Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Yes, as safe as SSH can be. Why not use https with cloudfare tunnels? For SSH, depends on security config and ofuscation measures... Like disabling root login, use encryption keys instead of plain password, pick a "hidden" port number, and so on. There were many posts here and all over the web about this. I would add either crowdsec or fail2ban to the mix.. That's prettt much all that there is.
I am still very much a noob to self-hosting, but I am not the one managing this ssh port, forgero is. Is there not any difference between the two? I think you can only access the forgejo ssh if you have a matching private key for one of the user's public keys...
(And although it surprised me too, I couldn't find information about the safety of specifically this online)
Git works fine over https though, no need to increase the attack surface by enabling SSH access in Forgejo.
That's also a possibility, yes. Probably what I should do, taking the rest of the answers into account
There's a lot of wrong advice about this subject on this post. Forgejo, and any other Git forge server, have a completely different security model than regular SSH. All authenticated users run with the same PID and are restricted to accessing Git commands. It uses the secure shell protocol but it is not a shell. The threat model is different. Anybody can sign up for a GitHub or Codeberg account and they will be granted SSH access, but that access only allows them to push and pull Git data according to their account permissions.