Hosting your own web entry (bad formatting edition™)

Features

• - nginx reverse proxy, no need to open more than two ports
• - secure TLS/HTTPS encrpyted connection from client to our backend
• - cloudflare as a proxied DNS provider
• - dynamic DNS updating

overview and topology map

nginx reverse proxy

To server our website, clients somehow need to connect to our server. Usually this can be done by opening a port on our router/firewall. This works fine if you only want to host a single website and/or service, but if you want to expose more than one, you normally have to serve it from a different IP. We can circumvent this by using a reverse proxy. It works by bundling all traffic and sending it trough only one exposed tunnel. This is illustrated below. Furthermore, nginx as built-in functionality for serving .html based sites on the web. We use both features in this case.

• - Install nginx
• - cd into /etc/nginx/conf.d
• - create a new .conf file and name it how you like, I recommend [yourdomain].conf
• - copy the following into your file and change to your liking

server {
            listen 80;
            server_name domain.com;
            root path/to/the/folder/containing/your/index/file;
            }
            

• - cd into specified root path and create an index.html file and write Hello World into it
• - run nginx -t to check if everything is working

Cloudflare as our DNS provider

• - First of, go and create cloudlfare account
• - Now head over to your domain registrar and change the dns servers to the ones specified on cloudflares site
• - Then over at cloudflare, go to DNS settings
• - Create a new A record with your full domain name pointing at your IP. You can get your IP on ipleak.net

Dynamic IP?

Our dns records now point to our current IP. Now, for a lot of people ISPs dont give them a static IP address. As such, the IP we assigned will change and wont be valid withing a few hours or days. We can fix this by dynamically updating our DNS records to cloudflare. Personally, ive been using qdm12's ddns-updater docker container for this. In my case, im using the specified docker-compose.yml. To get it up and running, download the docker-compose.yml and change the parameteres to your need. This likely boils down to changing your port and specifiying a config.

Getting our connection encrpyted

As of now all our traffic passes from client <-> server without being encrpyted. This essentially allows anyone to read and potentially intercept our traffic with out our knowledge. To change this, we can use certbot. It should be preinstalled on most common distros. certbot gives out free TLS/HTTPS certificates authorized by the EFF. Usage goes as follows:

• - run cerbot --nginx and enter the number corresponding to your domain
• - let it finish and afterwards wait a minute for everything to update
• - navigate to your website and you should see automatically turn into a https site

Subdomain and different services

• - nginx config for a subdomain

server {
            listen 80;
            server_name one.domain.com;
                location / {
                    proxy_pass http://ip:port;
                }}
            

• - nginx -t
• - create a clouflare A record with your subdomain.domain.com pointing to your address
• - if needed, update your ddns-update to include the subdomain
• - certbot --nginx