I’ve wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.
Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.
I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can’t communicate with each other.
I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don’t anticipate a crush of people.
I know the basics of how to set up a NodeBB instance, and I’ve successfully backed up and restored an instance on another machine.
I’m not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that’s it.
Anything else I should know? Thanks!
EDIT:
I also have a domain, a couple of them, actually. They’re like potato chips; you can’t stop at just one.
I don’t plan on self-hosting email used for forum registration and announcements. I’m not a masochist.
Do it.
There’s really not much that can end badly, someone gets in your network (unlikely anyone even knows it exists)? reformat all your shit. Just by knowing what a DMZ is you are already more qualified than half the people I’ve met self hosting
do you run a business out of your house? do you run a bunch of peoples personal info? does anyone else? If you answered no to all of these then there really isn’t much that can “go wrong” you can just unplug your shit.
hosting email also isn’t that big of a deal but your home ISP will block port 25, you need to have a “business” one for them to unblock it and even then sometimes have to directly request it. Things like mailcow docker make it dead easy.
and yea as the other guy said always update your stuff
Scans for open ports run continuously these days.
Ten years ago I opened a port for something for a couple days - for months after that I was getting regular scans against that port (and others).
At one point the scans were so constant it was killing my internet performance (poor little consumer router had no defense capability).
I don’t think the scans ever fully stopped until I moved. Whoever has that IP now probably gets specifically scanned on occasion.
And just because you don’t run a business doesn’t mean you have nothing to lose.
DMZ should be enough… But routers have known flaws, so I’d be sure to verify whatever I’m using.
scans for open ports ran continuously since the 1990s, it was never a big deal. Also they only run on lower ports (not that it matters)
what are you talking about killing your internet performance? You can have hundreds of thousands of scans per day (which isn’t gonna happen, you won’t even get 100) and it still won’t bog down jank cable internet from early 2000s