Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I’m so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
No need to cargo-cult security practices here, chief. You’re not gonna get pwned by publishing your hardware specs. If you’re planning to build some kinda webapp for yourself, that’s a different story - but you have to fuck up hard to get hacked while hosting raw HTML.
Use an SSH key, disable password auth, make sure you’re firewalled (i.e. test with nmap), and call it a day.
Thanks for the input! I do eventually plan on making some scripts and a custom web interface to interact with/expose some local services on my network once I have the basics of HTML covered as part of a portfolio thing so would like to cover my ass early and not have problems later
The most important thing is to use your common sense, think about it an extra minute before punching holes in your fw, and keep those holes documented and to a minimum.