The Raspberry Pi is a low-cost device, and it consumes low power. It can be used as a web server with your home internet, and you will have complete freedom to implement ideas. Nowadays, popular cloud services are costing high for the same specifications and have recently banned some websites for showing some legal terms. This post will guide you on how to configure and host a website on your home Raspberry Pi device with AT&T home network. All of my web applications are hosted on my home server, a Raspberry Pi 8GB with an external SSD, which usually costs under $99.
- Raspberry Pi
- Public domain
- CloudFlare free account
Install the Linux operating System
Use Raspberry Pi images software and choose Linux based operating system.
There are many resources and videos available on the internet to set up a Raspberry Pi 4.
Set up SSH authentication with a PEM RSA file without a password ona Ubuntu/linux Raspberry Pi Server
Activate Free SSL Certificate for Your Website
Home Network Gateway
Firewall Access
Enable HTTP port 80 for the Raspberry Pi device.
Firewall HTTP/SSH
Enable HTTP and SSH ports for the Raspberry Pi device. SSH is not required if you don't want to access from the outside network.
Security
You have to protect your home server as much as possible.
UFW Firewall
Linux offers a firewall tool called UFW(Uncomplicated Firewall) for monitoring and filtering incoming and outgoing network traffic. Using this, you define whether to allow or block specific traffic.
You need sudo privileges to install UFW
$sudo apt install ufw
Check Ubuntu Firewall Status
Disable Firewall
Enable Firewall
Allow Ports
Enabled HTTP(80) and SSH(22) ports for incoming traffic. If necessary, enable HTTPS(443) or other ports.
$sudo ufw allow 80
Fail2ban
Fail2ban is the most powerful tool that protects from attackers. You can define a set of rules to ban the attacker's IP address.
Fail2ban installation
$sudo apt install fail2ban
Check Status
Using the following command, you can verify the status.
The result will look like this:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-05-22 04:23:44 EDT; 1 months 4 days ago
Docs: man:fail2ban(1)
Main PID: 626 (fail2ban-server)
Tasks: 5 (limit: 4915)
CGroup: /system.slice/fail2ban.service
└─626 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Configurations
You can define the rules by modifying /etc/fail2ban/jail.conf file. Here maximum 3 SSH retries ban the attacker's IP address.
# SSH servers
#
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = -1
Disadvantages
Home network providers are not allowing PORT 25 or SMTP for all residential customers to avoid SPAM emails. Instead, you can use an external SMTP PORT 435 connection, or you have to convert the account into a business account.
0 Comments