Dave’s WordPress is proud to offer you this WordPress Virtual Appliance. Built on Debian 10, running Virtualmin on Oracle VirtualBox. The hard disc in the appliance can also be converted to Hyper-V or VMWare, so it’s a versatile and powerful appliance.
Times have changed; people and companies are now putting everything online. Money is also of concern. Millions are out of work! What if you could learn to convert your home pc into a REAL web & database server, pay no money, and only pay for just the domain name every year? Imagine how much money you could save on hosting one or more websites this way?
The first half of the course is free; I want you to see if you can get comfortable with some technical terms. I even include a practice test to make sure you have what you need before proceeding to the next steps of doing the actual work. If you feel comfortable, and follow along, you should pay to get the full course, test, and all of the information, including the great downloads. If you are just curious about how the Internet works, then enjoy just the free portion as my thank you to you for taking the time to view my videos and this course.
You ask the question from a perspective of concern. The reality is not so scary. The approach is what companies do and have done for years before data centers and cloud. This is also a generic statement. Know there are a zillion configuration options with opinions, so I’m keeping this simple and basic.
You have a Server or PC. That system is running a service. In the most simplest of terms, you open just a small pinhole (port 80) to that (HTTP) service on that system, nothing else on that machine or any other machine.
What are you using for DNS at this point?
Are you forwarding your domain.com directly to your home ip address?
Are you opening port 80 on your home subnet that everyone in the house shares?
Your most welcome. Policies? You assume too much from my course then, and I can’t tell if your just being negative, or are being overly paranoid or just don’t understand how a firewall and port forwarding works.
Any good firewall blocks all inbound traffic. To run something on the Internet, one must open up common ports to a specific services on said system(s). This is how the internet works not only at home but at companies too. Does it eliminate all risk? No! The fact you said Security Policy tells me your no beginner. Policies or rules are feature common on commercial hardware like Cisco. It is also a strategy that security analysts use. So what’s your true real game or angle? Are you just trolling looking to mess with folks posts and kindness?
If your that skeptical and that worried, then I would advise this is not for you. If your a troll looking to shit on something find another bush. And for anyone else reading this the risk on port 80 depends on many factors such as the server and software behind the port. A unpatched server brings more risk then hardened one. Crap code vs well written code is another. Security in and of it self is an endless topic with near endless infinite arguments. The take way is this do what you feel is right for you, and only what your comfortable with. Past that what I offered and offer was and is something free. Treat it as such.
Asking someone to pay you so they can learn how to open a port for inbound forwarding to a computer on their Home Network from the World Wide Web?
It is reckless and most dangerous at that. To even consider such a risk you would need way more then just your isp router/modem “firewall” and “cloudflare” Not to mention breaching your isp terms of use should you be victim of ddos attack.
At least have the consideration to tell people up front what danger they are getting themselves into before doing such.
Your a real ass you know that. I did not ask for any payment. I gave you the course for free. I use open source software. To shit on this post is to shit on the the open source community.
Your ignorance shines through as cloudflair is many things. Most who use it use it for hosting, use it for the edge caching feature and dns capability not firewall. And a firewall vs a firewall as a service is the same function at a different layer. To your point yes at this layer it can provide a dental of service attack protection to the endpoint network. These are almost always targeted attacks and less frequent to say a brute force attack on say a WordPress site admin page. That can be solved with a plugin. So just shut up already. My post was not a dissertation on every possible facet of internet security. If you or your children game online than your already as or more likely to get and suffer a denial of service attack then hosting a website. Gaming is not against an ISP’s rules. Your being a paranoid ass on something that is likely not ever going to happen but could from.any reason not just hosting a web server!
You asked probing questions with the intention to try to destroy a post. Your the dishonest malevolent being here.
And yes you can host a site securely at home, I totally challenge most your statements with few special use case considerations. The only other thing you said that has any credence is an ISP my have in their terms of service a clause about hosting. Typically it is geared toward running a email server. If you had the courtesy to watch the video on the appliance page before shitting on this post I did mention this in the video.
Please just shut up already! Most importantly STOP being a troll!
Deceitful set up questions and accusational that I am selling a product I gave you and others for free, stating I was causing intentional and reckless harm. I have a right to be angry given your horiable statements and accusation. It is called a defensive response.
Any webserver I’ve ever known sits behind behind a firewall. Virtualmin , Apache and the rest if the open source community in their instructions don’t disclaim the things you accuse me of not disclaiming, yet according to you I’m horrible. So if I am horiable, they are horrible because I show their product and how to configure it. I would do and have done the same in a business using an ASA firewall. And I would not necessarily use cloudflair there either unless it was a consideration.
You accused me of some pretty harsh things when I was being nice and simply giving away a freely pre configured virtual appliance and yes if folks wanted to see how to do this at home great. That was an aside offering that you zeroed in on to set me up and destroy this post like the troll you turned out to be and now you play the victim… What a JOKE! Yes behavior like yours pisses me off. I am human and not your victim or a punching bag. And I refuse to let you be the victim here when you started a sneak attack on my contribution and post.
