I’m new to RW/Stacks/Foundry, etc. and my impression it this system is primarily a site-build. Does anyone have recommendations for in-house servers for my new site?
Honestly, it depends on your use-case, so we’re going to need some more info for a definitive recommendation.
Is your site for Intranet or Internet?
Is this for a Corporate business or are you a one-man-band?
For prototyping/testing or live?
How many concurrent visitors are you expecting?
How technical are you?
My assumptions are you need Internet, you don’t have access to an IT team, it’s a live service, you’re hoping for lots of visitors, and (forgive me) you’re not a Unix/Linux whiz. (Do correct me if I’m wrong, though!)
“In-house” is a huge risk if you need your site to be externally-facing - check the logs on your network Router to see how often your Public IP is being probed by external sources looking for a point of entry…
Unless you’re a security expert, get hosting space with someone like Chillidog Hosting or Dreamhost, and let them worry about Performance, Availability, Scalability, DDoS attacks, Hackers, Firewalls, DMZs, Backups, Patches/Updates, UPSs, Fire Suppression, etc.
That said, for prototyping I have an Apache setup (with PHP & MySQL) running on a NAS and also a Raspberry Pi. I wouldn’t dream of exposing either to the outside world, though - for that, I use Chillidog!
(Not that one)
Thank you Adam for your response and your suggestions. I spent my career in some aspect of medicine, so am highly ‘technical’ in that realm. Since retiring, I have been self-teaching ‘high-tech’ subjects, tinkering around with RaspPi for over the past years; built a ‘bramble’ 6 months ago. Beginner programming in Python, R and Julia.
My plan is for an exclusive “family” blog site used by family members and not broadcast to any wider audience. My answers to your questions are “internet”, “one-man”, “both”, “fewer than 50” and "already answered.”
I appreciate your concern of the “security” issues and am learning more about them before I make the final decision to self-host or not.
The fact that the server will be Internet-facing is enough to strongly urge you to go the hosting route.
The problem with having a server exposed to the world isn’t just the integrity of the server itself, but that it can easily be used by nefarious individuals as a jumping off point into your LAN, so on top of the considerations I mentioned above, you’d need to ensure that you have a DMZ and some form of Intruder Detection System in place, as well.
This is, unfortunately, the case, irrespective of whether it’s “advertised”, or not - Hackers/Bots will scan addresses, find a response, and then start scanning ports for vulnerabilities. It’s a nightmare.
Of course, at the end of the day, it’s your prerogative to go whichever route you choose, but having spent over 30 years in IT Infrastructure and Security, self-hosting wouldn’t be my recommended option - the Hosting companies are by far the best option, as it’s all they do.
@owlyhawk Most hosting companies do a very good job. There are exceptions like GoDaddy. I’m sure both Adam’s will have recommendations on good hosting companies. (I use a company that only works with educational institutions so my recommendation would not be helpful.)
I teach and always have an online web-based compliment to the courses. As such, I need to provide really good privacy protection. Towards that end I use a membership plugin that is very effective and adaptable. It’s called Sitelok and more info can be found here:
This info may or may not be helpful to you. But I’ve found the combo of good hosting company with Sitelok allows me all the privacy for my students that I need. In fact if you want it, the same company offers a 2FA security option on top. Not something I feel I need with my students, but perhaps I’m mistaken. If interested, more here:
Your arguments are convincing… and a statement on the current rapid devolution of society; consider your own use of the word “unfortunately.”
It comes down to the question of “why would I choose to subject myself [blog site] to such potential vulnerabilities?” and the answer is “I can think of better uses of my time than having to worry about the security of my site.”
Again, thanks for your passionate recommendations. WH
Yes, absolutely, categorically NOT GoDaddy!