41
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 14 Jul 2023
41 points (100.0% liked)
Selfhosted
39700 readers
658 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
I'm sorry for the non-answsers in advance but here goes:
If you won't have easy access, consider server motherboards with KVM over IP capabilities. They really can get you far.
IP is generally Managed DHCP but I have seen DCs that just tell you your IP and good luck and it's on the honor system. Some of them even let you publish your own BGP blocks.
Basically best practices boil down to:
Data centers are businesses and as a costumer they should be answering your questions about their operating policies. If they aren't consider a different DC.
Don't be a dick to them, and don't be a dick to your network neighbors.
You're no longer behind a home router with a firewall that has sensible rules, so it is now up to you to avoid getting pwned and footing the power bill. It is also up to you to avoid spamming out stray traffic.
This is good info! I'll follow up with the provider. Unfortunately even though I live in a large city, of the two dozen or so places I contacted only two of them would consider less than a half rack.
I had not considered this. My plan was to initially just swap the consumer grade stuff I have over to the 826 since it supports ATX, but now I'll reconsider. Remote KVM has come in handy a few times with my dedicated servers over the years, so lacking that would suck pretty bad. I don't know that I won't have access, but several of the other providers stated on their websites that shared cabinets won't have physical access (which I honestly would prefer since I'll have several thousand dollars in hardware sitting in there).
Great point and I totally agree! Just didn't want to walk in like a complete noob asking a bunch of dumb questions if I could prevent it.
Thankfully I've got quite a bit of experience hardening servers exposed directly to the internet. *knocks on wood* So far I've managed to not get pwned by turning on automatic security updates, keeping open ports limited to ssh with password/root login disabled and reverse proxying everything. If I need access to something that doesn't need to be exposed I just port forward through ssh.