Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This looks like a "send-only" server.

> sudo ufw default deny incoming

Seriously, what does one do when accepting connections, given the onslaught of data-hungry bots out there?

I wouldn't want to deal with that in any upcoming planned servers and services.



You put your reverse proxy on a publicly available machine then through strict firewalls only accept communication to your back end from the reverse proxy; effective leverage VPCs to make your backend not be on the public Internet. That should allow you to filter out malicious users without affecting your actual application and it's trivial to scale your reverse proxy horizontally or reach for a WAF if you have the need/desire.


I'm using external "send-only" SMTP server (Sendgrid) and Google Workspace as receiving/sending. Email itself is something that I'm not keen on DIYing (though I looked into it and other SMTP alternatives).


its a typical web server setup. Only incoming allowed is http, https and ssh.

Note 2 says it uses Sendgrid for email. The server is for the web app.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: