My current favorite VM architecture is Proxmox because it is LXC and
KVM/Quemu as well as building solid front ends for Ceph, ZFS, and other
very nice network abilities. And for personal use, it is free (with a nag
notice). and built on top of Debian. I have been really liking spinning up
containers for experiments.
On Sun, Jul 11, 2021 at 7:36 PM Keith Smith via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:
>
> Thanks!!
>
> On 2021-07-11 14:54, James Mcphee via PLUG-discuss wrote:
> > Just as general advice. Keep everything private, except the very
> > minimum you need otherwise. Keep everything disposable, except for
> > what you absolutely need to persist. Keep everything isolated, except
> > exactly what communication you need. Doing this will take a LOT of
> > learning about the systems and how they work, but you should consider
> > it the base starting point to avoid turning into a host for various
> > bad actors. Until you feel you won't expose more than you should, you
> > should probably keep everything locked up in a private network on vm's
> > that you don't mind recycling on the regular.
> >
> > On Sun, Jul 11, 2021 at 12:54 PM Keith Smith via PLUG-discuss
> > <plug-discuss@lists.phxlinux.org> wrote:
> >
> >> Thank you Michael for all your replies and for this one!!
> >>
> >> I hear ya. It may take too much time....
> >>
> >> Let me ponder your reply.
> >>
> >> Thanks!!
> >>
> >> On 2021-07-11 12:15, Michael Butash via PLUG-discuss wrote:
> >>> On Sun, Jul 11, 2021 at 11:23 AM Keith Smith via PLUG-discuss
> >>> <plug-discuss@lists.phxlinux.org> wrote:
> >>>
> >>>> I am talking about a virtual PHP host running Ubuntu LTS, LAMP,
> >>>> Let's
> >>>> Encrypt, BIND, Postfix, Dovecot, and possibly some webmail app.
> >> Not
> >>>>
> >>>> sure of anything else I would need. Is there more?
> >>>>
> >>>> We can throw in learning Apache SPF and NGINX.
> >>>>
> >>>> 1) First question is this a reasonable idea or am I crazy?
> >>>
> >>> For learning and tinkering, it's a good idea, production for
> >> yourself
> >>> probably not. I set all that up some 10-15 years ago, thought it
> >> was
> >>> cool, then got tired of upkeep. If you plan to maintain it right,
> >> you
> >>> probably will too.
> >>>
> >>> These days any internet-facing service needs almost religious zeal
> >> to
> >>> upkeep, lest some jackass use a 0-day to cryptolocker your
> >> system(s),
> >>> and if you watch security lists for those, they are still pretty
> >>> frequent I'll bet. Or you could just pay
> >> gmail/orfice365/rocketmail,
> >>> or any other and let all that patching and upkeep be automated by
> >>> them. I used godaddy mail for a decade, later gmail, and I really
> >>> don't mind not managing my own email or dns servers ever again
> >> since.
> >>>
> >>>> 2) 2nd question is what skills would I need?
> >>>
> >>> The ability to google your ass off mostly. I've not read a how-to
> >> or
> >>> protocol or certification-type book in 20 years, trust me it's not
> >>> terribly practical, and I fifo from my brain quickly. Searching
> >> how
> >>> to's and troubleshooting as you do is how you learn. If you must,
> >> I'd
> >>> recommend linux academy, udemy, or other online class-type
> >> courses, as
> >>> most can be had cheap around holidays with sales, mostly what I do
> >>> these days to learn if not just searching.
> >>>
> >>> Email is email and hasn't changed much in 20 years. Understanding
> >>> encryption, authentication (ie. 2fa), use of SPF/DKIM with DNS,
> >>> certificates (openssl, letsencrypt, build your own CA). Security
> >> in
> >>> general is pretty key more than knowing how email protocols work.
> >>>
> >>> Web stuff is again more about security imho, redirect all
> >>> non-encrypted to encrypted (tcp/80->443 redirection), proper
> >>> certs/encryption standards (enable tls1.2, disable rest, strong
> >>> ciphers). Some vhosts, proxy redirection if needed, etc is
> >> helpful.
> >>> If you want to scale, add load-balancing via apache/nginx proxy or
> >>> appliances (F5, AWS ALB, Netscaler, etc) across multiple hosts.
> >>>
> >>> System security is key too. Securing SSH, disabling unnecessary
> >>> services, local firewall in/out, log monitoring, networking, file
> >>> system/service integrity, etc.
> >>>
> >>> I am not a dev or a sysadmin, more a network guy that ends up
> >>> troubleshooting systems more than their owners do when they blame
> >> my
> >>> network, or just tinkering for myself. IMHO with above, but YMMV.
> >>>
> >>> -mb
> >>> ---------------------------------------------------
> >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >
> > --
> > James McPhee
> > jmcphe@gmail.com
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)