Hosting a website from home - Privacy/Security concerns

SaltandSauce

SaltandSauce

SaltandSauce

Associate
Joined
30 May 2012
Posts
146
Ok people, so let me cut to chase since it's getting late and I really should be thinking about spending a little "quality" time with the girlfriend before we head to bed.

Anyway, as it stands, I've been running an HP Proliant server for just a little over a year now, and to say I've been impressed, would certainly be an understatement. It's been an awesome piece of kit that has offered a great number of services.

Well.. I've been considering hosting a small website on it instead of me having to fork out the cash for hosting. The thing is, I'm a little new to all of this so I'm a little unsure as to firstly, is this is a good idea? And secondly, what's involved?

Now I know a little about about VMware HyperVisor but that's about as far as it goes. Now I mentioned this subject on a board a little less technical, and I was offered the following advice from someone I respect dearly. Now his response is really aimed at my concern for both privacy and security. So here it goes:

Seems you already know a little about virtualization.

Throw Vmware Vsphere on that bad boy.
Run 2 virtual machines, 1 a nice firewall, maybe Pfsense, and the other your webserver.
Pass the in/out with the virtual switch through the firewall and then to your webserver.
Install an intrusion detection package in pfsense.

The biggest worry you should have would be some script kiddie ddos'ing your home connection.
Make sure any unnecessary ports are not open.
Click to expand...

Now, does this seem like sound advice? As it stands, I'm currently hiding behind a VPN, and if I'm being totally honest, I'd quite like the site to be hiding behind the VPN at the same time. That way, anyone interested, wouldn't be able to determine my home IP.

I get what the poster above is saying, but I still need to do some reading on pfSense and silly things like what OS to consider running whilst hosting the website.

So really, the point of this thread, is I'm looking for peoples knowledge and sound advice. Would you recommend I go about doing this? The site is a small blog where I don't expect there to be a great deal of activity.

Any information would be greatly appreciated. Any other questions, and I'll try my best to answer them to the best of my ability.

Thanks for hearing me out,
S'n'S
 
Your friends advice is absolutely sound - pfsense is a bloody brilliant firewall.

Another thing I'd probably add is look at dynamic DNS as you're hosting at home - you won't be able to get a static public IP unless you're on a business package for your net connection. DDNS will sort that out - there's loads of free providers (dnsexit.com is who I use for my home setup).
 
Last edited:
Thanks for the positive feedback!

The thing is, since he kept the post both short and sweet, there is more questions now than I have answers. I'm currently awaiting his response but I'm not quite when that'll be since he doesn't appear online too often.

As it stands, I currently have NO-IP which takes take of the Dynamic DNS issue fror when it comes to hosting.

A few questions I have on my mind are the following:

- What OS would you recommend I use for hosting a web site?
- Since I have a VPN, is there anyway for me to hide my site behind as long as it doesn't drop?
- Whilst running NMAP, what ports am I looking to keep open? If it's simply for browsing HTML and pictures, other than port 80, is there anything else I should be aware of?

I can't quite think of any other questions right now but if they pop up, I'll be sure to fire them your way!
 
Over a VPN it's going to be slow. I'm not sure why you'd use a VPN surely it's easier to port forward port 80 / 443 (if security is an issue then why release a port 80 website?). Or are you talking about initiating a connection to your VPN and then browsing it? If so then that is quite easy and you wouldn't need firewall rules as you'd be on the trusted LAN.

OS wise it depends. Windows 2008 R2 server if you have a licence is my personal preference as I know more about Windows and securing it than I do about Linux. Though it could run on Windows 7 or even on Linux and Apache. It depends if you want IIS or if you want Apache really and what the site is built for (i.e. does it use .net, etc.)

Port 80 is it or 443 if you secure it are the only ports you require though if you're on the VPN then you don't really need to worry about this nor do you require pfsense. I'd only recommend this if you were port forwarding on your router directly to the webserver (via the firewall of course).



M.
 
first of all i would get a static ip, your provider might charge, im with plus net and its a one off fee of a fiver.
other then that the advise sounds good, i wouldnt know how your server being over a vpn would work unless its site to site with some port forwarding going on.
what kind of wedsite?

im using server 2012, with joomla and one with wordpress. i do prefer wordpress though.
 
