The Raspberry Pi is a low cost device and it consumes low power. It can be used as a web server with your home internet and you will have complete freedom to implement ideas. Nowadays popular cloud services are costing high for the same specifications and recently banned some websites for showing some legal terms. This post will guide you how to configure and host a website on your home Raspberry Pi device with AT&T home network. All of my web applications hosted on my home server Raspberry Pi 8GB with external SSD, I usally costs under $99.
Requirements
- Raspberry Pi
- Public domain
- CloudFlare free account
Use RaspberryPi images software and choose Linux based operating system.
There are many resources and videos available on internet to setup a Raspberry Pi 4.
Setup SSH authentication with PEM RSA file without password on ubuntu/linux Raspberry Pi Server
Activate Free SSL Certificate for Your Website
Home Network Gateway
Firewall Access
Enable HTTP port 80 for Raspberry pi device.
Firewall HTTP/SSH
Enable HTTP and SSH ports for Raspberry pi device. SSH is not required, if you don't want to access from the outside network.
Security
You have to protect your home server as much as possible.
UFW Firewall
Linux is offering a firewall tool calling UFW(Uncomplicated Firwall) for monitoring and filtering incoming and outgoing network traffic. Using this you define to allow or block specific traffic.
You need sudo privileges to install UFW
$sudo apt update
$sudo apt install ufw
$sudo apt install ufw
Check Ubuntu Firewall Status
$sudo ufw status
Disable Firewall
$sudo ufw disable
Enable Firewall
$sudo ufw enable
Allow Ports
Enabled HTTP(80) and SSH(22) ports for incoming traffic. If necessary enable HTTPS(443) or other ports.
$sudo ufw allow 22
$sudo ufw allow 80
$sudo ufw allow 80
Fail2ban
Fail2ban is most powerful tool that protects from attackers. You can define set of rules to ban the attackers IP address.
Fail2ban installation
$sudo apt update
$sudo apt install fail2ban
$sudo apt install fail2ban
Check Status
Using the following command you can verify the status.
$sudo systemctl status fail2ban
The result will look like this:
$ systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-05-22 04:23:44 EDT; 1 months 4 days ago
Docs: man:fail2ban(1)
Main PID: 626 (fail2ban-server)
Tasks: 5 (limit: 4915)
CGroup: /system.slice/fail2ban.service
└─626 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-05-22 04:23:44 EDT; 1 months 4 days ago
Docs: man:fail2ban(1)
Main PID: 626 (fail2ban-server)
Tasks: 5 (limit: 4915)
CGroup: /system.slice/fail2ban.service
└─626 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Configurations
You can define the rules by modifying /etc/fail2ban/jail.conf file. Here maximum 3 SSH retries ban the attackers IP address.
#
# SSH servers
#
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = -1
# SSH servers
#
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = -1
Disadvantages
Home network providers are not allowing PORT 25 or SMTP for all residential customers to avoid SPAM emails. Instead you can use external SMTP PORT 435 connection or you have to convert the account into business.
0 comments: