[HN Gopher] I wish my web server were in the corner of my room ___________________________________________________________________ I wish my web server were in the corner of my room Author : flobosg Score : 340 points Date : 2022-10-11 17:04 UTC (5 hours ago) (HTM) web link (interconnected.org) (TXT) w3m dump (interconnected.org) | hiidrew wrote: | This is one of my favorite blogs that I read consistently. Some | of my favorites: | | Micromorts: units to measure risk of death-- | https://interconnected.org/home/2020/09/01/microcovids | | First words-- | https://interconnected.org/home/2020/10/12/first_words | | State sponsored fashion-- | https://interconnected.org/home/2022/08/16/fashion | | Speaking with dolphains-- | https://interconnected.org/home/2020/07/20/dolphins | | Bottling the overview effect-- | https://interconnected.org/home/2021/07/20/overview_effect | ianbutler wrote: | I have a full server rack in the corner of my apartment. I'm | doing a rebuild right now, but I've had that rack for the last 7 | years. It's definitely possible. | suzzer99 wrote: | I worked for a major satellite TV provider. In the early days the | website was just information and directions to the nearest | installers - no bill pay or buy flows. The website ran from under | the boss' desk. | mro_name wrote: | wonderful. That spirit is what we aim for at our youth centre | http://jugendhacktlab.qdrei.info/. Raspis all the way down. | torpid wrote: | I have the same feelings. When I ran a single-line BBS from my | bedroom as a kid, I would get excited every time someone would | dial in and I'd see activity. | _osorin_ wrote: | The optimal setup (I can think of) that I'm planning to do is to | separate a Raspberry Pi on a VLAN and combine it with a cheap | hosted reverse proxy from a third party. The reverse proxy part | might be a luxury but it's just in case you don't want to expose | your home network. | dusted wrote: | Mine still is. I wish my mailserver still was, it was for more | than 20 years.. but these days, getting to send mail out onto the | net from a normal internet connection is pretty much impossible. | Self-hosting is dead. | the-printer wrote: | The comments seem to be in conflict with the content of the blog | post. The author seems to be lamenting what is feasible more or | less, but seems uninterested in putting in the extra effort to | keep up or anticipate the expectations or demands of the modern | web. It almost as if his nostalgia is at war with whatever tastes | he has acquired technologically since his college days. Maybe he | can compromise by caring less about the demands or expectations | about the modern web. | superkuh wrote: | Mine is. It has been for 20+ years. It works great. As others | have said, POSSE. A repository webserver (nginx) serving static | files is incomparibly less of a security risk, than say, running | a modern web browser with javascript enabled. But if you go | .php/whatever yeah, that's risky. | amelius wrote: | Is it scalable and how do you deal with the noise and | cooling/power requirements? | kixiQu wrote: | Isn't it kind of explicitly about _not_ being scalable? | louwrentius wrote: | If those are your requirements for the websites you host, the | point of this article is not relevant for you in that context. | ocdtrekkie wrote: | I find an Intel NUC is more than capable of good selfhosting, | and is nearly silent and uses very little power. | camtarn wrote: | From experience, if you're a heavy-sleeping teenager like I | used to be, the noise is less of an issue ;) I don't think I | could cope with the sound of two fans and three HDs spinning | nowadays, but back then it was a tiny price to pay for the | coolness of having a real server in my bedroom. | | Nowadays I just run an RPi3, which is silent and takes very | little power. | rr888 wrote: | Anyone have a simple idiot proof way to make sure a hacked | webserver can't hit your internal network? I have two routers | (effectively a DMZ) but there must be a better way than two | levels of NAT. | upofadown wrote: | I have the router for the internal network (a Linux box) do a | bridge. So it is all the same network and no extra NATing is | required. That router blocks connections into the internal | network. | louwrentius wrote: | That DMZ is fine already, assuming they can't start hacking | your routers. | | What you ideally want is network segmentation, use VLANS and | put devices in their isolated network, only allowed to talk to | the router/firewall, which only allows incomming traffic and | doesn't allow the web server to initiate connections to the | internet, except for NTP, software updates and DNS (fixed ips). | rr888 wrote: | Yeah I actually had a Ubiquiti Edgerouter doing this but I | was never confident enough it was set up properly, hence the | other solution. | 0xbadcafebee wrote: | Sounds like the people visiting the website are reduced to a form | of entertainment for the author, like a reverse-zoo, where the | animals are watching the people that come visit. | | I imagine an evolved version of this, where the computer speaks | the location of every visitor, their OS, browser, etc. Maybe tied | into an Ad Network you could get the visitor's name and address | spoken aloud, maybe even their picture. Voyeuristically watching | the people coming to your website, from your bedroom. Hmm, that | one was cute, let's send them a message. | jstanley wrote: | Interestingly, the background colour of this site seems to change | over time very subtly, and it's done by CSS with no JavaScript: | The "changingbg" parts in | https://interconnected.org/home/static/styles/interconnected... | _dain_ wrote: | it screws up my darkmode extension i tell you hwat | MH15 wrote: | In college we'd run a Plex/backups/Minecraft server in an old HP | box on the floor. It survived a very hostile environment and was | very educational to work with. | kornhole wrote: | Need to mention here that yunohost.org is a great easy solution | for your RPI or any other hardware or VPS. It is maintained by a | great community that takes care of most of the essentials and | provides a great webUI for installation and maintenance. Some of | the built in features: Domain management with NGINX reverse proxy | and Lets Encrypt certs. Fail2Ban brute force protection. Easy | install and upgrade of many free server apps. I love looking over | at my little RPI in the corner serving my friends and family. | H1Supreme wrote: | I run a webserver (a k3s cluster, actually) from home, but | considering how generous the free tiers of cloud providers are | (Google Cloud in my case), why waste your home internet bandwidth | for a personal site? | | In terms of my home server, I mostly point subdomains at it to | test projects running on my laptop (via an nginx proxy_pass), or | share photos/music with friends. I used to use it a lot more when | I why working away from home. | | Outside of web facing uses, it's nice to have a central place to | store and retrieve files from multiple devices. I'm using a an | older i5 Intel NUC, and it works great. | ThePowerOfFuet wrote: | > considering how generous the free tiers of cloud providers | are (Google Cloud in my case), why waste your home internet | bandwidth for a personal site? | | Because arbitrary ToS "violations" are a thing, and good luck | getting that fixed with them. | MarioMan wrote: | In the case of static sites, it can be as simple as copying | the latest version to a new server and updating your DNS | records. I would try to avoid lock-in not only for the | reasons you stated but also to be able to freely shop around | for better options at any point. | nixpulvis wrote: | Funny, I just spun back up my kaaik.local the other night. | | Still working through some things, but everything basically works | the way it should. Firewalls might not be a bad idea to update | though. | robust-cactus wrote: | At this point I now host my small projects (less than 10k users) | exclusively on boxes in the corner of my room ha. | | AWS and heroku are quite expensive for small projects and | performance isn't great. Dynamic IP is not a problem these days | either (it's also quite surprising how infrequently your IP | changes fwiw). | | If you're looking for heroku like interfaces check out Dokku (or | other open source PaaS platforms). | | After this tier of usage I think I'd consider moving many things | to cloudflare workers. | FpUser wrote: | I have 1gbps symmetric fiber with static IP so I run some of my | backends from home. Works fine for years. | barelysapient wrote: | Ditto. No complaints. | aidenn0 wrote: | The upstream on my cable modem is about 1/6th what my college | dorm-room[1] upstream was, and I'm not sharing it with 1000s of | other people. | | 1: It was two T3 lines, but only half of the second line was | provisioned, so ~67MBps vs today's 12MBps. | rstat1 wrote: | I've done this for 10+yrs. Started with a single core Intel Atom | powered netbook when those were still a thing, then moved to a | quad core Atom desktop, to now where I have a 2nd Gen Core i3 | desktop that will soon be combined with a similarly old 2nd gen | i5 laptop. Runs half-a-dozen VMs, and like 10 or so different | services, probably half of which are custom. At one point when I | was still in school it even had a 5 person heavily modded | Minecraft server (barely) running on it. | | I'm basically the only user now. Its been a great learning tool. | | Public access used to be through exposing the proper ports to the | Internet, but now its through a Cloudflare tunnel and Tailscale. | anderspitman wrote: | > So... practically: how to achieve this in 2022? | | I'll paraphrase myself from a few days ago[0]: | | The reality is that we've let you down. Self-hosting shouldn't be | any more complicated or less secure than installing an app on | your phone. You shouldn't need to understand DNS, TLS, NAT, HTTP, | TCP, UDP, etc, etc. Domain names shouldn't be any more difficult | to buy or use than phone numbers. Apps should be sandboxed in | KVM/WHPX/HVP-accelerated virtual machines that run on Windows, | Mac, and Linux and are secure-by-default. Tunneling out to the | public internet should be a quick OAuth flow that lets you | connect a given app to a specific subdomain, with TLS certs | automatically obtained from Let's Encrypt and stored locally for | end-to-end encryption. | | The technology exists to do all of these things, but no one has | taken the time to glue it all together in a truly good UX (we're | working on it). Pretty much every solution in this space is | targeted at the developer market, not self-hosters. | | [0]: https://news.ycombinator.com/item?id=33098471 | sneak wrote: | Almost no individual user has an internet connection that | allows self-hosting. | Havoc wrote: | That's either one hell of a generalization or a USA specific | thing. There are definitely some ISPs that don't prohibit it | and even give you the tools for it - static IP, unlimited | gigabit upload. | | I doubt mine would say anything even if I pushed 100TB a | month through it. All their congestion issues are on download | side thanks to residential traffic being mosty download | (netflix etc). | redavni wrote: | Realistically, anyone with an IP connection already self | hosts a wide assortment of IP packets. As long as it isn't | commercial or abusive, they are never going to know or care. | sneak wrote: | This is false. I got nastygrams from my residential ISP in | the US accusing me of running servers because I rsynced 3TB | of photos offsite as a backup. | | It was not a server, not commercial, and not abusive. I was | threatened with disconnection. | anderspitman wrote: | Wow, that seems pretty extreme. What's your ISP? | sneak wrote: | Cox. I also pay extra each month for unlimited data | transfer. | dont__panic wrote: | What did you do to deal with those nastygrams? I'd | probably try to feign ignorance, blame it on a computer | virus or something, and avoid that kind of massive | transfer in the future. I run my own server from home so | I'm curious if I could get away with that, or if I should | consider alternative solutions. | sneak wrote: | 3TB is not massive. I know professionals who shoot that | much in a year; this was all my digital photos from | 1997-2021. | anderspitman wrote: | Are you referring to reachability or bandwidth? Reachability | is solved by tunneling[0] and SNI routing. 1Mbps upload is | plenty for many self-hosting uses. Or are you talking about | something else? | | [0]: https://github.com/anderspitman/awesome-tunneling | Rebelgecko wrote: | Probably TOS. My ISP provider technically bans running any | type of server, but it hasn't been an issue for me. | anderspitman wrote: | Ah that makes more sense. Also very sad. Hopefully as | fiber becomes more prevalent that will become less | common. | ulimn wrote: | Out of curiosity, if I may ask: where do you live? | | (Because I've never heard of such a thing.) | arealaccount wrote: | ISPs used to block port 80 and 443 but it seems they've | relaxed that restriction for quite some time now. Maybe it's | regional. | sneak wrote: | Cox in Nevada just started blocking port 80 during the last | year or two. | icedchai wrote: | I've had one at home for over 25 years. (Currently, I have to | pay extra for a business cable connection, however!) | mechanical_bear wrote: | I'm on comcast and self host. -\\_(tsu)_/- | TrevorJ wrote: | You mentioned phones, which reminds me how much I wish there | was a nice toolchain that would allow for hosting a webserver | or maybe a federated social network of some sort on old android | hardware. There are millions of old smartphones sitting in junk | drawers and it's a shame they can't be put to good use. | anderspitman wrote: | I've done some work on this. Android is a very toxic | environment for this sort of thing, primarily due to | draconian filesystem permissions and aggressive killing of | services. It's all in the name of security and battery life, | but I wish there were an easy way to turn that all off for | selfhosting. | | I've also seen people mention that apparently the flash | memory doesn't do well with server type workloads, but a lot | of that could probably be mitigated with logging to RAM, | using a CDN, etc. | _carbyau_ wrote: | What I want: | | 1. GP quote: "Domain names shouldn't be any more difficult to | buy or use than phone numbers." | | 2. Your quote: "federated social network of some sort on old | android hardware." | | Put 1 and 2 together. | | The only reason Facebook exists is as a middleman between | people trying to pass messages to each other. | | If people could easily find each other and run trusted non- | proprietary software: A. there'd be no ads B. all comms are | direct so government agencies couldn't simply compel access | from a single source | sitzkrieg wrote: | its a lot easier to buy domains than phone numbers sadly | anderspitman wrote: | Technically true, but you have to create an account with a | company that is targeted at very technical customers. And | using them requires understanding DNS, which is an insane | prerequisite. We need a consumer domain registrar. | WanderPanda wrote: | I just saw that icloud.com has a domain registrar built in | (for receiving emails) I would say that is as "consumer" as | it gets, no? | anderspitman wrote: | That's good, but should every service have to implement | their own registrar? We don't all have the resources of | Apple. Plus, what if you want to host other services on | subdomains? Even if you can manually set DNS records, you | shouldn't have to. I should be able to use the registrar | of my choice, and icloud should use an OAuth flow for me | to approve them having control over a subdomain, and they | make changes via a standardized protocol. | | There's some previous work in this space and I've also | dabbled myself[0]. | | [0]: https://takingnames.io/blog/introducing-takingnames- | io | Melatonic wrote: | I would not be too hard to use a Cloudflare Tunnel (free) or | NoIP or similar. Really depends on what you want to host | exactly though. | anderspitman wrote: | Cloudflare Tunnel solves part of the problem, but not nearly | all of it. Plus it's targeted towards developers and operates | as a loss-leader product. | | But I think a company that's similar in a lot of technical | ways to Cloudflare but targeted towards self-hosters instead | of developers could be successful. | ocdtrekkie wrote: | Sandstorm.io glued this all together in 2014 and it's still | available today. https://sandstorm.io | anderspitman wrote: | Sandstorm is awesome, and still way too hard for my dad to | use. | lucb1e wrote: | Speaking as someone who hosts multiple websites, email, etc. in | the corner of a room | | > [it should] be reliable if I kick a cable out of the wall | | Right, if you want it to be reliable but also be able to cut its | cables, then you will need a secondary host outside the home. | | > or in the unlikely event that I get a bunch of traffic. | | Are you serving media (music or video of more than a few | seconds)? If not: DSL or mobile data (if your data cap allows) is | fine for HN front page. Judging by the current page weighing | 100KB, you can have 10 visitors _every second_ at 1 MiB /s | upload. (HN reaches that rate only in spikes, even at a top three | position.) | | > I'd also like it to be quick! | | It's currently not quick at DigitalOcean (2 seconds for TLS | setup, 12 seconds for HTML, 8 seconds for JavaScript, etc... 27 | seconds total). It can only get better! | | I can recommend something beefier than a raspberry pi, though, or | at least than than the pi 1-3 speeds that I'm used to. I | personally use an old laptop which is plenty fast for, well, | anything you'd also ask of a daily driver, except it now doesn't | need to render a GUI which speeds things up a lot. They can peak | up to 100W depending on the model, but are usually very low power | when nothing is being asked of them. | | > Oh, and I don't want to have my home network hacked. | | Then install unattended-upgrades, put admin panels (phpmyadmin, | wp-admin) behind basic authentication, don't host things you | don't trust (random code written by 'someone on the internet' | that has never been tested by anyone), put it in a VLAN if you | want to be extra cautious, and you'll be fine. It never hurts to | keep your phone and other systems on the LAN up-to-date anyhow so | they should be secure as well, even if someone does get in. | shadowgovt wrote: | How did you solve the problem of getting a stable mapping from | DNS name to IP address? | | For me, that's the big challenge; all I have is home internet | on a dynamic IP provided by one of the big cable monopolies in | the US. | wtf_is_this wrote: | I didn't see this as an answer, but use Tor (: It has the | side benefit that it's harder to discover your service(s) on | the wider Internet. | hugey010 wrote: | I'd call your ISP, because mine is not small and offers | "business" class service which costs the same as residential, | reserves a static ip, and slightly boosts uplink speeds. | lostlogin wrote: | What does a static IP cost over there? It was a US$7.50 one | off charge here in New Zealand. | [deleted] | lucb1e wrote: | My ISP simply gives everyone a static IP by default. | | I know of only one ISP in the Netherlands that uses CGNAT and | there you can ask support to fix it, which takes them 24 | hours. I learned that the hard way when wanting to have a | gaming night, hosting a factorio server in my student room. | No gaming night for me, or so the ISP thought while rubbing | their hands. It took me a bit but I eventually managed to | proxy the UDP traffic somehow, not sure anymore if I used | hole punching or somehow encapsulated it in TCP and reverse | SSH tunneled or something. (Edit: on second thought, pretty | sure I asked the other participants if they had IPv6 -- they | did not -- and then proxied the traffic from my server via | IPv6 using iptables. /edit) | | We are quite fortunate with having had an early ISP community | that managed to gobble up all the IP addresses we'd need for | a good long while, and our population is relatively stable | compared to other parts of the world. I know not everyone is | this fortunate. (Hello ipv6...) | | Even in a place like Germany, it seems one needs to be a | business connection to get this service, it's simply not | offered for consumers at all that I could find in some town | in NRW. This is why I'm so happy the Netherlands has ISPs | like Freedom (successor of XS4ALL) and Tweak who not only | care about being cheap. Even if you don't use Tweak or | Freedom, I feel like it keeps the local competition sharp. | quest88 wrote: | ddns tools like noip. | rodgerd wrote: | I guess this depends, but most ISPs where I live will do a | static IPv4 for residential. Mine also does a /56 IPv6 | allocation if you ask. | HuwFulcher wrote: | You can use something like dynamic dns updaters[0]. They run | on the box and when they detect that your ISP has changed | your IP will update the DNS records accordingly. | | [0] https://github.com/timothymiller/cloudflare-ddns | zrail wrote: | Dynamic DNS has been a thing since the first dotcom boom. | Your router probably already supports at least one service. | mdorazio wrote: | Most ISPs offer a static IP address as an add-on or higher- | cost service. Might vary depending on where you live, though. | toast0 wrote: | There are free dynamic dns services available. dns.he.net is | one. | | Try not to worry too much about what happens when your IP is | reassigned before you can update the name. | Gigachad wrote: | You can rig up your own dynamic dns pretty easy. Most dns | services have some simple api you can use so usually it's | just a curl line in your cron tab to run every minute. | sally_glance wrote: | If you're lucky and your ISP supports dynamic DNS updates: | Get a router/gateway capable of running OpenWRT | (alternatively some routers might support this natively, or | you could setup an old PC for routing), use the appropriate | client and set it up to adjust the DNS record [0]. | | [0] https://openwrt.org/docs/guide-user/services/ddns/client | jvolkman wrote: | Dynamic DNS as others have mentioned. Or, many ISPs will | provide static IPs for an additional cost, but you may need | to switch to their business service. | pak9rabid wrote: | Personally, I host my DNS with dyn.org, and use something | like ddclient (which runs on my Linux firewall/router) to | update my DNS records with Dyn in the rare event it changes. | I've never had issues with it. | belval wrote: | Here are several things that you can do (from more to less | affordable): | | - Setup public IP updating. You server runs a daemon that | updates the DNS record automatically. You can do that with | NameCheap. ($) | | - You can pay 5$ to have a digital ocean droplet that acts as | a reverse proxy that just forwards traffic to your real | server. ($$) | | - You can pay for "entreprise" service and get a static IP. | ($$$) | graton wrote: | One option would be to use Cloudflare Tunnel [1] | | You would run a program on your system which connects to | Cloudflare. The traffic goes to Cloudflare first, and then | gets forwarded to your system. | | [1] https://blog.cloudflare.com/tunnel-for-everyone/ | anony23 wrote: | I like ngrok | airstrike wrote: | Once upon a time I ran a local Shoutcast radio server on | Winamp 2 and used no-ip.org to configure a DNS name | dynamically | daledavies wrote: | I have a cron job that updates my domain's records at | digitalocean every hour via their API. But in practice my ISP | only actually seems to issue a new IP if I restart my router. | Haegin wrote: | To solve the redundancy problem I wonder if running something | like Hashicorp's Nomad on a few raspberry pis split across some | friends houses could work nicely. Each site gets hosted at | multiple houses for redundancy but no one person needs multiple | devices. | pak9rabid wrote: | I second the isolated VLAN approach. I host all my public- | facing sites in a VLAN specifically made for that, which grants | no access to anything private. | bonestamp2 wrote: | I third. I've got our computers and phones on one VLAN, | everything else is on a separate VLAN (streaming boxes, | cameras and other smart home crap, guest devices, etc). | iso1631 wrote: | > I personally use an old laptop which is plenty fast | | If connected on wifi to your router this of course solves the | "kick a cable out" problem too, even if the battery is really | old you'll almost certainly still have a few minutes. | | > Then install unattended-upgrades, put admin panels | (phpmyadmin, wp-admin) behind basic authentication | | I'd go as far as protecting the directory to only allow access | from local network, and use wireguard to reach the machine. | | It's likely a server in the corner of the room will cost more | than a VPS, certainly in my country. A server drawing 25 Watts | cost more than the $3/month I pay. (That said I also have a | pihole running on a 1B - my parasitic house load is about 100W | for the fridge, router, wifi, etc) | lucb1e wrote: | > even if the battery is really old you'll almost certainly | still have a few minutes | | Very true! Battery from like 2015 still manages to keep it | running for about two hours I think, which is frankly | amazing. I was constantly dealing with taking the battery out | of the laptop when not in use (98% of the time, it was | connected to a charger, either in a classroom or at home, so | I'd need only to bridge the stand-by/suspend/sleep period in | the train). At the time, it didn't seem to have an effect as | the battery still decreased in capacity and I was | disappointed with the results, but I gotta say, it is | certainly doing a good job since then! | | Unfortunately, external drives on the 'server' are not on | uninterruptible power and having two of them in a btrfs | mirror caused me more headaches than I like to admit. Even | after I figured out which one had the more recent data after | going out of sync, I misunderstood the phrasing of the man | page and mixed up the arguments for the device to be | recovered and the device to recover from. 2/7 would not | recommend btrfs on devices without UPS, or if you don't want | to shell out the money to buy three instead of two large | drives so you can have a 1:1 disk image of the known good | device before starting to operate on it (which is what btrfs | was supposed to do in the first place, but alas). | | > A server drawing 25 Watts costs more than the $3/month I | pay. | | With the screen and keyboard backlight and such turned off, | it should draw less than 25W unless you're actively making | use of it (and thus it being worth it), but yes that's | ballpark correct. | | I also get a lot more value out of it than what I expect to | get for $3/month, though :). LAN speed transfers can be nice, | no network latency (at least not beyond of your control) when | you host a game server, access control is all up to you, | dedicated hardware, you can choose to upgrade to 16GB RAM at | will (perhaps you got a new DDR4 machine and have no use for | the old DDR3 RAM that still fits in this 'server') without | having to pay extra every month for those gigabytes forever, | buying storage basically at cost price... | LeifCarrotson wrote: | > I'd go as far as protecting the directory to only allow | access from local network, and use wireguard to reach the | machine. | | Or, you know, only allow access from the attached hardware | and reach the machine the old-fashioned way: By walking. | | Regarding costs, it's useful to know the cost of a watt: For | my electric rates, the equation runs: | $0.11/Watt-month = $0.162/kWh x 730 hours/month / 1000 | kilowatts/watt | | So at least in my area the 25W server would not quite cost | more than $3/month. | makapuf wrote: | I _roughly_ equate 1W ~ 1$ / year, a bit more now. | lucb1e wrote: | I thought I had made a mistake when I calculated the cost | of 100W incandescent lighting to be the awfully | coincidental number of almost exactly 100EUR/year. | Finding this to be correct was quite the revelation: | makes estimating the cost of _anything_ in the house so | easy because I already knew the wattages :) | | (The landlord had installed these sensor-activated | ancient bulbs in the hallway, where I pass through to to | the cellar / power meter, and I was trying to track down | this mysterious 100W that seemed to be always running, | without fail. Turns out, it was only running when I was | checking the meter! We then did the math with a better | runtime estimate and still went out to buy LED bulbs at | our earliest convenience. They're brighter than before | (we erred on the high side), just as warm light, and use | 2.5x less power.) | parminya wrote: | No matter how common it is, I never know what "2.5x less | than some reference number" means. Is it "divide the | reference number by 2.5"? | Melatonic wrote: | Old laptop at your own place + second old laptop at a home | lived in by family or friend would probably work great for | this. | | Hell now I want to try this with two old but decent android | phones - they would sip power and have a built in UPS and would | blow a RPI out of the water speed wise. Throw a USB-C to | Ethernet adapter on each and setup for HA (or if you were | really lazy just a simple round robin DNS setup). Put one at a | friend house and have them both setup with the free Cloudflare | proxy thing and you would not even need to open any ports on | your firewall. | adhoc_slime wrote: | Pretty much! As engineers we all sweat sleepless nights mulling | over five 9's and we conflate these valid business needs with | our hobbies and personal art/projects. | | It doesn't have to be this way! Put it on a pi and have fun, if | not for your sanity at the very least do it for your second | most valuable resource, your time. If all a person wants to do | is have a website that plays a piezo buzzer when someone visits | on your RPi, just write that damned code, they shouldn't feel | the need to worry about all the nitty gritty when all that they | wanted to do is have fun! | marginalia_nu wrote: | 89.9999% has five nines too, just sayin' ;-) | BizarroLand wrote: | 0.99999% as well | NaturalPhallacy wrote: | ~3.65 days of a year. I suspect a lot of small projects | nail this. | ajsnigrutin wrote: | I was just about to write that "today" is the best time to run | servers in your room, due to raspberrpis and low power usage... | then I remembered that it's practically impossible to buy one, | and that the media is already preparing us (here in the EU) for | power restrictions.. so yeah.. :/ | yrgulation wrote: | Sorry i have to comment on this cheezy as it may sound. | | Dont give into the fear. See if there are alternative power | sources you can play with for your raspberry pi and see if | there are creative ways to buy them (used, other countries, | etc). | | Re power sources, what can you do with a solar powere battery? | Is there a diy system of power you can build? One that takes in | mainline power when available, and solar or battery when not? | talking about small hobby panels that can charge a battery | during the day and discharge at night. I used power banks for | that purpose. | | In this context if my life style is under threat i want to life | style even harder. I sold a car and instead of buying a | replacement i will install solar panels. I know its a fortunate | case but even if i can life style a little bit harder and lay | less in energy then i will do so (not waste energy but say if | it gets cut because of actions if a certain dictator then i can | still plug my phone in to criticise said dictator ... even | harder). | | tl;dr; i'd look for creative solutions just so i can stick my | two fingers up to the current situation. | sneak wrote: | Running servers on home connections can get your broadband | disconnected now for ToS violation. | | Cox now blocks port 80, making LE certs harder to get. | | The monopoly situation (enabled by regulators) means if you lose | your connection you are probably offline completely. There are no | alternatives or competition. | | Even if you tunnel/VPN, uploading too much, even on a pay-extra | "unlimited" plan, they will accuse you of running a server and | threaten disconnection. This happened to me when I rsynced a few | TB of photos offsite for backup. | VincentEvans wrote: | Perhaps a good opportunity to ask - for a long while now I've | been hoping that some manufacturer took on a task of producing a | good server suitable for this / homelab purpose? Something that | allows a ton of ram (512gb at least?) to run VMs, middle of the | road cpu with a ton of cores but energy-heat-noise friendly | frequency, ssd, and all in a tiny, quiet, and attractive shell | the size of a router that sits on a bookshelf? One can dream. But | point me kindly to something that isn't a rack mount pizzabox | that sounds like a jet? | mitjam wrote: | SuperMicro has Xeon-D 1700/2700 boards and matching Mini tower | cases for up to 20 Cores, 512 GB ECC RAM and redundant 25 or 10 | gbe and 1gbe ports on board - Not cheap, though: | https://www.supermicro.com/en/products/embedded/servers the | prebuilt servers have smaller cases with noisy small fans but | you can combine some boards with the mini tower with larger | fan. | anderspitman wrote: | Maybe take a look at https://privaterouter.com/ and | https://kubesail.com. | numpad0 wrote: | Do you really need more than ... 128GB of RAM? Most desktops | can do 64GB, some ITX and most ATX board can be populated for | 128GB, beyond that require server platforms with >2 DIMM | channels or LR/RDIMM. | | Most people should be fine with an office mini-desktop like | ThinkCenter Tiny line, sketchy(sorry!) Docker features on a NAS | kit, or even an Amazonian Celeron mystery boxes. | throwaway22032 wrote: | Mine is and has been for a few decades. Different machines, but | yeah. | | I run it behind a cheapo VPS for geolocation reasons. | naillo wrote: | It's interesting how people used to do this back in ~2005 but now | don't, however nowdays computers are much much faster and | stronger than they were in 2005 so it aught to have become _more_ | feasible since a normal laptop should be akin to a small cluster | back in those days. | jonas21 wrote: | It's also easier and faster to make your own butter today than | it was 100 years ago, but most people don't because it's even | easier to just buy some at the store. | dylan604 wrote: | oh, but that handmade butter tastes soooooo much better! | LtWorf wrote: | I still do it, but for private non indexed stuff. | adrian_b wrote: | Not all have given up. | | I have a web server in the corner of my room since the | beginning of 2004. | | Besides being a firewall/router/switch and hosting a web | server, it hosts more than a dozen other services, including an | e-mail server, NTP server, DNS servers, DHCP & TFTP servers, | etc. | | In 18 years it did not have any down time, except for a few | minutes every 3 to 5 years, when I have upgraded the hardware. | | I could have upgraded the hardware less frequently, but I have | replaced it whenever I could reduce the power consumption | without decreasing the performance. | | Now it is at the 6th hardware version. It has started as a big | Pentium 4 pedestal server consuming over 200 W, but until now | it has been reduced to an Intel NUC with a 4.5 GHz 4-core | Coffee Lake U CPU, together with 4 USB to Ethernet adapters | used to increase the number of Ethernet ports to 5, consuming | not much above 10 W, while being much faster than the oldest | servers. | | A laptop has the advantage of incorporating an UPS, but I would | not trust most of them with working 24/7 for years, like an | Intel NUC, or preferably some fanless small computer (with an | external UPS). | dylan604 wrote: | >In 18 years it did not have any down time, except for a few | minutes every 3 to 5 years, when I have upgraded the | hardware. | | I wish I had that reliable of a power source. Even with a | UPS, I've had tornados, snowpocalypse, etc where the power | loss has lasted longer than any UPS I have. | jonas21 wrote: | I'm more impressed by the internet connection. Mine is down | for at least a few minutes _every week_. And that 's only | counting when I'm at home to notice it. | adrian_b wrote: | Though I am an individual user, I have paid since the | beginning for a "business" internet connection, in order | to obtain some (8) static public IPv4 addresses. | | It has cost me about $60 per month, which is | significantly more than non-business connections of | similar speed (currently around 400 Mb/s) cost around | here. | | Paying for a business connection has been the main | expense for having my own e-mail and web server. Except | for the first server, all the later upgrades have been | done by reusing computers that had been originally bought | and used for other purposes. With the quickly declining | power consumption of the newer servers, the cost of the | electrical energy has become negligible. | | A Raspberry Pi is not a good choice for a firewall/router | and/or Web server, but there are small computers similar | in size and price, e.g. NanoPi R5S (fanless and with 3 | Ethernet ports, including two of 2.5 Gb/s for LAN and one | of 1 Gb/s for WAN; 2 USB ports can be used to increase | the number of Ethernet ports to 5), which should be good | enough for most people. | adrian_b wrote: | I have power interruptions from time to time, but | fortunately they are not long. | | Now, with only an Intel NUC connected to an UPS that could | power a big server for a half hour, the NUC might work for | a day from the UPS without having to shut down. | | Where I live, the "snowpocalypses", which were frequent | when I was a child, have disappeared completely. On the | other hand, tornadoes, which were completely unknown | previously, have started to appear, so they might become a | cause of problems in the future. | [deleted] | ourmandave wrote: | I recently had mine in my bedroom corner along with all the | network gear. | | With all the leds and flashing lights I couldn't sleep. | eduction wrote: | Mine is in the corner of the room I'm in right now. It's a little | NUC under an armchair. I have a tiny ec2 instance which provides | my permanent IP and forwards web and certain ssh requests using a | VPN connection and iptables. This allows me to have a beefier | machine here, keep logs etc local, run alternative OS (smartos), | and just generally tinker. | | The ec2 fronting technique I stole from the Helm home email | appliance/service. Paying three years up front it worked out to | less than $3/month. | picture wrote: | Would you happen to have time to provide some more details | about using EC2 to get permanent IP? I've been thinking of | using wireguard to connect an old PC to my VPS to run video | game servers, so this is very interesting to me! | eduction wrote: | Happy to help although it was ~3 years ago I set this up and | it uses openVPN as I have not switched over to Wireguard yet | (been meaning to). | | I do recall that setting up port forwarding and NAT and both | sides was the biggest pain (I do not regularly do network | admin!), exacerbated by the fact that the client side is | smartOS which uses a different system (ipfilter) than linux | (iptables) so there were two cryptic network filtering DSLs | to learn. The VPN part was relatively easy as it's just a | point to point connection with the local machine as the | client, configured to reconnect when the connection is lost | and on boot. | | On the ec2 side this is (approximately) my iptables setup | (1234 and 5678 are stand-ins for ports I use to ssh into the | local machine from anywhere on the internet, I have two | because there are multiple (smartOS/Solaris) zones on the | machine): sudo iptables -L Chain INPUT | (policy ACCEPT) target prot opt source | destination ACCEPT tcp -- anywhere | anywhere tcp dpt:http ACCEPT tcp -- | anywhere anywhere tcp dpt:https | ACCEPT tcp -- anywhere anywhere | tcp dpt:1234 ACCEPT tcp -- anywhere | anywhere tcp dpt:5678 Chain FORWARD | (policy ACCEPT) target prot opt source | destination ACCEPT tcp -- anywhere | ip-10-4-0-2.ec2.internal tcp dpt:http ACCEPT tcp | -- anywhere ip-10-4-0-2.ec2.internal tcp | dpt:https ACCEPT tcp -- anywhere | ip-10-4-0-2.ec2.internal tcp dpt:1234 ACCEPT tcp | -- anywhere ip-10-4-0-2.ec2.internal tcp | dpt:5678 Chain OUTPUT (policy ACCEPT) target | prot opt source destination | ACCEPT tcp -- anywhere anywhere | tcp spt:http | | On the ec2 side, openvpn conf: dev tun1 | ifconfig 10.4.0.1 10.4.0.2 verb 5 secret | local.key cipher AES-256-CBC keepalive 10 60 | persist-tun persist-key | | On the local side, openvpn: remote [ec2 ip | adr here] dev tun1 ifconfig 10.4.0.2 10.4.0.1 | verb 5 secret ec2.key cipher AES-256-CBC | keepalive 10 60 persist-tun persist-key | | On the local side, ipf conf in ipnat.conf. This is | abbreviated as most of the stuff in there is just forwarding | amid the zones which is not relevant to a simple linux setup | without zones. In addition to figuring out the iptables | equivalent I believed you'd want to replace the 102 adr | (which in this case is a zone) with your local machine (like | 0.0.0.0/0 or whatever): map net0 | 10.0.0.102/32 -> 0/32 map tun1 10.0.0.102/32 -> | 10.4.0.2 | | (not sure if the first line is even relevant or not, it's | been a while) | rozap wrote: | I hosted a phpbb board out of my room during high school. Our | school board had just done the "one laptop per kid" thing, and | the machines were all locked down and most of the fun sites were | blocked, but not my site, because IT didn't know about it. So | everyone went there to chat. We had an IRC server. People became | friends that otherwise were in different cliques irl. | | One time we were supposed to be doing work during class, but | everyone was on IRC chatting. The classroom was completely | silent. Somebody wrote "somebody say penis" in the channel and | the whole classroom started laughing at the same time, for | seemingly no reason. The teacher was confused, it was a good time | to be a 15 year old dorking around with computers. | unity1001 wrote: | > "somebody say penis" | | Edgy... | rozap wrote: | we were like 14 my friend | yaddaor wrote: | Nothing "edgy" about kids finding words that describe | genitals funny. It is like that everywhere on the planet and | it always has been. | lee101 wrote: | I'm running https://text-generator.io from my house, two 3090s | right now powering it. It allows the service to undercut OpenAI | around 10x on Text/code generation and Google over 8x on speech | to text. A Cloudflare tunnel is pointing to it running locally. | It makes development very fast too. Its a bit tricky to keep | purchasing new hardware to spin up new instances but that's | getting easier with practice and autoscaling cloud providers | doesn't necessarily work that well either. | | I think co's should seriously consider this or at least adding | everyones development machines to the prod cluster during when | they sleep, which is what we did to render movies when i was at | Weta Digital. 