Thank you Michael for all your replies and for this one!! I hear ya. It may take too much time.... Let me ponder your reply. Thanks!! On 2021-07-11 12:15, Michael Butash via PLUG-discuss wrote: > On Sun, Jul 11, 2021 at 11:23 AM Keith Smith via PLUG-discuss > wrote: > >> I am talking about a virtual PHP host running Ubuntu LTS, LAMP, >> Let's >> Encrypt, BIND, Postfix, Dovecot, and possibly some webmail app. Not >> >> sure of anything else I would need. Is there more? >> >> We can throw in learning Apache SPF and NGINX. >> >> 1) First question is this a reasonable idea or am I crazy? > > For learning and tinkering, it's a good idea, production for yourself > probably not. I set all that up some 10-15 years ago, thought it was > cool, then got tired of upkeep. If you plan to maintain it right, you > probably will too. > > These days any internet-facing service needs almost religious zeal to > upkeep, lest some jackass use a 0-day to cryptolocker your system(s), > and if you watch security lists for those, they are still pretty > frequent I'll bet. Or you could just pay gmail/orfice365/rocketmail, > or any other and let all that patching and upkeep be automated by > them. I used godaddy mail for a decade, later gmail, and I really > don't mind not managing my own email or dns servers ever again since. > >> 2) 2nd question is what skills would I need? > > The ability to google your ass off mostly. I've not read a how-to or > protocol or certification-type book in 20 years, trust me it's not > terribly practical, and I fifo from my brain quickly. Searching how > to's and troubleshooting as you do is how you learn. If you must, I'd > recommend linux academy, udemy, or other online class-type courses, as > most can be had cheap around holidays with sales, mostly what I do > these days to learn if not just searching. > > Email is email and hasn't changed much in 20 years. Understanding > encryption, authentication (ie. 2fa), use of SPF/DKIM with DNS, > certificates (openssl, letsencrypt, build your own CA). Security in > general is pretty key more than knowing how email protocols work. > > Web stuff is again more about security imho, redirect all > non-encrypted to encrypted (tcp/80->443 redirection), proper > certs/encryption standards (enable tls1.2, disable rest, strong > ciphers). Some vhosts, proxy redirection if needed, etc is helpful. > If you want to scale, add load-balancing via apache/nginx proxy or > appliances (F5, AWS ALB, Netscaler, etc) across multiple hosts. > > System security is key too. Securing SSH, disabling unnecessary > services, local firewall in/out, log monitoring, networking, file > system/service integrity, etc. > > I am not a dev or a sysadmin, more a network guy that ends up > troubleshooting systems more than their owners do when they blame my > network, or just tinkering for myself. IMHO with above, but YMMV. > > -mb > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss