I provisioned an Ubuntu 22.02 server at Linode. I chose their 2 GB Shared CPU instance type. Once I configured the server to my liking, I ran through the Lemmy-Ansible instructions. (They have other methods, so check the documentation.)
Essentially, you install Ansible on your workstation. I’m on macOS and installed it via Homebrew. You then download their git repository, create the necessary configuration files, and then have Ansible configure the server. It was fairly simple.
I have a lab at home and do host some stuff for myself from there in a small DMZ (ie: Miniflux RSS readers, Plex through Reverse proxy etc).
But I used a linode for my lemmy/kbin stuff. Reason being is that the code is fairly new and there may be exploits bugs and
I dont want to deal with my ISP made an instance is exploited and becomes some type of C2 box or spews out spam. Kbin specifically already has PRs to fix XSS and Sql injection stuff, the former of which is usually avoidable if you just follow some pretty basic principles. So its a concern.
Linode has better bandwidth than my non-symmetrical ISP uplink and is on its own quota.
It sounds like linode is the way to go then and their prices seem reasonable. The funny thing is I’ve heard of linode before because Computer Clan uses it as a sponsor, but ever since I started using sponsor block I haven’t really heard about it. I didn’t actually know what they did.
I’ve run linodes for years. My blog runs on them. I still host a variety of other services on them. They are good for everything from gaming servers to a blog etc.
They did get bought out by akamai a while back. And have raised their prices but they are still solid.
I am currently the only user. Im considering opening it up to limited users but not really having communities once i get a lot of the instances cached and indexable.
Others like @leopardboy@netmonkey.tech are running on a 2GB shared just fine. I will likely move to that if i choose to keep it solo for sure, or under 100 users and no communities.
I dont have the time to really moderate others or content on the instance. So i dont think I plan to host any communities at all. I do wish you could federate/sync specific communities to your instance to make searching/subscribing easier.
That’s exactly what I’m wanting to do. Just have myself and maybe a few others with limited communities. Would you recommend using ansible to setup a Lemmy on Linode?
If theres vulnerabilities in the software, like RCE’s or SQL Injections that can lead to access…Cloudflare wont do much for you. For example Kbin has already have PRs for SQL injections and even XSS vulns.
These will get flushed out with time and more people maintaining them of course. But I dont know if I would want that on my personal network even if on a DMZ. If for no other reason than if your instance starts spamming outbound traffic and you get flagged by your ISP.
Heck I had one of my domains flagged by my works Cisco Umbrella instance and the dang thing wasnt even in prod yet.
Can you tell me a bit about the process you went through to create your own instance? I’d like to make one myself.
You’re talking about Lemmy, right?
I provisioned an Ubuntu 22.02 server at Linode. I chose their 2 GB Shared CPU instance type. Once I configured the server to my liking, I ran through the Lemmy-Ansible instructions. (They have other methods, so check the documentation.)
Essentially, you install Ansible on your workstation. I’m on macOS and installed it via Homebrew. You then download their git repository, create the necessary configuration files, and then have Ansible configure the server. It was fairly simple.
I may go that route. I was wanting to host my own server but I feel like it would be easier to just use a cloud server
I have a lab at home and do host some stuff for myself from there in a small DMZ (ie: Miniflux RSS readers, Plex through Reverse proxy etc).
But I used a linode for my lemmy/kbin stuff. Reason being is that the code is fairly new and there may be exploits bugs and
I dont want to deal with my ISP made an instance is exploited and becomes some type of C2 box or spews out spam. Kbin specifically already has PRs to fix XSS and Sql injection stuff, the former of which is usually avoidable if you just follow some pretty basic principles. So its a concern.
Linode has better bandwidth than my non-symmetrical ISP uplink and is on its own quota.
It sounds like linode is the way to go then and their prices seem reasonable. The funny thing is I’ve heard of linode before because Computer Clan uses it as a sponsor, but ever since I started using sponsor block I haven’t really heard about it. I didn’t actually know what they did.
I’ve run linodes for years. My blog runs on them. I still host a variety of other services on them. They are good for everything from gaming servers to a blog etc.
They did get bought out by akamai a while back. And have raised their prices but they are still solid.
Nanodes are awesome deals frankly.
Is the 2GB the one you use for your Lemmy server? I’m getting ready to purchase one to see if I can figure it out.
Im currently on the 4GB dedicated. However heres an htop of it.
https://imgur.com/a/NpEsw4t
I am currently the only user. Im considering opening it up to limited users but not really having communities once i get a lot of the instances cached and indexable.
Others like @leopardboy@netmonkey.tech are running on a 2GB shared just fine. I will likely move to that if i choose to keep it solo for sure, or under 100 users and no communities.
I dont have the time to really moderate others or content on the instance. So i dont think I plan to host any communities at all. I do wish you could federate/sync specific communities to your instance to make searching/subscribing easier.
That’s exactly what I’m wanting to do. Just have myself and maybe a few others with limited communities. Would you recommend using ansible to setup a Lemmy on Linode?
You mean something that populates your server with a history of posts and comments to communities before your subscribe to them?
It’s personal preference, but I find it easier, for sure.
I would assume it would be more secure as well
Yeah, you generally wouldn’t want to run a public Internet server on the same network as your personal systems.
With cloudflare tunnel it is ok
mmm. thats debateable.
If theres vulnerabilities in the software, like RCE’s or SQL Injections that can lead to access…Cloudflare wont do much for you. For example Kbin has already have PRs for SQL injections and even XSS vulns.
These will get flushed out with time and more people maintaining them of course. But I dont know if I would want that on my personal network even if on a DMZ. If for no other reason than if your instance starts spamming outbound traffic and you get flagged by your ISP.
Heck I had one of my domains flagged by my works Cisco Umbrella instance and the dang thing wasnt even in prod yet.
Wow, I had no idea.
Thanks for your input.
Sure, it would keep the origin from being publicly accessible on the Internet, but you would want to put that server on its own network, anyway.