Gone are the days of self-hosting your website on your server at home without extra security being implemented.
Below is a guide for self-hosting your website and suggested safe-guards that should be considered or implemented with your move to a self-hosted website.
The reasons for moving to self-hosting can vary but range from hosting for data security; you own your data. To, moving to self-hosting because it is more viable and cost-effective. Whatever the reason, if you’re considering self-hosting I urge you to consider the following.
- Ensure you have an adequate router with features that track external and outgoing packets. A good starting point would be a Ubiquiti Edgerouter Lite 3 – By having some sort of logging of incoming and outgoing packets into your network it will make it easier for you to determine the source of an attack should symptoms be experienced like slow browsing.
- Include a Firewall if the budget allows – PFSense.
- Hide your Website’s Public IP by using CloudFlare DNS.
- Having a website hosted on a home-server can open up the possibility of cyber-attacks being in the form of DDOS and brute force attacks. For instance, once you enable your website. Cloudflare gets past this by acting as a proxy to your website.
- Setup non-generic domains to access the realip of your server. Instead of FTP.domain.com setup a domain like deadpool.domain.com or better still use your IP Address.
- Having a website hosted on a home-server can open up the possibility of cyber-attacks being in the form of DDOS and brute force attacks. For instance, once you enable your website. Cloudflare gets past this by acting as a proxy to your website.
- Consider if you have enough bandwidth – Do this by looking at your website’s current stats and the amount of content and pages being consumed. This will be easy if you have a service like Google Analytics or a web statistics application like Webalizer or AWStats. Consider the bandwidth and daily usage and determine if you have enough with you ISP provided internet connection.
- In Australia – Most ISPs provide either a 25/5Mbps plan or 50/25Mbps plan – If you have a 50/25Mbps plan your bandwidth would be adequate for about 20-40 users at a time. Which is enough for most small websites.
- Do take into considerations that you may receive significantly less bandwidth at peak times unless your ISP provides you a guaranteed speed.
- Implement an Onsite and Offsite backup solution from day one – When it comes to hosting your own website within your home environment – things can happen. Like your house could be broken into and that old desktop you thought no-one would steal has been taken by the neighbourhood criminal.
- Have an onsite backup direct to disk or some Network Attached Storage device – In a different location if possible.
- Setup notifications of backup tasks so failures can be monitored.
- Backup the configurations on your server – Whether you are using a Raspberry Pi, a Linux Desktop, or your NAS! Backup your configurations and settings so should you need them at a later date you have them.
- Consider keeping your mail in the cloud – Hosting an SMTP, IMAP, POP server can be fun to do. But, if your SMTP server is hacked, your IP can be blacklisted with providers in a number of hours. Keeping your mail in the cloud can easily be done through services like Zoho that provide email hosting at a cost of $15 a year for multiple domains!
- Move your domain/s to a single trusted domain registrar -Don’t use Joe’s Hosting etc. Moving to a single domain register will provide for improved manageability – as it is easy to see all domains that you have and their expiry.
- Expect Downtime – Unless you have a fortune to spend on your home server setup – You need to accept a possible 2-24hr downtime at some point – Maybe multiple times a year. This could happen because your ISP has made a bad configuration on a fibre backbone switch, or there’s been a car accident in your neighbourhood that requires power to be cut until works can be completed. The bottom-line is this is to be expected.
- How do you monitor downtime? Use a service like UpTimeRobot that can send you email alerts if anything goes down.