Hey guys, why don’t both of you take a breather, huh?
@dsoden, I took a quick look at your stuff and it seems solid!
And don’t get caught out by some random forum trolling, I see you’ve been here long enough to know that!
Personally I wouldn’t host websites at home anymore, simply because hosting is so cheap. My primary Virtualmin server is a VPS for which I’ve paid $40/year or so for the last few years. If those $40 was the cash that was running me out of business I would say I wouldn’t last long anyway!
Aside from that a few practical problems like dynamic IP and so on, but that leads me over to my second point.
@cyberndt - chill the hell down, man.
Hosting from home is how it’s been done since “ever” and security wise it’s not much different to having a server in a DC. Most likely you will have more ports exposed to the internet on your server than in your own home actually making the attack surface smaller at home. Also, being a residential IP, those are not scanned nearly as much as DC IPs, so the chance of a brute force is also smaller.
Like mentioned in my first paragraph I wouldn’t consider hosting websites at home anymore because I don’t have a static IP, but I do serve my Plex content from home. Hosting 40+ TB on a server would cost me more than I already spend on hosting, but this server is behind CF and an Nginx reverse proxy, only opening port 443 to the world.
Another point is that most home routers have some sort of client isolation in place, meaning that IF your server that only listens to 1/2 ports is compromised in some way, the chance of them getting further on to your network is slim to none, seeing as most of the scripts that compromise WP sites f.ex. only do it to send spam mail from their now newly expanded botnet.
TL;DR: Calm down, hosting from home is not reckless and dangerous, chill the fuck out. @dsoden - good luck with your project and let’s hope for a better year than the last!
I’ve been running several sites on a Dell T140 server out of my house for a couple years now. Never had an issue except for once when I somehow screwed up my Virtualmin install.
Edit to add: Here’s My Forum (a forum for a few friends and I to talk about politics and stuff)
If it’s so very dangerous, go check it out and tell me everything about my network, hosting, number of computers, etc.
I used to host sites intended mainly for family members and friends out of my home or their homes using an old Acer laptop running CentOS 4. They were usually temporary sites of various family or social events with live video feeds for those who couldn’t attend.
After the events were over, I’d bring the laptop home and host the sites and recorded videos for a while for people to watch, if they wanted to, using my home Internet connection behind a pfSense firewall. The sites weren’t restricted in any way: Anyone could watch if they knew the URL. But they would be of little interest to most people.
A few of the temporary sites did give me ideas for new public sites, though, when they logged more visitors than could be explained by just family and friends. I also gained valuable knowledge about media streaming, most of which has since been obsolesced by HTML5, at least on the front end.
There’s really nothing inherently “dangerous” about hosting a site on a home Internet connection. I’d call it more of a manageable risk. I’d prefer complete physical isolation of internal and public data; but it can be managed with a firewall if that’s impossible, as it would be if you have only one WAN connection.
I don’t think I’d do it with the stock firmware that comes installed on most consumer routers, however. I’d do it with something like DD-WRT / OpenWRT, or pfSense, but not with the stock firmware on the average consumer-grade router. Most of it, in my experience, is poorly-maintained garbage.
Synology’s firmware may be an exception. When I was shopping for new routers, they were one of the finalists. I also considered building a pfSense box, or just installing some Linux or another on an old PC and installing CSF on it. But ultimately just I bought another Linksys WRT3200ACM and loaded OpenWRT on it. That’s robust enough for my needs, and I have enough projects going on right now.
Did I say that to you specifically?
No, but if you want to take it that way, be my guest.
Also, this was my first comment in this post so which criticism can’t I take?
You were the one who started trashtalking in this thread. If you disagree from your own personal opinion, that’s fine. But it’s not reckless nor dangerous. On that you are quite wrong.
How dare you people not give your business to an IaaS platform! It is morally wrong for you to use your hard earned cash to feed your children instead of forking more and more of it over to big data giants like AWS and Google, or at the very least Linode or Digital Ocean! You should be ashamed to think you are worthy to step into even the most basic arena of web hosting that is so simple a chimpanzee can safely do it.
How dare you think you can own or build your computers, code or software. The most you can hope for is to rent this beautifully constructed golden monument from Microsoft or Apple.
I do it. I have no problems. The number one rule of hacking is simply this: they have to have a reason to hack it.
Should you run a fortune 500 business off your home connection? No. Of course not. That goes without saying.
But I run my little sites off mine and I’ve never had a problem. I’ve been DDoS’d, Brute Force attacked and never had a problem handling it with Cloudflare’s help.
And it’s free.
If you’re that paranoid over being hacked, you probably should find a new hobby / line of work.
Edit to add: If somebody really wants to hack you, you are going to get hacked no matter where you’re hosted. If they can get the U.S. Government, Citibank and the IRS, believe me you’re no safer on GoDaddy or Amazon.
