zlacker

[parent] [thread] 4 comments
1. dwd+(OP)[view] [source] 2026-01-11 23:32:39
Been self-hosting for last 20 years and I would have to say LLMs were good for generating suggestions when debugging an issue I hadn't seen before, or for one I had seen before but was looking for a quicker fix. I've used it to generate bash scripts, firewall regex.

On self-hosting: be aware that it is a warzone out there. Your IP address will be probed constantly for vulnerabilities, and even those will need to dealt with as most automated probes don't throttle and can impact your server. That's probably my biggest issue along with email deliverability.

replies(3): >>MrDarc+W >>Schema+Fc >>Farada+nD
2. MrDarc+W[view] [source] 2026-01-11 23:38:44
>>dwd+(OP)
The best solution I’ve found for probes is to put all eggs into the basket listening on 443.

Haproxy with SNI routing was simple and worked well for many years for me.

Istio installed on a single node Talos VM currently works very well for me.

Both have sophisticated circuit breaking and ddos protection.

For users I put admin interfaces behind wireguard and block TCP by source ip at the 443 listener.

I expose one or two things to the public behind an oauth2-proxy for authnz.

Edit: This has been set and forget since the start of the pandemic on a fiber IPv4 address.

replies(1): >>aarona+m1
◧◩
3. aarona+m1[view] [source] [discussion] 2026-01-11 23:41:33
>>MrDarc+W
And use a wildcard cert so that all your services don't get proved due to cert transparency logs.
4. Schema+Fc[view] [source] 2026-01-12 01:09:48
>>dwd+(OP)
These days I just wouldn't put my homeserver exposed to the internet only. LAN only with a VPN. Does mean you can't share links and such with other people, but your server is now very secure and most of the stuff you do on it doesn't need public access anyway.
5. Farada+nD[view] [source] 2026-01-12 04:30:29
>>dwd+(OP)
~10 years ago I remember how shocked I was the first time I saw how many people were trying to probe my IP on my home router, from random places all over the globe.

Years later I still had the same router. Somewhere a long the line, I fired the right neurons and asked myself, "When was the last time $MANUFACTURER published an update for this? It's been awhile..."

In the context of just starting to learn about the fundamentals of security principles and owning your own data (ty hackernews friends!), that was a major catalyst for me. It kicked me into a self-hosting trajectory. LLMs have saved me a lot of extra bumps and bruises and barked shins in this area. They helped me go in the right direction fast enough.

Point is, parent comment is right. Be safe out there. Don't let your server be absorbed into the zombie army.

[go to top]