from the questions,-questions,-questions dept.
I'm putting this under security because i'd like to keep this a private server for family:
that said, I'm wondering if you fine people can help me with the best way to set up a web server in my house to host the files on my external hard drives for family members in other cities/countries while, again, keeping it private and secure over the internet.
I'm looking into ngrok for url handling, but am not sure exactly if this is the best way to go.
Can anyone save me time and possible heartache and failure and provide me (and possibly others) with a walk-through of which software to use. Would love to do something like free, but may have to get a paid unique domain from, say, ngrok, to make it easier for family members to connect up.
Help me, Obi Wan Kenobi... you're my only hope!
(Score: 0) by Anonymous Coward on Friday January 19 2018, @09:45PM (9 children)
This approach works pretty well and is difficult to fuck up:
(Score: 4, Informative) by meustrus on Friday January 19 2018, @09:54PM (3 children)
Add to this that you use a firewall to block everything except the SSH traffic to your SSH server (and any pings ngrok may require). Don't want to have to worry about anything else the box might be listening to.
Of course, SSH tunneling is not for non-technical users, unless you want to support unusual and possibly written-by-you software to do it for them.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 0) by Anonymous Coward on Friday January 19 2018, @10:19PM (2 children)
With openssh it's one flag to enable the proxy and with putty it's simply a matter clicking the appropriate option when connecting. Nothing especially technical about it.
(Score: 2) by requerdanos on Saturday January 20 2018, @03:32PM (1 child)
And double-entry accounting is really nothing but addition and subtraction, which every 6-year old is taught in school.
-----
WELCOME TO THE tour ladies and gentlemen, above we have two statements which, while strictly true, are unhelpful and misleading, and which tend to derail, not contribute to, developing and furthering community discussion.
The first, because it assumes "once you've mastered SSH, Putty, and the concepts that make the Internet work," something most people would struggle to do, especially when they often don't know the difference between Office, Windows, and Microsoft itself, or a browser, Google, and the Internet itself.
The second, because often, six year olds, while able to add and subtract, would need to know intimately a similarly complex system of accounts and practices into which that addition and subtraction must fit.
Thank you for coming: the exit is here through the gift shop.
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @10:55PM
You are right, double entry accounting is not particularly difficult either. But understanding of negative numbers is probably a prerequisite, and I don't think that's usually taught at a first grade level.
Logging into a server with putty is not fucking rocket science. I would expect most people can manage to do it if they are not total morons, especially if you show them. Oh hey, then you can save the server settings for them and they just need to click the thing!
(Score: 1) by weregeek on Friday January 19 2018, @11:04PM (1 child)
If there's only a need to share files, and SSH is used to secure the transit, why not just use an SFTP client to connect directly to the SSH service and transfer files?
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @02:30AM
Because the OP specifically asked for a web server.
(Score: 2) by NewNic on Saturday January 20 2018, @12:21AM (2 children)
Don't use SSH. If you want this type of approach, set up a VPN with OpenVPN.
The next problem is how do your users find your home network IP address? Assuming it is dynamic, you need some kind of dynamic DNS setup.
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: 2) by maxwell demon on Saturday January 20 2018, @02:05PM (1 child)
Why?
But that would likely be a lot more work to configure. Especially if you don't want to route your relatives' complete traffic through your home network hosting the private server.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by NewNic on Monday January 22 2018, @08:07PM
OpenVPN is very easy to configure.
OpenVPN doesn't do this. It merely creates a tunnel. What you pass through the tunnel is up to other processes.
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: 5, Insightful) by bradley13 on Friday January 19 2018, @09:45PM (22 children)
Sorry, but - to me at least - it's really not clear what you're asking. You want a web server. On the Internet. But private. Huh?
Do you want people to log into your network with a VPN, and then call up the web server? That kind of private? I've never heard of ngrok, but my 30 seconds of research give me the impression that it doesn't really make any sense. "Expose a local server behind a NAT or firewall to the internet" - WTF - why would you want to do such a thing?
To me, it would make a lot more sense to put up a real webserver, in your DMZ, or otherwise on AWS. Put XAMPP on it, put a simple (OSS) CMS on top of that. Set it up to require a login, to get to the content. Outside your entwork - I mean, do you really trust Aunt Milly's and Uncle Joe-Bob's machines inside your firewall?
If you really have to, you can set up a one-way autosync from your network to the web-server. However, it's also possible that you are overestimating people's interest in your latest selfies.
Everyone is somebody else's weirdo.
(Score: 0) by Anonymous Coward on Friday January 19 2018, @09:52PM (16 children)
At least you shared some mildly helpful info, I'm not shocked at your cringey editorializing though.
(Score: 2) by bradley13 on Friday January 19 2018, @09:53PM (15 children)
Hi Aristarchus, forget to log in?
Everyone is somebody else's weirdo.
