Let’s say I decided that instead of blogging, I wanted to host my own Lemmy instance that contained a maximum of one (1) user– me, but allowing other users to subscribe.

To show what I’m talking about, look at how kaidomac uses Reddit as his own personal microblog, which people subscribe to.

What is the cheapest way to do this?

My mental model of Lemmy is that if I were to do this, the instance would still be caching information from other instances. This would– at least in my mine– add up in costs.

I’m a software engineer, so feel free to use technical jargon.

  • flashgnash@lemm.ee
    link
    fedilink
    arrow-up
    9
    ·
    2 months ago

    The problem for me is I believe you need to open your network firewall for Lemmy and other federated services to work right?

    Not really a fan of opening up more attack surface on my home network

      • flashgnash@lemm.ee
        link
        fedilink
        arrow-up
        6
        ·
        2 months ago

        Is that not essentially the same issue as opening your firewall though? You’re still taking requests from outside your network into your network without any authentication until they actually hit the server

    • 𝘋𝘪𝘳𝘬
      link
      fedilink
      arrow-up
      5
      ·
      2 months ago

      The problem for me is I believe you need to open your network firewall for Lemmy and other federated services to work right?

      Yes, of course. Or search for an external reverse proxy. Cloudflare offers something like this. (You set a Cloudflare server IP as target for your domain and then tell Cloudflare your IP and all traffic is routed over the Cloudflare ecosystem so your actual IP is not publicly used.)

      I just opened port 443 and forwarded it to my Docker host and have NPM running there, handling all the forwarding to the individual containers, based on the request, but due to my day job I know what I’m doing :)

      • flashgnash@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        I would still always be worried it’d been silently bot netted or something if it’s accessible, even through cloudflare

        I guess cloudflare does a lot to stop attacks from bots though right?

        • 𝘋𝘪𝘳𝘬
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          I never tried it personally but I assume you’re pretty save.

          Here’s how it works:

          The Tunnel daemon creates an encrypted tunnel between your origin web server and Cloudflare’s nearest data center, all without opening any public inbound ports.

          After locking down all origin server ports and protocols using your firewall, any requests on HTTP/S ports are dropped, including volumetric DDoS attacks. Data breach attempts — such as snooping of data in transit or brute force login attacks — are blocked entirely.

          https://www.cloudflare.com/products/tunnel/

            • 𝘋𝘪𝘳𝘬
              link
              fedilink
              arrow-up
              1
              ·
              2 months ago

              I just checked their FAQ. They have information about SSH, SMB, RDP, connecting private networks (VPN), etc. available. I did not dig deeper regarding specific ports, though.

              You could always use a reverse proxy on your side just accepting port 443 connections (https) and forwarding to a specific docker container using a specific port without the outside world even knowing.