this post was submitted on 05 Feb 2025
38 points (97.5% liked)

Selfhosted

41723 readers
551 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
38
Self host websites (lemmy.world)
submitted 17 hours ago by [email protected] to c/[email protected]
21 comments fedilink hide all child comments
 

Is it feasible to self host websites for small businesses? I'm trying to do some research on the amount of infrastructure and stuff you have to know from a security standpoint... I'm fine with building and hosting stuff locally for me but I'm tempted to move to hosting some of my business sites as well.

Does anyone have experience and can give me some advice one way or the other?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 11 hours ago* (last edited 11 hours ago)

I think the answer depends a lot on the use case of each business's website and what the business owner/employees expect from it.

Is the website a storefront? You'll be spending a lot of time maintaining integration with payment networks and ensuring that the transaction process is secure and can't be exploited to create fake invoices or spammed with fake orders. Also probably maintaining a database of customer orders with names, emails, physical addresses, credit card info, and payment and order fulfillment records... so now you have to worry about handling and storing PII, maybe PCI DSS compliance, and you'll end up performing some accounting tasks as well due to controlling the payment processing. HIPAA compliance too if it's something medical like a small doctor's office, therapist, dialysis clinic, outpatient care - basically anything that might be billable to health insurance.

Does the business have a private email server? You'll be spending a lot of time maintaining spam filters and block lists and ensuring that their email server has a good reputation with the major email service providers.

Do the employees need user logins so that they can add or edit content on the website or perform other business tasks? Now you're not just a web host, you're also a sysadmin for a small enterprise which means you'll be handling common end-user support tasks like password resets. Have fun with that.

Do they regularly upload new content? (e.g. product photos and descriptions, customer testimonies, demo videos) Now you're a database admin too.

Does the website allow the business's customers to upload information? (comments/reviews/pictures/etc, e.g. is it Web 2.0 in some way) god help you.

You're going to expose this to the public internet. It will be crawled, and its content scraped by various bots. At some point, someone will try to install a cryptominer on it. Someone will try to use it as a C2 server. Someone will notice that you're running multiple sites/services from one infrastructure stack and attempt to punch their way out of the webhost VM and into the main server just to poke around and see what else you've got there. Someone will install mirai and try to make it part of a DDOS service provider's network.