I mostly try to read the docs, but sadly good documentation is pretty rare.

I’m currently following this guide to setup caddy reverse proxy with coraza web app firewall.

But be warned, this whole rabbit hole of WAF isn’t trivial, some protections don’t work well with some apps (e.g. portainer triggers some rules about system command execution) and it needs some tuning. I personally set it up to learn more about WAFs because I believe it will help me in my career, but I would not blindly recommend it to everyone.

Approaches like crowdsec and fail2ban seem much more suitable for selfhosters – and keep your server software updated.

Great idea. Would be even better if we turned lemmy into an AI only social network. Thousands of bots will create content, vote and comment. And all this could be done without user interaction.

Finally, even the super niche communities will have hundreds of bot comment per day, and all human lemmy users will leave voluntarily (thus reducing the need for moderation).

I doubt using secret managers is popular among self hosters. These products are targeted at larger deployments, not homelabs.

I’ve installed coraza web app firewall with OWASP ruleset this weekend. I must admit that it wasn’t as easy as I expected it, but it now (mostly) works. I had to give up with nextcloud though.

It also doesn’t even make sense to buy up all the possible domains. It would just be a waste of money, and surely someone could come up with a domain name that you didn’t think of (fediverse-network.com).

Oh no, what a terrible way to spend the weekend :(

I think meaningful commenting only works in trees, for example the old mailing lists.

With classic linear forums, I quickly loose track of different discussions. Good luck finding replys to a comment on page #3 when the post has 300 comments.

I’ve got it running for a few weeks now. Seems very nice

Nice list of suggestions, but implementing all of them feels a little over-the-top.

I don’t really get the love for fail2ban. Sure, it helps keep your logs clean, but with a solid SSH setup (root disabled, SSH keys enforced), I’m not bothered by the login attempts.

I don’t think this is a very strong reason. Anyone can create a new lemmy server and use “your” username. But the post/comment history would be an easy proof who is the “real” user.

I’m missing the rpi1 in that list. Please fix ASAP.

It is probably wise to have the server admins speak the language of your community.

(And feddit.org works fine for me, it’s one of the instances with the highest uptime).

I’e seen that some want it to host their own LLM. It’s far cheaper to buy DDR5 memory than somehow getting 100+ GB of VRAM. Whether or not this is a good idea is another question

Yes of course, as almost any other website.

Toussaint (Witcher 3)

The DNS record must point to cloudflare, not the instance IP

It might be my personal preference, but i find conversations on mastodon hard to follow once there are more than a handful replies.

Lemmy (or reddit) keeps the flow of comments well ordered and perfectly readable.

The blog post contains an interesting tineline. Apparently, the first fix was not sufficient. So if you have updated Vaultwaren before November 18, update it again.

Copy of the timeline:

• End of October 2024: ERNW assesses Vaultwarden for the customer.
• November 08, 2024: ERNW discloses the vulnerabilities to the Vaultwarden team.
• November 10, 2024: Fix and release of Vaultwarden v1.32.4.
• November 11, 2024: ERNW retests the software and identifies that the fix is not sufficient.
• November 11, 2024: Public merge with fix and request for feedback by the Vaultwarden team.
• November 12, 2024: ERNW acknowledges that the fix is complete.
• November 18, 2024: Release of Vaultwarden v1.32.5.