jason

This is 100% the way to go. I spun up a new server for a public-facing site on my VPS and I wondered if I really needed fail2ban. Within ten minutes of setting it up it had already blocked four people.

Don’t open port 22 if you can help it. Use it on your local network and VPN in if you need to use it offsite.

I had to delete the directory and make sure the file existed and was named what it should be named, but then it worked. But yeah, should be a file.

It would have to be a domain you actually own

Here’s a script to do it with several different DNS providers: https://github.com/acmesh-official/acme.sh I personally set the renew as a weekly cronjob and never have to think about it.

I use a reverse proxy so I can just use a hostname and not need a port. I run Jellyfin that way no problem, function-wise.

Additionally, not having a domain won’t necessarily protect you since you do have people out there scanning for ports and when they see 8096, they’re going to immediately know it’s a Jellyfin/Emby server and any vulnerabilities associated with those. If you use a reverse proxy, they only see 443 which is…pretty much every other site on the internet. That’s security through obscurity, I know, but it will help mitigate some of the easier attacks.

I’ll say that everything I have to have a port open for (mostly game servers) gets targeted by the internet at large despite the fact that I’ve published the address and port absolutely nowhere online and only shared it with close friends. I almost never get anyone trying to log in to my other services.

I have almost this exact setup (paperless-ngx on a LUKS encrypted drive, but mine is running on a VM in Proxmox) and I feel pretty good about the security. That being said, I only have it running on my home network and use a WireGuard VPN if I need to access it remotely. I can’t say I would feel as comfortable if I just had it open to the internet. Like, it’s probably ok, but then you’re relying on Paperless being your first and last line of defense.

Ghost is self-hostable, easy-to-use, and looks beautiful. (Good) themes are usually a one-time payment, and they definitely have photoblog ones.

I use both Ghost and Wordpress for my sites and, while it’s not as infinitely customizable as Wordpress, Ghost is also not as needlessly complex, vulnerable, or time-intensive.

Oh totally. It wasn’t a knock at the software at all. In fact. I’m surprised by how well this works as a drop-in replacement for Reddit for me and both Lemmy and Kbin are solid.

The reason I asked was that, with my single-user Mastodon instance, likes/boosts and comments are nearly always incomplete on my server just because of the way federation works. I was just wondering if that was something smaller instances had to deal with in perpetuity or if it was just a one-off issue that happened at the start.

The OP commented below saying that comments appeared to be loading instantaneously after that initial hiccup.

haha better than the 12GB and rising of my single-user Mastodon instance. And this is with deleting my media cache every night.

Do the comments ever load reliably? For me that would be a dealbreaker...

How is your RAM/storage usage? I'm interested in setting up my own instance (no communities, just a username that will always be here) but don't want to upgrade my VPS again. I already had to do that spinning up a Mastodon server.

SearXNG has come a long way. I self-host, and I consistently get more reliable results than when I use Google, and you can set it to replace something like twitter.com with nitter.net or reddit.com with teddit.net, so you can still visit those sites automatically on mobile (not sure, but that might be a self-host only thing).