How-To-Secure-A-Linux-Server
Gitea
Our great sponsors
How-To-Secure-A-Linux-Server | Gitea | |
---|---|---|
48 | 280 | |
16,664 | 41,851 | |
- | 2.3% | |
4.6 | 10.0 | |
12 days ago | 2 days ago | |
Go | ||
Creative Commons Attribution Share Alike 4.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
How-To-Secure-A-Linux-Server
- An evolving how-to guide for securing a Linux server
- How to Secure a Linux Server
-
Should I set up my own server?
- own server costs about $5/month. I recommend using docker to deploy hbbr and hbbs. Back up the key in case you need to re-deploy. You do need to secure your Linux server, and this community-driven Github guide has some good tips to get started.
- How-To-Secure-A-Linux-Server: An evolving how-to guide for securing a Linux server.
-
Automating the security hardening of a Linux server
I have been using the How To Secure A Linux Server guide for quite a while and wanted to learn Ansible, so I created two playbooks to automate most of the guides content. The playbooks are still a work in progress.
-
Connecting to docker containers rarely work, including via Caddy (non docker) reverse proxy
If it works, I will then follow the hardening guide I did before (https://github.com/imthenachoman/How-To-Secure-A-Linux-Server) and test after every step
-
Resources to learn backend security from scratch
Maybe these two repos can help you, I've used them both from time to time to look up stuff I have no idea about as a frontend main: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server https://github.com/decalage2/awesome-security-hardening
- Time to start security hardening - been lucky for too long
-
Ask HN: How can a total beginner start with self-hosting
> In short it’s all about control, privacy, and security, in that order.
I am going to strongly urge you to consider changing that order and move *security* to the first priority. I have long run my own servers, it is much easier to setup a server with strong security foundation, than to clean up afterwards.
As a beginner, you should stick to a well known and documented Linux server distribution such as Ubuntu Server LTS or Fedora. Only install the programs you need. Do not install a windowing system on it. Do everything for the server from the command line.
Here are a few blog posts I have bookmarked over the years that I think are geared to beginners:
"My First 5 Minutes On A Server; Or, Essential Security for Linux Servers": An quick walk through of how to do basic server security manually [1]. There was a good Hacker News discussion about this article, most of the response suggests using tools to automate these types of security tasks [2], however the short tutorial will teach you a great deal, and automation mostly only makes sense when you are deploying a number of similar servers. I definitely take a more manual hands-on approach to managing my personal servers compared to the ones I professionally deploy.
"How To Secure A Linux Server": An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. [3]
Both Linode[4] and Digital Ocean[5] have created good sets of Tutorials and documentation that are generally trustworthy and kept up-to-date
Good luck and have fun
[1]: https://sollove.com/2013/03/03/my-first-5-minutes-on-a-serve...
[2]: https://news.ycombinator.com/item?id=5316093
[3]: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
[4]: https://www.linode.com/docs/guides/
[5]: https://www.digitalocean.com/community/tutorials
-
Selfhosting Security for Cloud Providers like Hetzner
I suggest these resources: - Some fundamentals: https://www.cyberciti.biz/tips/linux-security.html - One of the best imho ( exhaustive list ): https://github.com/imthenachoman/How-To-Secure-A-Linux-Server - Ansible playbook to harden security by Jeff Geerling: https://github.com/geerlingguy/ansible-role-security - OAWSP Check list ( targeted for web apps... and honestly a bit overkill ): https://github.com/0xRadi/OWASP-Web-Checklist
Gitea
-
Ask HN: What software sparks joy when using?
Linux Mint with Cinnamon: https://www.linuxmint.com/ as far as desktop OSes go it's familiar (Ubuntu without snaps by default), whereas the UI feels both snappy, doesn't use too much resources and is actually pretty to look at.
MobaXTerm: https://mobaxterm.mobatek.net/ this one is a bit more Windows centric but I ended up paying for it and replaced mRemoteNg and PuTTY with it, it's even better than Remmina or whatever Linux has to offer - you can manage SSH/RDP/VNC/... sessions, input across multiple sessions side by side and it just simplifies things a lot (jump host support, a port forwarding too and so much more).
GitKraken: https://www.gitkraken.com/ also a piece of software that I paid for, this one actually makes using Git pleasant, feels better to use than SourceTree and Git Cola (even though that latter is wonderfully lightweight, too) and honestly I prefer that to the CLI nowadays.
Kanboard: https://kanboard.org/ is a lightweight Kanban project management tool, it might not have every feature under the sun but it's the most snappy project management tool I've ever used, looks simple and runs well. I honestly love it, what a nice thing to have.
Most modern text editors and IDEs: I personally pay for JetBrains IDEs but also like Visual Studio Code as a text editor and both have helped me immensely, they're reasonably performant when you have the RAM, look nice, often give you suggestions about how to improve your code and also have a plethora of plugins in their ecosystems. Nowadays I unapologetically use LLMs as well and overall it feels like I have these great tools and cool autocomplete (that is sometimes a bit silly and wrong) at my disposal, that makes me happy.