Fork out the money for web hosting a problem? You can get a starter/basic package from Vida and TSO for less than £25 - it's a no brainer unless you're desperate to find uses for your Microserver
 
TSOHost does packages for like £2.99 a month. I can't say that many people would consider all the hassle of running your own webserver to host a site would be worth saving £3 a month for.
 
I do exactly this at home. I have a desktop running a Quad core and 16gb of RAM. This runs Server 2012 with 3x CentOS Virtual machine. One acts a Proxy and run mod security, one is a normal web server and the other is the DB server. These are contained in its own network.

I have my Netgear ADSL modem port forwarding port 80 and 443 to the MIP on my juniper firewall which goes down to the NIC for my VM's. I do this partly because I had a juniper firewall to hand and wanted abit of extra security.

I use http://www.noip.com/ to handle my dynamic IP. I also pay for a domain name to be used instead of the free ones.
 
Out of interest what's the/is there a risk in running your firewall and the stuff behind it virtualised all on the same hardware?

I've not really looked into virtualisation security so not sure if it's even an issue or not.
 
m4cc45 said:
Or are you talking about initiating a connection to your VPN and then browsing it? If so then that is quite easy and you wouldn't need firewall rules as you'd be on the trusted LAN
Click to expand...
.

As it stands, I'm currently using a VPN for my daily web browsing. The service provided is fairly stable and can be used on up to three devices. Since I still have one device spare, I thought it would be quite useful having the website URL pointing to the IP of the VPN, rather than that of my own IP. Would this be wise?

m4cc45 said:
OS wise it depends. Windows 2008 R2 server if you have a licence is my personal preference as I know more about Windows and securing it than I do about Linux.
Click to expand...

Since I have access to MSDN, I wouldn't have any trouble getting my hands on Windows Server, and like yourself, I am far more familiar with Windows than I am with Linux - hopefully one day that will change. Is there any links that you can provide to help secure this OS as much as possible?

m4cc45 said:
Port 80 is it or 443 if you secure it are the only ports you require though if you're on the VPN then you don't really need to worry about this nor do you require pfsense. I'd only recommend this if you were port forwarding on your router directly to the webserver (via the firewall of course).
Click to expand...

So to clear this up, if I was intending on hosting the website over my VPN, rather without one, there would be no need in me having to use a firewall like pfSense? I just want to clarify on that one?!
 
spoffle said:
TSOHost does packages for like £2.99 a month. I can't say that many people would consider all the hassle of running your own webserver to host a site would be worth saving £3 a month for.
Click to expand...

This is certainly something that I may consider. I don't expect the site to produce a great deal of web traffic which is the reason I had considered hosting it from my own home server. This may be an option, but as it stands, I think I'd quite like to gain the experience of how to play around with Hypervisor and a few other things whilst learning to build my own site!

mrbell1984 said:
run something in a virtual machine for a bit until you develop the website then just purchase some space and transfer it over.
Click to expand...

I like what this man said!
 
matthab said:
I do exactly this at home. I have a desktop running a Quad core and 16gb of RAM. This runs Server 2012 with 3x CentOS Virtual machine. One acts a Proxy and run mod security, one is a normal web server and the other is the DB server. These are contained in its own network.

I have my Netgear ADSL modem port forwarding port 80 and 443 to the MIP on my juniper firewall which goes down to the NIC for my VM's. I do this partly because I had a juniper firewall to hand and wanted abit of extra security.

I use http://www.noip.com/ to handle my dynamic IP. I also pay for a domain name to be used instead of the free ones.
Click to expand...

It seems like both you and I are on the same wavelength. As it stands, my HP Proliant only has 8GB of RAM, but for a simple website, I can't imagine this causing a great deal of trouble.

I was hoping you could tell me a little bit more about your three virtual machines and how they all work hand in hand. You mentioned the following: One acts a Proxy and run mod security, one is a normal web server and the other is the DB server.

What proxy and mod security do you have in place on your first VM? On your second, what webserver are you currently using? As for the third, I don't intend on storing any details so the use for a DB would be unnecessary.

You also mentioned your Juniper firewall and how that has been configured. Since I don't have the luxury of owning one of these, would pfSense be my next best option whilst running through another VM? Would this be required if my site was hiding behind my VPN?
 
You must log in or register to reply here.
Back
Top Bottom