Description: why you want to get in to homeserving
Summary: Introduction to homebrewserver.club fundamentals
Status: published
Category: fundamentals
slug: 001
This series is a starting point for people looking to host their own on-line services from home. A good place to start is by reading the [homebrewserver.club principles]({filename}manifesto.md) on to understand why we make the choices we do. Then have a look at the [hardware guide](hwguide) or [setting up a server behind your home router.]({filename}portforwarding.md)
Title: Port Forwarding configuration for your home router
Date: 2019-01-14
Tags: port forwarding, router, introduction, lan, wan
Slug: fundamentals-port-forwarding
url: fundamentals-port-forwarding
save_as: fundamentals-port-forwarding.html
Summary: How to make your homebrew server reachable over the internet using your home router.
Author: hbsc & friends
Image: images/port_forwarding.svg
Status: published
slug: 005
# UNDER CONSTRUCTION
##Introduction
The whole premise of the homebrewserver.club is the simple — yet often overlooked — fact that your home internet subscription theoretically also allows you to host services. The internet is in its essence a bi-directional medium. Anyone with an internet connection can not only look up on-line content but also host it!
The whole premise of the homebrewserver.club is the simple — yet often overlooked — fact that your home internet subscription theoretically also allows you to host services. The internet is in its essence a bi-directional medium. Anyone with an internet connection can not only look up on-line content but also host it!
In times of 'cloud providers' and 'virtual private servers' it is an easy thing to forget, and internet service providers don't make it easy on you either, but a homebrew server can be as simple as an old laptop connected directly to your home router. However, you do need to change some settings on the router to make that happen!
@ -32,18 +33,18 @@ To begin serving from home you need the following:
![A schematic representation depicting network address translation between a local area network and a wide area network, where ports are being forwarded from the WAN to home server on the LAN]({attach}images/port_forwarding.svg)
By default home routers have configured the firewall so that the devices behind your router are inaccessible to the internet. This is to prevent your private network from being public.
By default home routers have configured the firewall so that the devices behind your router are inaccessible to the internet. This is to prevent your private network from being public.
Machines behind your router (called your local area network or `LAN`) can make connections to the wider internet (known as `WAN`), but not the other way around.
However, when hosting a server at home, we do want that server to be reachable from the internet. In order to do that we need to open so-called *network ports*.
However, when hosting a server at home, we do want that server to be reachable from the internet. In order to do that we need to open so-called *network ports*.
Ports are logical 'gates' that are open or closed to connections. These ports have numbers and are [standardized](https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports) for specific protocols or applications.
For example, HTTP traffic from a website would default to port `80`. HTTPS defaults to `443` and SSH defaults to port `22`.
To make our server accessible over the internet we need to open the ports on the router and forward them to our server. This is called port-forwarding.
The exact method (and terminology) of port-forwarding differs from router to router. However, it always follows a similar scheme where you designate inbound traffic on a certain port to be forwarded to the your server's IP-address and port on the local area network.
The exact method (and terminology) of port-forwarding differs from router to router. However, it always follows a similar scheme where you designate inbound traffic on a certain port to be forwarded to the your server's IP-address and port on the local area network.
For this you need to have access to the administrative panel of your router.
@ -93,7 +94,7 @@ The basic process is to determine which external port to open and to which IP ad
You might be asked a few things, including the name of the rule, the protocol (TCP, UDP or both), the external port and the internal port. Sometimes you are given the option to open a range of ports.
To open the ports for the web server, we're opening two separate ports, one for plain HTTP and one for secure HTTP.
To open the ports for the web server, we're opening two separate ports, one for plain HTTP and one for secure HTTP.
Open the external port `80` for plain HTTP and redirect it to the local IP-address of the homeserver:
```
@ -125,14 +126,14 @@ Port to device: 22
## Concluding
Now that you have opened the corresponding ports you should be able to type your external IP-address in your browser and should be automatically redirected to the website on your home server.
Now that you have opened the corresponding ports you should be able to type your external IP-address in your browser and should be automatically redirected to the website on your home server.
### How to find out which ports to open?
While a majority of applications will work on `80` and `443` you might need to open different port for different applications. For example in the series describing [self-hosted chat over XMPP]({filename}../instant-messaging/configuring_an_xmpp_server_prosody_0.11.md#set-up-firewall-and-dns) ports `5000`, `5222`, `5269` and `5281` are opened and forwarded.
Most installation guides for software will tell you whether you need to open ports. However it is also possible to see what applications are listening to what port using:
Most installation guides for software will tell you whether you need to open ports. However it is also possible to see what applications are listening to what port using:
`$ netstat -tulp`.
`$ netstat -tulp`.
[^1]: [https://portforward.com/](https://portforward.com/router.htm) has a large list of routers and visual instructions on how to set up port forwarding on them.
[^1]: [https://portforward.com/](https://portforward.com/router.htm) has a large list of routers and visual instructions on how to set up port forwarding on them.
Summary: Installing a web server on your homebrew server
Author: hbsc & friends
Status: published
slug: 004
TODO:
* add good dns registry reference
* certificate renewal certbot
[TOC]
##Introduction
Ever wanted to host your own website from the comfort of your own house? Ever wondered how to achieve this? Search no further! This guide will help you with the installation and configuration of web server software, which is what allows a computer to start handling HTTP requests and serve web content in response.
Besides helping you with the installation, this guide will help you getting the right certificates, configuring your server and publishing your homebrewserved website.
Besides helping you with the installation, this guide will help you getting the right certificates, configuring your server and publishing your homebrewserved website.
## Some background knowledge.
## Some background knowledge
So first off, what is the web, what is a web site and what is a web server?
First off: what is the web, what is a web site and what is a web server?
The web is the single most known part of the internet. Because of that, it often happens that 'the web' and 'the internet' become conflated. Therefor it often becomes a bit hazy to state what the difference is between the internet and the web. Generally speaking 'the web' is only the part of the internet that we interact with with a web browser. More technically speaking, the web is the part of the internet that runs on port 80 and port 443 and that uses the HTTP and HTTPS protocols.
The web is the single most known part of the internet. Because of that, it often happens that 'the web' and 'the internet' become conflated. Therefore, it often becomes a bit hazy to state what the difference is between the internet and the web. Generally speaking 'the web' is only the part of the internet that we interact with with a web browser. More technically speaking, the web is the part of the internet that runs on port 80 and port 443 and that uses the HTTP and HTTPS protocols.
Websites are text documents that are formatted through HTML, CSS and JS. These three technologies tell the webbrowser what the structure of the page is, how it should be laid out and what kind of interactions are possible. Websites are transmitted using Hyper Text Transfer Protocol, which is why we usually type them like so `http://homebrewserver.club`.
@ -34,9 +34,9 @@ So in essence the web is a network of webservers which runs on top of the intern
- A spare computer.
- A basic understanding of the command line.
- An [ssh server and client](demystifying-ssh.html) installed
- A registered domain name
- A [registered domain name](https://www.pcworld.com/article/241722/how-to-register-your-own-domain-name.html)
- Have an available power socket next to your router.
- An ethernet cable to connect your server to the router.
- An ethernet cable to connect your server to the router.
The instructions on this guide were run on a Debian Stretch distribution.
@ -265,11 +265,28 @@ If the required ssl_module is not listed, run:
$ sudo a2enmod ssl
```
### Certificate renewal
Your certificates expire after a period of time. You can, however, automate renewal by adding a [cron job](https://www.ostechnix.com/a-beginners-guide-to-cron-jobs/) that schedules when the specific renewal command should be run.
Start by running:
```bash
sudo crontab -e
```
Add the following:
```bash
5 55 0 * 5 /usr/bin/certbot renew
```
This means the certificates will be renewed every week on Friday at 05:55. You can of course edit these times according to your preferences!
Save your changes and exit the editor.
Time to restart Apache and load all of these changes!
## index.html
At this point, when typing https://mydomain.org into your browser, you're greeted with a page that looks a little something like this:
At this point, when typing https://mydomain.org into your browser, you should be greeted with a page that looks a little something like this:
![Default apache on debian index.html page](http://assets.digitalocean.com/how-to-install-lamp-debian-9/small_apache_default_debian9.png)