So, if you have a web server at home set up (for example on your Raspberry Pi) and you now want to publish to the worlds, what do you do.
- You will make the machine secure, and work to prevent any kind of side attacks to the rest of your lan. You will move the machine into the DMZ and so on.
- You will change all passwords, and then you will want to share it using a domain name you already own. THat’s where it gets tricky.
A few folk host a DNS type setup that allows you to control your A record and use an API to poke the A record so that your DNS will point to the right place. DynDns used to be one such, newer providers exist, DynDnd might not even exist anymore… but, some even will give you a free subdomain in their domain, so it can even be a free subdomain that points to your NAT’ed port 80.
Obviously DOS’ing and more attacks will still take you offline easily, and you will have to pay /cloudflare (other providers do exist) things to block those but
Has anyone here ever set such a thing up?
1 Like
Hello @conrad.braam !
I had a setup like this a bunch of years ago.
A Raspberry Pi hosted an API used by a website I owned. The URL for the API was buried in the website’s code so I thought it added some level of security.
I had something like the DynDns service you described which allowed my website to make requests to my Pi through the firewall on our router. It all worked pretty well.
I took it down for two reasons. First, the data I was collecting through the Pi (and making available to my website) a lot of processing. Second, I started noticing requests to the API from places other than my website. That was a security concern for me.
Together, it was more time than it was worth to continue supporting the website. At the time, I didn’t know of services available to assist with DOSing.
I’m working on another home project with a similar setup but the website will be for home use only.
Joe
2 Likes
Yeah, part of the exercise for me is to put my security hat on, and maybe even use a honeypot raspberry pi. Hackers know that we do this - but learning how to set one up will teach me some security smarts I hope. As will just setting up the entire system. Adding anti-DDOS is a thing i’ll get to when I get hit by it I guess, but I’m aware it might happen.
I know it’s against your ISP Ts&C’s to host at home, but then again every IOT product is doing the same thing, just not doing it on port 80. My aim is to publish some semi static weather graphs that update every hour or so (mainly at night, more on that later). So I’m going to be learning a bit of flask and a bit of pandas, and matplotlib. I also have hardware sensors and so on to bring in. And I plan to host my historical database in google sheets. storage on raspberry pi is often a pain.
2 Likes
Awesome-ness! Sounds like fun!
I work in a Micorsoft/C# (mostly) house so diving into Java, setting up a “server”, and other things were very educational and beneficial to broadening my experience.
Have fun with it!
Joe
1 Like