[ale] Hosting wordpress at home
DJPfulio at jdpfu.com
DJPfulio at jdpfu.com
Tue Dec 5 17:55:53 EST 2023
On 12/5/23 17:31, Boris Borisov via Ale wrote:
> Friend of mine wants to move hosting at home. What would you use to
> make it happend. Hardware and software. Suggestions appreciated.
> Dedicated hardware will be used.
The LAN needs to be segmented inside his home. He'll probably want 3 different segments, each with a LAN firewall between them to prevent nasty traffic across them.
* Internet Services
* Secured, Wired, Computers and storage
* Wifi (never trust wifi) and IoT devices
Get a VPS, on the VPS setup a wireguard VPN to connect the LAN computer(s) to the internet. Use htproxy to forward https traffic down the tunnel to whatever services he wants to host at home. I use a $4/month VPS.
The wireguard VPN will be initiated from inside your LAN, so, in theory, no ports will need to be opened.
There are how-to guides for the hosting+wireguard+htproxy setup. https://theorangeone.net/posts/wireguard-haproxy-gateway/ is one.
I looked at using nebula for a similar need before going with the above solution. Nebula doesn't like my router, which blocks the connections. People with normal consumer routers probably wouldn't have the same issues.
There are serious security issues with hosting things at home. Having different LAN segments is a mitigation technique for the inevitable bonehead mistakes that **will** happen. Don't trust just 1 method of isolation. Always have two or three so when a human does something bonehead while in a hurry, the entire LAN isn't trivially hacked.
As for Wordpress - for a number of reasons, this is one of the least secure content tools. It becomes less and less secure as more addons get introduced. I'd strongly recommend anyone looking to share content with the world to look at static pages instead. I used to have my blog as static pages, then moved it to a dynamic webapp. That was a mistake for very little goodness in return. I've looked at migrating off the different webapps for about the last 10 yrs, but it has been too hard to get it perfect. I do have a static version that could be spun up, but it looks a little odd and funky because it is just a wget version of the dynamic site. Really wish I'd have retained my static site generation.
Anyway, that's off the top of my head.
More information about the Ale
mailing list