Hello!!! <3
So i’m trying to host my own lil website server! I already got httpd on my fedora (GNU/Linux) device, forwarded the 80 port to my router and - TADA I can access my simple index.html site from anywhere now via the IPv4 address! I even tried it on my phone at work, and I was able to reach my home server!
I have now purchased some nice domain smorty.dev rather cheaply on porkbun but - as you may find out when clicking on the link - it doesn’t forward to my server yet ;(
I have already setup the A address record thingy on porkbun, which can even be verified by running ping smorty.dev in the terminal, as it retrieves the current IPv4 address of my router
CODE BLOCK
maria@fedora:~$ ping smorty.dev
PING smorty.dev (79.241.82.75) 56(84) bytes of data.
64 bytes from www.smorty.dev (79.241.82.75): icmp_seq=1 ttl=63 time=8.35 ms
64 bytes from www.smorty.dev (79.241.82.75): icmp_seq=2 ttl=63 time=6.53 ms
64 bytes from www.smorty.dev (79.241.82.75): icmp_seq=3 ttl=63 time=5.94 ms
^C
--- smorty.dev ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 5.937/6.937/8.345/1.024 ms
I searched online and found some people talking about a Windows HOSTS file, so I found the equivalent for GNU/Linux, which is /etc/hosts and that file now looks like this
CODE BLOCK
maria@fedora:~$ cat /etc/hosts
# Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# See hosts(5) for proper format and other examples:
# 192.168.1.10 foo.example.org foo
# 192.168.1.13 bar.example.org bar
79.241.82.75 www.smorty.dev
127.0.0.1 www.smorty.dev
Soooo there is clearly a connection there, but the actual forwarding in the browser to my website doesn’t seem to work ;(
I am *somewhat sure I exported this correctly…
IMAGE OF ROUTER INTERFACE
EDIT: I completely forgot to mention what the address records look like… and maybe they are kinda important for my problem sooo here they are!
SCREENSHOT FROM ADDRESS RECORDS
if someone here could share some advice maybe - that would be super great :)
.dev domains are required to only be reachable via https. You’ve not mentioned that in the post, so I’m guessing port 443 is not serving or even listening.
I’d delete the screenshot with your IP visible. You never know…
The bots are a much bigger threat than Lemmy
Is your web server set up to use a domain? Like if you’re using Apache vhosts or anything, I’m pretty sure you need to configure your domain in there too, and then restart the web server.
As others have said, close port 80. I actually stopped exposing ports a while back. I just configured always on vpn on my phone instead. Much more secure.
Unless you’re using outdated server software, there’s nothing inherently insecure with exposing ports to the Internet. Be it port 80 or 443. Just keep everything up to date and maybe add fail2ban to stop people poking around.
There is always a risk. Nothing is 100% secure. It’s low but the risk is there. Noobies also make configuration mistakes which can impact security severely.
Don’t forget about heart bleed, the openssl vulnerability that went undetected for years.
My home shit is also not funded by a Corp with all kinds of fancy threat detection and prevention stuff. I don’t have the time or desire to deal with it, nor do I need to serve other users, only my own needs. Therefore vpn is more secure.
Your domain name resolves fine for me, and it’s true you’ll need to set up https for it to work in a browser, but even with curl I get a timeout. Maybe you stopped running httpd?
The hosts is mostly so your computer can connect out to other websites, but doesn’t matter for being able to connect to something you’re serving.
Instead of httpd, maybe try out Caddy. It makes https pretty simple and free once you have a working Caddyfile.
There is so many things wrong with this post…
You have become the classic case of knowing enough to be dangerous.
Please start by closing off port 80. Do not ever expose anything to the internet without proper security measures. You want to use https (so port 443) and you should consider if you really need to expose it at all. My guess is that your browser is not allowing plain http traffic since it is a security nightmare. (Someone could man in middle it and take control of your browser plus there is lots of information your browser sends to the server) If you still want a public server you can use caddy in a container on a preferably dedicated device. You don’t want to just run a service from your main device since if it gets exploited you are in trouble. httpd is not industry standard (although you can use it) so I would be careful about blindly trusting it. You want a multilayer defense with possibly some sort of rate limiting to stop bots from destroying it.
