• 12 Posts
  • 140 Comments
Joined 1 year ago
cake
Cake day: June 10th, 2023

help-circle





  • This sort of question made me originally think I was on c/selfhosted.

    What I would do if I was you would setup lemmy, authentik, nginx proxy manager, and a cloudflare website with cloudflare proxy turned on. On cloudflare you make an A record or a CNAME pointing it at your IP. You need to open ports on your router aimed at NPM. My setup then routes ALL traffic inside NPM to authentik. Authentik can provide many forms of authentication. My current setup requires a username, password, and OTP. Then Authentik will route your successful login to your lemmy. I use this setup for private services.

    I have not hosted my own lemmy. If it has to be fully public to federate successfully, I would get rid of authentik. That’s NPM directly to lemmy. You can add extra security by adding 2auth login. On cloudflare you can also region block all visitors from countries you don’t expect traffic. Lemmy appears to be mostly western so any Eastern country that randomly has a high amount of traffic you could block.

    You can additionally use fail2ban to read through your NPM and docker logs then link to cloudflare API to ban any IP that tries to login to your lemmy instance and fails.

    Selfhosting is really exciting, and a fun and rewarding learning process. I am more happy to help you with any questions as I have done all of this except the lemmy part.

    Is your old laptop running a specific OS? Can you change it to linux? That would help with efficiency and giving it more life :) I prefer Ubuntu or Fedora. You can just install the server part so you won’t have a GUI. All you need to do is install a linux server, get it running, install docker, via command line install portainer to manage docker. Then you can visit the portainer website at your laptop’s ip and portainers port number and manage all of your docker images easily via web.