idea.
what if a malicious actor gets your private keys and can spoof you now?
you’re fucked unless you work through the vendor to blacklist that cert, which is a huge pita.
certs should be done yearly at most. quarterly at best.
Yeah, it’s a huge PITA to just, you know, click the button to generate a new cert and revoke the old one.
amateur.
you’re going to get fucked by doing that one day, and it’s going to be months or longer before you realize it.
I just hope you’re not responsible for an actual business with poor security practices like that.
You’re just not a pleasant person, are you? Every time you’ve replied to one of my posts, it’s to be a twatwaffle.
An ignorant twatwaffle, considering you obviously have no idea how Cloudflare certs work. Which ends up making me look like I’m smarter than I really am, so thanks!
Plus certbot and acme easily auto renew the certs.