[$ ] use-case: forum

// P2P NAT traversal + narrow-takedown jurisprudence for federation

Self-hosted community infrastructure (Matrix, Lemmy, Discourse, Mastodon) lives or dies by federation reachability. Matrix homeservers need a public TCP/8448 listener (or a properly-configured well-known + reverse-proxy on TCP/443) for inbound federation; the Synapse documentation calls out NAT traversal as the most common operator headache. ActivityPub federation (Mastodon, Lemmy, Misskey) requires inbound HTTPS on the public hostname and outbound to arbitrary peers — also non-trivial behind aggressive carrier-grade NAT.

The hosting ASK for federated services is therefore: a static public IPv4, no inbound port filtering past the operator's own firewall, a proper reverse-DNS record (PTR), and an AUP that does not collapse on the first abuse complaint about user-generated content. Iceland and Romania both meet the technical asks; the AUP question is where mainstream hosts fall over. Romanian DSA implementation explicitly requires a substantiated complaint before takedown obligations arise; Icelandic Höfundalög nr. 73/1972 contains no §512-equivalent first-strike provision.

Hardware-wise mid-tier vps fits most communities. Discourse on vps-4 (4c/8GB) handles 50k uniques/day; Synapse on vps-4 carries a 5,000-account homeserver with conservative federation limits set; Lemmy needs vps-2 minimum because of the Postgres footprint. Tor v3 onion-only deployment (tor-2 / tor-4) is the right answer for communities that explicitly want clearnet-invisible infrastructure — the brand audience overlaps with that posture more than the average host's does.

// see also

• Matrix.org — Synapse Federation Setup (matrix-org.github.io/synapse)
• ActivityPub — W3C Recommendation (2018)
• EU Digital Services Act — Regulation 2022/2065 (Articles 9, 16, 22)
• Discourse — System Requirements (meta.discourse.org)