23
submitted 1 year ago* (last edited 1 year ago) by Kalcifer@lemmy.world to c/selfhosted@lemmy.world

Do you need a domain name if you are hosting a Lemmy instance, or will it work fine with just an ip-address + port (e.g. <username>@<ip-address>:<port>)?

top 24 comments
sorted by: hot top controversial new old
[-] Max_P@lemmy.max-p.me 27 points 1 year ago

It requires an HTTPS connection, and certificates can only be obtained for domain names. So yes, pretty much.

Also consider than IPs can change, even if you're using a hosting provider. Domain names makes changing the IP much easier.

Domain names can be obtained for as cheap as $3/year for the xyz TLD. If you can't pay for anything, there's also free services that can let you get a subdomain, like noip.com, afraid.org, azote.org.

[-] andrew@lemmy.stuart.fun 5 points 1 year ago

The reason being that federation means other instances send you things. It's not pull-only, or else you could likely get away with private instances sitting behind NAT. But since activitypub involves publishing to inboxes from source to destination, they need some way to reach you. And since we want to validate that connection and that some external authority can vouch for ita ownership, we use TLS Certs with the DNS hostname that matches your server name.

[-] master@lem.serkozh.me 3 points 1 year ago

certificates can only be obtained for domain names

That is not true, nothing prevents it on the technical side, and even some trusted CAs sell them under certain conditions

[-] dustojnikhummer@lemmy.world 1 points 1 year ago

I mean nothing prevents you from using a self signed certificate

[-] bezerker03@lemmy.bezzie.world 10 points 1 year ago

Is imagine the rest of the fediverse will refuse to connect tho.

[-] dustojnikhummer@lemmy.world 1 points 1 year ago

But wouldn't that be the certificate of the other instance, not your local one?

[-] bezerker03@lemmy.bezzie.world 2 points 1 year ago

As others mentioned other things need to connect to your instance so valid ssl matters

[-] leopardboy@netmonkey.tech 1 points 1 year ago

Since AP servers both accept incoming connections and make outgoing connections, both sides need valid certificates to do HTTPS.

[-] dustojnikhummer@lemmy.world 2 points 1 year ago

Alright, wasn't aware it needed to be both sides

[-] leopardboy@netmonkey.tech 2 points 1 year ago

Good luck getting the server connecting to you to trust it!

[-] idle@158436977.xyz 1 points 1 year ago

Also if you dont mind numbers .xyz domains can be like $1 a year. It has to be only numbers and i think at least 9 digits.

[-] happy_saw@lemmy.world 2 points 1 year ago

Sorry but do you mean that .xyz domains only allow for a numbers only domain name? Because I don't think that's true.

[-] idle@158436977.xyz 4 points 1 year ago

No i mean if you want a super cheap .xyz domain, its very cheap if you choose a domain that is digits only. For example my lemmy domain is 158436977.xyz. its 89 cents a year.

You can certainly have xyz domains that are words just like any other.

[-] happy_saw@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

Oh, that is actually a good idea if a cheap domain is wanted.

[-] original_ish_name@latte.isnot.coffee 1 points 1 year ago* (last edited 1 year ago)

What name registrar would you recommend?

EDIT: found one for 0.85 dollars on namecheap

EDIT EDIT: for some reason its labeled as a "premium domain" :P

[-] idle@158436977.xyz 1 points 1 year ago

Namecheap is what I use ya. They are also really great if you have some internal services and want just a cheap domain to get SSL certs from LetEncrypt. All my internal traffic is SSL now because why not, its 85 cents a year. And no dealing with self-signed certs.

[-] bmck@lemmy.bmck.au 4 points 1 year ago

I haven't dug into the protocol, but I'd imagine communication would be done over HTTPS, which requires a domain.

[-] fuser@quex.cc 3 points 1 year ago* (last edited 1 year ago)

it requires a name that can be addressed as https://sub.domain.name - otherwise it won't allow https inbound.

[-] godless@latte.isnot.coffee 4 points 1 year ago

SSL certificates for IP addresses are possible; but they require you to outright own the IP(-range). Some large organizations do. So for individuals it's rather unheard of, but it's technically achievable.

https://sectigostore.com/page/ssl-certificate-for-ip-address/

[-] fuser@quex.cc 4 points 1 year ago

Well, I just learned something, but what does "control" the IP mean? If they are only validating a single address via http then presumably you could just use an Amazon elastic IP as long as it resolves. I doubt that letsencrypt will support that but I would be interested to know. If they do then yeah, you could presumably set up the instance using the IP as the name, but I don't know why you would want to. Apart from the fact that it would be hard to remember, could change at some point, screwing things up, it might work. I suggest OP do the necessary and report back accordingly.

[-] godless@latte.isnot.coffee 6 points 1 year ago

but what does “control” the IP mean

I believe that means you must be registered as the owner with the RIPE or whichever authority is in charge of administrating IP ranges, so that would also negate the point of chaining IP addresses, since that would indeed be a permanent fixture.

For AWS it should then only work if Amazon Inc. is the applicant for the SSL cert., not merely a user. So it's a quite theoretical application at best.

[-] fuser@quex.cc 1 points 1 year ago

yes, there had to be catch, although the guy in this letsencrypt support thread is a senior Letsencrypt engineer and he seems to be saying it is possible - although letsencrypt doesn't support it. I do think you'd have to show a bit more to the issuer to prove ownership than an http acme challenge though.

[-] master@lem.serkozh.me 4 points 1 year ago

It doesn't make a lot of sense for LetsEncrypt to spend time adding support for such certs, since both a domain name and a cert from another CA are cheaper than buying an IPv4 block

[-] leopardboy@netmonkey.tech 3 points 1 year ago

I can't imagine it'd work without a domain, as your instance will need to talk HTTPS with other instances.

load more comments
view more: next ›
this post was submitted on 11 Jul 2023
23 points (96.0% liked)

Selfhosted

39700 readers
301 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS