Setting up a secure blog (or any kind of website) using hugo, certbot, haproxy, and crowdsec

jabgoe2089 , 11 hours ago

first thing is to install snapd an a perfectly fine debian 12???

h0bbl3s OP , 11 hours ago (edited 10 hours ago)

I know I know. If you wanna install certbot another way feel free. Share it with me I’m sure it’ll take up less space. I only did it that way because it’s the certbot official©®™ instructions. That and I had issues with the other method I tried.

nerdovic , 10 hours ago

I like docker and traefik, traefik has let’s encrypt built-in.

h0bbl3s OP , 10 hours ago

I’ve got plenty of experience with docker and I’ve heard of traefik but never used it. Thanks, I’m gonna look into it.

exu , 8 hours ago

I can really recommend acme.sh if you wanted to try a certbot alternative.

lemmyvore , 7 hours ago

Or a docker image with Nginx Proxy Manager. You get a working reverse proxy, an automatically renewing certbot, easy to use UI, plus a working nginx install that you can use for serving static files, forward proxy etc.

keisatsu , 7 hours ago

apt install python3-certbot :)

mostlikelyaperson , 4 hours ago

Another thing you could check out is Caddy, comes with a lot of stuff onboard and has an optional crowdsec module (though I should point out that I never used that module myself so I can’t make guarantees how well it works) caddyserver.com

FrostyCaveman , 6 hours ago

Thanks for sharing! TIL about crowdsec

matcha_addict , 11 hours ago

Is it just as secure doing this (with crowdsec) vs hosting on a rented server from a cloud provider?

h0bbl3s OP , 11 hours ago

My site is on a rented server at digital ocean. Some providers do more or less to protect you themselves though. I don’t think digital ocean does much monitoring or protecting, I’ve had servers on there compromised in the past that would have been caught by my current setup. It can’t hurt in any case.

I also run crowdsec on my home setup but I don’t have any open ports at home and never get alerts. I had suricata running and plugged into crowdsec as well so it would handle blocking for both, but suricata never got to get any action with crowdsec blocking malicious activity, so I disabled it to save resources.

matcha_addict , 38 minutes ago

I don’t mean about relying on the protection from these providers. I am talking about the inherent increased security of hosting on a server that’s on a different network than your local network.