1000's of developer machines are pretty valuable if | put to good use. | [deleted] | louwrentius wrote: | I not only run my blog on a computer in the corner of the room, | it's solar-powered as well. At night it is supported by a bunch | of lead acid batteries[0]. | | If you can you should host your own blog/website on your own | physical computer at home. Especially for blogs, availability and | redundancy is just not critical. And if you do a little bit of | preparation you can recover quickly from any failure. It is fun, | you may learn a few things and it makes things more tangible. | (Maybe dig into VLANs or a firewall with multiple interfaces that | allows you to separate your home network from the server) | | My blog is a static HTML site and it has survived many HN visits | of 20k+ visits on a Raspberry Pi3b+. It has since been upgraded | to a Pi4 but it doesn't really matter. My 50Mbit upload capacity | was never really taxed at all. | | I'm currently working for a customer fighting the Azure cloud and | it's abysmal in every way possible. The simplest tasks of | provisioning resources take forever to complete. It makes me fond | of my 8-10 year old 20-core DL380 server that allows me to spin | up a huge infrastructure in the same time Azure can spin up a | small web app. | | [0] https://louwrentius.com/this-blog-is-now-running-on-solar- | po... | bakugo wrote: | I host a website with 20k daily visitors from my living room. If | you want something that feels as small and convenient as a pi but | with a little more muscle to it, mini PCs are your best friends. | [deleted] | irq-1 wrote: | Cloudflare already does this: | https://github.com/cloudflare/cloudflared | | It works with all NATs/CGNATs by connecting from the pi over a | bidirectional WS connection. PI <-> WS <-> Cloudflare. SSL is | done on the cloud, not on the pi. | | Install any web server on the pi and "cloudflared" to proxy it. | | https://developers.cloudflare.com/cloudflare-one/connections... | spaniard89277 wrote: | Looks good. I guess that doesn't put much workload into home | routers, which I assume is the real bottleneck with FTTH | connections. | Havoc wrote: | You can stick the cloudflared tunnel exit on the machine | doing the hosting then the router performance is largely | irrelevant | Melatonic wrote: | Yea this works great! | jll29 wrote: | Festival TTS (Text-to-Speech synthesis), which the article | mentions, is part of many Linux distros nowadays, and it was | originally developed at the University of Edinburgh by Alan Black | and team (Black et al., 1999; Taylor et al., 1998). | | http://src.gnu-darwin.org/ports/audio/festdoc/work/festdoc-1... | | https://era.ed.ac.uk/bitstream/handle/1842/1032/Taylor_1998_... | throwaway894345 wrote: | At the moment it's offline because I'm between homes, but | normally I have a cluster of Raspberry Pis running Kubernetes to | host my blog and a few other services. Unfortunately, the Pis | need static IP addresses which requires admin access to the | router, which I lack as I'm staying at an AirBnB, so in the | meanwhile my site is running on an EC2 spot instance. | MayeulC wrote: | Get a VPN from a reputable ISP, or to a VPS. As a bonus, it's | much easier to host mail as you can customize reverse DNS. You | also get a "clean" IP, IPv6 regardless of your current ISP, and | a static IP. | | It's also possible to host a static website on IPFS and point | DNS records to cloudfare or another public gateway to let them | handle the web server part. | ottoflux wrote: | I still host some things from home, but Linode, Scaleway, etc. | are so cheap for tiny machines it might make more sense to build | some APIs that the webserver can call on a machine running from | your house. | achairapart wrote: | Funnily enough I had the same wish some time ago, so nowadays I | do most of my computing in "fatcity": | | https://fatcity.it | b1476 wrote: | I'm intrigued, care to share more? | achairapart wrote: | Please see the sibling reply: | https://news.ycombinator.com/item?id=33166455 | | And feel free to ask me anything. | fm2606 wrote: | >> little Raspberry Pi 4 server that I run from my home ISP, | for no reason other than to have some fun | | This. | | I run mine on RPi 3B+ with a 4 running the database. I reverse | proxy to my site via a cloud VPS instance for $4 a month. I | switched to the cloud after years on NO-IP when 1) I noticed my | IP never changed and 2) my home IP address was public via a | look up of my domain name. | | On another 3B+ I have a VPN so I can SSH in . | | Some day I will get around doing a roll-your-own-ngrok [0] so I | don't have to open any ports but have yet to do it. I have done | it for a project I was working on and I needed to make the | local dev server accessible to a 3rd party. Pretty slick and | saves a bunch of time and hassle from having to put the code on | the server. (As an aside: Does anyone else dislike the term | "grok"? For whatever reason it annoys the hell out of me.) | | I really have nothing important on there and go months or years | without doing anything to it then get a burst of creativity or | what not and update the site or just tinker with it. | | [0] https://jerrington.me/posts/2019-01-29-self-hosted- | ngrok.htm... | anderspitman wrote: | If you're looking for selfhosted ngrok functionality you may | also be interested in | https://github.com/anderspitman/awesome-tunneling | zdw wrote: | > my home IP address was public via a look up of my domain | name. | | If you're very concerned about privacy, frequently SMTP | headers generally contain IP address info... | all2 wrote: | > most of my computing | | What does this involve? Are you tunneling a browser through | ssh? Are you doing development work? | | Also, the status page is a rather beautiful bit of text. Did | you do that yourself? | achairapart wrote: | The Raspberry PI is attached at my home router (1Gb fiber | connectivity), then I can access it like a local server (so | even by SSH) from everywhere with Tailscale[0]. The rest of | the world is proxied by a Cloudflare Tunnel[1]. | | Yes, remote dev work is done mostly with Visual Studio Code | Remote SSH[2] (but I wish something similar would exists for | Sublime Text). | | [0]: https://tailscale.com/ | | [1]: https://developers.cloudflare.com/cloudflare- | one/connections... | | [2]: https://code.visualstudio.com/docs/remote/ssh | | Edit: Yes, I hacked together the status page, something | similar welcomes me when I ssh into the machine. | | Edit 2: Some benchmark here: | https://pibenchmarks.com/benchmark/62022 | redler wrote: | Way back in the mists of time, we set up our first corporate | website. We were using Website Pro, and the box was under a desk. | There was an option to make the machine beep with each hit, and | for a while it was thrilling to hear those beeps -- once an hour | or so, maybe a cluster of a few in a row. The physicality! | kypro wrote: | Oh man. I relate so much to this. | | When I was 15 me and my friends really liked playing online MMOs. | We used to enjoy chatting on VoIP program, but this software | required a server which all clients would need to connect to. | | We always thought it would be cool to host our own servers for | this VoIP software instead of paying someone else to host one for | us so I decided to dig out an old computer and set it up in the | corner of my bedroom to use as a server. | | We got the server software installed and then realised we could | probably sell these online if we knew how to build a website. | | To cut a long story short, we ended up teaching ourselves how to | create a website with HTML, which eventually lead to learning how | to program in PHP so we communicate with the VoIP software | programmatically via Telnet and send emails, then eventually how | take payments. | | It took us a few months in total, but we did it. And this back | before YouTube tutorials or useful programming blogs. You were | mostly trying to work things out on your own so it felt like a | real achievement. | | One of the best moments of my life was receiving our first paid | subscriber. I'll never forget the night my friend called me to | tell me the news. And this was back when us teens had pay as you | go phones so it was odd to get a call - especially that late at | night. | | Funnily enough we probably used that old computer in the corner | of my room as our server for about a year until one night someone | hacked into it. Never really worked out what they were trying to | do but they managed to install some remote desktop software on | their because because I got woke up one night by the computer | restarting then someone remotely controlling the computer. It was | kinda spookey at the time. | | As you can image we paid for a dedicated server in the end, but | it was such a fun adventure and that's why I'm here on HN today. | The idea a couple of 15 year olds could set up a server in their | bedroom and make some money was really inspiring. | | Things are different now I think. We were one of just a handful | of VoIP hosts back then. Today we would be buried by Google and | people would probably complain about the server taking 50ms too | long to respond. You'd need to spend $1,000 on adwords and have | EC2 instances around the world just to be in for a chance. | bombcar wrote: | For those interested, https://indieweb.org/POSSE may be of use. | | The idea is you'd publish on your own web server, and syndicate | to other services that could maintain under pressure, etc. | | I think that for many people, setting it up at home is "Good | enough" and if you get slash dotted, well then you can deal with | it at that point. | cyberge99 wrote: | I once took our corporate T1 because I was hosting a site on a | work webserver and it got slashdotted. My boss was really cool | about it though, he said, "wow, I've never known an internet | celebrity before!" | | This was in 2001, so it's meaning has changed significantly | since then. | bombcar wrote: | My home DSL connection years ago started being slow - so I | checked my home server. | | A single image was the top result for "Japanese robot death | cat" or something on Google Images, so I was getting pounded. | A quick robots.txt update and a few days later everything was | calm again. | dylan604 wrote: | The no-hot-linking option works well too | digitalsushi wrote: | A home web server is the equivalent of running out of toilet | paper. You never designed a Service Level Agreement for either, | and it's frustrating, but you will survive it. | yummypaint wrote: | This reminds me of setting up a file hosting server at home in | high school so i could work on projects from school without | constantly burning cds or dealing with terrible thumb drives. | Sketchy php, no authentication, no sanitization. Just browse to a | file and click upload. In hindsight it's kind of shocking it | wasn't taken over | bombcar wrote: | If you built it yourself, it's highly likely nobody ever found | it. Even back then most of the "script kiddies" on the internet | were using pre-packaged exploits for known software, not | searching every single possible IP for forms with upload | buttons. | LukeShu wrote: | As someone who was a highschooler 2008-2012 who built their | own simple PHP apps for things: Script kiddies of the time | definitely were scanning for arbitrary forms. Not necessarily | trying to exploit the code, but