If you want to get the job (of publishing a blog) done fast, and move on, then use WP. If you want to mess around probably look at editorjs.io.

If you want to get the job (of publishing a blog) done fast, and move on, then use WP. If you want to mess around probably look at editorjs.io.

At least WP is free, Ghost is as “free” until you find out its only useful with the rest of the payed platform. editorjs.io is much better in that sense.

Yeah Microsoft for what’s worth does play ball, you can open complaints and they’ll actually read those and act fast. Google is a total pain to deal with, even if you’re on some type of google partnership they’ll not do much.

It’s also good to make notes on every configuration setting.

I do save my settings for the various programs in a git repository…

If it need documentation means things are over the line when comes to complexity and I should scale down / simplify. :)

Complexity and over-engineering are a serious problem, I really try to keep it as simple as possible so I don’t have to waste time managing it, dealing with updates and potential security issues. Simple code/infrastructure breaks less and has less potential insecure points.

Unless someone finds a way to advertise nodes that doesn’t depend on the entry point then yes. Consider this example: https://github.com/bitcoin/bitcoin/blob/1b2460bd5824170ab85757e35f81197199cce9d6/src/chainparams.cpp#L112 if someone takes down those domains it is game over for a new node until someone updates the code.

I get your point, those systems make it harder to take down things permanently but they aren’t as resilient and perfect as people paint them to be - an it has nothing to do with being pedantic, it is just the reality of things.

Here: https://lemmy.world/post/29490236/17012887

My point was: if you still need some central point of contact what’s the point in decentralized, you can still get fucked.

For instance the DHT systems you talk about, they’re good but still require some centralized points. In a bittorrent network with DHT a new client cannot join without either a tracker or the knowledge of at least one member of the network to exchange peers with. Bitcoin still has some hardcoded DNS seeds in the core client… etc.

bittorrent decentralization

True bittorrent decentralization never happened.

There’s no real / true decentralization. You’re always dependent on something, somewhere in some way. It can be harder to shut it down but there’s also a point of failure somewhere. Blockchain is all fun and games until you’ve to consider resource waste and that you still need DNS and IPs working.

Yes, you can use a Cloudflare tunnel but why? Since you’re into self-hosting why should you depend on some random company to tunnel your traffic when you most likely don’t need it? You also have all the potential tracking, spyware, risks and “being hostage” scenarios that may come with that choice.

The following assumes your use case is a simple home server for “standard arr apps, jellyfin, pi-hole” for personal usage that sits inside your network and your objetive is to be able to access those services. If you’re instead trying to host a game server / few services for friends (that doesn’t really need to be “inside” your home network) there’s a more complete comment with other security considerations and recommendations here.

Your basic requirements are:

• Some kind of domain / subdomain payed or free;
• Preferably Home ISP that has provides public IP addresses - no CGNAT BS;
• Ideally a static IP at home, but you can do just fine with a dynamic DNS service such as https://freedns.afraid.org/.

Quick setup guide and checklist:

1. Create your subdomain for the dynamic DNS service https://freedns.afraid.org/ and install the daemon on the server - will update your domain with your dynamic IP when it changes;
2. List what ports you need to access remote;
3. Setup Wireguard VPN on the server. There’s also this nice UI that can be used to do most of the setup and create client config files;
4. For the VPN use custom ports with 5 digits - something like 23901 (up to 65535) to make your service harder to find;
5. Configure your ISP router to assign a static local IP to the server and port forward the VPN port to the server IP;
6. Only expose absolutely required services (the VPN port in this case) to the Internet. Any service the server provides, SSH, configuration interfaces and whatnot can accessed through the WireGuard VPN;
7. In the server consider setting up nftables / iptables / another firewall 10 minute guide;
8. Configure nftables to only allow traffic coming from public IP addresses (IPs outside your home network IP / VPN range) to the Wireguard port - this will protect your server if by some mistake the router starts forwarding more traffic from the internet to the server than it should;
9. Configure nftables to restrict what countries are allowed to access your server. Most likely you only need to allow incoming connection from your country (https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching).

Since you’re only allowing access to your services through the VPN and you’ve heavily restricted access to the VPN port you’ll be safe. Just a side note, don’t be afraid to expose the Wireguard port because if someone tried to connect and they don’t authenticate with the right key the server will silently drop the packets.

Now if your ISP doesn’t provide you with a public IP / port forwarding abilities you may want to read this in order to find why you should avoid Cloudflare and how to setup and alternative / more private solution.