this post was submitted on 23 Apr 2024
56 points (98.3% liked)

Selfhosted

40336 readers
803 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hello, I don't have much experience in self-hosting, I'm buying a ProtonVPN subscription and would like to port forward. I have like no experience in self-hosting but a good amount in Linux. I'm planning on using Proxmox VE with a YunoHost VM. I already have a domain name from Njalla. I'm setting up a website for my computer store. I want it to have listings and payment options so they can check out there. I want my customer data to be secure. I don't want it to have any JavaScript or nasty trackers. I want it to be FOSS. Any help is highly appreciated!

all 33 comments
sorted by: hot top controversial new old
[–] cm0002 52 points 7 months ago (1 children)

I feel like it was just a few months ago someone else was asking this very similar thing, including wanting to handle payment processing themselves as well.

Seriously OP, do not do payment processing on your own unless you already have experience with going through PCI compliance. And if you did, you would already have made the decision to off load it to an actual payment processer lmao

Don't be a hero, offload payment processing to a third-party.

[–] just_another_person 12 points 7 months ago (2 children)

Second this wholeheartedly. There's a reason businesses like Square space exist, and you will kill yourself trying to stay on top of things to stay up to date and secure.

[–] IHawkMike 5 points 7 months ago

Third. The first thing I mention when one of my clients asks anything about PCI is to offload as much card processing onto third parties as possible.

And if you have nothing in place yet, then 100% offloaded should be possible (with the possible exception of secure payment terminals if you need to process physical cards).

That said, it is still possible to use your own hosted WordPress storefront and offload the payment processing via tokenization or redirection. But a turnkey solution like Shopify might be better if you lack the experience.

[–] EncryptKeeper 5 points 7 months ago

For real. I handle PCI audits at work and at this point I’d pay somebody to do it for me.

[–] [email protected] 14 points 7 months ago

If you are accepting payments, you absolutely want to offload that to a third party payment processor, so that you don't have to go through the hassle of doing PCI compliance.

[–] mo_ztt 10 points 7 months ago* (last edited 7 months ago) (3 children)

Wordpress 1,000% (probably coupled with WooCommerce but there are probably some other options)

I honestly don't even know off the top of my head why you would use anything else (aside from some vague elitism connected to the large ecosystem of commercial crap which has tainted by association the open source core of it) -- it combines FOSS + easy + powerful + popular. You will have to tiptoe around some amount of crapware in order to keep it pure OSS though.

[–] [email protected] 3 points 7 months ago (1 children)

the large ecosystem of commercial crap which has tainted by association the open source core of it

Isn't the main shop plugin (woocommerce) heavily infested with that though?

[–] mo_ztt 4 points 7 months ago (1 children)

Everything Wordpress is heavily infested with that. However you don't have to let it impact you -- it kind of looks to me like they pressure commercial vendors to put their stuff under the GPL if they're wanting to offer a free version, so there's a robust ecosystem of actually-FOSS tooling for it. My experience has been that it's always worked pretty well in practice; you just have to keep your nope-I'm-not-paying-for-your-paid-version goggles firmly affixed. (Also, side note, GPT does an excellent job of writing little functions.php snippets for you to enable particular custom functionality for your Wordpress install when you need it.)

[–] [email protected] 3 points 7 months ago (1 children)

LOL, getting GPT to write code for the most unholy combination of the worst the blog and e-commerce have to offer, that should work well.

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago)

Honestly having GPT write one-off code for you for particular selected pieces (esp ones that require a lot of domain knowledge) works pretty well in my experience

[–] [email protected] 1 points 7 months ago

I had to migrate shop from WooCommerce to PrestaShop.
The store is for both Poland and Germany, so two countries, two different currencies, languages and tax zones. With WooCommerce every simple thing like multicurrency requires a plugin. Then you need a plugin for multiple languages, then for multiple tax zones, then multiple client bases (retail and B2B)...
With PrestaShop all of we needed for that basic but two-country store was a payment plugin.

[–] foggy 1 points 7 months ago

Yeah, anything you wanna do on WordPress, you can do. But someone else has also already done, and likely offers it through their plugin ecosystem. The question is, is that plugin FOSS, and if not, are you ready to do it yourself?

The caveat to doing anything yourself for e-commerce is liability. Just make sure your shit is secure, up to date, tested, encrypted, backed up, etc.

[–] ricdeh 9 points 7 months ago

I don't want it to have any JavaScript

That's not going to happen. I also don't understand why you wouldn't want JavaScript. All the concerns with it are about the times when you access a website by a proprietary software maker and encounter obfuscated and opaque code that you can only with great difficulty reconstruct what it does. But JavaScript "in the right hands", like on a FOSS website, is perfectly fine and even required to make a webpage that can actually do something more than simply display text or images.

[–] hperrin 9 points 7 months ago (1 children)
[–] [email protected] 1 points 7 months ago

Can be done with a server side rendered framework like flask

[–] [email protected] 9 points 7 months ago

I have created a couple of small stores and being FOSS lover myself I can give some advice.

