this post was submitted on 27 Nov 2023
1 points (66.7% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I want to get into self hosting. I now have an Asus ZenWifi Pro ET12 router which i think is one of the more top of the line Asus routers. But now as i want to get into self hosting, should i switch it out for a mini PC like the topton j6412 which i have been looking at. Will this provide better security and speed. Or will it just make it slower and more unreliable?

top 3 comments
sorted by: hot top controversial new old
[–] Simplixt@alien.top 1 points 11 months ago (1 children)

You have a WiFi 6E Mesh, that's awesome, would be really stupid to replace it.

However, you could look how to combine the Asus WiFi Mesh with a self-hosted firewall.
E.g. using a OPNsense-VM as Gateway / DHCP / DNS server für all clients in the network ..

But that's more for playing around.

[–] simen64@alien.top 1 points 11 months ago

So the asus router offers enough secuirty for self hosting, even with exposing things through nginx proxy manager?

[–] gringo_9210@alien.top 1 points 11 months ago

The choice of router doesn't do much as most if not all consumer-grade home routers these days have built-in firewalls enough to block most intrusions on network esp. without open ports. If self-hosting a website at home then make sure to secure the two opened web hosting ports (TCP ports 80/443) with UFW, Fail2Ban, or even Port Knocking on for ex. Linux. Don't forward but limit access (locally) to SSH port. Encrypt your DNS (DoH, DoT, etc.) at home by running either AdGuard Home or Pi-hole.

Also proxy DNS via Cloudflare & make sure to use full (strict) end-to-end SSL encryption (DNSSEC enabled). Use stronger security headers & SSL encryption parameters (minimum TLSv1.2, SSL ciphers, stapling & ECDH curve, etc.). Use a software firewall on your websites such as Wordfence, Sucuri, or BBQ Pro on Wordpress.

Don't overkill with your network setup. If you're just gonna be running a website that serves primarily cached or preloaded static pages then it's no use spending hundreds of dollars for it. Even a wireless Rasp. Pi Zero W is an overkill for such a setup.