These are some quick n’ dirty instructions so people can get up and running fast.
I wish I had known this was possible sooner.
Submitted 3 weeks ago by humanoidchaos@lemmy.cif.su to selfhosted@lemmy.world
http://95.181.238.21:49703/website_hosting_instructions.html
These are some quick n’ dirty instructions so people can get up and running fast.
I wish I had known this was possible sooner.
Not sure how much you’re paying for your VPN, but a virtual private server can be had for about $5 per month. You’ll get a real IPv4 address just for you, so you won’t have to use non-standard port numbers. (You can also use the VPS as a self-hosted VPN or proxy.)
$5 per month doesn’t get you much processing power, but it gets you plenty of bandwidth. You could self-host your server on your home computer, and reverse-proxy through your NAT using the VPS.
I think you can find 1x vCPU VPS with 1gb ram for 1$/month on lowendbox / lowendtalk
You could even go the Oracle route on their free tier, probably has more compute than many $5/m VPS, although the learning curve is MUCH steeper than a simple VPS
I’m sorry if this is dumb, but do I need to run the vpn on a dedicated machine? If so can I use a raspberry pi?
It’s not dumb at all! Don’t be afraid to ask. I’m not an expert and still learning myself.
The VPN is running on the same machine that I am hosting the website on. There may be some configuration you can do to perhaps have the connection routed through your raspberry pi with a VPN running on it to the machine that’s hosting the website, but I’m not sure how.
Otherwise, you should be able to at the very least run the entire setup on a raspberry pi.
I am using wireguard in docker to connect from anywhere to my locals network. github.com/linuxserver/docker-wireguard?tab=readm… Set the variable INTERNAL_SUBNET to your local IP range. For me it was 192.168.178.0 And set a folder you can reach as it’s working folder. And your done for setting the wireguard server.
Need yo allow your server to be reachable from the web to wire guard ports. I guess you know how to since you did for you website.
To add clients (I have android and Linux) you go fetch the config on you server. If you went for numbered peers it look like peer4.conf and you use these file to allow clients to connect.
Thanks for the guide. How did you get the VPN forwarded port? I believe this depends on the VPN provider’s software?
No problem.
For my VPN, it tells me the forwarded port in the software’s GUI. I’m not sure how to find it out through the command line.
Aaaaand it’s down?
possiblylinux127@lemmy.zip 3 weeks ago
You you setup a proper domain and https for your website instead of having a random IP address and port.
Don’t visit http pages in 2025. It is a major security risk.
null_dot@lemmy.dbzer0.com 3 weeks ago
LOL. On the scale of risky things I’ve done today, visiting this guy’s http website barely rates a mention.
Someone posts about something they’ve learned and the best you can do is dump on them about whatever thing in order to demonstrate to everyone your superior knowledge.
Everyone starts somewhere.
EncryptKeeper@lemmy.world 3 weeks ago
Let’s be real, this guy has no knowledge. He’s just yet another security parrot who doesn’t even understand the why behind the things they’re regurgitating.
possiblylinux127@lemmy.zip 3 weeks ago
I’m down to help people get https set up. I’m not trying to dunk but rather I’m trying to make the internet a safer place by reducing attacks and mass surveillance.
EncryptKeeper@lemmy.world 3 weeks ago
There’s no security risk viewing this bit of html lmao
possiblylinux127@lemmy.zip 3 weeks ago
How so?
Data send back isn’t validated so someone could tamper with the data. A bad actor could add soke arbittary Javascript plus ISPs have been caught inserting marketing materials into pages.
From a privacy perspective it is also bad as not only does it include your user agent in plain text it doesn’t have any encryption on page contents which allows your ISP to snoop on what you are doing.
All of these reasons are while we moved to https. X.509 certs are free and trivial to setup with Caddy or any other Reverse proxy/web server.
surewhynotlem@lemmy.world 3 weeks ago
I’ll bite.
The risk is training people in bad behaviors, and then having those people do stupid things like type in a password.
jafra@slrpnk.net 3 weeks ago
Maybe there is, maybe it’s only little. Maybe people browsing should be more aware of where they click on. Either way, this method shouldn’t be used for any sensitive information least a personal cloud. Would be suicidal I guess.
humanoidchaos@lemmy.cif.su 3 weeks ago
Thanks.
It’s my understanding that https provides encryption for the data sent between you and the server. If you’re not sending any sensitive data, then the encryption shouldn’t be necessary.
Don’t get me wrong, encryption is great even when it isn’t necessary. For my demonstration purposes though, I chose not to include it.
I also believe it’s possible to set up HTTPS encryption without a domain name, but it might result in that “we can’t verify the authenticity of this website” warning in web browsers due to using a self-signed certificate.
possiblylinux127@lemmy.zip 3 weeks ago
That is a pretty bad take as all data is sensitive. Https also provides integrity to prevent man in the middle attacks.
stratself@lemdro.id 3 weeks ago
Let’s Encrypt are rolling out IP-based certs, you may wanna follow its development. I’m not sure if it could be used for your forwarded VPN port, but it’d be nice anyhow
ComradeMiao@lemmy.world 3 weeks ago
It takes two seconds to get https and 10 bucks a year for a domain. Come on
WhyJiffie@sh.itjust.works 3 weeks ago
but it is sensitive data. the webserver can send executable code to the web browser. if it does not that doesn’t matter, what matters is that it can be inserted by a middleman. It’s not like there’s a dedicated person needed to do that, it can just happen automatically.
drspod@lemmy.ml 3 weeks ago
Anyone with the ability to inject or modify packets in the network path between server and client can inject malicious javascript or browser exploits into an unencrypted HTTP TCP stream. The client’s User-Agent and other headers would allow the attacker to customize their attack to target that specific browser version, and compromise the client machine.
possiblylinux127@lemmy.zip 3 weeks ago
You can pickup a cheap domain from gen.xyz. The cheapest domain is $0.99 which is pretty affordable especially since you probably are already paying for a internet connection.
Once you have the domain you can point it to your IP and then set port 443 on that address to point to Caddy. On Caddy you can either configure it as a server or use it as a reverse proxy to point to something else.
Security wise I would put all of this on its own vlan with ACLs to control access. If that sounds confusing start with https.
SMillerNL@lemmy.world 3 weeks ago
As others have pointed out, everything can be sensitive. If I’m self hosting nextcloud instance with chat that under British law should check for age… self hosting is now sensitive.
In addition to that, without a secure connection you’re stuck with HTTP/1.1 from 1999 instead of the modern 2 or 3 versions.
You can: letsencrypt.org/…/issuing-our-first-ip-address-ce…
fmstrat@lemmy.nowsci.com 3 weeks ago
Not that I think you need it for this, but a DynDNS implementation would give you a hostname you can dynamically change to your VPN ip, thus solving the SSL host issue.
N0x0n@lemmy.ml 3 weeks ago
Just create your own rootCA and IntermediateCA and sign your certificate with those, put the CA in your trust store of your system and get rid of this self-signed warning on every device and happily access all your service via: *.home.lab or whater ever local domain pleases you.
Typewar@infosec.pub 3 weeks ago
Is it easy to set up https for just an ip address with no domain?
mic_check_one_two@lemmy.dbzer0.com 3 weeks ago
I think it’s technically possible, but your IP likely isn’t static, especially if you’re using a VPN. You’d need a new cert every time your IP changed.
possiblylinux127@lemmy.zip 3 weeks ago
Buy a domain
They are pretty cheap especially compared to hardware
rarsamx@lemmy.ca 3 weeks ago
All those “experts” lecturing you and they don’t even know about man in the middle attacks.
They don’t know that there are active bots searching for HTTP addresses to inject risky code or redirect to malicious sites.
You providing some feedback which may help OP is seen as criticism.
possiblylinux127@lemmy.zip 3 weeks ago
I’m going to be honest I have no idea what you are talking about