<div dir="ltr"><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">My current favorite VM architecture is Proxmox because it is LXC and KVM/Quemu as well as building solid front ends for Ceph, ZFS, and other very nice network abilities. And for personal use, it is free (with a nag notice). and built on top of Debian. I have been really liking spinning up containers for experiments.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Jul 11, 2021 at 7:36 PM Keith Smith via PLUG-discuss <<a href="mailto:plug-discuss@lists.phxlinux.org">plug-discuss@lists.phxlinux.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Thanks!!<br>
<br>
On 2021-07-11 14:54, James Mcphee via PLUG-discuss wrote:<br>
> Just as general advice. Keep everything private, except the very<br>
> minimum you need otherwise. Keep everything disposable, except for<br>
> what you absolutely need to persist. Keep everything isolated, except<br>
> exactly what communication you need. Doing this will take a LOT of<br>
> learning about the systems and how they work, but you should consider<br>
> it the base starting point to avoid turning into a host for various<br>
> bad actors. Until you feel you won't expose more than you should, you<br>
> should probably keep everything locked up in a private network on vm's<br>
> that you don't mind recycling on the regular.<br>
> <br>
> On Sun, Jul 11, 2021 at 12:54 PM Keith Smith via PLUG-discuss<br>
> <<a href="mailto:plug-discuss@lists.phxlinux.org" target="_blank">plug-discuss@lists.phxlinux.org</a>> wrote:<br>
> <br>
>> Thank you Michael for all your replies and for this one!!<br>
>> <br>
>> I hear ya. It may take too much time....<br>
>> <br>
>> Let me ponder your reply.<br>
>> <br>
>> Thanks!!<br>
>> <br>
>> On 2021-07-11 12:15, Michael Butash via PLUG-discuss wrote:<br>
>>> On Sun, Jul 11, 2021 at 11:23 AM Keith Smith via PLUG-discuss<br>
>>> <<a href="mailto:plug-discuss@lists.phxlinux.org" target="_blank">plug-discuss@lists.phxlinux.org</a>> wrote:<br>
>>> <br>
>>>> I am talking about a virtual PHP host running Ubuntu LTS, LAMP,<br>
>>>> Let's<br>
>>>> Encrypt, BIND, Postfix, Dovecot, and possibly some webmail app.<br>
>> Not<br>
>>>> <br>
>>>> sure of anything else I would need. Is there more?<br>
>>>> <br>
>>>> We can throw in learning Apache SPF and NGINX.<br>
>>>> <br>
>>>> 1) First question is this a reasonable idea or am I crazy?<br>
>>> <br>
>>> For learning and tinkering, it's a good idea, production for<br>
>> yourself<br>
>>> probably not. I set all that up some 10-15 years ago, thought it<br>
>> was<br>
>>> cool, then got tired of upkeep. If you plan to maintain it right,<br>
>> you<br>
>>> probably will too.<br>
>>> <br>
>>> These days any internet-facing service needs almost religious zeal<br>
>> to<br>
>>> upkeep, lest some jackass use a 0-day to cryptolocker your<br>
>> system(s),<br>
>>> and if you watch security lists for those, they are still pretty<br>
>>> frequent I'll bet. Or you could just pay<br>
>> gmail/orfice365/rocketmail,<br>
>>> or any other and let all that patching and upkeep be automated by<br>
>>> them. I used godaddy mail for a decade, later gmail, and I really<br>
>>> don't mind not managing my own email or dns servers ever again<br>
>> since.<br>
>>> <br>
>>>> 2) 2nd question is what skills would I need?<br>
>>> <br>
>>> The ability to google your ass off mostly. I've not read a how-to<br>
>> or<br>
>>> protocol or certification-type book in 20 years, trust me it's not<br>
>>> terribly practical, and I fifo from my brain quickly. Searching<br>
>> how<br>
>>> to's and troubleshooting as you do is how you learn. If you must,<br>
>> I'd<br>
>>> recommend linux academy, udemy, or other online class-type<br>
>> courses, as<br>
>>> most can be had cheap around holidays with sales, mostly what I do<br>
>>> these days to learn if not just searching.<br>
>>> <br>
>>> Email is email and hasn't changed much in 20 years. Understanding<br>
>>> encryption, authentication (ie. 2fa), use of SPF/DKIM with DNS,<br>
>>> certificates (openssl, letsencrypt, build your own CA). Security<br>
>> in<br>
>>> general is pretty key more than knowing how email protocols work.<br>
>>> <br>
>>> Web stuff is again more about security imho, redirect all<br>
>>> non-encrypted to encrypted (tcp/80->443 redirection), proper<br>
>>> certs/encryption standards (enable tls1.2, disable rest, strong<br>
>>> ciphers). Some vhosts, proxy redirection if needed, etc is<br>
>> helpful.<br>
>>> If you want to scale, add load-balancing via apache/nginx proxy or<br>
>>> appliances (F5, AWS ALB, Netscaler, etc) across multiple hosts.<br>
>>> <br>
>>> System security is key too. Securing SSH, disabling unnecessary<br>
>>> services, local firewall in/out, log monitoring, networking, file<br>
>>> system/service integrity, etc.<br>
>>> <br>
>>> I am not a dev or a sysadmin, more a network guy that ends up<br>
>>> troubleshooting systems more than their owners do when they blame<br>
>> my<br>
>>> network, or just tinkering for myself. IMHO with above, but YMMV.<br>
>>> <br>
>>> -mb<br>
>>> ---------------------------------------------------<br>
>>> PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
>>> To subscribe, unsubscribe, or to change your mail settings:<br>
>>> <a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br>
>> ---------------------------------------------------<br>
>> PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
>> To subscribe, unsubscribe, or to change your mail settings:<br>
>> <a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br>
> <br>
> --<br>
> James McPhee<br>
> <a href="mailto:jmcphe@gmail.com" target="_blank">jmcphe@gmail.com</a><br>
> ---------------------------------------------------<br>
> PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
> To subscribe, unsubscribe, or to change your mail settings:<br>
> <a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.<br><br>Stephen<br><br></div>