(Score: 0) by Anonymous Coward on Friday January 19 2018, @10:07PM
I'm on paramidol today, can't even find the login button! Maybe I should try out detramine, what cocktail do you keep handy bradley?
(Score: 2) by aristarchus on Friday January 19 2018, @10:28PM (13 children)
Isn't me! I am not at all shocked at your editorializing, in fact, I more or less expected it. It does sadden me deeply, however.
(Score: 1, Funny) by Anonymous Coward on Friday January 19 2018, @10:35PM
You already said you weren't shocked, but at least you were able to expand with "it does sadden me deeply". Too many big words, you should be more Trumply and just #sad.
(Score: 2) by mrpg on Saturday January 20 2018, @03:09AM (11 children)
Don't let the bad people put you down.
#freearistarchus!!!
(Score: 3, Funny) by aristarchus on Saturday January 20 2018, @04:11AM (10 children)
That's two, two people with the #freearistarchus sig, so if three, three people were to walk in singing a bar of Alice's Restaurant [youtube.com], they might think it's a movement! And so it is! Join the #freearistarchus movement, and submit aristarchus submissions, and shovels and rakes and implements of destruction!! Fight Officer Obie!
(Score: 2) by The Mighty Buzzard on Saturday January 20 2018, @04:40AM (6 children)
You do remember what happens if only two of them do it through, right?
My rights don't end where your fear begins.
(Score: 2) by aristarchus on Saturday January 20 2018, @06:15AM (5 children)
Of course I do! Perhaps you are a bit young to remember what 1967 was like, Buzzard! People did what they could to avoid the draft, and stop the war. So when they don't ask, you tell, and they don't take either of you! But this is no longer an issue, so I glossed over it.
(Score: 2) by The Mighty Buzzard on Saturday January 20 2018, @11:31AM (3 children)
Kinda unfortunate, that. Used to be if you weren't the type of fellow who felt serving was the thing for you, you only had to mention that you quite enjoyed it up the ass and you could go on your merry way. Nowadays though there's no dodging out even if you do get regular protein injections and have the pornhub links to prove it. Good thing there'll never ever be another draft, I guess.
My rights don't end where your fear begins.
(Score: -1, Flamebait) by Anonymous Coward on Saturday January 20 2018, @09:56PM (2 children)
In case it hasn't been said in a while, you are a terrible human being. Whatever small positive qualities you possess are dwarfed by your tiny cock complex.
(Score: 2) by The Mighty Buzzard on Sunday January 21 2018, @12:59AM (1 child)
Son, if all it takes to send you into a rage fit is a little joke, your ass is not ready for adult life or the Internet.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Monday January 22 2018, @12:19PM
By choice of her insults, my guess is that person you were replying to is not addressed as "son" by anyone.
(Score: 1, Informative) by Anonymous Coward on Saturday January 20 2018, @12:40PM
People did what they could to avoid the draft, and stop the war.
...then there were those who -didn't- want to stop the war--but did dodge the draft.
Drumpf comes immediately to mind.
He had "his own Vietnam", trying not to get VD while screwing co-eds and taking 4 student deferments and finally a bogus medical excuse.
Reactionary Chickenhawk Republican Ted Nugent has bragged that he stopped bathing and wore a diaper without changing that before he reported to the Selective Service office.
-- OriginalOwner_ [soylentnews.org]
(Score: 1, Troll) by Gaaark on Saturday January 20 2018, @04:46AM (2 children)
If one of the three people singing is Arlo Guthrie, it's really just two people. If you include yourself, it's not a movement.
#sealaristarchusupforever!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1, Troll) by aristarchus on Saturday January 20 2018, @06:18AM (1 child)
Walled up, like Antigone and her cousin/boyfriend Hæmon, and left to die! Oh the tragedy! Tragedy, actually comes from the Greek τραγῳδία, which originally mean "goat song". I am sure Gaaaark can appreciate the Platinuminy!
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @12:47PM
That dumb bitch.
Hey, if your boyfriend won't give up the crown when his term limit is up, he deserves to be killed and left for the crows to peck out his entrails.
-- OriginalOwner_ [soylentnews.org]
(Score: 3, Interesting) by meustrus on Friday January 19 2018, @09:57PM
ngrok is for when you don't have a static IP or there are other unknown security measures you can't or don't want to dismantle just to open a single port.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 1, Interesting) by Anonymous Coward on Friday January 19 2018, @10:07PM
Use Plex media server. It will do most all the work for you. Will serve video photos music sound tracks whatever. Will try to open a port in firewall if you want to share externally You may need port foreword yourself. But it is well documented.
(Score: 3, Interesting) by Appalbarry on Saturday January 20 2018, @12:32AM (2 children)
One more vote for AWS (Amazon Web Services. [amazon.com]) Even though you'll eventually wind up paying a small amount each month, it's arguably the easiest way to set up a functioning web server in about five minutes. The great thing about using AWS is that if you screw up you can just shut down and start over from scratch - again, in a couple of minutes.
If you're thinking Wordpress or Joomla or other garden variety CMSs, You can also check out Bitnami, [bitnami.com] who, for free, will set up the whole thing on AWS with almost no work on your part.
In all seriousness, I can't imagine why anyone would go to the hassle of setting up a server at home, unless they're doing it for shits and giggles. If I can get Bitnami (or my hosting provider) to do an autoinstall in a couple of minutes it's well worth the few dollars a month that I spend.
(Score: 2) by frojack on Saturday January 20 2018, @05:07AM
For chist sake of course he's doing it for shits and giggles! Wake up.
One months fee for Amazon web services cheapest package will buy you a complete Raspberry pi kit, and the do web servers out of the box!
Seriously, what is your big fear! Everybody vaguely interested should do this once in their life. There's a hundred how-to pages on the web.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @06:12PM
mindless consumer just wants to click and buy.
(Score: 4, Informative) by ilsa on Friday January 19 2018, @09:53PM (2 children)
One thing you don't state is what your technical expertise is. How savvy you are will affect the suggestions you get or should try. Do you know Linux? What kind of machine are you prepared to set up? What kind of support are you prepared to provide to said family members? Would a hosted solution like dropbox serve you better?
Assuming you're doing self-hosted, you have two things you need to do. One is setup the file server. The other is to set up the tunnel. There are some solutions available that will try to handle both. For example, I know my Asus router provides a service approximately like what you want, but I don't use it and can't vouch for how good it is.
If you don't go with one of these all in one solutions, then you need to set up two thinkgs: A file server, and access to said server. For the file server, it sounds like you want something along the lines of one of those private cloud systems such as OwnCloud, NextCloud, etc. NextCloud would probably give you the most flexibility, while being free. That's actually the easy part.
The hard part is establishing the connectivity. First of all, how do you want people to be able to connect? Do you want to use a VPN? There are lots of VPN solutions, of which ngrok is only one. There's OpenVPN which is a more classic client-server VPN. There's also hamachi, for example. But the problem with *all* of these solutions, is that the end user will need to install a client. That's maintenance you may not be prepared to perform.
Alternatively, use LetsEncrypt on your server to get yourself a certificate, and expose HTTPS on your router. You will need to use some kind of dynamic DHCP service (eg: dyndns. Asus also provides a similar service for their routers) so that people have a consistant endpoint to reach, but once all that is done, people will be able to reach your server like any other website using their browser. That requires a little more fiddling on your part, but once it's done, your future maintenance would be that much less.
The single biggest piece of advice I can give you: Do NOT underestimate the maintenance required. Unless you go for a solution hosted by someone else, you *will* need to babysit the thing. You will need to perform updates, at a minimum, to keep up to date on security. And never mind having to provide support for your family members because they can't access your site because they're holding the mouse upside down so every time they click on your file it brings up this strange menu.
(Score: 3, Interesting) by bradley13 on Friday January 19 2018, @10:12PM
"...provide support for your family members because they can't access your site because they're holding the mouse upside down"
This. Even though I am a teacher, I found I just did not have the patience to do tech support for my family. What my employer pays me for, I am not willing to do for free. It can be a huge trial of patience, especially if you have family members who have not clue, and are unwilling or unable to get one.
Hence my suggestion earlier: set up a stinking normal web server, with no tunnel or VPN. Even Aunt Millie and Uncle Joe-Bob probably know how to open a browser.
Everyone is somebody else's weirdo.
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @01:09AM
Exactly this. I would have set up a webserver in twenty minutes and my choice would be nginx, it'd take me no more than a weekend to write the required software.
Is this something the submitter wants to ask in order to effectively legislate against or is the request so vague for some other reason?
(Score: 4, Informative) by The Mighty Buzzard on Friday January 19 2018, @09:56PM (2 children)
Don't bother paying for a domain name. Sign up for a free dynamic DNS service. I use desec.io [desec.io] but there are plenty of other providers out there.
As for securing traffic from prying eyes, letsencrypt [letsencrypt.org] is a free and fairly easy choice for a certificate. We use them here at SN for everything except the main website.
I won't advise you on the webserver itself. I generally go with Apache because I've been setting it up forever and it's easy to me but it's not the simplest one to make do everything that you want and only what you want, so I'm told.
My rights don't end where your fear begins.
(Score: 4, Informative) by Pino P on Friday January 19 2018, @10:40PM
If you use dynamic DNS, you must make sure that the dynamic DNS provider that you choose is on Mozilla's Public Suffix List [publicsuffix.org] for two reasons.
One reason is that the CA's rate limit [letsencrypt.org] uses the PSL to tell what domain names are registrable by end users. For dynamic DNS providers on the PSL, Let's Encrypt issues up to 20 certificates per customer per week. But if a dynamic DNS provider is not on the PSL, Let's Encrypt issues only 20 certificates per week across the entire provider. This makes it highly likely that 20 other customers of the same dynamic DNS provider got their certificates before you.
In addition, if a dynamic DNS provider is not on the PSL, other customers' websites can forge cookies for your subdomain.
(Score: 4, Informative) by Marand on Friday January 19 2018, @11:23PM
I used Apache forever for the same reason — I already knew it so why change? — but eventually branched out and was glad I did. A few years back I had to run a server on a low-resource machine and wanted to save as much RAM as I could, so I finally had to start trying out alternatives and ended up using Lighttpd [wikipedia.org]. The low resource use is what attracted me to lighttpd, but I stayed with it for the configuration, convenience, and ease of use. It has plenty of features, though it deliberately avoids some things Apache does, like mod_perl and htaccess files, which is inconvenient if you're coming from apache, but makes it a lot saner and safer to configure for most users. I think the config format is probably going to be easier to read for a newcomer as well, since everything's in the general format of "feature.setting = value" instead of Apache's oddpseudo-html.
The biggest negative to this is the lack of htaccess, which makes it inconvenient to use in certain use cases. Specifically, if you're trying to run a webhost-esque setup where you're giving many users their own space to host files and want to allow them to be able to set different access rules, CGI locations, custom rewrite rules, etc. you're going to find lighttpd inferior because you have to manage everything through the config files. It's still doable, though you have to either make the config file edits yourself or sort of roll-your-own via some fancy scripting to generate the necessary configuration and use "include_shell" to run that config generator on start, but either way you still have to reload the httpd to update the changes, unlike the instant feedback of htaccess files.
Still, that's probably the least common use-case for most people running a webserver, so it's a minor nitpick. For my own personal use, the only special workaround I've had to make for lighttpd was a small 3-line bash script, named include_dir, that inserts "include filename" entries for all files in a given directory. I did it to emulate Debian's sites-enabled directory setup from Apache for configuration sorting and quick adding/removal of sites.
(Score: 0) by Anonymous Coward on Friday January 19 2018, @10:04PM
Running a web server is not a click-through install process, and keeping it secure is even more difficult. You can have your own domain and map it to your IP, but if you have a dynamic IP then that will be a problem over time. If you want to run the server from home then you really need to isolate that machine as much as possible. I'm not sure how easily you can quarantine a machine with consumer routers.
Exposing an external hard drive to the web easily will make it more difficult to secure, and you will want SSL encryption at the minimum. A paid subscription to Dropbox or some other entity is probably a better option if you don't know enough to do this project yourself.
That said, the easiest way I can think of is to simply have apache or nginx hosting the external hard drives with http auth enabled, then just hand out the address and user/pass.
(Score: 2) by JoeMerchant on Friday January 19 2018, @10:04PM
If they're all uber-geeks, give them a single stunnel into your home system and have them send you public keys so they can ssh in and scp out whatever they want. If you use the system for other things, you might launch your ssh in a chrooted jail just granting access to what you want to share, but I'd highly recommend just hosting your external service on a dedicated machine like a NUC or similar. If this describes your family, welcome to the 0.001% of most technically savvy computer using families on the planet.
I suspect your family members are going to want a point and click graphic browsing capability, probably accessed by standard web browsers. So, you might consider setting up an Apache site for them, and putting as many "pretty pages" as you feel like designing to help them navigate the content. As for security - the more secure you make it, the more time you're going to spend holding hands explaining to them why the security is keeping them locked out and how to get access, again. The dedicated server (maybe even just a dedicated VM, if you can tolerate the hassle associated with that), is a good idea, and I'd choose a random high number port to pass through your home router and expose to the internet - that should at least decrease the amount of script-kiddie/Russian mafia port-scan hacking your system has to endure.
🌻🌻 [google.com]
(Score: 3, Interesting) by tibman on Friday January 19 2018, @10:04PM (1 child)
My first question: does your home internet connection have the bandwidth required to host what you want?
Second question: are you serving up mostly http documents, like a real website?
The first question is to determine if you can even host it at your home. The second one is to determine what kind of service you actually need to provide.
If you are hosting pictures, movies, and files then a file centric service makes more sense than a webserver. Checkout https://mycloud.com [mycloud.com] You could also just use sftp. Your family would have to download a client to get access but it's secure and basically a file browser.
If you are creating forms and webpages then prepare to become a sysadmin. You'll have to manage the security and administration for a public facing web-server. The only way to keep the web site itself private is to force your family to use a VPN to access the network your server is sitting on. Unlikely. Which means you will need an authentication mechanism on your public website to secure the private contents. A very simple mechanism in apache is using .htpasswd: https://wiki.apache.org/httpd/PasswordBasicAuth [apache.org] That would handle your access problem. Apache can display directories and files just fine by itself but you need a way to upload and manage files. There is sftp again or there are web based file managers you can use (PHP probably). Some of them might even come with their own auth system.
