Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I’m so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
If you’re hosting static content it’s a lot easier. If you’ve only opened ports 80/443 and don’t have any kind of user input or scripting you’re (probably) fine. Most likely you’d get DOS’d before someone would hack you. Assuming you’re keeping your software up to date.
In general though limit what is exposed to the Internet. In this case don’t open any extra ports.
If you want to be more secure (likely overkill for most threat models), treat your webserver like it’s always infected. Don’t do anything else important on it, and keep it segmented from your other computers with firewall rules.
Realistically no one is going to bother to hack you unless you’re posting shit that makes people angry. You’re mostly going to get prodded by bots looking for known vulnerabilities in Apache or the like, and you can stay protected with frequent updates.
If you’re hosting something dynamic or with code like PHP or something with user accounts and the like, then it’s slightly more complicated.