First, your options are WooCommerce or PrestaShop and alike. Don't fall into being idealist and JS-free now, because there is no software suite on the market that is going to give you that. Except payment provider, it can be done, but you would need to write e-commerce software from scratch yourself and I guess this is not in your capacity. Both of them have no trackers, just choose a lightweight theme because some third-party themes include fonts or scripts from Google-alike because of lazyness. You can use build-in ones and modify them. PrestaShop themes are much easier to modify, because those are Twig templates instead of full PHP scripts. WooCommerce is GPL so plugins must be free software too, but many of them are from shitty devs who provide only obfuscated scripts, so you must check each plugin by yourself. PrestaShop plugins are more often proprietary, but you need much less of them, as almost everything internal is out-of-the-box. With Presta you need payment provider plugin and basically that's it, while on Woo every single thing like different tax for a region would require a web of plugins.

After some time with both my scheme is: WooCommerce if you have a blog-style website and just want to sell something as a bonus. PrestaShop if you start a real small or big businesses and selling is the primary goal.

As for VPN, what can I say other than this is not sustainable. You are literally selling stuff with your name so there is no privacy or freedom benefit with additional routing. Just get an ISP offering a public IP (not beind a NAT) and open a firewall port. Or if you cannot do that, rent a VPS. I don't see a point in anonymity here, pure clearnet is more than enough for shopping for physical thighs.

And I say this as a quite hard level FOSS person. My machines are all on Linux, being able to connect Yggdrasil, I2P, Tor at once, with seedbox running 24/7 and tracker blockers everywhere.
In commerce, there is no point to fight here, just use the popular thing and not make it worse than vanilla, that's it.

[–] [email protected] 5 points 7 months ago

Using ProtonVPN probably isn’t doing what you want it to do, since the port they will give you is random, but for your website you will want ports 80 and 443 exposed.

CloudFlare will hide your IP will properly forwarding traffic (and other benefits, like caching images on their CDN, if you want them). Also their free tier is more than enough for something like this.

[–] TCB13 5 points 7 months ago

Wordpress + Woocomerce. There are a few themes that use less or no JavaScript, but you shouldn't bother with that, JS is useful and can reduce the amount of page loads (traffic) and make the experience better.

[–] [email protected] 5 points 7 months ago (1 children)

Definitely use some sort of cloud server, I'd stay away from your VPN + port forwarding idea, it will only cause you issues. I heard good things about WooCommerce, it's FOSS. You can't get around JavaScript, it's impossible to build a functioning online store without some kind of JS. WooCommerce doesn't include trackers though, just the bare-minimum JavaScript that is required for the site to work.

[–] SirQuackTheDuck 4 points 7 months ago (1 children)

You can't get around JavaScript, it's impossible to build a functioning online store without some kind of JS.

Well, sure you can. It will just be a pain to use for your users, especially when validation comes into play.

But a simple list with an "add to chart" button really won't need any javascript.

[–] [email protected] 1 points 7 months ago (2 children)

How would you integrate with a payment processor? Handling payments yourself means that you would have to comply with the PCI standard and get audits in regular intervals, which are insanely expensive and only make sense if you actually run a large business which makes money from card transactions.

[–] SirQuackTheDuck 1 points 7 months ago (1 children)

You don't have to be PCI compliant for stuff like bank transfers or other forms of payment. Credit cards aren't the default payment method everywhere.

Maybe it's pay on pickup, or just a simple mail with sepa wire transfer instructions.

Also, the PSP can still use JS but your site still doesn't need to have it. Services like Mollie and Stripe offer checkout environments they host, meaning you still don't have to use JS on your site.

[–] [email protected] 2 points 7 months ago

Having a Stripe integration literally means having JavaScript on your site. Sure, it doesn't come from your website directly, but it's still loaded and executed when someone visits the site and tries to pay. TL;DR: Of course it's possible. Everything is possible. Having some FOSS JavaScript from WooCommerce isn't that bad though, and you'll likely need nonfree JS for payments anyway.

[–] [email protected] 1 points 7 months ago
[–] [email protected] 4 points 7 months ago

Using ProtonVPN probably isn’t doing what you want it to do, since the port they will give you is random, but for your website you will want ports 80 and 443 exposed.

CloudFlare will hide your IP will properly forwarding traffic (and other benefits, like caching images on their CDN, if you want them). Also their free tier is more than enough for something like this.

[–] thefactremains 4 points 7 months ago

Here's a decent list on awesome-self-hosted

[–] [email protected] 3 points 7 months ago

I would create in the cloud

[–] [email protected] 2 points 7 months ago

Be sure to familiarize yourself with PCI DSS compliance and how it does or does not apply to you and your payment gateway.

[–] [email protected] 2 points 7 months ago

WordPress shop maybe?

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
IP Internet Protocol
NAT Network Address Translation
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

[Thread #708 for this sub, first seen 24th Apr 2024, 02:15] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 1 points 7 months ago

Given your requirements, why not just accept Bitcoin or other crypto? It sounds like you want to self host it semi anonymously.

[–] [email protected] -1 points 7 months ago

New Lemmy Post: How do I setup my own FOSS shopping website for my business? (https://lemmyverse.link/lemmy.world/post/14610573)
Tagging: #SelfHosted

(Replying in the OP of this thread (NOT THIS BOT!) will appear as a comment in the lemmy discussion.)

I am a FOSS bot. Check my README: https://github.com/db0/lemmy-tagginator/blob/main/README.md