I am trying to get a local org I am in set up with a domain and website just to have a place to point people for everything. We would like to keep it as cheap as possible. I figure we need the following:
-Domain name (going to use namecheap probably)
-VPS host (I haven’t done this before, it looks like racknerd may be way to go?). I assume I will probably only need 1GB of memory as it will just be a static webserver but that may be too little, not 100% sure.
-Email host. This is one of two real reasons I want to own the domain, we have multiple uses for email but currently everything is under one gmail address and a lot gets lost in the clutter. A few people in our org would like to stick with gmail but I am open to other suggestions. Definitely do not want to deal with self hosting on this.
-Website builder. I plan to use an Ubuntu server with the LEMP stack on the VPS, should I just use Wordpress? I am definitely not experienced in website building so it’s not realistic to do my own HTTP. My only concern is using Wordpress will result in a poorly optimized site that may strain my limited resources, but there are also a few people in our org that have experience with it so that would help.
While I have a decent amount of tech experience generally, these are mostly uncharted waters for me. I know this comes across as kind of half baked, but really I am just looking for general advice!
This is great info, thanks! I deal a decent amount with regular server security so was already planning to do SSH access only.
We’re pretty much only using email for contact with people outside the org so not super concerned about opsec on that front, but I agree with you that I would like to move off Google. Institutional inertia can be a motherfucker though so who knows. I’m also looking into self hosting an encrypted messaging app since we still just use WhatsApp but that seems like it’s own whole project haha.
A few years ago I’d recommend an un-federated Matrix server, but I’m not sure what that platform will look like in a few years. It lives and dies by New Vector LTD. At this point, I’d take a good look at XMPP with the OMEMO extension (a forward secrecy “double ratchet” algorithm similar to those used in Matrix and Signal).
Something like this could likely live in the headroom of a small webserver, though there are benefits to compartmentalization as well. If you use your DNS wisely, you could give something like this its own sub-domain, and eventually move it to its own server at some point in the future.
+1 for XMPP, hosting an XMPP server is far less intensive than a matrix one and has the same security benefits with OMEMO (if a device’s keys get compromised, previous messages can’t be decrypted).
Matrix has some iffy history with its zionist past from an Israeli company it also collects tons of metadata and is more complicated to set up.
I ran a Synapse server (the Matrix “reference implementation”) for about a year and for a thing used to allow five friends to communicate, it was an abomination. Incredibly heavy application (“They’re calling it the Mastodon of instant messaging.”). Nowadays at least there are some other options, but at the time Synapse was the ONLY viable implementation.
Whatsapp can be replaced by Signal at the very least. If you’re in a whatsapp chat and somebody decides to use the report feature, your keys get sent to Facebook and the entire chat is decrypted.
Whatsapp also is a bigger vector for scammers and spammers while those have been extremely rare for me on Signal (like once or twice in a few years).