Thank you Michael for all your replies and for this one!!
I hear ya. It may take too much time....
Let me ponder your reply.
Thanks!!
On 2021-07-11 12:15, Michael Butash via PLUG-discuss wrote:
On Sun, Jul 11, 2021 at 11:23 AM Keith Smith via PLUG-discuss
<[email protected]> wrote:
I am talking about a virtual PHP host running Ubuntu LTS, LAMP,
Let's
Encrypt, BIND, Postfix, Dovecot, and possibly some webmail app. Not
sure of anything else I would need. Is there more?
We can throw in learning Apache SPF and NGINX.
1) First question is this a reasonable idea or am I crazy?
For learning and tinkering, it's a good idea, production for yourself
probably not. I set all that up some 10-15 years ago, thought it was
cool, then got tired of upkeep. If you plan to maintain it right, you
probably will too.
These days any internet-facing service needs almost religious zeal to
upkeep, lest some jackass use a 0-day to cryptolocker your system(s),
and if you watch security lists for those, they are still pretty
frequent I'll bet. Or you could just pay gmail/orfice365/rocketmail,
or any other and let all that patching and upkeep be automated by
them. I used godaddy mail for a decade, later gmail, and I really
don't mind not managing my own email or dns servers ever again since.
2) 2nd question is what skills would I need?
The ability to google your ass off mostly. I've not read a how-to or
protocol or certification-type book in 20 years, trust me it's not
terribly practical, and I fifo from my brain quickly. Searching how
to's and troubleshooting as you do is how you learn. If you must, I'd
recommend linux academy, udemy, or other online class-type courses, as
most can be had cheap around holidays with sales, mostly what I do
these days to learn if not just searching.
Email is email and hasn't changed much in 20 years. Understanding
encryption, authentication (ie. 2fa), use of SPF/DKIM with DNS,
certificates (openssl, letsencrypt, build your own CA). Security in
general is pretty key more than knowing how email protocols work.
Web stuff is again more about security imho, redirect all
non-encrypted to encrypted (tcp/80->443 redirection), proper
certs/encryption standards (enable tls1.2, disable rest, strong
ciphers). Some vhosts, proxy redirection if needed, etc is helpful.
If you want to scale, add load-balancing via apache/nginx proxy or
appliances (F5, AWS ALB, Netscaler, etc) across multiple hosts.
System security is key too. Securing SSH, disabling unnecessary
services, local firewall in/out, log monitoring, networking, file
system/service integrity, etc.
I am not a dev or a sysadmin, more a network guy that ends up
troubleshooting systems more than their owners do when they blame my
network, or just tinkering for myself. IMHO with above, but YMMV.
-mb
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
