SoylentNews is people
SoylentNews
from the questions,-questions,-questions dept.
I'm putting this under security because i'd like to keep this a private server for family:
that said, I'm wondering if you fine people can help me with the best way to set up a web server in my house to host the files on my external hard drives for family members in other cities/countries while, again, keeping it private and secure over the internet.
I'm looking into ngrok for url handling, but am not sure exactly if this is the best way to go.
Can anyone save me time and possible heartache and failure and provide me (and possibly others) with a walk-through of which software to use. Would love to do something like free, but may have to get a paid unique domain from, say, ngrok, to make it easier for family members to connect up.
Help me, Obi Wan Kenobi... you're my only hope!
(Score: 3, Interesting) by tibman on Friday January 19 2018, @10:04PM (1 child)
My first question: does your home internet connection have the bandwidth required to host what you want?
Second question: are you serving up mostly http documents, like a real website?
The first question is to determine if you can even host it at your home. The second one is to determine what kind of service you actually need to provide.
If you are hosting pictures, movies, and files then a file centric service makes more sense than a webserver. Checkout https://mycloud.com [mycloud.com] You could also just use sftp. Your family would have to download a client to get access but it's secure and basically a file browser.
If you are creating forms and webpages then prepare to become a sysadmin. You'll have to manage the security and administration for a public facing web-server. The only way to keep the web site itself private is to force your family to use a VPN to access the network your server is sitting on. Unlikely. Which means you will need an authentication mechanism on your public website to secure the private contents. A very simple mechanism in apache is using .htpasswd: https://wiki.apache.org/httpd/PasswordBasicAuth [apache.org] That would handle your access problem. Apache can display directories and files just fine by itself but you need a way to upload and manage files. There is sftp again or there are web based file managers you can use (PHP probably). Some of them might even come with their own auth system.
You can do everything for free but how valuable is your time, hah. Can you give us some example use cases? How often will people upload files? Do you need a chat or forum? What size and type of files will be uploaded? Are the files secret or a service like dropbox/gdrive could be trusted with them?
SN won't survive on lurkers alone. Write comments.
(Score: 3, Informative) by urza9814 on Saturday January 20 2018, @02:11AM
This is how I'd do it...although I tend to always have a couple Apache instances running anyway, so that's just easiest for me. If you don't need it to look fancy, you can potentially use the index pages Apache generates...or for images you can easily put together a very simple gallery page with about a dozen lines of PHP. For file uploads I just use sshfs to mount the web server's filesystem to my local machine and copy/edit files from there, but that won't work as well if the remote users also need to be able to upload. You *could* code a file upload in a couple lines of PHP too, but I wouldn't recommend it. If that's what you're trying to do -- or if you just want something a little nicer than a raw list of HTML links -- use existing cloud software like NextCloud or Sandstorm.
One additional detail to consider though is that .htpasswd isn't particularly secure on its own (*especially* if your site accepts any actual user input, but it's not great regardless). Depending on the configuration it may be sending the passwords in plaintext and even the hashed version can be vulnerable to certain kinds of replay attacks. So I'd suggest grabbing some certs from LetsEncrypt, and either blocking port 80 entirely or setting up an .htaccess file to forcibly redirect to HTTPS.
Then either put the web server in the DMZ or forward the appropriate ports...and make sure you've got everything else firewalled off too. You could also consider configuring Apache's mod_security to better secure the web server (can help against brute force attacks for example.)
And for a domain name...there's a lot of dynamic domain services that others have already posted, and those should work well enough. Depends how often your IP changes and how memorable you need that domain to be though. My IP is mostly static unless there's a power outage, so I purchased a full domain from Gandi.net and just have a small cron script that uses their API to check and update my IP when needed. That does mean that if my IP changes, there's two or three hours of downtime while the change is detected, updated, and propagated through the nameservers...but in my case that happens at most once a year so it's not really an issue, and it gives me a domain that's marginally easier to remember or to read off to someone over the phone or in person.
I'm not sure if that's really a GOOD way of doing it...but it's what I would do :)