| ▲ | superkuh 20 hours ago |
| It's good advice, but one need not even include the "upload it to a web server" these days now that home connections are so fast. Install some static webserver on your desktop computer (nginx, caddy, whatever), forward the port 80 at your router to it's lanip:80, and just save .html and files to the web directory using your normal desktop interface. It doesn't matter if you shut off the computer sometimes. Uptime doesn't matter. Optionally file transfer (rsync, etc) this local copy to a VPS or something like the author suggests. Indieweb receiving of webmention only requires the ability to log HTTP POSTs to some url endpoint. Or you can use one of third party services servers to receive that interact with your website via with 3rd party javascript applications you include on your webpage. Sending webmention can be done with cURL, even HTML forms, or again, 3rd party JS includes. |
|
| ▲ | bayindirh 19 hours ago | parent | next [-] |
| However, it'll also bring all the bots and "wild west" of the internet to your house when you run your web server from home, and for anyone who has a couple of spare dollars, it's a much wiser choice to run a small VPS elsewhere to weather the storm. |
| |
| ▲ | bblb 15 hours ago | parent | next [-] | | [Internet facing router with up to date firmware] --> HTTPS --> [separate VLAN DMZ] --> [my hardcore IndieWeb VM/k8s/bare-metal whatever] --> [x No outbound access / paranoid local firewall inside the VM x] [My home computer] --> SSH --> [my hardcore IndieWeb local cloud] That's about it. Safe enough. | |
| ▲ | neogodless 19 hours ago | parent | prev [-] | | shrug In 25 years of hosting a dozen domain names on a server on my home connection, this problem has not surfaced for me. | | |
| ▲ | bayindirh 19 hours ago | parent | next [-] | | In 20 years of managing server fleets, I always had the pleasure of watching bots taking a dig at my server(s) the moment I give their public IPs and enable their interfaces. For someone who knows what they are doing, it's more like mosquito noise, a mere nuisance, but even then, using a rock solid system with all updates installed carries the risk of having a zero-day. If your server is networked to the rest of the house, and if somebody manages to get in, then it's all fun(!). | |
| ▲ | wolvoleo 18 hours ago | parent | prev | next [-] | | One time has to be the first and when you get hacked they're instantly inside your network unless you were smart enough to set up a DMZ or something. Especially if you host something like wordpress with plugins you really have to be on the ball with updates. | | |
| ▲ | superkuh 15 hours ago | parent [-] | | For 20 years this was not really an issue. From 2010 to 2020 there wasn't a single nginx cve that applied to my simple static setup. There were literally only a handful of remote CVE at all. With the advent of LLM AI exploit finding there have been 2 CVE this year that I had to look in to. Neither actually applied to me, but it is a different world out there. That said, the practice of running a modern corporate web browser that auto-executes all programs sent to it from arbitrary unknown third parties is a way, way, way bigger and more common and likely attack surface than a simple static webserver serving files in directories. | | |
| ▲ | wolvoleo 15 hours ago | parent [-] | | Ok fair enough yes a static site is really low risk. Usually it's more involved than that though. |
|
| |
| ▲ | zikduruqe 17 hours ago | parent | prev [-] | | Yep, same here. fail2ban and some http 444 helps out. |
|
|
|
| ▲ | Jabrov 19 hours ago | parent | prev [-] |
| You need a static IP address for this to work is the downside, and depending on where you live and who your provider it it can be difficult and/or expensive. |
| |
| ▲ | erikw 19 hours ago | parent | next [-] | | You can programmatically update DNS whenever your dynamic IP changes. One issue though is that some residential ISPs prohibit webhosting in their terms. | |
| ▲ | tancop 18 hours ago | parent | prev [-] | | you can go ipv6 only, any good isp will give you a static /56 for free. practically none of your users have ipv4 only devices when every major os has been dual stack by default for like 15 years. if your isp cant give you one its time to switch as soon as you can. | | |
| ▲ | wolvoleo 18 hours ago | parent | next [-] | | Ehh my ISP at home is still ipv4 only. The amount of ipv6 capable connections only just passed 50% worldwide a few months ago. I don't think ipv6 only is feasible yet unless your audience is exclusively in Asia where ipv6 uptake is much higher due to them running out of ipv4 years ago | |
| ▲ | charcircuit 17 hours ago | parent | prev [-] | | My ISP is only ipv4. It doesn't matter if an OS technically support ipv6 or not. | | |
| ▲ | inigyou 6 hours ago | parent [-] | | You can get a Hurricane Electric free static v6 tunnel. They have poor reputations and are blocked from streaming sites and so on. But when you're the server, that doesn't affect you. Note that you need a static v4 and DMZ because the tunnel protocol is a very simple one - presumably because they run it on giant routers. It just puts a v4 header in front of the v6 header. No TCP or UDP. | | |
| ▲ | charcircuit 14 minutes ago | parent [-] | | I may be able to, but the millions of others won't. The solution needs to work out of the box for consumers. |
|
|
|
|