How-to: Host web services out of your residence

Why?

Because its super fun and super educational! It teaches you a little bit about a lot of different things. It also paves the way for taking back control of your own data, by hosting the services you use on your own equipment. Lets get started!

You will need

  • Access to network equipment provided by your ISP (modem web interface)
  • A computer, Raspberry Pi, whatever
  • Some Linux install media
  • Some dynamic DNS service
  • A domain (optional, but very helpful)

STEP 1: Install Linux on something

Something can be literally anything that can run Linux. Ideally, that something should have an Ethernet port, but that’s not absolutely required. Old laptops are great because they’re small, quiet, and don’t consume much power. Starting out, specs aren’t so important.

Headless (no desktop) is best, but if you’re not super comfortable with only having the command-line available, install with a desktop. It is also possible to install with a desktop, but disable the desktop at startup. This way, you have a desktop available when you need it, but its not consuming resources when you dont.

I’m partial to Ubuntu, especially for those starting out because of the wealth of documentation available for doing various things.

At a minimum, I usually start with SSH (default port 22) so I can conveniently access my server remotely, either from within my home network or elsewhere. To increase security, disable root login via ssh, and disable password auth for all users (only allow key-based auth). Otherwise use a strong password for your non-root user.

Once you have your base system installed, note your IP address assigned to you by your DHCP server. Ideally, your server should be connected directly to the modem provided by your ISP.

STEP 2: Port-forwarding and DHCP reservation

For this you will need access to the web configurator interface for your cable/DSL/whatever modem provided by your ISP. If you do not know the username and password of your modem’s web interface, try searching online for “<modem model number> <ISP name> username/password.” Usually these are generic across all modem models provided by your ISP, but not always. If not, you may need to call your ISP to get your credentials.

Port-forwarding will allow traffic coming to your IP to get sent to your new server. Sometimes this feature is called port-forwarding, sometimes it is called virtual servers. The name can vary by device manufacturer. If you are unsure about how to configure this feature, run a search query like “<your modem model number> <your isp> port forwarding” and you should be able to find what you need.

To configure port forwarding, you’ll need the inside port, the outside port, protocol (TCP, UDP, or both), and the internal IP of your server. In the case of SSH, the default port is 22. HTTP is 80, and HTTPS is 443.

I do NOT recommend setting your new Linux server as the default host or DMZ. Only forward the ports you want exposed.

I also recommend configuring DHCP reservations. A DHCP reservation causes your DHCP server to always give the same IP to your Linux server. This prevents the problem of your Linux server getting a different IP and breaking port-forwarding.

Alternatively, you may setup a static IP on your Linux server. If you do this, be sure to set the IP to an address outside of the range of IPs the DHCP server is assigning from.

STEP 3: Dynamic DNS

Assuming your residential IP is like most residential IPs, the IP assigned to your modem will change periodically. Normally this is not a problem because normally, you just need to get from inside your LAN to the rest of the public Internet.

This presents a problem if you’re trying to go the other direction, that is, accessing your new Linux server inside your LAN from somewhere outside on the public Internet.

You could pay for a static IP, but thats a bit unnecessary when there are plenty of free dynamic DNS options available.

Dynamic DNS works by some agent running somewhere inside your network reporting the public IP of your modem back to some DNS service and updating an A record (an A record is a resource record associating some domain to an IP). As long as everything is working correctly, your dynamic DNS domain will always be pointing to whatever IP your modem has and you can always hit your residential IP.

I personally use No-IP. afraid.org is another popular option, as is DynDNS. Agent setup is usually very simple.

STEP 4: Test

Now it’s time for us to test traffic flow to make sure we can actually hit our server from the outside.

Assuming you setup ssh as your first service, try to ssh to your server using your dynamic DNS domain as the host. If you get a login prompt, congratulations! You did it!

Troubleshooting

If not, don’t fret. Go through the steps again and double check your port-forwarding settings.

  • Does the IP in the port-forwarding configuration match the IP currently assigned to your server?
  • Are there any intermediate networking devices between your modem (where you setup port-forwarding) and your server?

If all your port-forwarding configuration looks good, check the ssh service.

  • Is ssh actually running?
  • Is there a firewall rule blocking ssh? (by default there shouldn’t be)
  • Try to ssh into the server from within the server. While logged into the server via the console, try to ssh into localhost. If you get a login prompt, ssh is running.

If ssh is running properly, then test to make sure that your dynamic DNS service is working.

  • Check the administrative console for your dynamic DNS provider. Somewhere, it should tell you what your dynamic DNS record is currently set to (what IP). If it shows an IP, then it should be working. Make sure that its NOT something like 192.168.x.x, or some other private, internal IP. The IP shown in your dynamic DNS console should be the IP assigned to your modem by your ISP.

STEP 5: Use your own domain with the dynamic DNS domain

I highly recommend using your own domain with your services running on your server. You can accomplish this by creating CNAME records under your own domain pointing to the A record provided by your dynamic DNS service.

When I first setup my residential server in Taiwan, I created the dynamic DNS domain “keelung1.ddns.net.” While I already had my own domain, travnewmatic.com, I did not initially use it with my apartment server in Keelung. Instead, I added services as subdirs after keelung1.ddns.net (keelung1.ddns.net/wordpress, keelung1.ddns.net/plex, keelung1.ddns.net/mastodon, etc). This is a BIG PAIN IN THE BUTT because it requires a LOT of messy configuration with the webserver (nginx, apache, etc). Some web applications really don’t like to be served out of a path like that.

A MUCH EASIER method is to create CNAME records for each of your services. Currently I’m running a Mastodon instance in my apartment. Its domain is nangang.travnewmatic.com. That record is a CNAME pointing to my dynamic DNS A record keelung1.ddns.net.

You do not have to do this starting out, but as your collection of services hosted in your residence grows, creating subdomains for each of your webservices makes life WAY EASIER.

STEP 6: More services

Think about what services you use on a regular basis. I’m particularly fond of RSS. One of my most heavily used self-hosted services is FreshRSS. Nextcloud is a very popular self-hosted web application. It provides features similar to Dropbox, as well some groupware features. You may be surprised how many quality, self-hosted, alternatives there are for the services you currently use.

Email is not something you can, or want, to self-host out of a residential IP. Email is ridiculously complicated and most major email providers (Gmail, Yahoo!, etc.) block email traffic from residential IPs because they’re so often the source of spam. If you would like to provide some sort of messaging service, I recommend something like XMPP/Jabber, Matrix, Mattermost, or RocketChat.

Additional Resources:


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *