Aaah that’s good to know. I’ve seen HAproxy mentioned before and this was the first time I looked at it.

I am happy I went with Caddy because networking is not my strength and Caddy is quite simple in comparison to other reverse proxies. Nginx config files will forever look like scribbles to me.

I don’t know about the limitations of using an uncommom port though because my needs are quite small and obscure by design. I do wonder if other people could benefit from using wildcard certs + uncommon ports. Watching bots/scrapers drop to zero attempts and stay zero has been really satisfying and I haven’t had the desire to use outside services like Anubis or Cloudflare.

I know someone out there with itchy fingers is ready to warn that obscurity isn’t security and I wouldn’t deny that. However, I do believe obscurity layered with security is valid as long as security takes the main focus.

For the past year I’ve been learning to self host minimally on a used Raspberry Pi 5. I do have a Pi 4 as well but that’s dedicated to HomeAssistant for the small handful of lights and switches it controls.

Both Pi’s run Alpine Linux with Podman containers. For my Pi 5 server it runs Caddy as my reverse proxy/SSL cert handler plus another contained for Kiwix. It’s super simple. Caddy also has a basic file server for me to host my git repositories as well as hosting my static site.

The static site is based off a script I found called BashWrite but it hasn’t been updated in a year so I decided to add some of my own changes to it here. I also fixed up some of the English grammar since the original creater wasn’t an English native speaker.

I’m still focusing on the background stuff but I’ve put a lot of effort into security and hardening. I’ve written all the maintenance (backup, keep-alive, updating) myself using POSIX portable scripts which can all be found on my codeberg page. It’s been a long process but I’m nearly there. I just have to switch from iptables to nftables and add secrets to my Caddyfile configuration to hide important keys that are currently sitting as plain text. After that I can focus on my blog/static site.

Since I’m not doing this for a business, I’ve decided to use a wildcard domain for my SSL cert plus an uncommon port as a low effort way to hide myself from bots/scraper. Also I set up Wireguard infront of my SSH connection to also hide from bots. My log activity only shows my own activity which is comforting to know, especially since I’ve seen just how active bots and scrapers are in comparison to a year ago when I was just getting started and beginning to learn things.

It’s really cool to see another minimal project like this and I think it’s refreshing to see. A lot of the times I see people with dozens on intensive services running and I feel a bit out of place with my scaled down self hosted project.

My only question about your setup is about HAproxy. How important is a load balancer for your site? I don’t think I will need one for myself since the traffic will mostly be for myself and a few people I know personally but I am still curious about how it works and how effective it is for your setup.

How frustrating, last time I tried to learn nftables, I gave up because the documentation was just not as good or as widespread as iptables.

I hated dealing with iptables already so my brain definitely doesn’t want to spend the energy learning something else that’s similar to iptables.

I was so close to having a nice stable, self maintaining home server that I didn’t have to think about on a technical level before this announcement :(

This was a number of months ago so I doubt it would be remembered anywhere at this point. After that, a number of posts I commented in were also removed as well. It was very confusing because everything seemed appropriate for the community. I do look forward to seeing how this community grows/changes now.

I’ve taken a very minimalist approach to self-hosting but I’ve given extra attention towards security. I feel like security doesn’t get talked about as much as it could be. It’s especially important these days with bots roaming around everywhere.

I also use some unconventional methods that I’d like to share (layering security with obscurity with a focus on security first). It’s not a one size fits all solution but I can stay private while exposing my server with minimal tools. It works for me though and my logs haven’t shown any outside activity besides my own.

I stopped posting and commenting on this community because things kept getting deleted even though it was all very clearly about self-hosting. It was very disappointing because I spent a lot of time on my contributions. One post I made a while ago was about self-hosting security and had tons of activity only for all that information to be removed over rule 3. Very confusing and disappointing.

I’m interested in seeing how the vibe around here changes going forward. Maybe I’ll be less cautious about participating.