Hosting my own dedicated web server from home

[riahc3]

Ive decided to build (so to speak) my first dedicated website using a dedicated web server from home.

Basically, it will be nothing else than a blog with my opinion about random topics/subjects and things. I expect nothing big from it all.

The hardware is going to be a VM in a ESXi box. Low end.

Now here is where it starts to get tricky: I need a domain name (I have thought it up and it is avaliable; now where do I buy it from? Im going to go ahead and stay away from GoDaddy as my site will have all kind of material) and also I need DNS services as I have to redirect my site to my IP. Which serves ANOTHER problem....

I have a dynamic IP at home BUT I do use a free DDNS services. Lets say my DDNS server points to test.no-ip.org and my domain name is going to be myblog.com Can I, using my web hoster and its DNS services, point test.no-ip.org to myblog.com?

Im not sure this would be the correct section but how do I go on securing my network from WAN? I understand that hosting from home is going to have some risks but I think that securing my network will more or less protect is from most attacks that goes towards a homeuser.

Thank you for all the replies.

 

[riahc3]

Also the OS............Im thinking Ubuntu since I have SOME experience but Im willing to listen to suggestions 🙂

 

[Unheard]

Most registrars offer a DNS service if you point your nameservers at them. Do that, and then create a CNAME record to point @ the no-ip address.

Requests to your domain name will be routed to the no-ip address.

I'm a Windows sysadmin, so I can't recommend what linux distro to go with. I have used Ubuntu in the past, but not in a server environment.

 

[Fardringle]

You should also be aware that many ISPs block incoming port 80 specifically to prevent people from running web servers on their residential connections, so you should check to see if your provider blocks that port before you go through the effort of setting everything up.

(and this should probably be in Networking, not Distributed Computing)

 

[code65536]

Apache runs in Windows, too, if you are more familiar with that OS.

 

[drebo]

This is a pretty aweful idea, but if you're really serious about it, buy the domain from wherever and use Hurricane Electric's free DNS to host it (they have a dynamic DNS feature.)

 

[Red Squirrel]

I wish I could do this especially now that I have the bandwidth for it. MUCH cheaper than leasing one from a datacentre. Problem is, as mentioned is ISPs tend to not allow it. Even if it does work (ex: they don't block any ports), the issue is if they find out they can tell you to turn it off, now you are screwed because you have to scramble to move the services to an online server. Another issue is ISPs typically don't give a static IP. You'll want a static IP for a web server especially if it also does DNS.

Lastly, you may actually need more than one IP if you have several SSL sites and ISPs typically only give you one IP.

I really wish ISPs would be more friendly towards people hosting their own stuff though, it would make things so much easier and better.

 

[riahc3]

Apache runs in Windows, too, if you are more familiar with that OS.

A web server in Windows? No thank you.

This is a pretty aweful idea, but if you're really serious about it, buy the domain from wherever and use Hurricane Electric's free DNS to host it (they have a dynamic DNS feature.)

You can use any DDNS you want. I already have one.

I wish I could do this especially now that I have the bandwidth for it. MUCH cheaper than leasing one from a datacentre. Problem is, as mentioned is ISPs tend to not allow it. Even if it does work (ex: they don't block any ports), the issue is if they find out they can tell you to turn it off, now you are screwed because you have to scramble to move the services to an online server. Another issue is ISPs typically don't give a static IP. You'll want a static IP for a web server especially if it also does DNS.

Lastly, you may actually need more than one IP if you have several SSL sites and ISPs typically only give you one IP.

I really wish ISPs would be more friendly towards people hosting their own stuff though, it would make things so much easier and better.

1: Im sure you (and others) torrent THOUSANDS of GB. They ever tell you to turn that off? I don't think so
2: You can use DDNS to overcome the dynamic IP problem.
3: My case is a simple blog so I wouldn't use SSL or anything like this.

BTW, port 80 is NOT blocked for me. In the old days, I know it was blocked but for some reason now ISP do not block it.

 

[IndyColtsFan]

OP, look at Sophos UTM (home edition) for a powerful, free intrusion detection/firewall for your home network. It has a TON of features and would probably meet your security needs. If I were you, I'd consider putting the web server into a DMZ between 2 firewalls.

Also, I don't know about Ubuntu, but Microsoft makes server hardening utilities for their servers and I'd suggest doing something similar to your Ubuntu server.

 

[riahc3]

OP, look at Sophos UTM (home edition) for a powerful, free intrusion detection/firewall for your home network. It has a TON of features and would probably meet your security needs. If I were you, I'd consider putting the web server into a DMZ between 2 firewalls.

Also, I don't know about Ubuntu, but Microsoft makes server hardening utilities for their servers and I'd suggest doing something similar to your Ubuntu server.

Yeah, I thought about DMZing this.

Currenly I only have pfSense as my FW.

 

[Dahak]

Also you can take a look at this series over at Arstechnica, its guides you through some things, its a good read for a basis to start from, setting up linux,(unbuntu server in this case) TSL/SSL, php, database, Wiki, Blog and more

http://arstechnica.com/series/web-served/

 

[Railgun]

If I were you, I'd consider putting the web server into a DMZ between 2 firewalls.

Meh...it's unnecessary to do it that way. A single DMZ is all that's needed as you control the flow in both directions on the same interface. The policy would be identical regardless if you have one or two FWs. No need for the extra complexity in a home environment.

 

[drebo]

You can use any DDNS you want. I already have one.

The point is that your current dynamic DNS isn't related to your actual domain name. With HE, it would be.

Simpler is better.

However, hosting your own web page is a generally bad idea regardless. So, good luck to you.

(Source: I ran an ISP and web hosting company for 8 years)

 

[IndyColtsFan]

Meh...it's unnecessary to do it that way. A single DMZ is all that's needed as you control the flow in both directions on the same interface. The policy would be identical regardless if you have one or two FWs. No need for the extra complexity in a home environment.

Complexity is what makes it fun! 😉 Plus I'm overly paranoid. 🙂

 

[riahc3]

The point is that your current dynamic DNS isn't related to your actual domain name. With HE, it would be.

Simpler is better.

However, hosting your own web page is a generally bad idea regardless. So, good luck to you.

(Source: I ran an ISP and web hosting company for 8 years)

I would just the DDNS as my domain name.

 

[avos]

I personally use dyn.com to do this and then have a server set up as an apache reverse webproxy so I can use different subdomains with the same IP. Also this keeps my VMs from being directly accessible to the internet. This is just for a personal owncloud and plex server however. The reverse proxy is probably overkill, but I don't like to be bothered with having to type in port numbers. (Oh how I wish browsers supported SRV records)

It is $15 a year for registration at Dyn and $35 for their Standard DNS service which will allow you to use the DDNS features.

 

[imagoon]

A web server in Windows? No thank you.

Obviously 32% of the internet servers has no idea what they are doing.

 

[nickbits]

I have own domain using namecheap.com's ddns service. However I'm not sure my IP has ever changed in the last few years. Comcast seems to reissue the same IP.

I only have a few static pages I use myself for personal reference so I don't think it is a TOS violation.

I just enabled IIS on my home server that runs 24/7... Windows or bust 😛

 

[ViviTheMage]

If you have comcast you should be OK (don't blame me if you get booted though) hosting your own web server, as I have done a few test installs at home without issue on 80. I've also had the same IP for a few years, so I just use an A record to my domain at namecheap, works fine. I just port forward 80 to my web server box.

If you want free, go CentOS 6.x 64bit with a LAMP install. you can use ISPconfig if you want to manage it via pretty interface.... here's a step by step on everything you need to get up and running:

http://www.howtoforge.com/perfect-s...l-php-pureftpd-postfix-dovecot-and-ispconfig3

There are other free interfaces like ISPconfig, so if you do not want to use that, skip that portion.

Look at it this way, you'll also be learning some linux commands too!

 

[Red Squirrel]

However, hosting your own web page is a generally bad idea regardless. So, good luck to you.

People always say this but what is the reasoning? Assuming the ISP allows it or does not care, it will be much cheaper, and you can put the most powerful hardware you want without paying extra (other than the one time cost). Heck you can have a full blown cluster if you want to and configure it exactly how you want physically. With leased dedicated servers you don't have easy or any access to the hardware which can make things hard. Any downtime is going to be very extended as you are waiting for support, or in the case of a colo you need to ship a part which can take weeks.

Given the choice I'd host all my stuff at home in a heart beat. I wish my ISP would offer business packages. For some odd reason they don't for this new fibre service.

 

[imagoon]

Honestly why would want access to the hardware? I was out at a datacenter today and they guarantee no more than 15 minutes of downtime a year. Most people don't even come close to having the hardware at home to support a website properly let alone the discipline to properly maintain it. Especially when you can get webhosting for around $100 a year that offers at least 3 9's. Server uses more than that in electricity.

 

[JackMDS]

I have few Domains they are Hosted for $15 a month (inclusive) + the few $ a year for the owning the right to TLD name.

There is No difference in managing it using the DA, and or FTP via the WAN, than managing it through the LAN is just a fast and simple as though the server is on My LAN.

The electricity and extra AC to keep the server stable in my office will probably cost the same as paying for the hosting service through 3rd party.

That said, if One is dealing with content that might be considered illegal to host on 3rd party server it is another story.




😎

 

[Red Squirrel]

Honestly why would want access to the hardware? I was out at a datacenter today and they guarantee no more than 15 minutes of downtime a year. Most people don't even come close to having the hardware at home to support a website properly let alone the discipline to properly maintain it. Especially when you can get webhosting for around $100 a year that offers at least 3 9's. Server uses more than that in electricity.

Have you ever asked for a ram or HDD upgrade from a dedicated server provider? It's like 20 bucks per month per GB. If you have access to the hardware and that it's yours you just schedule downtime and put as much ram or hard drives as you want in it without paying extra. It's about cost and also about convenience. If you want a complex setup you can easily do it too when you have full physical access to it at any time. The next best thing is collocation as you can build your own really powerful server and send it in and still pay what you'd pay for a low end leased box, but then the hardware is still a couple hundred miles away down south so upgrades or troubleshooting is not exactly easy or cheap.

For my online server I'm limited in terms of disk space and ram due to cost, but at home I have TB's and TB's of space and can easily add more at any time. What I have thought of doing is doing iSCSI over a VPN tunnel to add more space to my online server but the latency on that would probably not be very good. 😱

would really be nice if home internet connections were treated more as a raw pipe where you can buy as many static IPs as you want and do what you want etc... I'd host stuff at home in a heart beat. Way cheaper in the long run.

Of course if all you have is a cheap oversold shared hosting plan that's a different story, and for some people that may be good enough. But it is a slap in the face when it's down and you can't do anything about it.

Also Google has done studies on temperature of equipment and failure rates, and you can pretty much run stuff at 25 degrees and you're fine. No need for AC for a small home setup.

 

[riahc3]

Obviously 32% of the internet servers has no idea what they are doing.

Exactly. The other 68% do.

People always say this but what is the reasoning?

Bandwidth limits. People still deal with standard DSL which has low upload which is needed to host
Later security. You have to make sure the security on your web host server is top notch. Most people do not have time to configure (or even reconfigure) their network to make sure there are no holes
Maintenance. The server has to be patched, restarted, changed, etc. by you. With a VPS, the hoster takes care of all of that.

The good thing about your own hosting is you control everything.

 

[Red Squirrel]

Exactly. The other 68% do.


Bandwidth limits. People still deal with standard DSL which has low upload which is needed to host
Later security. You have to make sure the security on your web host server is top notch. Most people do not have time to configure (or even reconfigure) their network to make sure there are no holes
Maintenance. The server has to be patched, restarted, changed, etc. by you. With a VPS, the hoster takes care of all of that.

The good thing about your own hosting is you control everything.

Oh yeah if there's caps or crap upload the idea is not good. I was thinking more for people who have fibre and good upload. For example my connection is 50/30 so if my ISP allowed it I'd do it in a heart beat.

Security is not any different on a leased/colo server solution you still need to make sure you secure your stuff.

Definitely want to use separate vlans if hosting at home though, you don't want your online stuff to be on the same vlan as your local home stuff, and set appropriate block rules at firewall. That's the beauty of it though, you have more control. It would be nice if ISPs allowed this and made it easier though but having services such as offering more IPs, static IPs or even IPv6 blocks.