Host a Website on Your Home Raspberry Pi
Wall Script
MailxEngine
Sunday, June 26, 2022

Host a Website on Your Home Raspberry Pi

The Raspberry Pi is a low cost device and it consumes low power. It can be used as a web server with your home internet and you will have complete freedom to implement ideas. Nowadays popular cloud services are costing high for the same specifications and recently banned some websites for showing some legal terms. This post will guide you how to configure and host a website on your home Raspberry Pi device with AT&T home network. All of my web applications hosted on my home server Raspberry Pi 8GB with external SSD, I usally costs under $99.

Host a Website on Your Home Raspberry Pi

Requirements Install Linux Based Operating System
Use RaspberryPi images software and choose Linux based operating system.
Raspberry Pi Operating System

There are many resources and videos available on internet to setup a Raspberry Pi 4.
Setup SSH authentication with PEM RSA file without password on ubuntu/linux Raspberry Pi Server

Activate Free SSL Certificate for Your Website

Home Network Gateway
Raspberry Pi Operating System

Firewall Access
Enable HTTP port 80 for Raspberry pi device.
Raspberry Pi Operating System

Firewall HTTP/SSH
Enable HTTP and SSH ports for Raspberry pi device. SSH is not required, if you don't want to access from the outside network.
Raspberry Pi Operating System
Security
You have to protect your home server as much as possible.

UFW Firewall
Linux is offering a firewall tool calling UFW(Uncomplicated Firwall) for monitoring and filtering incoming and outgoing network traffic. Using this you define to allow or block specific traffic.

You need sudo privileges to install UFW
$sudo apt update
$sudo apt install ufw

Check Ubuntu Firewall Status
$sudo ufw status

Disable Firewall
$sudo ufw disable

Enable Firewall
$sudo ufw enable

Allow Ports
Enabled HTTP(80) and SSH(22) ports for incoming traffic. If necessary enable HTTPS(443) or other ports.
$sudo ufw allow 22
$sudo ufw allow 80


Fail2ban
Fail2ban is most powerful tool that protects from attackers. You can define set of rules to ban the attackers IP address.

Fail2ban installation
$sudo apt update
$sudo apt install fail2ban


Check Status
Using the following command you can verify the status.
$sudo systemctl status fail2ban


The result will look like this:
systemctl status fail2ban
fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-05-22 04:23:44 EDT; 1 months 4 days ago
Docs: man:fail2ban(1)
Main PID: 626 (fail2ban-server)
Tasks: 5 (limit: 4915)
CGroup: /system.slice/fail2ban.service
└─626 /usr/bin/python3 /usr/bin/fail2ban-server -xf start


Configurations
You can define the rules by modifying /etc/fail2ban/jail.conf file. Here maximum 3 SSH retries ban the attackers IP address.
#
# SSH servers
#

[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = -1


Disadvantages
Home network providers are not allowing PORT 25 or SMTP for all residential customers to avoid SPAM emails. Instead you can use external SMTP PORT 435 connection or you have to convert the account into business.
web notification

0 comments:

Make in India