Hi there,
I've been reading up on selfhosting for a couple of weeks now and I got my feet wet with a couple of things.
However, before really getting serious with it, I feel I need to get down the basics and make sure that my server will not end up a security hazard. My final goal would be to self-host my socials (Mastodon, Lemmy, Matrix) - just for myself.
What basic security do I need to have in place, considering these services? I'll be running this on a VPS and so far I consider the following: disable password login (login with ssh key only) then set up nginx, fail2ban, and a basic firewall. I'd try to close all ports that are not required for the services I run. I'll also change ssh port from 22 to something else and close port 22 as well.
Would this be a sufficient basis, or am I missing something crucial?
Bonus question: do you know of good tutorials to learn the above stuff? I've been following the guides on DigitalOcean (e.g. https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-20-04) and they seem decent enough - but I think I'll need to get into more depth than that :)
I don't think the distinction between "stupid / non-stupid" is the important one to make. The important distinction, imo, is between "honest" and "dishonest".
If someone wants to honestly learn the answer to something, how could this be a stupid question? Even if all other people in the world do, in fact, know the answer, it still wouldn't qualify as a stupid question if asked in good faith.
However, there are so many questions asked in bad faith and not coming from a desire to learn something. These are the real stupid questions.
So, to answer your question: if you're feeling stupid for asking something, just think about your intentions: do you ask because you honestly want to know the answer? Go ahead, and know that in this case there are no stupid questions - only stupid answers.