this post was submitted on 28 Nov 2023
3 points (100.0% liked)
Self-Hosted Main
21 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Thanks for the insight. I'm not worried about people logging in from different locations to be honest. The access would pretty much just be for the day then that's it. My main concern (or I guess I could say wish) is that I can leave the site "exposed" to the internet without having a bunch of bots scanning it all the time. So I was hoping for some kind of solution where the site would be completely hidden until someone authenticates themselves. I mentioned IP whitelisting because that's all I could think of, but maybe there would be another way? Or maybe what I'm asking just isn't possible?
This is not a thing. Everything exposed to the public internet will be scanned constantly forever.
You can reduce your attack surface by limiting the software/ports you expose, or by having another service/computer act as a proxy. This is what Cloudflare does as their main business.
You can get 99% of the benefit you seek by just signing up for the free version of Cloudflare and putting them in front of your webserver. You can configure the firewall on your webserver to only allow access to Cloudflare's servers and let Cloudflare deal with the bots.
Another approach would be to store data on AWS S3 or similar with a time-limited URL with a short expiration date, that you provide only to approved parties. You wouldn't even need to run a public server to do this, and access will automatically be denied after the time period you specify. (This might make more sense if you're distributing big files, versus displaying a screen or two full of information.)
You could also do a web search for "port knocking; or configure client-side TLS certificates, which can be difficult to manage but would allow you to restrict full access to your server. (still vulnerable to DDoS, though)