This is a really excellent guide; thank you for taking the trouble to create and post it.
However, I won't (unfortunately) be following it... I was reading through and I got to the part where you talk about the need to change the default port of SSH, because Gogs wants to run its own SSH service on port 22...
This is is a really, really, really bad idea.
TCP ports below 1023 are known as "well known ports" and are configured consistently across virtually all devices and systems that support the TCP/IP protocol stack. Having any third party package seek to over-ride a default port in this way is dangerous and should tell us all something about the authors of this software.
I am not claiming or suggesting that Gogs is in any way malicious. However, when a piece of (user-space) software asks you to compromise the integrity and security of a system so that it can be installed and run, you should be asking yourself why it is doing this?
Were the Gogs developers just lazy? Did they not want to use a custom port for their SSH access? If so, that's bad practice right there.
Did they not realize that this is poor practice? If so, how many other poor security decisions have they made?
I don't want my comments to be seen as critical of the article [which is clear and very well written] or the operational functionality of Gogs [on which I have no information to base a view], but I hope this comment will encourage readers to think about the software installation / configuration process a bit more carefully...
Each time you are asked to make a non-default configuration setting on your computer, you are taking a risk. Eventually, you may become so accustomed to this that you stop seeing non-default settings like this as a risk, and implement a requested change that has far more serious consequences... So it helps to have an understanding of the risks and consequences.
Be aware. Be safe.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This is a really excellent guide; thank you for taking the trouble to create and post it.
However, I won't (unfortunately) be following it... I was reading through and I got to the part where you talk about the need to change the default port of SSH, because Gogs wants to run its own SSH service on port 22...
This is is a really, really, really bad idea.
TCP ports below 1023 are known as "well known ports" and are configured consistently across virtually all devices and systems that support the TCP/IP protocol stack. Having any third party package seek to over-ride a default port in this way is dangerous and should tell us all something about the authors of this software.
I am not claiming or suggesting that Gogs is in any way malicious. However, when a piece of (user-space) software asks you to compromise the integrity and security of a system so that it can be installed and run, you should be asking yourself why it is doing this?
Were the Gogs developers just lazy? Did they not want to use a custom port for their SSH access? If so, that's bad practice right there.
Did they not realize that this is poor practice? If so, how many other poor security decisions have they made?
I don't want my comments to be seen as critical of the article [which is clear and very well written] or the operational functionality of Gogs [on which I have no information to base a view], but I hope this comment will encourage readers to think about the software installation / configuration process a bit more carefully...
Each time you are asked to make a non-default configuration setting on your computer, you are taking a risk. Eventually, you may become so accustomed to this that you stop seeing non-default settings like this as a risk, and implement a requested change that has far more serious consequences... So it helps to have an understanding of the risks and consequences.
Be aware. Be safe.