You can do everything for free but how valuable is your time, hah. Can you give us some example use cases? How often will people upload files? Do you need a chat or forum? What size and type of files will be uploaded? Are the files secret or a service like dropbox/gdrive could be trusted with them?
SN won't survive on lurkers alone. Write comments.
(Score: 3, Informative) by urza9814 on Saturday January 20 2018, @02:11AM
This is how I'd do it...although I tend to always have a couple Apache instances running anyway, so that's just easiest for me. If you don't need it to look fancy, you can potentially use the index pages Apache generates...or for images you can easily put together a very simple gallery page with about a dozen lines of PHP. For file uploads I just use sshfs to mount the web server's filesystem to my local machine and copy/edit files from there, but that won't work as well if the remote users also need to be able to upload. You *could* code a file upload in a couple lines of PHP too, but I wouldn't recommend it. If that's what you're trying to do -- or if you just want something a little nicer than a raw list of HTML links -- use existing cloud software like NextCloud or Sandstorm.
One additional detail to consider though is that .htpasswd isn't particularly secure on its own (*especially* if your site accepts any actual user input, but it's not great regardless). Depending on the configuration it may be sending the passwords in plaintext and even the hashed version can be vulnerable to certain kinds of replay attacks. So I'd suggest grabbing some certs from LetsEncrypt, and either blocking port 80 entirely or setting up an .htaccess file to forcibly redirect to HTTPS.
Then either put the web server in the DMZ or forward the appropriate ports...and make sure you've got everything else firewalled off too. You could also consider configuring Apache's mod_security to better secure the web server (can help against brute force attacks for example.)
And for a domain name...there's a lot of dynamic domain services that others have already posted, and those should work well enough. Depends how often your IP changes and how memorable you need that domain to be though. My IP is mostly static unless there's a power outage, so I purchased a full domain from Gandi.net and just have a small cron script that uses their API to check and update my IP when needed. That does mean that if my IP changes, there's two or three hours of downtime while the change is detected, updated, and propagated through the nameservers...but in my case that happens at most once a year so it's not really an issue, and it gives me a domain that's marginally easier to remember or to read off to someone over the phone or in person.
I'm not sure if that's really a GOOD way of doing it...but it's what I would do :)
(Score: 3, Insightful) by All Your Lawn Are Belong To Us on Friday January 19 2018, @10:05PM (4 children)
What do you need the storage for such that OneDrive, Dropbox, Google Drive, Box, iCloud, or Mega won't do for you for free?
This sig for rent.
(Score: 2, Insightful) by Ethanol-fueled on Saturday January 20 2018, @01:06AM
They want to commit illegal stealing copyright infringement without having their zer0-day movies checked and without the hassle of convincing "family overseas" to learn how to decrypt.
(lolz @ Google Drive)
(Score: 2) by shortscreen on Saturday January 20 2018, @06:44AM
Is it possible to download a file from any of those sites without having to wade into a sea of JavaShit?
(Score: 3, Informative) by Hyperturtle on Saturday January 20 2018, @04:39PM (1 child)
I think he said that he wanted a private server for his family.
This is laudable and your answer is to direct him to numerous privacy violating services that offer no promise of not mining the data.
Some countries block some services. Most allow HTTPS, many allow FTP, both can be secured with self signed certs or inexpensively with less fuss than the original server config. Even alternate ports can be used. And no tracking.
Most services require giving up privacy; I dont have a google login, I don't have an MS login, I don't have a box or icloud login, and I dont have mega login. But I do have servers that are running on hardware that cost as much as my monthly internet bill and still works aftrt many years. (yeah my family stopped using it but I still drop stuff there so I can access various utilities and drivers from client sites).
The interface for my file repository has never changed and the privacy policy I have hasn't changed -- I still don't share my family's data with third party business partners for targeted marketing, nor do I show ads to them anyway should my mother choose to opt out of the personalized tracking.
Some people actually value the privacy of their friends, families, even co-workers. Some people get some joy out of learning something new and feeling that sense of satisfcation they put together or designed--you are suggesting that convenience is more important than considering the privacy of others.
The OP clearly stated private. Even if the data is private somehow on those services, the OP's own server will not require handing over a personal email address and/or phone number and real name to a company that will use it to market to them, and will never get erased even if he stops using it. And where do the backups go? Who handles those? How are those secured? Do they even make backups? He can do that himself to a USB stick or external disk drive--or even to one of your listed services, and encrypt his backup prior to putting it there and not force his entire family to inconveniently give up their privacy in exchange for convenience.
In fact he can make accounts like Mom, Dad, Grandma etc -- something easy to remember. He can manage the passwords himself, set the IP address permitted (after watching to see what Mom is connecting from) and then permit more IPs as needed simply by talking to his family when they try to connect and he can say Ok wait a second and let me click on something so it knows who you are from your fabulous hotel stay at wherever you are! And then they still only have to remember their password and he can erase that IP from the list when they leave. Even if the account was compromised by using the hotel network, no one else is getting in anyway if he keeps up with it.
Not to be a jerk, but I never understood it when people ask "how do I do something" and many replies are "don't its too hard its not convenient why are you trying to learn something" You don't get better by giving up before you try. Instructing someone else to make his entire family agree to terms of service they may not want and the OP may not want because it is convenient for you is disengenuious at best and a non-answer at worst.
That is the sort of question I'd expect to get a good answer from the people here! I was hoping to even piggyback off this and see what I have missed out due to my clinging to legacy software that does the same thing. It sounds like the solution of "outsourcing it" is all too common.
There may be a good reason for the OP to actually give up this idea and use a service to do as he needs. It'd certainly be more convenient. But don't steer the guy away to those things as the default choice.
I don't disagree that it's easier.. I just disagree with the default approach of choosing ignorance because its free, and also I disagree with enriching companies this way when its something anyone can learn to do and do securely.
I see I havent suggested a solution. I am not an official "webserver admin or ftp server admin" but I can suggest what's worked for me... To that end I suggest giving Filezilla a try. its an FTP server. its free and easy to use and has been around forever and does not leave you beholden to corporate interests. there are linux and windows versions and 32 and 64 bit versions and ftp works on just about anything and secure ftp is also available for free. There is both a server side and a client side, so that your mom doesn't have to learn mput commands from the dark place of the command line in order to put photos up...
Apache is also available as a web server for linux and windows--and there are so many guides I couldn't possibly give better advice on how to set it up. (If you can access the "IT WORKS!" page you know you have done something right!)
Both of those I have used and they've served me well... they may not be fancy and automatic and artsy, but a webserver can be that if you want to put in some design work too, you can make it personalized as well as keeping it private with a login page if you like.
Ultimately you can probably get a lot of cosemetic bang for your buck for free on various photo sharing sites or file sharing sites, but you're trading privacy for that convenience.
(Score: 2) by All Your Lawn Are Belong To Us on Monday January 22 2018, @09:38PM
Actually, what he said is that he wanted to host files for friends and family overseas. That does not require one to maintain one's own server, but is mainly the province of storage solutions. And it is fully appropriate to ask if he has considered achieving his ends by other means.
It is not "laudable". For it to be laudable, you would want to know what it is he is hosting and why. If he's hosting detailed plans about how to execute the next 9/11, would you say it is laudable? If he's ripping movies for them to download without paying for them, is that laudable? Or you may have been referring to the fact that he wants to do it all himself and not rely on others - that may be a laudable goal to some. Me, I might see it is as laudable or as wasted energy - depending on his objectives.
My answer directed him to free, no-cost solutions. Which means one pays the price somehow, yes. I could also direct him to paid solutions which offer different layers of privacy.
My question was more simple. It was in my title: Why is he asking to reinvent wheels? And concurrently, was the OP even aware that there are people who will give him a car for free - one they own, with lots of strings attached. But nevertheless a more convenient solution than building up a server, even virtually.
And yes, I often do reply if people ask, "how do I do it?" with, "here's how..." Others did in this thread already, before I posted. My answer was directed at something more fundamental: Is the OP trying to learn something, or trying to get something done? If it's the former, by all means, do it yourself.... and run the risk of accidentally putting whatever it is into public view, having the server hacked because you didn't patch against vulnerability X (whatever one of the week that is,) spending hours and hours trying to get it up and running. (And, when successful, enjoy the fruits of knowing, "I did that!") If all he wanted to do was make sure his family in other countries can get photos from their family..... the problem has already been solved without going to the effort of running one's own server.
This sig for rent.
(Score: 2) by stormreaver on Friday January 19 2018, @10:06PM (2 children)
An SSH server on Linux is very easy to setup, and gets you everything you want. On Debian, install openssh-server, create an account on your server for each of your family members, create a symbolic link in each of their home directories to the common read/write location, give each family member their login credentials, and then share away.
The hardest part of it all will be your IP address.
(Score: 2, Interesting) by sonamchauhan on Saturday January 20 2018, @04:35AM
No, the hardest part will be training his extended family to use the Unix command prompt.
If all he wants is for family members to access 'files' (probably photos, videos, Word documents, and the like), a good setup would be something like a low-power RasPi running wordpress [raspberrypi.org], using Facebook and Gmail plugins for user authentication, serving up files from a USB or network-attached hard drive that's mounted read-only (or even better, from an SD card, with physical switch write-protection set).
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @06:04AM
SSH, but generate a few key pairs and allow key based authentication only in /etc/ssh/sshd_config. Add those public keys to your ~/.ssh/authorized_keys.
