this post was submitted on 07 Oct 2024
90 points (98.9% liked)

Asklemmy

43963 readers
1942 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

Let's say I decided that instead of blogging, I wanted to host my own Lemmy instance that contained a maximum of one (1) user– me, but allowing other users to subscribe.

To show what I'm talking about, look at how kaidomac uses Reddit as his own personal microblog, which people subscribe to.

What is the cheapest way to do this?

My mental model of Lemmy is that if I were to do this, the instance would still be caching information from other instances. This would– at least in my mine– add up in costs.

I'm a software engineer, so feel free to use technical jargon.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 month ago (1 children)

I never tried it personally but I assume you're pretty save.

Here’s how it works:

The Tunnel daemon creates an encrypted tunnel between your origin web server and Cloudflare’s nearest data center, all without opening any public inbound ports.

After locking down all origin server ports and protocols using your firewall, any requests on HTTP/S ports are dropped, including volumetric DDoS attacks. Data breach attempts — such as snooping of data in transit or brute force login attacks — are blocked entirely.

https://www.cloudflare.com/products/tunnel/

[–] [email protected] 1 points 1 month ago (1 children)

Does sound pretty reassuring assuming all that works for non http traffic too

[–] [email protected] 1 points 1 month ago

I just checked their FAQ. They have information about SSH, SMB, RDP, connecting private networks (VPN), etc. available. I did not dig deeper regarding specific ports, though.

You could always use a reverse proxy on your side just accepting port 443 connections (https) and forwarding to a specific docker container using a specific port without the outside world even knowing.