Protection for self hosted servers

I have started getting into self hosting services like bitwarden and nextcloud. After looking into securing my server (I bought a server at a vps) a lot of people seemed to recommend implementing proxy (so that the ip address of your server is not exposed when accessing your web applications) and some kind of DDoS protection. The guides I have found online all seem to recommend Cloudflare.

I understand from previous posts that Cloudflare is not recommended. I also saw keycdn mentioned. Do anyone have experience with using them? If so do they offer similar functionality? DDoS protection is mentioned on their website but it is not clear about the details.

Stay safe!

1 Like

If you dont really know what you are doing, you should probably stay with the hosted service rather than self hosting - looking at this at a security standpoint. They have actual IT security personel that can actually maintain security without breaking stuff.

Otherwise in an air gapped system/internal network, you should be fine for as long as you can physically secure the servers.

3 Likes

Well vps providers make it fairly straightforward with preconfigured images and so on. But youre right that I probably cant uphold the same security as major companies out there. But I think self hosting is a good learning experience.

And sure if I was using my own servers that would be ideal but that it is sadly not an option for me.

I think for now while you’re learning how to setup your own servers you should roll with Cloudflare. It’s free and does a good job at providing security, so you don’t have to worry about it while you are focused on learning about other things that are more interesting to you.

The reason I recommend this is because I agree with @hauntsanctuary . You are responsible for your server and if not taken care of properly it might end up costing you your data or even worse like taken over to form part of a botnet.

What I’m saying is focus on what you are most interested in first while Cloudflare gives you that extra protection boost. I know is not privacy-friendly but focusing on too many things at once is not a good way to learn, and I think is better to sacrifice that little privacy for now and have a secure server on the long run (the way I see it this is on everyone’s best interest).

Unfortunately I don’t know of any good alternatives to Cloudflare, and from AlternativeTo there seem to be a few but paid ones. But you can look at things like Fail2Ban to protect against automated SSH login attempts.

you should still use some firewall rules to block access to you real server

There is someone here on the forums whom has made a website explaining roughly but in understandable steps how to secure a server of your own. I highly recommend you read his web - entries.
Ill see what his nick is.

Thank you everyone for the input. I definitely agree that in the end it is on the server owner to handle security and that i dont know what I am doing it is not going to be secure no matter what applications I am using @hauntsanctuary . But you gotta start somewhere to learn right!

I have made a setup with Cloudflare and also added Fail2Ban (thanks @LOK_48SEAL ). Using ufw and went through open ports appreciate it @A_user. And made sure to only use SSH for login and set up the server to do automatic updates.

2 Likes

I will have a look :slight_smile: