Thank you Michael for all your replies and for this one!!
I hear ya. It may take too much time....
Let me ponder your reply.
Thanks!!
On 2021-07-11 12:15, Michael Butash via PLUG-discuss wrote:
> On Sun, Jul 11, 2021 at 11:23 AM Keith Smith via PLUG-discuss
> <plug-discuss@lists.phxlinux.org> wrote:
>
>> I am talking about a virtual PHP host running Ubuntu LTS, LAMP,
>> Let's
>> Encrypt, BIND, Postfix, Dovecot, and possibly some webmail app. Not
>>
>> sure of anything else I would need. Is there more?
>>
>> We can throw in learning Apache SPF and NGINX.
>>
>> 1) First question is this a reasonable idea or am I crazy?
>
> For learning and tinkering, it's a good idea, production for yourself
> probably not. I set all that up some 10-15 years ago, thought it was
> cool, then got tired of upkeep. If you plan to maintain it right, you
> probably will too.
>
> These days any internet-facing service needs almost religious zeal to
> upkeep, lest some jackass use a 0-day to cryptolocker your system(s),
> and if you watch security lists for those, they are still pretty
> frequent I'll bet. Or you could just pay gmail/orfice365/rocketmail,
> or any other and let all that patching and upkeep be automated by
> them. I used godaddy mail for a decade, later gmail, and I really
> don't mind not managing my own email or dns servers ever again since.
>
>> 2) 2nd question is what skills would I need?
>
> The ability to google your ass off mostly. I've not read a how-to or
> protocol or certification-type book in 20 years, trust me it's not
> terribly practical, and I fifo from my brain quickly. Searching how
> to's and troubleshooting as you do is how you learn. If you must, I'd
> recommend linux academy, udemy, or other online class-type courses, as
> most can be had cheap around holidays with sales, mostly what I do
> these days to learn if not just searching.
>
> Email is email and hasn't changed much in 20 years. Understanding
> encryption, authentication (ie. 2fa), use of SPF/DKIM with DNS,
> certificates (openssl, letsencrypt, build your own CA). Security in
> general is pretty key more than knowing how email protocols work.
>
> Web stuff is again more about security imho, redirect all
> non-encrypted to encrypted (tcp/80->443 redirection), proper
> certs/encryption standards (enable tls1.2, disable rest, strong
> ciphers). Some vhosts, proxy redirection if needed, etc is helpful.
> If you want to scale, add load-balancing via apache/nginx proxy or
> appliances (F5, AWS ALB, Netscaler, etc) across multiple hosts.
>
> System security is key too. Securing SSH, disabling unnecessary
> services, local firewall in/out, log monitoring, networking, file
> system/service integrity, etc.
>
> I am not a dev or a sysadmin, more a network guy that ends up
> troubleshooting systems more than their owners do when they blame my
> network, or just tinkering for myself. IMHO with above, but YMMV.
>
> -mb
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss 
(text/plain)