Recently I dug up an old PC and decided to install Ubuntu Server on i and use it as my server for hosting a website. I am using Nginx.
Does anyone have any general and/or security advice?

I am not expert, however I have been running a home server for quite sometime. I would suggest not installing the webserver directly on the hardware, but instead use something like proxmox, and create a container for a webserver. You are never going to get perfect security, however you can have daily backups of you services, and if anything critical does happen, restoring a previous backup is one click away. This is also useful not just for security, but if you simply goof up a configuration, same idea. If I plan to make any changes to any of my services, I have learned to take a quick snapshot, just to make sure I can restore back to a working sate.

Lloyd (neoshock) sysop @ Vintage Pi BBS
vintagepi.asuscomm.com

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: Vintage Pi BBS vintagepi.asuscomm.com (21:1/150)

I am not expert, however I have been running a home server for quite sometime. I would suggest not installing the webserver directly on the hardware, but instead use something like proxmox, and create a container for a webserver. You are never going to get perfect security, however
you can have daily backups of you services, and if anything critical
does happen, restoring a previous backup is one click away. This is also useful not just for security, but if you simply goof up a configuration, same idea. If I plan to make any changes to any of my services, I have learned to take a quick snapshot, just to make sure I can restore back
to a working sate.

Yes, excellent advice here, definitely virtualise and use snapshots whenever doing maintenance or updates!

|14Dave!
|05(|13dflorey|05)
|13Retro16 BBS |05--> |14bbs.retro16.com |05(|13WIP|05)
|07No one expects the Spanish inquisition!

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Retro16 BBS (21:1/226)

Re: Advice on self-hosting a website?
By: Vintholdt to All on Tue Apr 01 2025 07:20 am

Hello everyone,

Recently I dug up an old PC and decided to install Ubuntu Server on it, and use it as my server for hosting a website. I am using Nginx.

Does anyone have any general and/or security advice?

Thanks.

Which sort of website is it? Is it static? A node.js service? Some PHP application?

--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.23-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

Re: Advice on self-hosting a website?
By: opicron to Vintholdt on Tue Apr 01 2025 08:00 pm

Although I love the project. I would still say take a 5 USD/month server at CloudWays and save yourself much headache. You can still do all the nice

And then have an OVH like crisis when their datacenter burns to the ground? XD

Having a virtual private server on rent is no replacement for proper practices. You should not count on having anybody backup your stuff.

Where I work at we have been pulling services off the cloud back into our premises because budgetworthy cloud services are not that reliable.



--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.23-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

Re: Re: Advice on self-hosting a website?
By: Dmxrob to Vintholdt on Thu Apr 03 2025 05:52 pm

Unless you have a passion to learn and tinker, use Cloudflare pages and leave the worry to them.

Cloudflare is a Google-level threat to Internet privacy. I wish everybody stopped promoting it.

I mean if you use CloudFlare you are axing down any visitor that shows up with a non-standard browser, from an VPN, from Tor...

Sincerely, first thing you ask if they ask you for advice is which sort of service they are setting. So many services that can run from home are set-and-forget these days. There is no reason to delegate security to yet another party which also happens to suck.


--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.23-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

neoshock wrote to poindexter FORTRAN <=-

I am not expert, however I have been running a home server for quite sometime. I would suggest not installing the webserver directly on the hardware, but instead use something like proxmox, and create a
container for a webserver.

Snapshots are wonderful. It's so nice being able to take a snapshot
before maintenance and backing the changes out if needed.




--- MultiMail/Win v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

Arelor wrote to opicron <=-

Having a virtual private server on rent is no replacement for proper practices. You should not count on having anybody backup your stuff.

If I had symmetrical networking at home with no bandwidth caps, and
could rsync between a VPS and home, I'd be all over it.



--- MultiMail/Win v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

Having a virtual private server on rent is no replacement for proper practices.
You should not count on having anybody backup your stuff.

Where I work at we have been pulling services off the cloud back into
our premises because budgetworthy cloud services are not that reliable.

Seems to be a common trend lately - moving back to on-prem or a hybrid approach.
I work for an MSP and one of our key backup offerings was to resell cloud backup solutions to our clients. To be fair, WE hosted the backup
repositories in our private DC (I wouldn't want it any other way), but the vendor (Arcserve) decide to completely axe the platform - putting us in a position where we had to pivot to another product!

Another backup provider we also use/used around the time had a major incident where they simply lost a huge chunk of backup data in the chains - meaning
all backup sets reliant on the lost images were then incomplete and new
chains had to be started. Worst part is, no one knew until it was too late!

Not saying the cloud is always bad nor am I stating that on-prem is best, but its a case of having multiple backups in multiple locations & formats. I do need to practice what I preach, I only have one backup method (although
spread across two locations).

If you host a webserver on a budget VPS, be certain, there's no backup!

|14Dave!
|05(|13dflorey|05)
|13Retro16 BBS |05--> |14bbs.retro16.com |05(|13WIP|05)
|07No one expects the Spanish inquisition!