just anything that would | allow them to post spam. | TOGoS wrote: | I had a big data loss event back in 2008ish when someone | found out, I'm guessing, that they could upload a PHP file | to an upload-anything form on my home server. I thought I | was keeping it secure by disallowing ".php" files, but I | think some MultiView option I had set in Apache allowed | them to upload .php.somethingelse and still have it get | executed, blowing away, sadly, all my Subversion repos. | Switched everything I could salvage to Git after that and | never looked back. Also I no longer trust Apache to | directly serve user-uploaded files. :P | | Long story short, someone apparently went to a non-zero | amount of effort to hack my homebrew file-upload form. | caseysoftware wrote: | Through most of the 2000s, I had an ever-growing server sitting | in my apartment closet. I upgraded it from IDE (a couple gigs) to | SCSI drives (25gigs!!!) and spent a lot of time learning Linux | throughout. It was ugly to navigate NATing, etc at that point but | I ran eGroupware for a long time. | | Now I have a couple of small devices for monitoring, logging, and | sharing and run them behind ngrok. They're quick and easy and I | don't have to set up anything else. | | Disclosure: I work for ngrok (as of last year) but used it since | ~2014 already. | [deleted] | llaolleh wrote: | My ideal state of the internet is companies sell powerful all in | one servers. Each household will have that server for their daily | needs - email, messaging, social network, gaming, etc. | no_time wrote: | >But what I remember feeling most magical was the idea that there | was somebody visiting that server on my desk. There was somebody | coming from a long way away and going inside. An electronic | homunculus. | | You can relive this feeling by seeding a few torrents. I | sometimes check up on my torrents and try to imagine the person | behind the Moroccan IP address grabbing my Drop Dead, Gorgeus | discography. | alx__ wrote: | Is there a way to run a little web server on our phones? It's a | device that's always on, and usually on Wi-Fi | mpd wrote: | I have an old phone set up here, running Octo4a. It's working | great. | | https://github.com/feelfreelinux/octo4a | WorldMaker wrote: | Most modern phone OSes today try to limit background services | to squeeze battery life out of idle states. Even though "always | on", some of the idle states are extreme battery misers. For | instance, even the iPhone 14 with its "always on display" is | doing some really interesting idle stuff, the "always on | display" itself refreshes as 1 frame per second or _slower_ | (sometimes one frame per minute! as the clock is the only | guaranteed to update, once a minute). It seems like the device | is always responsive due to how "instant" it wakes from idle | states. | | All of which are a lot of very interesting reasons _why_ you | can 't just run a web server on your current phone with its | current modern OS and expect it to have 24/7 up time even | though it feels _to you_ like your phone has 24 /7 | responsiveness uptime. | | It's a solvable problem if there were enough interest: light | web hosting is something that could be added to the list of | system services that can wake the device from idle states (in | similar ways to how notification services get prioritized, or | trickle data feeds like Find My Services). It's not likely a | problem that current phone OSes are incentivized to support, | though, because there's currently no reason for millions of | people to want websites served from their pockets. | | Maybe one day there will be an interesting P2P data "hosting" | protocol that would be useful for modern OSes to prioritize in | that way. | ptrwis wrote: | I once ran some GNU/Linux distro on Android, and then Tomcat on | it :) | flobosg wrote: | See https://news.ycombinator.com/item?id=31841051 - | _Repurposing an old Android phone as a web server_ | tandav wrote: | termux (android) can run python, node, docker and more, but you | should have static IP or some tunneling like | cloudflare/tailscale/zerotier | yellsatclouds wrote: | so do I, but my ISP after getting eaten by another larger ISP | made it impossible to access remotely. | | long live the free market. free for institutional-entities to | step on individual humans. | Melatonic wrote: | I meet more and more people these days who are so used to working | with Big Cloud they have no idea how easy is actually is to run | your own hardware. AWS never raises their prices but hardware | keeps getting cheaper, faster, smaller, and more energy | efficient. You could probably host a simple site that did not | have crazy traffic on a pair of old android phones with full HA | and keep it in a shoebox! | davegauer wrote: | I'm a huge fan of running web servers in the house - but they | don't have to be connected to the Internet to be useful and fun! | An Apache instance on my always-on box in the basement [0] serves | an incredible number of uses and can be connected to from any | computer-like thing on my home network. Old-school CGI scripts | can be written almost as quickly as terminal scripts and HTML | forms make super quick interfaces. A home web server is probably | STILL the easiest way to get files to heterogeneous computers and | phones and tablets and... | | [0] https://ratfactor.com/setup2 | nicolaslem wrote: | > A home web server is probably STILL the easiest way to get | files to heterogeneous computers and phones and tablets and... | | Similarly for printing, I would love a local web app that I | could submit PDFs to and get a printer to print the pages. I | could imagine scanning working in reverse. I tried googling a | bit but alas it seems no one has done it. | zh3 wrote: | For dumb printers we use CUPS, even cheap printers (Oki | B412dn here) just plug into the network and are found by most | things (even Windows these days). | nicolaslem wrote: | I also use CUPS on a Pi to put a dumb printer on the | network, but I still routinely have issues with my devices | not finding the printer or not scaling the page properly. | | This is why I was thinking that a plain web app with a | known good driver could solve these problems. | cestith wrote: | Some higher-end printers have HTTPS or LPD (or even FTP) | printing built into them. As far as using a web app to queue | to a printer that's working on a local Linux machine or so, | the webapp could be as simple as just a file upload form and | app backed by incron with the right command assigned to the | event I think. | | https://www.geeksforgeeks.org/incron-command-in-linux- | with-e... | jll29 wrote: | See https://pibox.io/ + https://kubesail.com/ for a low-energy, | small, Raspberry Pi-driven, quiet option. I have been running | one of them running in our basement for about a month. | KubeSail, the startup that sells them, offer DNS and backup | services, but the box has been designed to run also in the case | the company eventually disappears. | zh3 wrote: | Our (decades old) house web server has a home page with useful | links, and in particular to a simple wiki on the same box. | Without any pushing (that never works) the rest of the house | has slowly learnt to use it, so the calendar, the wish lists, | the pet histories, holiday ideas, all sorts of stuff are on it. | The server also hosts simple apps like JS clocks, calculators | and of course the [0] pewpew attack map (maybe a little less | funny these days, but hey). | | Edit: ref CGI, there's a few apps on there that do that as well | (e.g. fish tank temperature monitor). Nice thing about a small | private network is being able to do CGI scripts in | bash/whatever without having to worry too much). | | [0] https://github.com/hrbrmstr/pewpew | protonfish wrote: | How do you give your intranet site an internal domain? Or do | you make the family use the IP address? | oneplane wrote: | You probably already have this. Nearly every ISP has been | delivering home gateways with DHCP and DNS built in, and | DHCP-registration into the local DNS cache. So <your- | computer>.lan or <your-computer>.home are likely | candidates. Check your settings to find out. | | Besides DNS-based naming there is Multicast DNS | (Bonjour/Avahi/ZeroConf) and NetBIOS naming (which still | exist and works on most operating systems that have Samba | or something similar). | | In any case, you don't need a remote service like Cloud9 or | Tailscale to any of this. Normal networking has done this | for decades. | | The next step beyond this is running a more capable DNS | system in your home network. Generally this takes the shape | of a DNS forwarder service running on a router or server. | It could be as simple as a PiHole or OpnSense firewall, or | however complicated you might want to make it. | aendruk wrote: | See also .home.arpa which is designated for this purpose. | whateveracct wrote: | I personally use avahi (mDNS) as many other replies have | suggested. | | I use NixOS, so it was easy to make a function to abstract | over the config. In each computer's config, all I do is | specify a hostname. This function does the work (or really, | some nixpkgs committer did): { hostName | }: { services.avahi = { | enable = true; nssmdns = true; # Allows | programs like ssh to resolve .local domains via avahi | inherit hostName; openFirewall = true; | publish = { enable = true; | addresses = true; workstation = true; | }; }; } | vorpalhex wrote: | Edit the internal dns server(s). | numpad0 wrote: | Configure following items on your router: | | - desired hostname and search domain(can be bogus though | not recommended) | | - DHCP server parameters with the router's IP as primary | DNS | | - DHCP static assignment for (each of)server(s) | | - DNS static assignment such as "yourserver.bogusdomain.tld | 192.168.10.10" | | - (optionally) domain names, ddclient, certbot | | "Proper" classical router/firewall OSs like Cisco IOS, | Juniper JunOS, VyOS, RouterOS, OpenWrt, all easily do it | like they do a cigarette, but good gamer routers and some | NASs also can do it okay in many cases. | zh3 wrote: | It runs DNS and DHCP as well (so we have a domain that's | the same as the house name); the DNS is primarily caching | so for most sites it's just stock internet (except a bit | faster due to the caching). It's also authoritative for a | small number of domains that serves ads/do tracking (it's | amazing how much better that makes the internet, even the | kids comment on how fast it is compared to their friends - | and we're out in the sticks on a relatively slow | connection). | ecliptik wrote: | Tailscale MagicDNS [1] can also do this, which you can also | setup with TLS certs using their Let's Encrypt integration | [2]. | | 1. https://tailscale.com/kb/1054/dns/ | | 2. https://tailscale.com/kb/1153/enabling-https/ | pclmulqdq wrote: | If you have a Pi hole, you are already running a dns | server. Otherwise, it's not too hard