I’ve wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.
Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.
I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can’t communicate with each other.
I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don’t anticipate a crush of people.
I know the basics of how to set up a NodeBB instance, and I’ve successfully backed up and restored an instance on another machine.
I’m not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that’s it.
Anything else I should know? Thanks!
EDIT:
I also have a domain, a couple of them, actually. They’re like potato chips; you can’t stop at just one.
I don’t plan on self-hosting email used for forum registration and announcements. I’m not a masochist.
Don’t do it.
Hosting a public service with no real knowledge of security can only end badly.
Get a vpc, do it there, learn from mistakes.
It’s more than just HTTPS, you also need proper authentication, regular updates, emergency updates for critical vulnerabilities, ideally some sort of monitoring to detect potential misuse of the service or any escalations from the service to the OS.
Ask yourself this: If this was your first time driving a car, would you rather do it in an empty parking lot where at worst you will damage the car. Or would you rather do it in a busy street where at worst you can kill someone?
Have you ever tried Cloudflare Tunnels? I think this would solve most of those issues
I have not, I tend to avoid services and diy it
And what could actually happen? You learn through doing!
If for example the server is actually a computer in the LAN and maybe it’s also his media server and his backup server then potentially any compromise could lead to his personal information leaked and or other computers in the LAN compromised.
So what could actually happen? His personal photos and passwords and accounts can be leaked or taken over. He could be spied on by accessing his webcam. A lot of things could go wrong.
You are right. Learning by doing is awesome. Just be sure to do it in a safe way. Get a VPC. Do it there. No personal information, no access to other services. Just this service, just for this purpose. Worst case scenario, if it’s taken over, the only thing that’s harmed is the forum itself. Which is not the end of the world, I’m guessing.
Especially if this is from a computer that has access/information beyond just the public service.