Kdenlive: https://kdenlive.org/ imagine if there was a successor to Windows Movie Maker, though something that gets most of the important stuff out of Sony Vegas, except is also completely free and works on most platforms. Kdenlive is all of that and also somehow quite pleasant to use, I actually prefer it to DaVinci resolve. There is a bit of a learning curve to any piece of software like this, but everything mostly makes sense in this one.
Gitea: https://about.gitea.com/ I still use this for my personal Git repositories and integrating with CI systems and it's lightweight, looks good and just feels pleasant to use. Previously I self-hosted GitLab and constantly ran into resource exhaustion as well as doubts about the next update is going to corrupt all of my data and break (it did), so now I use Gitea instead.
Drone CI: https://www.drone.io/ a container native CI solution that I can also self host. It's container oriented, integrates with Gitea nicely, is similarly nice to GitLab CI and doesn't cause me headaches like Jenkins would.
Docker: https://www.docker.com/ yes, even Docker desktop. It just makes working with containers really pleasant and predictable, even when something like Podman also exists (and also is great). I don't know, I feel like Docker really saved me from having brittle legacy environments, even self-contained containers with health checks and resource limits with still the same brittle code inside of those make me feel way more safe.
-
Mermaid Chart, a Markdown-like tool for creating diagrams, raises $7.5M
Same [1]. Zoom being outsourced to the implementing platform is one major pain-point. That example from us has grown in size.
We are clearly using the wrong tool for a diagram of this complexity, but the practicality of seeing commit changes in the diff, what property was changed by whom and instantly having the visual feedback in the Pull Request is just way too useful to use a "proper" tool.
[1] https://github.com/go-gitea/gitea/issues/25803
-
Forgejo makes a full break from Gitea
It's a tangent, but I think it's interesting that Gitea started trying to self host in Feb 2017 (https://github.com/go-gitea/gitea/issues/1029) and hasn't got there yet (based on how active the github issues/PR page are).
https://about.gitea.com/ offers me a "free cloud trial" and otherwise sounds very like other web front ends to git. So like github, except they don't trust it themselves.
In contract forgejo has "Self-hosted alternative to GitHub" written in big letters on the landing page. https://codeberg.org/forgejo is indeed self hosted.
- Go: What We Got Right, What We Got Wrong
-
10 open source tools that platform, SRE and DevOps engineers should consider in 2024.
Gitea is a versatile tool for creating and managing git-based repositories, streamlining Code Review to enhance code quality for users and businesses. It integrates a CI/CD system, Gitea Actions, compatible with GitHub Actions, allowing users to create workflows in YAML or use existing plugins. Gitea's project management features include issue tasks, labeling, and kanban boards for efficient management of requirements, features, and bugs. These tools integrate with branches, tags, milestones, assignments, time tracking, and dependencies to plan and track development progress. Furthermore, Gitea supports over 20 package management types, such as Cargo, Composer, NPM, and PyPI, catering to a wide range of public or private package management needs. This comprehensive suite of features makes Gitea a powerful platform for managing development projects and packages.
- Gitea – Open-Source GitHub
-
My website is one binary
Golang has a ton of single binary websites out there. The two that come to mind off hand are Gogs/Gitea only because I contributed to them
https://github.com/gogs/gogs
https://github.com/go-gitea/gitea
-
Fossil versus Git
My problem with Fossil is that it is a "one solution for all problems". Fossil packs all solutions together while the Git ecosystem provides several different solutions for each problem.
When you want to do things that Fossil is not meant to do, then you're in trouble. I have no idea on how to do CI/CD and DevOps with Fossil and how to integrate it with AWS/Azure/GCP.
I find that the whole ecosystem of Gitlab/Github and stand-alone alternatives like Gitea [1], Gogs [2], Notion, Jira and others is way more flexible and versatile.
[1] https://about.gitea.com/
- Gitea Hosted Gitea
-
Harness launches Gitness, an open-source GitHub competitor
Reminds of the GitHub issue for hosting Gitea on Gitea, it's... a read to be sure: https://github.com/go-gitea/gitea/issues/1029
What are some alternatives?
authelia - The Single Sign-On Multi-Factor portal for web apps
Gogs - Gogs is a painless self-hosted Git service
docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
gitlab
PowerDNS - PowerDNS Authoritative, PowerDNS Recursor, dnsdist
Redmine - Mirror of redmine code source - Official Subversion repository is at https://svn.redmine.org/redmine - contact: @vividtone or maeda (at) farend (dot) jp
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening
OpenProject - OpenProject is the leading open source project management software.
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
onedev - Git Server with CI/CD, Kanban, and Packages. Seamless integration. Unparalleled experience.
Paperless-ng - A supercharged version of paperless: scan, index and archive all your physical documents
gogit - Implementation of git internals from scratch in Go language