to set one up. | leesalminen wrote: | You can use mDNS [0] to publish an internal domain to | others on the same LAN. Alternatively, you can use | something like a Pi-Hole [1] to be the DNS server for your | LAN. Pi-Hole gives you GUI way to point any domain to any | IP [2]. | | [0] https://wlog.viltstigen.se/articles/2021/05/02/mdns- | for-linu... | | [1] https://pi-hole.net | | [2] https://docs.callitkarma.me/posts/PiHole-Local-DNS/ | jrnichols wrote: | if you're using pi-hole, you can actually do all of this | within the admin panel itself. they added Local DNS a | couple releases ago. | timc3 wrote: | Network router with DNS resolver, internal domain, all DHCP | clients get registered with a name as a subdomain. | mycomputer.networkname.lan - I use pfsense, but lots of | others support this. | | You could have your own top level domain as well. | aljarry wrote: | This might be an overkill, but you can host internal domain | using public DNS. | | I've got a domain, and I've added multiple A records | pointing to IPs of servers in my 192.168.X.Y NAT. This has | a downside thought, that with short enough TTL, you may not | be able to access your server during intermittent | connectivity problems. | | I'm using letsencrypt through traefik for the certs. | WorldMaker wrote: | Not the OP, but for a small local network it is easy enough | to sneakernet hosts files around. (On a USB drive if not a | properly classic floppy.) | | Also, somepcname.local mDNS works on most operating systems | today (once you grant firewall permissions to it; for | instance, on Windows setting your home network as a | "Private" network for instance when it asks Public or | Private). | zh3 wrote: | We have a lot of computers, so DNS is easier than hosts | files (also easier for dynamic updates,e.g. random Pi's | given a hostname will update DNS via DHCP so no need to | find the IP address and update other hosts). | tomcam wrote: | I am asking this out of ignorance, not knowledge. Isn't | that why the Lord gave us a hosts file? | dylan604 wrote: | you'd have to edit the hosts file on every single device | you want to access that domain. personally, i wouldn't | even know how to do that on any of my mobile devices. | tomcam wrote: | TIL. Thank you | kroltan wrote: | Or run a local DNS in your router, so you don't have to | set each client device up. | | (How would you even add hosts to an iPhone or something?) | tomcam wrote: | But of course. Thanks. | anthropodie wrote: | visit http://i.reddit.com/r/selfhosted to join hundreds of | thousands of people hosting at home. | anderspitman wrote: | It's a great community for learning, but I think they focus too | much on teaching each other and not enough on lowering the | barrier of entry. | NonNefarious wrote: | incanus77 wrote: | In 1999 I wrote a piece of PHP trouble ticket tracking software | called Ticketsmith which eventually morphed into the foundations | of ubersmith.com. I put the first tarball on my home PC (running | Linux) and linked that URL to Freshmeat.net. It was so thrilling | to sit there that evening, watching TV but looking over to see | the Apache log tail process stream out as each person downloaded | it to check it out. Very visceral. | digitalsushi wrote: | In 2003 I had my web server in my college apartment bedroom. This | is back when AOL Instant Messenger was popular. | | I had a URL on my website called moo.html that wasn't indexed. My | friends had it bookmarked, and when they visited it they got a | picture of a cow, but it played a cow mooing in my bedroom. It | was a nudge to come online and be social. | | The End. | blhack wrote: | I miss these days of the internet. | llaolleh wrote: | Make Arpanet Great Again! | Scarblac wrote: | One night in the 90s I woke up at 1am because the server next | to my bed started making a lot of noise! I quickly login and | see a process by user "nobody" taking up 100% cpu! I'm being | hacked! Quickly pull the network cable out of the wall, wide | awake. | | Turns out there is a cron job that updates the locate command's | index. | DavidSJ wrote: | At a web startup I worked at in 2008, we had some automated | emails sent to all our users. We didn't have sendmail or | postfix or whatever properly configured and so the emails | came from nobody@ourdomain.com. Our CEO was pissed because he | didn't understand that it wasn't like some intentional joke | by our engineering team. | Kim_Bruning wrote: | One day when I had just started using linux, this never | happened to me either ;-) | ISL wrote: | Yep! updatedb | napolux wrote: | this reminds me of the Yo! app | patoroco wrote: | OMG, I'd achieved to remove it from my mind. Ooob, the olds | times in the apps world | nluken wrote: | Similar story: In college much more recently (2019), I had a | linux server running at my boyfriend's apartment since he was | off campus and we were blocked from doing anything like that on | the school's network. Sometimes, I would say hi to him or wish | him goodnight by playing a little tune on the PC speaker hooked | up to that computer. He'd always text me back with a smiley | face or something like that. Feels like that kind of | interaction is really rare on the web these days, but we had | fun with it for a little while. | oso2k wrote: | In early 2000s we used to send each other messages using | Query Strings or X-Headers.... | conductr wrote: | Wow cool but that's bizarro world to me. In my days college | was where everything awesome was happening because it had | fast and basically unrestricted internet. A lot of the | Napster and other P2P stuff that followed was being seeded | from someone's dorm. The best game servers, etc. On IRC in | the early 00s, I did a lot of trading of video (live music | footage) and one kid in a dorm somewhere could host an | enormous amount of content by most home internet standards. | Once I got off dialup download speeds, I could easily | download more than I could afford to store. The cheapest | thing for me to do was buy a massive stack of CDRs and start | burning. If I remember correctly, the largest HDD at the time | was about 40GB. | nluken wrote: | Our school's IT department used to go around with wireless | scanners to make sure nobody was running networks without | the school's permission. I knew people who got busted for | stuff like that, but my roommates and I eventually hacked a | way around this by naming our network "Dave's iPhone | Hotspot" and never had any issues. At that point, the | webserver moved from my boyfriend's place back to my own | until we moved off campus the following year. | joshxyz wrote: | i wonder how often they refreshed it lol | endgame wrote: | I did a similar thing with my family: I'd hooked a GNU/Linux | box up to the family Hi-Fi system to play our various music | libraries, and when I was living overseas I'd "call them" by | ssh-ing in and asking mpd to start playing something. They'd | come online and call me using Google Talk (the very first one, | probably, because it was good, simple, built on open standards, | and long dead). | thakoppno wrote: | What mechanism tied an inbound http request to the moo? | numpad0 wrote: | Years ago I had /var/www/lights_on.sh that turned lights on | in my room. Only hardened against RCE by Wi-Fi password, but | was possible. It broke later. The real problem was that | browsers sometimes prefetched it. | digitalsushi wrote: | I was using a log watcher that could run a command on a regex | match, but I remember having an elaborate .htaccess that | would shell out all kinds of things... many ways to tie them | together, all very hacky. | thakoppno wrote: | thank you for this insight. | | it might not even be that hacky to be honest. in some ways | modern log aggregation isn't that different, just insulated | by more steps and safe guards. less moos though. | [deleted] | sukilot wrote: | RockRobotRock wrote: | I'm trying to imagine what was popular back then. A Perl CGI | script? | valleyer wrote: | Perhaps showing my age, but that is still how I would do | it. It's dead simple. | jrootabega wrote: | I enjoyed the (brief?) times when the client would do string | interpolation on the URL and tell you the screen name of the | person viewing it. | jaywalk wrote: | You had to put a link in your profile that contained "%n", | and the client would replace %n with the screen name of the | person clicking the link. They never took that away as long | as I was using AIM, but there was no way to see anyone simply | viewing your profile without clicking a link as far as I can | remember. | jrootabega wrote: | Ah that's right. I remember when it was still not widely | known you could catch some people, but I think people | caught on eventually. | lucb1e wrote: | I wasn't an AOL user so it took me a few reads to get the | concept. What this must mean is something like: | [Joe] what's up <a href="//example.net/?username= | [Jane] nm, wbu [Joe] ">join my chess game?</a> | | Which could show on Jane's screen, if there is no HTML | escaping at all, as: [Joe] what's up | [Joe] join my chess game? (<-link) | | The message of Jane's would have looked like it got swallowed | because it was inside the HTML tag, but so long as Jane | doesn't know what's up and ignores it, clicking the link | instead, the owner of example.net would see a pageload of htt | ps://example.net/?username=%0A%5BJane%5D%20nm%2C%20wbu%0A... | and thus learn that the other person is called Jane. Then | again, for this to work it would already have to be on the | screen of the person clicking the link, but not of the person | who sent the link or there would be no point. So I feel like | I'm still missing something. | jrootabega wrote: | Less clever than that. jaywalk's comment got it. You could | put a link in your away message/status/profile and see | which people clicked it and/or were "stalking" you. | oliwary wrote: | Something similar used to work on Facebook... and still does | apparently! | | At least if you are this person: | http://facebook.com/profile.php?=73322363 | | (This link redirects to the profile of whoever clicks it) | lucb1e wrote: | Obligatory: https://xkcd.com/530/ | | I did something similar when I lost my phone but it was still | connected to the network. Ssh into it and `while true; do | espeak "I am here"; done`. Related: http://bash.org/?5273 | didgetmaster wrote: | The xkcd reminds me of a friend who was locked out of her | car. The battery in her remote key fob had run down so the | door would not unlock when she pushed the unlock button on | it. She was still trying to figure out online how to get a | new battery when I took her key from her and opened the door | by inserting it in the lock. She was so embarrassed that she | wouldn't talk to me for a few days. | Aeolun wrote: | I'm fairly certain we've recently fought to open a rented | car because the keyfob died and the way to extract the key | from the fob was non-obvious. | | Then when we finally got inside, the car didn't have a | keyhole to start it at all. Ended up calling the rental | agency that showed us how to invoke the magic sequence by | holding the (empty) fob in front of the start button for a | few seconds before pressing it. I guess it does passive | RFiD or something? | | Anyway, that's the point where I decided modern cars are | not my thing. | ghusbands wrote: | I did that, recently. My fob battery died, I unlocked the | car with the key, opened the door and... the car alarm went | off. I'm not sure what the designers were thinking. | stonogo wrote: | You turn the alarm off by starting the car, because the | ignition has an rfid-like close-range reader which only | requires passive circuitry in the key. That's how you | differentiate between a break-in and the legitimate | owner. | davchana wrote: | My car has push start (like many new ones) & has no | keyhole inside (it has one in door to open the door). | Although it has a seat/slot for the whole key to go in, | in case of low battery. I assume that will stop the | alarm. :-| | Haegin wrote: | My car is also push start and I have to hold the fob in | front of the start button for a short while before | turning on the car if the fob battery is out. | thomastjeffery wrote: | Some relatives of mine have internet-connected RGB lamps that | they use in a similar fashion. When one sets the color, the | others automatically synchronize. It seems like a pretty neat | low-stress way to keep in touch. | fullstop wrote: | In 2001 I had an account set up for my girlfriend, now wife, so | that she could telnet (openssh wasn't really widespread then!) | to my desktop and it would play a sound and blink a light as | part of the login procedure. | | The light was controlled by an X10 "firecracker" module. Neat | stuff, for the time. | | Anyway, she would do that to get my attention if I wasn't by | the PC and she wanted to chat via ICQ. | agrippanux wrote: | A few weeks ago I set up a Stable Diffusion webui on my home | linux box and used a Cloudflare tunnel to host it on a url and | gate access to just my company's email domain. I started a slack | channel for AI Art and we started holding a daily contest, it's | been really fun. | | Shout out to Cloudflare, setting up an access protected tunnel | took like 10 minutes. | ghusto wrote: | I remember home hosting fondly too. | | Every so often I think about doing it again, but security | paranoia keeps me from it. What if they broke out somehow? I | could DMZ it I guess. | teekert wrote: | Tailscale is nice, you don't even need to open any ports to | have your device accessible from anywhere. Works really great, | literally (!) takes >10 min to set up (on mobile, dl app, log | in with 3rd party identity provider (I choose GitHub), on | Server, curl some script (will move to apt or yay or dnf when | it detects them), click a link, boom both devices can find each | other on unique IP addresses.) | | I do open ports, for NextCloud (to be able share stuff) and | some websites. But Home Assistant is only accessible from the | Tailnet for example, as are my ssh servers. | 14u2c wrote: | Cloudflare has a similar (free) service as well. It's quite | useful. | bombcar wrote: | DMZ or second IP/connection is the way to go. | | It can be a bit tricky with hairpin routing, but you can make | the DMZ seem to be "on the internet" even to the home network. | | Use tail scale or something similar for actual "access my home | network from far away" | anderspitman wrote: | I'd recommend running your selfhosted stuff in a VM (or docker) | and using tunneling[0] to access it. | | [0]: https://github.com/anderspitman/awesome-tunneling | mvanbaak wrote: | You want to host my plex server there? ;P | catern wrote: | I do this, I host my website on my desktop. It's nice to have | just a single computer instead of many. | http://catern.com/computers.html | bovermyer wrote: | This line from the article sums up my feelings pretty well: | | > I'm pretty technically capable but I'm not sure I can be | bothered. | | All this sounds fun and a cool throwback, but it's also rather | more work than I'm willing to put up with right now. | mftb wrote: | I've wanted to do this for years, but just can't stand the | security hassle. One solution I've often thought about, is | renting a small office in the neighborhood and setting up there, | obviously that adds a lot of expense. | pak9rabid wrote: | Hmm, I don't have a problem self-hosting from home. Here's my | setup: | | 1.) Cable (DOCSIS 3.0) Internet connection with a dynamic IPv4 | address. 2.) Registered domain(s) 3.) Domain hosted via Dyn.org | (for quick updates in the event my IP changes) 4.) Linux-based | firewall/router that runs ddclient (to update the public DNS | records should my IP change, which is very rarely) 5.) All port | 80/443 traffic is forwarded to an LXD container running nginx as | a reverse-proxy, where TLS encryption/decryption is handled 6.) | Unencrypted HTTP traffic is then forwarded off to whichever LXD | container is hosting the actual site | | Unless my Internet connection actually goes down (which is rare | thanks to a good provider and everything being on a UPS), the | site stays up. | | Hope this helps! | mft_ wrote: | It sounds wonderful, but doesn't sound (to borrow the author's | phrase) 'turnkey'. | | And certainly not on a Raspberry Pi running Linux - it sounds | like a day of frustration, trial-and-error, and many many | google searches! | | I would pay good money for (let's say) a Pi with all of the | hard work done - just plug it in to your router and it's | already serving pages online. | | Edit: also, dyn.org doesn't seem to exist? | finneganscat wrote: | fletchowns wrote: | I have Comcast Gigabit Pro which comes with a 6 Gbps symmetrical | fiber connection and a separate 1 Gbps symmetrical ethernet | connection, each connection having their own block of 5 IP | addresses. I've been considering moving my colocated server back | home and putting it on the 1 Gbps line, my only hesitation is | that the IP addresses between the two connections are so similar. | If I was only serving https traffic to the public that wouldn't | be too much of a concern, since I could just stick Cloudflare in | front of it. However, I'm also hosting game servers on there, and | those don't seem as straightforward in masking my IP address. | Should I be this paranoid about that? They would be completely | separate networks, there's no route from the publicly accessible | server into my home network. | zhala wrote: | You could use something like cloudflare tunnels which wouldn't | expose your IP, but would still route the traffic back to you | machine. | fletchowns wrote: | Ooo that looks promising! I will look into it, thank you for | the suggestion. | ectospheno wrote: | Or stick a level 4 haproxy at a cheap no bandwidth fee vps | provider. | anderspitman wrote: | Cloudflare Tunnel is a solid service. Self-hosted options | are also available: | https://github.com/anderspitman/awesome-tunneling | lucb1e wrote: | https://web.archive.org/web/20221011170702/https://interconn... | because it takes 25 seconds to load at the moment (not that | archive.org couldn't use a speed boost) | kkfx wrote: | I'm not much interested in a personal webserver than having as a | NORMAL service an ipv6 global per any connection, all ISP crappy | router deniable or configurable in bridge mode, anyone normally | owning a personal domain name or more than one. | | Some subdomains dedicated to personal services etc. Web server | just a part of the game, not them specifically. | | Technically there are NO reasons to justify "cloud computing" | despite claims, the only real justifications are business of some | against others interests. There are no reasons despite all ipv6 | issue to not offer global addresses etc. The real issue is that | most people simply have next to no ideal about IT nor how to | benefit from in in their own lives. Those who know have not much | choice... | marginalia_nu wrote: | I host all of marginalia.nu out of my living room. Very little | hazzle. UPS is kinda important though. | geek_at wrote: | This takes me back. My dad worked for IBM and had access to many | broken thinkpads (mostly broken displays) so he would bring them | home for me to tinker but in the end I installed debian on them, | installed ISPconfig and rented out webspace from the laptops | running under my bed. | | Laptops are awesome for servers since they have built in UPS's | and are not very power hungry | | It was a fun experience and got me started on my road to becoming | a MSP | rambambram wrote: | Sounds like a post on it's own! Do you have a blog somewhere? | geek_at wrote: | yes I even wrote about the laptop servers here | https://blog.haschek.at/2015-my-company-just-turned-10.html | georgeoliver wrote: | > Perhaps there's a way to host my website at home, but have the | static bits served by Cloudflare if the Raspberry Pi isn't | available (using a global CDN as a UPS), and the dynamic bits | always visit my home - but there's a graceful "come back later" | message if the Pi is down? | | I feel like this is what IPFS and similar are made for. I could | see a home user appliance configured with something like that, | plug it in and your site is up, unplug it and it was replicated | to other opt-in hosts. | rcarmo wrote: | My web site (taoofmac.com) used to be hosted at home behind a DSL | line. I ran it on anything from an NSLU2 (look it up, it was one | of the first easy-to procure, easily hackable ARM machines) to | PHP+MySQL on Windows Server (don't ask), and after a while I had | Snort and all sorts of stuff running alongside to secure it. | | Whenever I was linked from Slashdot I would pretty much lose | connectivity, so I started using Coral CDN, moved it to a colo, | then to Linode, and on and on through some 6 or 7 providers as | technology changed and I tried new things. | | It's been 20 years now (just wrote about that last week), and I | sort of miss those days, but on the other hand I really don't-- | keeping the server alive and secure (even in Linode) was a bit of | a chore, so the writing was pretty much on the wall that it would | eventually become just a set of static pages on an Azure storage | account. Zero worry about keeping the site secure, no runtime | issues, and plenty of opportunities to be creative (like this: | https://taoofmac.com/static/graph) | | And boy, do I have plenty of in-house web servers and Raspberry | Pis to make up for it--but none are public, and I just have a | couple of cores spinning on each major provider for toy projects. | childintime wrote: | These days the ESP32 could be good enough. It could host a decent | website, which could be a portal to do fancy intercom stuff and | make photo's on the press of a button. ___________________________________________________________________ (page generated 2022-10-11 23:00 UTC)