this post was submitted on 13 Aug 2025
69 points (100.0% liked)

Selfhosted

60707 readers
269 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Edit: thanks for all your help and replies, this is a such a great community!

I would like to host a public service for some family, probably Peertube so we can share some videos. Invite only.

There's no way I'm going to get everyone onto a VPN, it's a non-starter though I would prefer it.

I am thinking to use a VPS with anubis and either crowdsec or fail2ban (or both?!) in front of Peertube. Will apply as much hardening as I can muster behind that: things in containers, systemd hardening, SELinux/Apparmor enabled/tuned, separate users for services, the usual. All ports shut except 80/443, firewall up.

Despite all this I expect it will get scanned and attacked as it will have to expose ports 80/443 to the world so for family it will just work.

Is there anything else I should consider for security? Is Peertube the weakest link in the chain? (a little concerned their min password length is 6 it seems and no 2fa). So long as I keep whole thing up-to-date is it as secure as anybody can manage these days (without resorting to VPN)?

Is it all too much hassle and I should look for a company that offers hosted Peertube so they can worry about it?

Thanks for any and all advice.

you are viewing a single comment's thread
view the rest of the comments
[–] gkaklas@lemmy.zip 3 points 11 months ago (1 children)
[–] gkaklas@lemmy.zip 3 points 11 months ago (2 children)

Oh also a friend of mine is developing this, that uses passwordless magic links or passkeys https://github.com/dzervas/magicentry I haven't looked much into it though!

[–] dogs0n@sh.itjust.works 3 points 11 months ago* (last edited 11 months ago) (1 children)

Email magic links are cool (personally hate when a website only allows this login because I don't have my email available on every device, but that is unrelated sorta).

I probably wouldn't go with a relatively new project that isn't guaranteed to stick around long-term (big hassle to swap provider).

authelia and authentik both have a lot of eyes looking over the code so I'd also feel more confident going with them, even if I can't get passwordless email login (don't think they support it but not certain).

[–] gkaklas@lemmy.zip 2 points 11 months ago

I probably wouldn't go with a relatively new project that isn't guaranteed to stick around long-term

Oh of course, I just shared it because I don't think I've seen anything similar and simple, just in case anyone wants to check it out and experiment etc

[–] IanTwenty@lemmy.world 2 points 11 months ago

Hey thanks for these links I will check them out! Magic links would be great actually as then I am not relying on them to set decent passwords or giving them burden of TOTP/etc which some may not have used before.