I run this server
What I can tell you, working for a company hosting data for the UK NHS.
Is that hosting is easy, I have a very reliable homelab. I keep things up to date and make sure to secure things the best I can.
But security is hard, there are many things to secure. Blind spots you didn’t even know you had.
The bast way to look at security, it to start with secure and dial things back so that it works.
With let’s encrypt and DNS APIs, theres no excuse not to have a real certificate!
More so if you want to have that service interacte with other systems not your own
Yes you can use lemmy apps to access a self hosted instance, but you will need a real certificate for that to work.
A quick check of Lemmy.rip show it has a self signed certificate, thats not going to allow you to access it easily and my even stop federation from working.
You should be able to get a lets encrypt certificate very easily.
First off, backups of the configs any user data that you can’t torrent should the inevitable happen.
Then set time aside to do updates, I spend Wednesday evenings updating and improving my setup.
Then find a way to track update announcements, I use both an RSS reader and newrealeases.io to know when something I run gets an update