I’m ready to completely jump in to using decentralized, federated platforms, however most people I know aren’t fully there. It strikes me that this moment in time, where a lot of people are newly actively aware and frustrated by Meta and Twitter’s actions, is ideal to get people to switch over to new platforms.
To encourage people in my community to join platforms on the Fediverse, I want to host instances of various platforms (probably Mastodon and Pixelfed to start with). Having a specific instance on these platforms to point people towards would probably help a lot of the folks I know get on board.
However, I’m scared I’m not knowledgeable enough to admin these public instances for others. I know some basic networking, I self-host a bunch of stuff with Docker on an old laptop, and I definitely am smart enough to figure out how to start up instances of these platforms. However, I’m mostly concerned with whether I’d be able to properly maintain and secure these instances. I wouldn’t want people to be soured on decentralized social media just because I don’t know what I’m doing.
Any thoughts, words of encouragement, tips, warnings, etc. are welcomed!
That okay.
If you want to host just for yourself that’s okay. Just be careful about cybersecurity. You don’t want that box to become an easy entry point for hackers.
Having self hosted before the age of the cloud, on my own personal PC, I highly recommend to have a seperate box on a DMZ part of your router and only open the required ports. And use a super stable distro like Debian stable. You don’t want the bleeding edge on there as there could be bugs and vulnerabilities that haven’t been patched yet.
If you need to access it remotely, use SSH and disable root login and only allow logging in using SSH keys. Disable password login. And update often and back-up often!
Finally, keep all eye on the issues of the GitHub pages for your fediverse app so you can be aware of any important updates and patched or vulnerabilities. Shut down your service if there’s an important vulnerability that’s not fixed yet.