I’m almost ready with my lemmy instance server. Now what are some steps that are definitly worth doing after setup?

  • PenguinCoder
    link
    fedilink
    101 year ago

    Practice standard server security.

    • Disable all inbound ports in the firewall except for those you absolutely need (like port 80/TCP, port 443/TCP, sshport/TCP, DENY all other inbound)
    • Use the principle of least privilege. Don’t run your docker containers or web server as the root user. Make a new user, give it only the permissions needed in order to run the service definitely not sudo group. Set a strong password for those users, and disable remote/SSH logins for them
    • For SSH, use public key authentication, disable password login afterward
    • Instead of fail2ban, I like and would recommend Crowdsec. Needs some fiddling for Lemmy though, due to rate limits and federation