Then help or tell your friends and family how to setup Filezilla (cross platform FTP/SFTP client) with their new private key to access your files. They get one click connection, an easy to understand drag and drop interface between local and remote file lists, and interrupted download resume. It's a pretty easy to use, secure, and easy to setup system.
Also change your default SSH port number to something else and open that port on your router (don't worry it is a part of the Filezilla config so no-one has to remember it).
As for keeping track of your IP address: when I used to run a server like described above, I had a script that read my router status page, checked if the external IP had changed, and sent out an email accordingly. I don't remember the details but a search for "send gmail from bash" and someone else had laid it all out for me. Or just tell your users to email you if they lose access and you email them manually when you hear from them or you know your ip changed.
(Score: 2) by MichaelDavidCrawford on Friday January 19 2018, @10:19PM (1 child)
It's quite fiddly to set up but dramatically shrinks your attack surface.
If someone busted in to your box there would be no shell.
Neither would there be a compiler; some malware is distributed as source.
To get your external hard drive into your chroot mount it as an NFS volume.
Yes I Have No Bananas. [gofundme.com]
(Score: 0) by Anonymous Coward on Friday January 19 2018, @10:41PM
Open source malware, what a concept!
Did you ever write a macro virus? Those are always fun.
(Score: 1) by koick on Friday January 19 2018, @11:22PM (1 child)
(Score: 4, Informative) by richtopia on Saturday January 20 2018, @12:06AM
More places to look for tutorials:
Linode and Digital Ocean have quite a few tutorials for configuring their servers, which typically fit the bill for a home user also:
https://www.linode.com/docs/ [linode.com]
https://www.digitalocean.com/community/tutorials [digitalocean.com]
Also, if you want to find documentation written for an entry level audience, I usually just add "raspberry pi" to my query. Raspberry Pis are many people's first server. For example, Nextcloud might fit your web serving needs (think private dropbox/outlook). Nextcloud does provide good documentation, but after searching for "nextcloud raspberry pi" I find the following guide which really steps through every step: https://pimylifeup.com/raspberry-pi-nextcloud-server/ [pimylifeup.com]
(Score: 2) by insanumingenium on Saturday January 20 2018, @12:45AM
If it should be FOSS, syncthing
If you want a higher success rate with less skilled users, less paranoid (but still decent) security, and an all around easier setup, resilio sync.
If you want someone else to host the data dropbox,box,icloud,gdrive etc...
(Score: 2, Disagree) by mrpg on Saturday January 20 2018, @03:07AM (1 child)
You want to share files.
https://owncloud.org/ [owncloud.org]
https://en.wikipedia.org/wiki/OwnCloud [wikipedia.org]
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @06:22PM
Nextcloud [nextcloud.com]
FTFY
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @03:36AM (1 child)
All consumer security products are shit, except those where are setup by professionals, and even then 95% of them are shit. Professional equipment is expensive, and even harder to set up correctly. And even then, there is no replacing the damage done to your relationships when your dipshit family member fucks up and pwns your network.
Stamps and CD's are cheap. Or buy bulk USB sticks. They are about $2 each in larger quantities and smaller capacities. I'd just get a big usb hub, and bash script a mount, copy, unmount utility, and let it run overnight.
At this point the practical utility of layer 3 networking, is exceeded by the exposure created by everything above, and apparently now below (thanks Intel you mutherfuckers) layer 3. There is no such thing as a secure consumer network. Incidentally the defamation there intended, is not solely vectored at the network.
(Score: 0) by Anonymous Coward on Sunday January 21 2018, @05:01AM
For many countries, the mail.. does not always arrive.
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @03:55AM
Is the OP's requirement not the classic definition of a NAS? Thinking here of devices like those from Synology, Drobo, QNAP.
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @03:57AM
I've had good luck with mini-httpd from Acme Labs. There are others, like lighttpd.
Looks like you've figured out what to do once you have a working web server on your internal internet.
Got this info on a command-line server from:
http://www.linuxjournal.com/content/tech-tip-really-simple-http-server-python [linuxjournal.com]
1)cd to some directory containing files to be served out
2)run: python -m SimpleHTTPServer {optional port#} > $HOME/logfile.txt &
(or the Python 3 alternative, python -m http.server &)
3)point browser at port 8000 or other specified port for this host
Will interpret/display index.html, if present. Have not tested other indexes.
If not present, gives directory listing, minus '.' and '..', but shows dotfiles.
See 'pydoc SimpleHTTPServer' for more info. Defaults to
port 8000, but it accepts another port# as argument. Specified port# must
be greater than 1023, else "permission denied" (unless run with 'sudo').
Port 80 is the default for a webserver, but you knew that, right?
Note: if 'python -V' shows version 3, use the 'http.server' module instead.
