Thinking about hosting my own web server. Is there any reason that I shouldn't?

CodeBlox

I would like to do this just to get the knowledge and know how to do it. As the title states, I would like to host my own web server solely from home. The page it would host would be whatever I upload to it. What are the downsides of doing this? Will my electric bill go through the roof ( I see no reason why it would ), will I open the rest of my network up to the internet leaving it vulnerable? Do I need a beast of a computer? This is probably a server that only I would access like say from work. I think it would be really cool to do!! I'm just worried that the cons would far outweigh the pros. I had a website once that was hosted by godaddy and my domain name "thejizzleman.com" has expired. I can register another, no problem. But I would like to be in control myself. It would be a windows based server.

rwmidl

Question #1 will your ISP allow it?

cyberguypr

Since you mention electricity I'm assuming you are thinking about a physical box. Unless you go for an HP DL580, a Dell C series or some other ridiculously big/power hungry box I wouldn't worry too much. Having said that, if it is just for testing or for a PoC I would go virtual. Easier and more elegant. I would still put it on a separate VLAN that doesn't talk to anything else.

Another thing to keep in mind is that the AUP for many residential ISPs prohibits ftp, email and web hosting. To what level it is enforced, who knows. If they are bored and notice a lot of traffic they are free to restrict or even shut down your service. I have an RDS Gateway and a few other goodies exposed to the internet but since I don't abuse them I am not worried. I always keep saying I will go for the business class service to avoid any potential issues but never commit to it.

Qord

My only advice would be to keep a good watch on your logs. I took mine down because of all the failed login attempts I saw. This was on my main desktop computer (fedora), the same one I use to VPN to work and do online banking from. No thanks sirs.

I'll put mine back up eventually, but not until I get a new primary and learn some more. I used dynamic dns from no-ip, which meant no cost. Cheeseball domain name, but it was free!

DevilWAH

I think its a great idea and as soon as I move house next month I will have mine back up and running locally, great way to learn.

and unless you expect high utilisation or you need a reliable connection/website then go for it.

If you expecta couple of 100/100's hits a day on your site and it has lots of active content then you will need both a powerful server and high bandwidth to insure users get a decent experience. And in which case a hosted service will be cheaper and more reliable.

Remember power cuts, your server failing or ISP going down will mean your site is down. You ISP may also not provide you with a static IP in whci case you need to look in to Dynamic DNS to insure you can connect in.

But if its a new website and you are expecting only personal use (may be a few friends and family) building it your self is a great way to learn, and if it takes of an becomes to large to self host, you will know enough to easily migrate to a hosted solution.

I fully intend mine to be self hosted and syncing to my current host for fail over and back up as nessusary.


Depending what you need to run, I would suggest getting an old laptop or small desk top and running of this, Anything that can run Linux could be used and you can get some very low power systems that are more than capable of running a decent small website and use less power than... (Well I was looking at an 8W system the other day ), your electric bill is hardly going to notice that

CodeBlox

They shouldn't be allowed to tell me what I can host. We shall see.

I could go virtual with this host but can't put it in another VLAN. That would mean putting the physical host on a whole other VLAN as well. Besides, my device that connects to the internet ( A DELL 4 port access point ) does not support VLANs.

Just thinking about this is exciting!

DevilWAH, what kind of server were you hosting?

DevilWAH

CodeBlox wrote: »

DevilWAH, what kind of server were you hosting?

the site in my Sig

I have had it running on an old laptop through to a 4 CPU 32gig ram Dell 2900 server (borrowed that one from work )

I have always used Apache as my weapon of choice, mostly running on top of unbuntu server, although I have used a number of different Linux Distributions over time.

dustinmurphy

Most residential ISP's block port 80 and 25 (web/smtp). They can and do block the ports so that you cannot access them from the outside. You also probably have a DHCP address, which means your IP will change, without notice. Using a service like DynDNS, as suggested will work, however sometimes your IP doesn't change for a couple of months. If DynDNS doesn't receive any changes within 30 days, it will suspend your account. (been there, done that). If you're doing it for "free" hosting of a website that will be used by many people... I would NOT recommend it (GoDaddy has hosting for REALLY cheap). If you're doing it for the experience of doing it... be my guest. You can use a different port (i.e. 81), but will have to remember that when accessing it.

As for the attacks from the outside (scans attempting to login), that's normal. As long as you use a good strong password and good security measures, you should be OK. With that said, do not use a computer that has personal information on it. If you do get compromised... it could mean identity theft. Only open needed ports to the box...

I used to try to host my own email and web, but it became too much of a pain... and I ditched it.

For basic web, I wouldn't say you need much... but it depends on the site you're hosting... and how much content, what it's written in, and how many hits you get as to what the hardware requirements are.

Whiteout

I started out hosting with GoDaddy, it was cheap and fairly easy to use. I then thought why not just host my own website and save some money? Well I got everything setup with ubuntu server on a spare computer I had laying around, but couldn't access my website from the internet. I soon realized I didn't have a public IP address and to get one it would cost much more then GoDaddy was charging me for hosting fee's. All in all it was a good experience and I learned some good information. Before you do anything as others stated check to see if you have a public IP address first. If you do, then I say by all means go for it.

CodeBlox

I've got a public IP address. No carrier grade nat jazz here ( I think thats what someone called it ). And it's obtained by DHCP. If they don't allow web traffic on port 80 I'll simply use another then. Thats got to be allowed right? I've got no problem with remembering a port number.

vinbuck

How fast of a pipe do you have to the Internet? Your personal browsing experience may suffer if the site is frequently used and you have a low upload speed.

dustinmurphy

vinbuck wrote: »

How fast of a pipe do you have to the Internet? Your personal browsing experience may suffer if the site is frequently used and you have a low upload speed.

If he's willing to change the port number, the site won't get much traffic He'll only be able to direct-link people to it, since it will not be on the standard http port.

DevilWAH

dustinmurphy wrote: »

Most residential ISP's block port 80 and 25 (web/smtp). They can and do block the ports so that you cannot access them from the outside.

This must be a US thing as the 5 major ISP's here in the UK i have used, none of them block ports, even on there basic packages ?

Forsaken_GA

dustinmurphy wrote: »

Most residential ISP's block port 80 and 25 (web/smtp).

I wouldn't say most. There may be a few mom and pop level ISP's that are still doing it, but most of the majors are not and have never done port 80 blocks at a network level. Some of the ISP's were providing CPE that had firewall blocks for commonly hosted ports in place, but those were easily turned off if you knew how to log into the router. Port 25 blocking did take place, but has largely fallen out of favor, there are only a few providers who still do it, and the ones I know of that do, will remove it upon request.

As far as the OP is concerned... yes, certainly. It's a good learning experience. I have many servers (most of which are virtualized) serving up many web pages on my home internet connection. I had to install a reverse proxy to be able to get to everything over port 80 from outside of my internal network, and I'm in the process of an ivp6 conversion so I can properly set everything up on native IP's without having to deal with various voodoo to get around NAT

Everyone

CodeBlox wrote: »

They shouldn't be allowed to tell me what I can host. We shall see.

Read your ToS carefully. They can, and do. If your ToS says you're not allowed to, and you do, they can ban you from their service. Changing the port will still be a violation.

Look into Business Class service if you really want to do it. Basic package is usually around the same price as residential service. You can host whatever you want (as long as it's legal obviously).

I've been hosting 2 sites in a VM running off my desktop since 08/11. My main one has 21,052 page views from 9,540 unique visitors according to Google Analytics. The other one I don't really keep track of.

rwmidl

Everyone wrote: »

Read your ToS carefully. They can, and do. If your ToS says you're not allowed to, and you do, they can ban you from their service. Changing the port will still be a violation.

Look into Business Class service if you really want to do it. Basic package is usually around the same price as residential service. You can host whatever you want (as long as it's legal obviously).

Listen to the man. As he said, most ISP's on residential service do not allow web/email/etc. hosting. If it is against their TOS and you are caught, they will cut your service. Even if you only get a few hits a month and not much traffic is generated, if they catch you it's game over. Also, since you said you get your IP from DHCP, there is a chance your IP could change so you might need to utilize something like DynDNS.

If you are really set on hosting your own site at home, it's probably worthwhile to upgrade to business class service with a static IP.

Tackle

I am currently hosting my own on a XP virtual machine. I am slightly fearful of the ISP catching me, as it is not allowed. It is a gamble I am willing to take at this time. I have plans to move it to a different hosting site eventually.

Edit: I'm also hosting my own Exchange, using port re-direction. I do not plan on moving this. I feel the risk of getting banned is slightly less as I'm using non standard ports.

Forsaken_GA

rwmidl wrote: »

Listen to the man. As he said, most ISP's on residential service do not allow web/email/etc. hosting. If it is against their TOS and you are caught, they will cut your service. Even if you only get a few hits a month and not much traffic is generated, if they catch you it's game over. Also, since you said you get your IP from DHCP, there is a chance your IP could change so you might need to utilize something like DynDNS.

If you are really set on hosting your own site at home, it's probably worthwhile to upgrade to business class service with a static IP.

I work for one of the major service providers in the US. We really do not give a **** about hobbyists hosting web and email servers and the like on their residential connections. Peer to peer apps chewing up bandwidth is a far, far bigger concern for us.

The clauses in the ToS are there so we can shut you down without getting sued if you decide to do something like run the next version of The Pirate Bay out of your home. Or you decided to start an email spamming business. The hobbyist who wants to setup postfix to run their domains mail server or apache to run a small website? Yeah, we don't care about that, as long as it's nothing that's illegal. If we do see something questionable, we don't terminate your service, we just put your account in questionable status so that you cant get out and when you open a web page, you get a nice redirect to a page telling you that you need to call us and talk to some security people, because we don't assume you're the one doing bad stuff, we assume something on your side got compromised and someone else is using it to do bad stuff, and we'd like to work with you to get everyone playing nice again.

As far as the IP address goes... you keep the same IP except under a few very specific conditions. My own home service is with my current employer, and I've had the same IP address for the last 5 years, despite it being on DHCP.

Three conditions will lead to an IP change -

#1 Your modem is offline for a week. At that point, your IP is released back into the pool and someone else may pick it up. Otherwise, any reboots of the modem will net you the same IP from the DHCP server

#2 We're migrating DHCP servers, and there were issues keeping the lease database. Sometimes those migrations don't go well, and we have to wipe the lease database and then kick everyone off to let them re-up. This gives us a consistent lease database (bad things happen when you have DHCP assigned IP's that aren't in the lease database...)

#3 We're splitting a node for capacity reasons, which means your connection may end up moving to a different piece of equipment at the headend. Since DHCP scopes are assigned per terminating device, this would necessitate a change in IP address.

Y'all are way too paranoid. Service providers *want* your money. As long as you aren't causing capacity or legal issues, you can do pretty much whatever you want.

Akaricloud

If you're going this route you might actually want to check into business class from your ISP. I know with mine, an identical business class plan is actually $3/month cheaper than normal residential. With business class you'll have fewer restrictions, better support and it might not be as expensive as you think.

dustinmurphy

Forsaken_GA wrote: »

I wouldn't say most. There may be a few mom and pop level ISP's that are still doing it, but most of the majors are not and have never done port 80 blocks at a network level. Some of the ISP's were providing CPE that had firewall blocks for commonly hosted ports in place, but those were easily turned off if you knew how to log into the router. Port 25 blocking did take place, but has largely fallen out of favor, there are only a few providers who still do it, and the ones I know of that do, will remove it upon request.

As far as the OP is concerned... yes, certainly. It's a good learning experience. I have many servers (most of which are virtualized) serving up many web pages on my home internet connection. I had to install a reverse proxy to be able to get to everything over port 80 from outside of my internal network, and I'm in the process of an ivp6 conversion so I can properly set everything up on native IP's without having to deal with various voodoo to get around NAT

Cox (a major provider in the Western United States) blocks several incoming ports... Ports Blocked or Restricted by Cox High Speed Internet

A lot of it is just so that they can sell you their "business class" internet, which basically removes the port block and gives you a static IP address.

I guess I was wrong to say "most" ... I should have said... "A lot"... because there are a lot of ISP's that do block incoming ports (I've heard that Comcast does, but cannot find any supporting documentation). If they do not block incoming ports, they may make it against their ToS... I was just mentioning that because I, too did this several years ago... and decided it wasn't worth the time and effort to make it available to the public. Now, I have a lab that I set everything up at my house... and make it available to me, myself, and I.

Forsaken_GA

dustinmurphy wrote: »

Cox (a major provider in the Western United States) blocks several incoming ports... Ports Blocked or Restricted by Cox High Speed Internet

Cox is also not consistent in this. My parents have residential service with Cox, and they do not have incoming ports blocked. I suspect it's a regional thing.

I guess I was wrong to say "most" ... I should have said... "A lot"... because there are a lot of ISP's that do block incoming ports (I've heard that Comcast does, but cannot find any supporting documentation). If they do not block incoming ports, they may make it against their ToS... I was just mentioning that because I, too did this several years ago... and decided it wasn't worth the time and effort to make it available to the public. Now, I have a lab that I set everything up at my house... and make it available to me, myself, and I.

Again, it's not been my experience that this is not the current case. I know alot of folks that work for alot of ISP's, not to mention I've had cause to work with alot of different ISP's in my career. Most of them used to, but most of them have also revoked that policy.

As far as Comcast goes... I can say with a reasonable amount of certainty that they do not do much in the way of port blocking. Comcast blocks most LAN protocols, like SMB, DHCP, etc, things that should never traverse a residential WAN connection (however, all of these can be tunnelled), and which are also potential attack vectors. Oh, and RIP. Port 25 is blocked by default, but can be removed with a call to customer service.

dustinmurphy

Forsaken_GA wrote: »

Cox is also not consistent in this. My parents have residential service with Cox, and they do not have incoming ports blocked. I suspect it's a regional thing.



Again, it's not been my experience that this is not the current case. I know alot of folks that work for alot of ISP's, not to mention I've had cause to work with alot of different ISP's in my career. Most of them used to, but most of them have also revoked that policy.

As far as Comcast goes... I can say with a reasonable amount of certainty that they do not do much in the way of port blocking. Comcast blocks most LAN protocols, like SMB, DHCP, etc, things that should never traverse a residential WAN connection (however, all of these can be tunnelled), and which are also potential attack vectors. Oh, and RIP. Port 25 is blocked by default, but can be removed with a call to customer service.

Interesting... I know I've had Cox for the last 6 years, and have always had these ports blocked.

Either way, his ISP may or may not block incoming ports or be against the ToS to host a server... I was just pointing out that it's POSSIBLE that they do, so it may not be worth the trouble.

Forsaken_GA

dustinmurphy wrote: »

Interesting... I know I've had Cox for the last 6 years, and have always had these ports blocked.

Either way, his ISP may or may not block incoming ports or be against the ToS to host a server... I was just pointing out that it's POSSIBLE that they do, so it may not be worth the trouble.

Well it's fairly easy to check, and y'all should be encouraging him to figure that out first rather than saying don't bother or upgrade to business class service

And again, ToS violations are not something I'd be terribly concerned with, unless he plans on hosting pirated software, movies, music, kiddie pr0n, etc. The worst thing that's likely to happen to a hobbyist is that they'll get a phone call or email telling them to stop it, followed immediately by a sales pitch to upgrade to business class, but the chances of the ISP contacting you over a website you tossed up on your residential connection that you, maybe some friends, and members of an online forum are the only ones who will ever see are pretty damn small, as there's usually more issues than people in national provider networks going on, that small and insignificant of traffic isn't even worth looking at.

CodeBlox

Ahh, my ISP is Cox. I hope it still works out. I've got the residential high speed service. They never call about anything thus far so hopefully this should be fine. It would be something that most likely only I would access and a small few other people. Im not planning to host anything illegal lol.

dustinmurphy

CodeBlox wrote: »

Ahh, my ISP is Cox. I hope it still works out. I've got the residential high speed service. They never call about anything thus far so hopefully this should be fine. It would be something that most likely only I would access and a small few other people. Im not planning to host anything illegal lol.

The best you can do is just try. Although to ME, it was too big of a pain to deal with hosting my own server... it was fun figuring out how to set it up. I just wanted to warn you that it's possible that you will not be able to hit it from the outside. After I learned how to admin Exchange, I wanted to setup my own mail server... but alas... it was blocked. It's also possible that they have removed the blocks by now. I haven't tried in a few years. As I said before... use a machine that you can handle being compromised. Do what you can to isolate it from the rest of your network (with most home networking, it's virtually impossible...)... that way if it IS compromised... you don't lose personal information.

afcyung

If you wanted to hide the traffic from your ISP couldnt you just load a certificate to the website and enable HTTPS with TLS or SSL? If you are the only one using it you could just create your own CA and load into your browser as a trusted root CA and enjoy an encrypted connection to your website?

CodeBlox

That sounds really nice to implement. I'm familiar with those terms (CAs , TLS, SSL ) but wouldn't know where to begin with setting up a CA. Who knows, i'll probably end up trying it. Will be googling a lot for sure.

MAC_Addy

I've been thinking about contacting my local ISP, which is COX about getting a static IP. When I first signed up (over 5 years ago) it was in the paperwork that I could get a static IP. The only reason why I want a static IP is because I have security cameras in my house, not that I live in a bad area. Just assurance for when we're away on vacation and if someone breaks in I have the footage to provide to my insurance company and the police.

dustinmurphy

MAC_Addy wrote: »

I've been thinking about contacting my local ISP, which is COX about getting a static IP. When I first signed up (over 5 years ago) it was in the paperwork that I could get a static IP. The only reason why I want a static IP is because I have security cameras in my house, not that I live in a bad area. Just assurance for when we're away on vacation and if someone breaks in I have the footage to provide to my insurance company and the police.

My guess is that they'll NOT give you a static IP and will tell you that you have to upgrade to "business class" to get a static IP. (This is the answer I got the last time I asked for a static IP)

If you decide to ask... report back...

MAC_Addy

Data & Internet Pricing & Plans serving Tulsa | Cox Business

Check under Home Office Premium, that's the one I have. It says I do get a static IP, but I don't. I'll give them a call tomorrow.

dustinmurphy

MAC_Addy wrote: »

Data & Internet Pricing & Plans serving Tulsa | Cox Business

Check under Home Office Premium, that's the one I have. It says I do get a static IP, but I don't. I'll give them a call tomorrow.

Ah, sweet. I just have their residential service... I pay like $49.99/mo. My office was using their 50/5 business service... it was nice... I had a few speed tests over 90Mb/s... and it was cheaper than a T1. Now, I think they have 30/30... but I'm sure they're paying a hefty price for it... I am no longer working there as I had to leave due to some health issues.