cross-posted from: https://compuverse.uk/post/5020

Preamble- I’m new to the fediverse, and I want some help. I’m trying to regain some of my privacy and data sovereignty, and I have recently gotten into self-hosting. I haven’t been on social media for over a decade, except for Reddit, and that was mostly as a passive lurker. I just started getting more active on there this past year, and now they’ve turned me away with their shenanigans. I’m trying to get into federated communications to still have access to useful information while protecting my identity and data.

Goals- I’m thinking that I want to set up my own Lemmy instance, as well as my own xmpp server (like prosody), and switch over to jmp.chat. I also have my own domain.

Concerns- I want to spin up my own services so that I own my data and have greater control over my connections, and possibly have a hub that friends and family can use. However, I also don’t want to expose my domain (Why not? I don’t know. I’m completely new at this and until I learn more, I’m playing it cautious)

Questions- So, if I spin up my own Lemmy instance, doesn’t that expose my domain,since my username will be username@my-domain.com? Is this the same for an xmpp server? One main reason to spin up my own xmpp server is to own my account for xmpp communications. However, can I tie that to my jmp.chat account, or would they need to be separate.

I kind of feel like a boat without an oar at the moment, and I’m not even sure if I’m asking sensical questions, but hopefully there’s enough light in my ramblings to give you all a sense of my goals. Any help would be appreciated.

  • paperemail@links.rocksEnglish
    2·
    1 year ago

    I want to spin up my own services so that I own my data and have greater control over my connections, and possibly have a hub that friends and family can use.

    That’s a noble goal; but you’ll have to think about what kind of adversaries you want to protect yourself (and your users) from.

    E.g. if you don’t want to link your lemmy account to your government name you of course won’t use your real name, but you’ll also need to anonymize the WHOIS data of the domain, since that’s public information.
    Not all domain registrars allow this.

    And depending on how far you want to take this, you might also want to buy the server anonymously.

    All of that doesn’t even touch the security of the actual server, lol. Some pointers for that:

    SSH

    • use keys for to login, not passwords
    • use a different port than 22 (it’s not more secure, but will reduce noise in the logs)
    • install fail2ban (temporary blocks ips after a few failed attempts)
    • make SSH only reachable from your home IP with a firewall

    HTTP/S:

    • use a caddy or nginx proxy in front of anything that talks http.
    • use letsencrypt certificates (and check renewal is working)
    • use proper SSL settings: https://ssl-config.mozilla.org/

    VPS hosting:

    • setup 2FA for your login

    Monitoring: You can get very detailed, but try to cover at least the following:

    • uptime (request your lemmy homepage)
    • disk usage over 80%
    • SSL certificate expiration
    • Ceedling@compuverse.ukOPEnglish
      1·
      1 year ago

      Yeah, I have done research on all of that before, but so far, I’ve just stuck with tailscale as a safe way to traffic my data. I’m going to have to do more research on each of these items again and figure them out. Any good resources you know of?