(Score: 3, Interesting) by Anonymous Coward on Saturday January 20 2018, @06:58AM
teh first problem is finding your computer/server in the vast sea-of-internet.
presumably the entry point number (ip address) changes over time.
the second problem is ... well ... security in form of access control and secrecy in form of encryption.
one would desire it all to be simple, thus the "harddisk" should be formatted with a file system with access control (no (v)FAT!).
as for combining the point one and two above, just use tor:
run a hidden service.
this takes care of having a "human-readable" domain in form of a *.onion and it adapts to a changing/dynamic IP; also
the problem of encryption is taken care of ... so no fiddeling with httpS certificates.
bonus point: there's a tor config directive that can be configured so that only people who know the "hidden service password"
can use the hidden service .. even if the *.onion domain should be discovered by accident, the service/port running on it
will not open if the client doesn't have the "password".
no port needs to be opened on the internet facing router (to run a hidden service)!
caveat:
only servers that listen on TCP ports and don't need a extra "control" port will work thru tor, so that gives you webservers and smb servers, for example.
also, tor can be slow :]
(Score: 2) by Lester on Saturday January 20 2018, @10:00AM
There are a lot of hosting services, more bandwidth, they keep software up to date with latest vulnerabilities (if they are good professionals) better than you, firewall protection etc. Install a nextcloud service and it is done.
if you insist in doing in your house, I would use a VPN or and SSH tunnel with a dynamic DNS. It would be less costly in money than a hosting, but much more costly in your time to keep it running and and much slower. Under no circumstances I would install a public webserver in your personal computer with no VPN or SSH, no matter what security credentials your software uses.
(Score: 2) by Lester on Saturday January 20 2018, @11:06AM (1 child)
I've read several comments about how comfortable, spacious etc etc it is. Airbus is not comfortable or spacious neither Boening 777/787 are. Plane comfort depends on how the airline company that bought it customized it. Planes are like the empty building of a restaurant, in the same building you can install a fast food restaurant with 100 tables or a three michelin stars restaurant with 30 tables.
What is important in a plane is initial investment, fuel by Kg/Km, reliability, maintenance cost etc.
Usually, the bigger plane is, the less costly by Kg/Km. On the other hand, the bigger plane is, the price of a new plane is higher and the less airports it can land on, the more difficult to sell out all the seats for a flight. The more modern the plane is, the last security technologies it has, and testing tools are more modern and automatic. On the other hand, the more modern the plane is, the less planes are in the market, so it is more difficult to find qualified staff, and more expensive the replacement parts are, and more flaws that are yet to be detected (not deadly flaws, but costly flaws).
Boening 787 competes against A330, not against A380. A380 can carry double of passengers and cost double, and maintenance ...nobody knows yet. In the long term A380 looks good idea, but yet to be proved, in the short term it's a really big investment, so it's is a big bet. Many companies, particularly small companies, stick on B-787, it si not such big initial investment, and contrary to A380 that it's new plane almost from scratch, B787 is an evolution so is more tested and staff need less training . But surprisingly enough some small Indian companies have bought A380. I suppose that when you are the small, you must rise the bet.
IMHO A380 has future, but not a brilliant future, just future. Let's wait and see.
(Score: 2) by Lester on Saturday January 20 2018, @11:14AM
Sorry I posted the comment to the wrong story
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @06:33PM
if you just want a web server and you're going to write the sharing website/files GUI yourself, then setup LEMP. If you just want to setup the web server and host a preexisting sharing web app/files GUI then
LEMP +
nextcloud [nextcloud.com] or
seafile [seafile.com]
or maybe even sandstorm [soylentnews.org] if you want the option of the whole kitchen sink and don't find the GUI too crazy for your family. they have a demo where you can test that out.
you can setup the LEMP stack on any machine in your lan, then forward a port or DMZ it. if you don't have a static ip you'll need to setup dynamic dns as others have mentioned.
ludicrous speed!
(Score: 2, Interesting) by krait6 on Saturday January 20 2018, @09:27PM
One of the interesting options you might consider would be hosting the website from a home server using a Tor Onion Service (what used to be commonly named "Tor Hidden Services").
The upside of doing this is that the website hosted on a home server could be seen from anywhere in the world using a .onion domain name, so you wouldn't have to rent a server somewhere -- you can use your own hardware in your own home, and without needing Dynamic DNS, mucking with the firewall, or static IPs. (Tor Onion Services do their own Dynamic DNS with the Tor system automatically.) The downside to this type of hosting is it mandates use of Tor, so you'd need to configure your family's web browsers to use Tor or have them use Tor Browser, and/or Orweb + Orweb on their phones. That's actually the hard part.
Step-by-step example (the "stealth" setup is optional but very cool for limiting access) for setting up the Tor Onion Service:
https://home-assistant.io/docs/ecosystem/tor/ [home-assistant.io]
This can be used along with nextCloud, a Wiki, or any other web service(s) you want.