Comment by ๐ lars_the_bear
Re: "Iโm pondering about self hosting a small gopher hole on myโฆ"
@SaveRocks : I would have thought Docker would be a bit of a burden for a Raspberry Pi, although I appreciate that it's supported.
I have mixed feelings about Docker/Podman/LXC for this kind of thing. On the one hand their isolation is pretty strong. On the other, their widespread use in the online services world makes them a viable target for hackers.
Still, I guess if anybody does find a way to subvert docker, they're going to have more lucrative targets than somebody's home gopher server.
Apr 16 ยท 3 weeks ago
3 Later Comments โ
๐ astrowat [OP] ยท Apr 16 at 17:25:
Re: with docker - you want to make sure you donโt elevate access unnecessarily and have a non-root user to run the process. I know itโs possible to escape the container if itโs not secured.
๐ norayr [mod] ยท Apr 20 at 00:20:
there's old good chroot, back in decades ago people were running servers in chroots when they weren't sure. and chroots could be very small.
if the binary was statically compiled it basically needed just a kernel and its own configs.
but i am much more interested in how do you run a gopher bbs for meshtastic?
can i guess? you have a program that presents itself as socks proxy for your gopher browser. then instead of proxying it talks to a meshtastic device. on the other side a similar program gets a request and passes it to a gopher server.
i am writing such a program, have it half baked, need to concentrate and continue. how do you do this? can you explain what you do?
๐ astrowat [OP] ยท Apr 20 at 11:24:
Iโm using MeshGopher (not mine - https://github.com/jmansell90/meshgopher) which has a very basic gopher server built in, the builtin client chats via DM and will chunk text to get around the 200 byte limit. I was thinking about using gophernicus to add a bit of dynamic content (weather, etc).
Original Post
Iโm pondering about self hosting a small gopher hole on my raspberry pi. Itโs mostly for #meshtastic (Iโm using it as a BBS), but Iโd like to show it off to people without a mesh of their own. Would it be a bad idea to open port 70 on my firewall? Iโm intentionally avoiding any cgi so the surface area of attack in smallish.