I’ve wanted to do this for a long time. My current ADHD hyperfixation is NodeBB, but I think my questions fit most anything that you want to be available to the general public and not just yourself and your friends.
Basically, I want to host a NodeBB instance intended for the general public out of my house. What are the risks of doing this? In particular, what are the risks of doling out a web address that points to my personal IP address? Is this even a good idea? Or should I just rent a VPS? This is 80% me wanting to improve my sysadmin skills, and 20% me wanting to create a community.
I have a DMZ in place. Hosts in the DMZ cannot reach the LAN, but LAN hosts can reach the DMZ. If necessary, I can make sure DMZ hosts can’t communicate with each other.
I have synchronous 1 Gb fiber internet. Based on the user traffic of similar forums, I don’t anticipate a crush of people.
I know the basics of how to set up a NodeBB instance, and I’ve successfully backed up and restored an instance on another machine.
I’m not 100% on things like HTTPS certs. I can paste a certbot command from a tutorial, that’s it.
Anything else I should know? Thanks!
EDIT:
I also have a domain, a couple of them, actually. They’re like potato chips; you can’t stop at just one.
I don’t plan on self-hosting email used for forum registration and announcements. I’m not a masochist.
EDIT for future readers:
I think for now I’m not going to self host anything I intend to be accessed by the public. While I pay the internet bill, my name is on the account, and I own all the equipment, I’m not the only member of this household, so it would be somewhat inconsiderate of me to share our bandwidth with public traffic. In general I think those warning against self-hosting resources one intends to be accessed by the general public are pretty sound.
I tried the Cloudflare tunnel suggestion, but it doesn’t seem to play nice with NodeBB. I can access the forum, even over HTTPS, but I can’t log in. Some quick googling leads me to believe it has something to do with web sockets. The first fix I found involves exposing my IP, which defeats the purpose of using a cloudflare tunnel. There may be a way around it, but I frankly can’t be bothered.


Somehow 4chan admins have largely escaped legal consequences for this stuff, and I don’t think it’s just because of sec230.
Not a fan of 4chan, but I do note both their and the pirate bay’s operation scheme.
I mean, in most cases this isn’t criminal law (in the US at least), so it means you have to attract enough attention of a corporation since they’re usually the only ones who can afford the legal costs to file the DMCA requests and responses for copyright violation. And with many other civil issues, often corporations with the money for it, don’t have standing to sue, and if they did, would be required to sue each individual in the appropriate jurisdiction.
With the removal of Section 230, these costs will go down significantly as a single user’s violation could be enough to bankrupt or shut down an entire site of violating content or, if serious criminal violations like child porn, put the person who hosts the site in prison who, will be much easier to identify and sue in a single jurisdiction or arrest than a random internet user.