Running/managing my own server

Stephen Partington cryptworks at gmail.com
Sun Jul 11 22:19:53 MST 2021 

My current favorite VM architecture is Proxmox because it is LXC and
KVM/Quemu as well as building solid front ends for Ceph, ZFS, and other
very nice network abilities. And for personal use, it is free (with a nag
notice). and built on top of Debian. I have been really liking spinning up
containers for experiments.



On Sun, Jul 11, 2021 at 7:36 PM Keith Smith via PLUG-discuss <
plug-discuss at lists.phxlinux.org> wrote:

>
> Thanks!!
>
> On 2021-07-11 14:54, James Mcphee via PLUG-discuss wrote:
> > Just as general advice.  Keep everything private, except the very
> > minimum you need otherwise.  Keep everything disposable, except for
> > what you absolutely need to persist.  Keep everything isolated, except
> > exactly what communication you need.  Doing this will take a LOT of
> > learning about the systems and how they work, but you should consider
> > it the base starting point to avoid turning into a host for various
> > bad actors.  Until you feel you won't expose more than you should, you
> > should probably keep everything locked up in a private network on vm's
> > that you don't mind recycling on the regular.
> >
> > On Sun, Jul 11, 2021 at 12:54 PM Keith Smith via PLUG-discuss
> > <plug-discuss at lists.phxlinux.org> wrote:
> >
> >> Thank you Michael for all your replies and for this one!!
> >>
> >> I hear ya.  It may take too much time....
> >>
> >> Let me ponder your reply.
> >>
> >> Thanks!!
> >>
> >> On 2021-07-11 12:15, Michael Butash via PLUG-discuss wrote:
> >>> On Sun, Jul 11, 2021 at 11:23 AM Keith Smith via PLUG-discuss
> >>> <plug-discuss at lists.phxlinux.org> wrote:
> >>>
> >>>> I am talking about a virtual PHP host running Ubuntu LTS, LAMP,
> >>>> Let's
> >>>> Encrypt, BIND, Postfix, Dovecot, and possibly some webmail app.
> >> Not
> >>>>
> >>>> sure of anything else I would need. Is there more?
> >>>>
> >>>> We can throw in learning Apache SPF and NGINX.
> >>>>
> >>>> 1) First question is this a reasonable idea or am I crazy?
> >>>
> >>> For learning and tinkering, it's a good idea, production for
> >> yourself
> >>> probably not.  I set all that up some 10-15 years ago, thought it
> >> was
> >>> cool, then got tired of upkeep.  If you plan to maintain it right,
> >> you
> >>> probably will too.
> >>>
> >>> These days any internet-facing service needs almost religious zeal
> >> to
> >>> upkeep, lest some jackass use a 0-day to cryptolocker your
> >> system(s),
> >>> and if you watch security lists for those, they are still pretty
> >>> frequent I'll bet.  Or you could just pay
> >> gmail/orfice365/rocketmail,
> >>> or any other and let all that patching and upkeep be automated by
> >>> them.  I used godaddy mail for a decade, later gmail, and I really
> >>> don't mind not managing my own email or dns servers ever again
> >> since.
> >>>
> >>>> 2) 2nd question is what skills would I need?
> >>>
> >>> The ability to google your ass off mostly.  I've not read a how-to
> >> or
> >>> protocol or certification-type book in 20 years, trust me it's not
> >>> terribly practical, and I fifo from my brain quickly.  Searching
> >> how
> >>> to's and troubleshooting as you do is how you learn.  If you must,
> >> I'd
> >>> recommend linux academy, udemy, or other online class-type
> >> courses, as
> >>> most can be had cheap around holidays with sales, mostly what I do
> >>> these days to learn if not just searching.
> >>>
> >>> Email is email and hasn't changed much in 20 years.  Understanding
> >>> encryption, authentication (ie. 2fa), use of SPF/DKIM with DNS,
> >>> certificates (openssl, letsencrypt, build your own CA).  Security
> >> in
> >>> general is pretty key more than knowing how email protocols work.
> >>>
> >>> Web stuff is again more about security imho, redirect all
> >>> non-encrypted to encrypted (tcp/80->443 redirection), proper
> >>> certs/encryption standards (enable tls1.2, disable rest, strong
> >>> ciphers).  Some vhosts, proxy redirection if needed, etc is
> >> helpful.
> >>> If you want to scale, add load-balancing via apache/nginx proxy or
> >>> appliances (F5, AWS ALB, Netscaler, etc) across multiple hosts.
> >>>
> >>> System security is key too.  Securing SSH, disabling unnecessary
> >>> services, local firewall in/out, log monitoring, networking, file
> >>> system/service integrity, etc.
> >>>
> >>> I am not a dev or a sysadmin, more a network guy that ends up
> >>> troubleshooting systems more than their owners do when they blame
> >> my
> >>> network, or just tinkering for myself.  IMHO with above, but YMMV.
> >>>
> >>> -mb
> >>> ---------------------------------------------------
> >>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >
> > --
> > James McPhee
> > jmcphe at gmail.com
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20210711/fb93395a/attachment.html>

More information about the PLUG-discuss mailing list