My current favorite VM architecture is Proxmox because it is LXC and KVM/Quemu as well as building solid front ends for Ceph, ZFS, and other very nice network abilities. And for personal use, it is free (with a nag notice). and built on top of Debian. I have been really liking spinning up containers for experiments. On Sun, Jul 11, 2021 at 7:36 PM Keith Smith via PLUG-discuss < plug-discuss@lists.phxlinux.org> wrote: > > Thanks!! > > On 2021-07-11 14:54, James Mcphee via PLUG-discuss wrote: > > Just as general advice. Keep everything private, except the very > > minimum you need otherwise. Keep everything disposable, except for > > what you absolutely need to persist. Keep everything isolated, except > > exactly what communication you need. Doing this will take a LOT of > > learning about the systems and how they work, but you should consider > > it the base starting point to avoid turning into a host for various > > bad actors. Until you feel you won't expose more than you should, you > > should probably keep everything locked up in a private network on vm's > > that you don't mind recycling on the regular. > > > > On Sun, Jul 11, 2021 at 12:54 PM Keith Smith via PLUG-discuss > > wrote: > > > >> Thank you Michael for all your replies and for this one!! > >> > >> I hear ya. It may take too much time.... > >> > >> Let me ponder your reply. > >> > >> Thanks!! > >> > >> On 2021-07-11 12:15, Michael Butash via PLUG-discuss wrote: > >>> On Sun, Jul 11, 2021 at 11:23 AM Keith Smith via PLUG-discuss > >>> wrote: > >>> > >>>> I am talking about a virtual PHP host running Ubuntu LTS, LAMP, > >>>> Let's > >>>> Encrypt, BIND, Postfix, Dovecot, and possibly some webmail app. > >> Not > >>>> > >>>> sure of anything else I would need. Is there more? > >>>> > >>>> We can throw in learning Apache SPF and NGINX. > >>>> > >>>> 1) First question is this a reasonable idea or am I crazy? > >>> > >>> For learning and tinkering, it's a good idea, production for > >> yourself > >>> probably not. I set all that up some 10-15 years ago, thought it > >> was > >>> cool, then got tired of upkeep. If you plan to maintain it right, > >> you > >>> probably will too. > >>> > >>> These days any internet-facing service needs almost religious zeal > >> to > >>> upkeep, lest some jackass use a 0-day to cryptolocker your > >> system(s), > >>> and if you watch security lists for those, they are still pretty > >>> frequent I'll bet. Or you could just pay > >> gmail/orfice365/rocketmail, > >>> or any other and let all that patching and upkeep be automated by > >>> them. I used godaddy mail for a decade, later gmail, and I really > >>> don't mind not managing my own email or dns servers ever again > >> since. > >>> > >>>> 2) 2nd question is what skills would I need? > >>> > >>> The ability to google your ass off mostly. I've not read a how-to > >> or > >>> protocol or certification-type book in 20 years, trust me it's not > >>> terribly practical, and I fifo from my brain quickly. Searching > >> how > >>> to's and troubleshooting as you do is how you learn. If you must, > >> I'd > >>> recommend linux academy, udemy, or other online class-type > >> courses, as > >>> most can be had cheap around holidays with sales, mostly what I do > >>> these days to learn if not just searching. > >>> > >>> Email is email and hasn't changed much in 20 years. Understanding > >>> encryption, authentication (ie. 2fa), use of SPF/DKIM with DNS, > >>> certificates (openssl, letsencrypt, build your own CA). Security > >> in > >>> general is pretty key more than knowing how email protocols work. > >>> > >>> Web stuff is again more about security imho, redirect all > >>> non-encrypted to encrypted (tcp/80->443 redirection), proper > >>> certs/encryption standards (enable tls1.2, disable rest, strong > >>> ciphers). Some vhosts, proxy redirection if needed, etc is > >> helpful. > >>> If you want to scale, add load-balancing via apache/nginx proxy or > >>> appliances (F5, AWS ALB, Netscaler, etc) across multiple hosts. > >>> > >>> System security is key too. Securing SSH, disabling unnecessary > >>> services, local firewall in/out, log monitoring, networking, file > >>> system/service integrity, etc. > >>> > >>> I am not a dev or a sysadmin, more a network guy that ends up > >>> troubleshooting systems more than their owners do when they blame > >> my > >>> network, or just tinkering for myself. IMHO with above, but YMMV. > >>> > >>> -mb > >>> --------------------------------------------------- > >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > >>> To subscribe, unsubscribe, or to change your mail settings: > >>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > >> --------------------------------------------------- > >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > >> To subscribe, unsubscribe, or to change your mail settings: > >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > > -- > > James McPhee > > jmcphe@gmail.com > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > > To subscribe, unsubscribe, or to change your mail settings: > > https://lists.phxlinux.org/mailman/listinfo/plug-discuss > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen