I am back with another published article.
Please be kind! I am a self-taught Linux user and by no means an expert. My goal with this guide is to help newcomers to Linux have an easier and more secure start.
To all the experts out there, please be kind and do share your tips and observations. I am happy to keep updating the article to make the self-hosting world more secure.
https://nerdyarticles.com/debian-server-essentials-setup-configure-and-hardening-your-system/
Go Alpine, hardened from the start (almost).
I tried it briefly, but had to many issues getting it up and running properly…
Many issues like?
Honestly, when I tried it was like two years ago. I think back then I wasn’t experienced enough and was annoyed at some stage not being able to get docker to run.
I should give it another go. Would you just do it on RPi and a LXC container or also on your VM?
All three. Alpine (read-only from RAM) is the perfect OS for any RPi. Alpine in a VM is a perfect OS with native support for all hypervisors and drivers available from the start, and as a container base layer its simply one of the best OS out there. I run all my bare metal nodes with Alpine from USB (read-only from RAM). You setup a USB stick, plug it in, boot from it, done. You can setup the OS with your keys and everything, take the USB stick, simply copy the contents (its FAT32) and put it on another stick and plug that into another server and boom, OS ready, no installation required.
Disclaimer: All my bare metal nodes are for containers, the OS has nothing installed, so read-only from RAM is IMHO the best option to do so, unless you want PXE.
All right, you got my attention 😂
Challenge accepted! (Some rainy day I got some time).
Thanks for that!
Isn’t alpine musl based? Last time I heard it can lead to some very obscure problems when interacting with applications compiled with gcc… so, hows it fare for you?
Yes, but muscl > glibc, anyway, as a container host it does not matter. You can install 99% of all bins only the ones that are not 100% POSIX not (like GlusterFS for example) but in containers everything works.