I do not trust any cloud providers with my code. I want to host a LAMP website but don't want to let admins at VPS company steal my work or read database files. The only solution I could think of was to self host and have proxy servers on VPS to expose website to public
I am considering this: VPS => home server using wireguard and then run apache on home server.
This is what I've done so far to the home server. I haven't connected it via wireguard yet. - ssh key auth only - no root login - fail2ban - block all ports except 443 and 80 with iptables - custom ssh port number
what else should I do? I am extremely new to this. I will probably run Ubuntu 20.04 on a dell optiplex. I doing this wrong? I don't want my home ip to be revealed to public, and I don't want to open myself up to attacks
>don't want my home ip to be revealed to publi DNS.
Christian Brown
I dont understand what you mean by this DNS records would point to VPS ip
Luis Wright
Disconnect everything from the internet. Use floppies.
What the fuck do you think DNS is used to look up?
Josiah Kelly
Yeah, OP I was thinking about self hosting my web app last week but I know zero about security and people told me to use a cloud provider. I dont feel confident about self hosting and getting spied so right now I'm using heroku.
>lamp Please, just dont let python near anything web.
Angel Diaz
>reddit
Elijah Wright
You sound like someone who is paranoid because you are bored. Stop pretending that your things are the most valuable resource, i had to learn that lesson too.
>> I don't trust Hosters, so i give them a VPN connection directly into my home network.
If you are really that paranoid take a hoster from privacytools io and encrypt your files / database for extra protection.
Also, consider this: If a VPS hoster really looks at your files (probably illegally) then what stops them from connecting into your instance and using your VPN to access your home server?
Admins at VPS hosting companies are neither evil nor randomly check your whole disk.
Henry Allen
> portal 2 box Nice.
Jaxson Fisher
Implying that Heroku doesn't spy. If you are not paying for it then you are the product?
Matthew Johnson
>what stops them from connecting into your instance and using your VPN to access your home server? Probably SSH settings and other configs that either don't listen on VPN interface or enable auth?
Christian Cox
put it all behind a reverse proxy behind another reverse proxy and expose port 443 on the proxy only
Adam Green
they wouldn't be able to read content on home server disk. They could read web traffic if it's unencrypted though
I mean, at least if someone hack my website they hack heroku and not my network.
Jordan Kelly
Depends, an SQL Injection can be done without hacking Heroku itself
Jaxson Scott
But the VPS has access to your home network, which means the authentication has to be on the VPS, which means someone could abuse it if they log in on your VPS (or takeover the current connection)
Lucas Ramirez
Just rent space in a datacenter and use your own hardware aka server housing
Gavin Richardson
Solid point, however the rest of the network shouldn't have routes for a VPN, and thus they won't answer back if VPS will try to scan the network.
Parker Flores
why are you like this? next you'll tell me to just live in the wilderness
Luis Flores
>your bloated 300mb shitty react web "app" in a floppy disk kek