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Retro16 BBS (21:1/226)

Cloudflare is a Google-level threat to Internet privacy. I wish
everybody stopped promoting it.

What parts of CloudFlare don't you like? I'm genuinely curious...
I host numerous websites. Each domain has its own free DNS CloudFlare
account. One of them CloudFlare one day just decided should no longer exist anymore, so I now host the DNS for that site using my own self hosted trio of DNS servers.

I did some reading and seems they tend to do this to paying customers with a lot of stuff riding on CF services. They just decide one day that you need to step up to their enterprise plan at 20X the price, annually up front now or they suspend your account!

This happened to a client of mine - they were given 12 hours to pay up on the spot an amount of over $120K USD (previously, about $3K USD) - so there I am
- migrating their domain, DNS, proxy, everything! They actually stopped the domain transfer so we had to perform a hostile takeover!

Otherwise, I DO love their free DNS plan offering which 99.99% of our client base uses.

|14Dave!
|05(|13dflorey|05)
|13Retro16 BBS |05--> |14bbs.retro16.com |05(|13WIP|05)
|07No one expects the Spanish inquisition!

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Retro16 BBS (21:1/226)

If I had symmetrical networking at home with no bandwidth caps, and
could rsync between a VPS and home, I'd be all over it.

Haha symmetrical internet at home would be fab!! I do have it at the
datacenter though, but yeah, backing up stuff from home to there - well, can
be slow if its the initial backup of a file server :D

|14Dave!
|05(|13dflorey|05)
|13Retro16 BBS |05--> |14bbs.retro16.com |05(|13WIP|05)
|07No one expects the Spanish inquisition!

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Retro16 BBS (21:1/226)

dflorey wrote to Arelor <=-

Where I work at we have been pulling services off the cloud back into
our premises because budgetworthy cloud services are not that reliable.

Seems to be a common trend lately - moving back to on-prem or a hybrid approach.

It's the full-employment coventant for IT - spend months moving
everything to the cloud, knowing full well that in a couple of years,
you get to move everything back. Lather, Rinse, Repeat.

I work for an MSP and one of our key backup offerings was to resell
cloud backup solutions to our clients. To be fair, WE hosted the backup repositories in our private DC (I wouldn't want it any other way), but
the vendor (Arcserve) decide to completely axe the platform - putting
us in a position where we had to pivot to another product!

That's a name I haven't heard in years. I used to use Arcserve to back
up Novell servers!


--- MultiMail/Win v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

Re: Re: Advice on self-hosting a website?
By: dflorey to Arelor on Mon Apr 07 2025 09:36 pm

Cloudflare is a Google-level threat to Internet privacy. I wish everybody stopped promoting it.

What parts of CloudFlare don't you like? I'm genuinely curious...

I don't have qualms with CloudFlare as an administrator, other than being extremely anti-user.

First of all, since a lot of webmasters are placing their sites behind CloudFlare for no practical reason, CloudFlare gets to see a whole lot of Internet traffic. Having too powerful entities watching and controlling Internet traffic is problematic. For example, CloudFlare can (and does) unilaterally decide which search engines are allowed to scan CloudFlared websites and everybody who isn't Alphabet, Microsoft or a big money agency is just not going to reliably create a competing search engine because CloudFlare will axe so much of the Internet down for them.

Then there is the fact that their TLS acceleration plans are of dubious utility . The one in which they act as TLS terminators is specially bad: end users connect to CloudFlare using a TLS connection controlled by CloudFlare and the encryption is broken on the CloudFlare end. Then CloudFlare proxies the requests to the CloudFlared webserver. Mind you, I think it used to be the case that the CloudFlare-WebServer connection was not necessarily tunneled. This represented a huge breach of trust - when I visit a random site and get an https connection, the expectation is that your session is encrypted up to the web host. However, even if they are encrypting the backend connection now (which I doubt is the case for all plans) it is still a breach of trust because the TLS connection is being terminated way before it reaches its destination.

Also CloudFlare (and many cheapo web application firewalls) will reject legitimate mainstream web browsers when it fits them. Are you using Firefox? Don't dare customize your browser too much because you may end up getting captchaed to death. Don't dare visiting a CloudFlared site using Tor and Javascript disabled, even if the site itself is a static wallhanger.


--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.23-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

It's the full-employment coventant for IT - spend months moving
everything to the cloud, knowing full well that in a couple of years,
you get to move everything back. Lather, Rinse, Repeat.

Pretty much!

|14Dave!
|05(|13dflorey|05)
|13Retro16 BBS |05--> |14bbs.retro16.com |05(|13WIP|05)
|07No one expects the Spanish inquisition!

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Retro16 BBS (21:1/226)

I don't have qualms with CloudFlare as an administrator, other than being extremely anti-user.

First of all, since a lot of webmasters are placing their sites behind CloudFlare for no practical reason, CloudFlare gets to see a whole lot of Internet traffic. Having too powerful entities watching and controlling Internet traffic is problematic. For example, CloudFlare can (and does) unilaterally decide which search engines are allowed to scan CloudFlared websites and everybody who isn't Alphabet, Microsoft or a big money
agency is just not going to reliably create a competing search engine because CloudFlare will axe so much of the Internet down for them.

