I’ve wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.

Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.

I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can’t communicate with each other.

I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don’t anticipate a crush of people.

I know the basics of how to set up a NodeBB instance, and I’ve successfully backed up and restored an instance on another machine.

I’m not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that’s it.

Anything else I should know? Thanks!

EDIT:

I also have a domain, a couple of them, actually. They’re like potato chips; you can’t stop at just one.

I don’t plan on self-hosting email used for forum registration and announcements. I’m not a masochist.

EDIT for future readers:

I think for now I’m not going to self host anything I intend to be accessed by the public. While I pay the internet bill, my name is on the account, and I own all the equipment, I’m not the only member of this household, so it would be somewhat inconsiderate of me to share our bandwidth with public traffic. In general I think those warning against self-hosting resources one intends to be accessed by the general public are pretty sound.

I tried the Cloudflare tunnel suggestion, but it doesn’t seem to play nice with NodeBB. I can access the forum, even over HTTPS, but I can’t log in. Some quick googling leads me to believe it has something to do with web sockets. The first fix I found involves exposing my IP, which defeats the purpose of using a cloudflare tunnel. There may be a way around it, but I frankly can’t be bothered.

  • 0xalivecow@infosec.pub
    link
    fedilink
    English
    arrow-up
    34
    ·
    7 个月前

    As some have already mentioned info regarding security I wont add to that.

    The other thing you should consider in my opinion is the legal side of things. Depending on you jurisdiction, you as the operator of the instance may be held accountable for the data it stores and serves. This means that you may be liable for both possession and distribution of illegal contents. I am not knowledgeable in regards to laws that cover moderation of content, but I assume you will be required to remove any such content if you gain knowledge of it. Again, this depends entirely on your countries laws and regulations but also on the laws and regulations of the countries you make your service available to.

    Please be careful with hosting public instances. If anyone has more insight to this, please do add it and correct me if necessary.

    • irotsoma@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      8
      ·
      7 个月前

      This is especially necessary to consider if you live in the US right now. One of the things the current administration is pushing for even harder than past administrations is removal of Section 230 of the communications act that was enacted in the 90s. This provides a defense against liability for the content you host as long as you make a reasonable effort to remove content that is illegal. Problem is that this makes it really difficult to censor (maliciously or otherwise) content because it’s hard to go after the poster of the content and easier to go after the host or for the host to be under threat to stop it from being posted in the first place. But it’s a totally unreasonable thing, so it basically would mean every website would have to screen every piece of content manually with a legal team and thus would mean user generates content would go away because it would be extremely expensive to implement (to the chagrin of the broadcast content industries).

      The DMCA created way for censors to file a complaint and have content taken down immediately before review, but that means the censors have to do a lot of work to implement it, so they’ve continued to push for total elimination of Section 230. Since it’s a problematic thing for fascism, the current administration has also been working hard to build a case so the current biased supreme court can remove it since legislation is unlikely to get through since those people have to get reelected whereas supreme court justices don’t care about their reputation.

      So, check your local laws and if in the US, keep an eye on Section 230 news as well as making sure you have a proper way to handle DMCA takedown notices.

        • irotsoma@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 个月前

          Yeah, other countries have similar or even more strict requirements, so yeah it all depends on the jurisdiction. You have to also understand that just hosting something externally, doesn’t mean you don’t fall under laws of another country. It’s the internet. And if you live in a country, you may be held responsible for obeying their laws. I’m not a lawyer, so it’s something to be careful of even if externally hosted.

          • RubberElectrons@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 个月前

            Somehow 4chan admins have largely escaped legal consequences for this stuff, and I don’t think it’s just because of sec230.

            Not a fan of 4chan, but I do note both their and the pirate bay’s operation scheme.

            • irotsoma@lemmy.blahaj.zone
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 个月前

              I mean, in most cases this isn’t criminal law (in the US at least), so it means you have to attract enough attention of a corporation since they’re usually the only ones who can afford the legal costs to file the DMCA requests and responses for copyright violation. And with many other civil issues, often corporations with the money for it, don’t have standing to sue, and if they did, would be required to sue each individual in the appropriate jurisdiction.

              With the removal of Section 230, these costs will go down significantly as a single user’s violation could be enough to bankrupt or shut down an entire site of violating content or, if serious criminal violations like child porn, put the person who hosts the site in prison who, will be much easier to identify and sue in a single jurisdiction or arrest than a random internet user.

    • jqubed@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 个月前

      I liked this read when considering legal ramifications for hosting content. It is U.S. focused so it might not be applicable to someone in another country.