• 0 Posts
  • 1 Comment
Joined 1 year ago
cake
Cake day: October 26th, 2023

help-circle
  • I think this is going to be a super unpopular opinion here, but you don’t necessarily have to go with what “everybody else” is using just because they’re the big shiny pennies that everybody else is using. Years ago, “everyone” was using Windows and Internet Explorer. Does that mean that nothing else was worth running?

    As to VPN, Docker, Cloudflare, Traefik, Crowdsec, Authentik… this definitely isn’t a “don’t use those things” post. If you want to learn Cloudflare, and want to use Cloudflare, then by all means, do so. This isn’t an anti-Docker, anti-Cloudflare, or anti-anything post.

    But that being said, I started self-hosting with a Dell laptop running XAMPP with a single, tiny, intranet web portal on port 80. It was a couple of clicks to get a functioning LAMP stack, despite me being a complete noob. It was incredibly insecure, and not the best, newest, fanciest choice to host my little website. But it allowed me to learn incrementally, and quickly, rather than feeling like I was thrown into the deep end way over my head with – as an example – Docker and virtualization.

    • I got sick of XAMPP pretty fast, and learned how to host my own database and Apache instances on bare metal outside of XAMPP
    • then I learned how to buy and set up an actual domain name
    • then I learned how to install SSL certificates for my domain
    • then I learned about hardening Apache, and things like honeypots and fail2ban
    • later, I acquired several more small servers with their own services, all behind the same router, and I learned about subdomains, virtual hosts, and proxies
    • even later, with all of that foundation, I learned about moving individual services into Docker. I only had to learn Docker. I already knew the rest of what I needed.
    • etc.

    I wanted to self-host my own intranet-only DNS server, but I found BIND to be overwhelmingly daunting at the time, with poor information for how to actually set it all up and get it working. So I found dnsmasq and installed that instead. The configuration was incredibly simple, and it worked almost out-of-the-box. Am I going to have pretentious snobs telling me how much dnsmasq sucks and how I’m stuck in the 90s if I still use it? Probably. Does it serve my own, personal, use case for the features I needed? Yes, it’s been great and simple to maintain for years.

    My “dynamic DNS service” is a bash script running from a cron job, accessing a webhook that my domain registrar offers, to update my DNS records automatically. Surely, there is some great piece of software with a catchy name and a GUI dashboard that I could be using for this purpose. But I don’t feel that I have to. My laughably basic bash script has worked without touching it for about 10 years now.

    For my VPN, for a long time, I had a PPTP daemon running on my server. That, too, had been very easy to set up for a young sysadmin who knew nothing about anything. It wasn’t the most secure, I used it long past when PPTP fell out of favor, but it worked at the time, and there was ample documentation that was easy to follow to set it up.

    I’ve moved on from most of the things I started out with when I was learning the basics, but all of that to say: Sometimes, it’s okay for something to be “good enough”. It’s okay if your server isn’t PCI-DSS-level secure and protected from absolutely everything. It’s okay to do the best you can, get your setup working… and then don’t stop there. Continue learning how to make it better, more secure, more reliable, more scaleable. But just because the popular kids are going to insist that you should never consider anything less than Nginx in a Docker container, managed by Portainer, behind Wireguard, behind Cloudflare… that setup can be your end goal, but you don’t have to start there and learn everything all at once.