Then there is the fact that their TLS acceleration plans are of dubious utility . The one in which they act as TLS terminators is specially bad: end users connect to CloudFlare using a TLS connection controlled by CloudFlare and the encryption is broken on the CloudFlare end. Then CloudFlare proxies the requests to the CloudFlared webserver. Mind you,
I think it used to be the case that the CloudFlare-WebServer connection was not necessarily tunneled. This represented a huge breach of trust - when I visit a random site and get an https connection, the expectation
is that your session is encrypted up to the web host. However, even if they are encrypting the backend connection now (which I doubt is the
case for all plans) it is still a breach of trust because the TLS connection is being terminated way before it reaches its destination.

Also CloudFlare (and many cheapo web application firewalls) will reject legitimate mainstream web browsers when it fits them. Are you using Firefox? Don't dare customize your browser too much because you may end
up getting captchaed to death. Don't dare visiting a CloudFlared site using Tor and Javascript disabled, even if the site itself is a static wallhanger.

Yep, all very valid points.
As for the backend TLS encryption on free plans - yes this is now supported, but yes, 1) the admin has to configure that, and 2) yes, a break in trust
from a end user pov.

|14Dave!
|05(|13dflorey|05)
|13Retro16 BBS |05--> |14bbs.retro16.com |05(|13WIP|05)
|07No one expects the Spanish inquisition!

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Retro16 BBS (21:1/226)

Re: Advice on self-hosting a website?
By: opicron to Vintholdt on Tue Apr 01 2025 08:00 pm

Does anyone have any general and/or security advice?

Although I love the project. I would still say take a 5 USD/month server at CloudWays and save yourself much headache. You can still do all the nice server stuff, but at least its backed up, always available etc etc.

Truth... Although I WAS expecting the "headache" and ready to deal with it since I love fixing shit. Thanks for your input though! :3

Just my 2 cents, sorry if it doesnt align.

You're good, I like hearing peoples suggestions on how I can do stuff more efficiently, so I'll be looking into what you suggested!
Sharing is caring... So give me all of your fucking .MODs!!!
--- SBBSecho 3.24-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)

Re: Re: Advice on self-hosting a website?
By: Dmxrob to Vintholdt on Thu Apr 03 2025 05:52 pm

Unless you have a passion to learn and tinker, use Cloudflare pages and leave the worry to them.

I do have that passion. Who doesn't want to learn?
Sharing is caring... So give me all of your fucking .MODs!!!
--- SBBSecho 3.24-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)

Although I love the project. I would still say take a 5 USD/month serve CloudWays and save yourself much headache. You can still do all the nic

And then have an OVH like crisis when their datacenter burns to the ground

No, if you dont have your docker backup locally, to spin up in a minute or two at any other service you are doing it wrong. No crisis for me.

Where I work at we have been pulling services off the cloud back into our premises because budgetworthy cloud services are not that reliable.

We are talking about hobby local home projects. 1) Internet will never be as reliable as at home 2) power outages are more common then any cloud service and 3) no time to spend on hardware or its issues.

oP!

... Power corrupts. Absolute power is kinda neat.

--- Mystic BBS v1.12 A49 2024/05/29 (Linux/64)
* Origin: TheForze - bbs.theforze.eu:23 (21:3/126)

Although I love the project. I would still say take a 5 USD/month serve CloudWays and save yourself much headache. You can still do all the nic server stuff, but at least its backed up, always available etc etc.

Truth... Although I WAS expecting the "headache" and ready to deal with it since I love fixing shit. Thanks for your input though! :3

If thats the case its a great way to go about it indeed ^^.

Just my 2 cents, sorry if it doesnt align.

You're good, I like hearing peoples suggestions on how I can do stuff more efficiently, so I'll be looking into what you suggested!
Sharing is caring... So give me all of your fucking .MODs!!!

Hahah, well.. rJAM message reader is getting more and more polished. 132x37 mail reading is just soooo much better ^^. Cant be too long now.

oP!

... I am. Therefore, I think. I think.

--- Mystic BBS v1.12 A49 2024/05/29 (Linux/64)
* Origin: TheForze - bbs.theforze.eu:23 (21:3/126)

Re: Advice on self-hosting a website?
By: opicron to opicron on Tue Apr 15 2025 06:30 am

And then have an OVH like crisis when their datacenter burns to the ground

No, if you dont have your docker backup locally, to spin up in a minute or two at any other service you are doing it wrong. No crisis for me.

I would buy the argument but then you say

We are talking about hobby local home projects.

So while I agree having some Infrastructure as Code trick mitigates (but does not void!) the need for a proper backup strategy, the moment you mention it is a hobby project you reduce the probabiligy of a good, usable, no friction automated deployment existing.

Also, it is worth noticing that lots of people nowadays use Infrastructure as Code which is trapped via vendor lock-in.



--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.24-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)