this post was submitted on 25 Feb 2024
35 points (100.0% liked)

Free and Open Source Software

17919 readers
56 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
[email protected]
[email protected]
35
Any good articles on designing applications that can be self-hosted? (reddthat.com)
submitted 8 months ago* (last edited 8 months ago) by [email protected] to c/[email protected]
11 comments fedilink hide all child comments
 

I am developing a platform, the details don't matter, but it's a system the hosts personal data. As a result, I want to avoid hosting users in any way, and I am trying to make it as easy to self-host as possible.

I have some experience self hosting applications and I have some intuuition what to do or don't, but I wanted to see if I can pull from the collective wisdom.

Got any good resources to share? Any tips? Or, maybe some bad experiences or things to avoid?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 3 points 8 months ago* (last edited 8 months ago) (1 children)

I think you'll have to learn a bit about security. There is no one article, but entire books written about that... And it really depends on the type of service, the used frameworks and the intended deployment.

I'd have a look at similar software. There are tons of open source projects that handle sensitive information. From files like Nextcloud to contact sync to ticketing and payment information.

Edit: I'd leave Docker as an afterthought, since some people recommend that. It's deployment, not development. And not a means of stopping user data getting leaked or stopping login brute forcing.)

[โ€“] [email protected] 2 points 8 months ago

A good place to start is the owasp cheat sheet. They provide up-to-date, high value information about software security, I wish there was a resource like this when I started learning about security.

Even though, I have a decent background in software security, it's hard to decide on an encryption schema that's both safe and easy to use. My goal is to increase the number of components an attacker has to compromise in order to get access to the data.