I’d like to have my own server at home sorta like a home AWS.
How to set up one and make it available to anyone over the Internet? What tech specs should I buy (RAM, CPU, # of cores, operating system, etc.)?
How much does it cost to keep one running all the time?
You must log in or register to comment.
Be extremely careful. Plenty of people are really smart and malicious, so you need to isolate it from everything on your network. You’re giving random people remote code execution on your local network, which is like the worst case scenario for security.
make it available to anyone
To do what?
Say: let them use a web app?
Generally speaking, not a well-advised idea, especially for someone who has to ask how to do it (truly not being snarky).
I was a cisco instructor in the 90’s, (so teaching networking and security were my bread and butter for a while) and I wouldn’t think of doing this - except… If the only access was via a mesh network client such as Tails/Tailscale, the server was dedicated to just this purpose, it was isolated on its own LAN segment/DMZ with no routing path to my home network segment, the server was not Windows, but Linux, and I had a robust backup plan, access control plan, and access monitoring with alerts.
There’s just too much risk exposing a port to the world.
If you’re only accessing the server remotely via Tailscale and no ports are open, is it necessary to have the server on its own isolated VLAN? I like accessing my server locally most of the time and via Tailscale when I’m out and about.
I’d still do this.
Security isn’t one thing, it’s layers. So if any single layer fails another still prevents access.
With just Tails, if a bad actor gets access via a compromised user machine, they could potentially get access to the rest of your network. If the server is on an isolated Lan, there’s nothing for them to access - it’s a rock-solid guarantee that the most they can do is damage to that server and network segment.
We (us IT folks) see users get compromised almost daily, largely through social engineering. It’s a huge risk.
And it’s trivial to have something on its own Lan segment.
If you let random people install stuff on your server all you get is assholes install monero miners to gain 1 cent from you wasting 30 dollars in electricity
You can host most basic web apps off a raspberry pi. You just need to:
- connect your device to the internet
- start your server application
- set up port forwarding on your router to forward the port your application is being hosted on
- get a domain name
- configure ddns
- Maybe get some SSL certs
.
Edit: BearOfaTime brings up a great point. I’m telling you how to do what you asked but you probably shouldn’t. If you do, try to airgap the server from your personal network as best as you can
Edit edit: You know people will let you use their servers for small projects for free right? Check out https://ctrl-c.club/#what or hang out in the LowEndTalk forums and provide quality input and enter some of the giveaways for server space
Although the drawback to ctrl-c club is that you’re not going to get full control of how you install libraries and applications
That’s a REALLY broad definition.
A web app that does what?
Are you running your own Netflix-ish server? Transaction processing? Cloud storage? Ai chatbot?
Each one has very different requirements, and this is just the first four that came to mind .
AWS has hundreds of buildings filled with millions of servers, so you aren’t going to compete with that, even on a small scale.
But could you run your own little Facebook type thing? For a handful of users, sure. Could you handle the number of users that Facebook actually has in a day? You are looking at buildings filled with Computers, not a single machine’s spec 
I think you should take baby-steps and focus first on just getting something running for you to use. Maybe first experiment with configuring an application you’d like in a virtual machine before you spend money on hardware too.
You can install OpenStack, but I’d probably not let any random person run code on your machine
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CGNAT Carrier-Grade NAT DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol NAT Network Address Translation RPi Raspberry Pi brand of SBC SBC Single-Board Computer SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TCP Transmission Control Protocol, most often over IP VPN Virtual Private Network nginx Popular HTTP server
12 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #240 for this sub, first seen 25th Oct 2023, 05:25] [FAQ] [Full list] [Contact] [Source code]
I am a big fan of this not. The worst thing about tech is all the bloody acronyms.
Tailscale is your friend, and stupid simple!
If OP wants to expose it to the public, tailscale isn’t an option. Cloudflare tunnels is the way to go.
Tailscale Funnels expose whatever service you have running to the public. I personally use this, so yes, it is an option.
Are these part of the official tailscale protocol? Do you have a link to documentation or something?
https://tailscale.com/kb/1223/tailscale-funnel/
It’s like a reverse exit node. Tailscale sets up a DNS domain for you and directs TCP connections (encrypted) to your designated node.
The big downside is that they only offer the use of their own (sub)domains and you use their HTTPS certificates, you can’t use your own domains/own certs.
Edit: it may be possible to forgo the use of their certs and instead set up a CNAME record in your DNS that points at the funnel node’s address, and add your own certs (for your domain) in a reverse proxy running on the node. I haven’t tried.
I’m personally using headscale, would be interesting to see if they have that. I guess I can also reverse proxy from my vps into my tailnet.
Thanks !
Awesome. I didn’t know about this. Thank you
Install proxmox on a computer with plenty of RAM and CPU and you’ll be able to create VMs which you can give out or rent out to anyone.
In regards to access, ipv4 is not a good idea. Especially not residential IP addresses., You should get ipv6 addresses maybe from a tunnelbroker. But anyways, first you need the server with the hypervisor (which is what you’re looking for) and then you can slowly run tests, learn and eventually figure out networking.
Btw, it might be cheaper to simply rent a server, which would solve the issue of ip addresses. OVH has cheap servers and a proxmox install wizard.
Just please don’t use it for anything sensitive until you can find someone to give a quick check up in regards to security to make sure you haven’t missed anything. Unlike a regular PC, this one is expected to receive inbound connections which has its risks.
But don’t worry about that too much now. Find an old computer or rent a server, install proxmox and start testing, playing around and learning.
Edit: chatgpt is good when wanting to learn this stuff. Especially gpt-4, but even gpt-3.5 will do. Just don’t trust it blindly as it still messes up about 20% of the time. But it’s often better than googling for tutorials since you can’t often find what you’re looking for.
Edit2: the setup I propose will allow you to divide a regular computer into 100s of virtual ones limited only by the total RAM, disk and CPU. If you only want a web server on dedicated hardware get a raspberry pi, because my proposal would be overkill. But it’s the closest to “being your own cloud provider”.
What does a “home AWS” mean?
I just bought a decommissioned computer from a public institution for 40€ (they are usually relatively cheap and still top modern, since companies replace their computers after 2 to 4 years, for tax reasons).
For this I just bought 2 HDD hard drives (I can only put 2 in; they are relatively cheap in comparison for a lot of storage space) and a nvme2 ssd was already included, there is the OS on it.To make the server publicly accessible with a private internet connection (not a business connection), I bought a domain (I bought it at namecheap) and then I set up DynDNS at my domain provider and my router. This was relatively easy (with namecheap and a FritzBox).
I added a DNS entry that forward all subdomains to my DynDNS. The software, I want to have installed, I then simply install in a docke/ podman container and make a reverse proxy to the docker container via Nginx. This allows me to let multiple applications use the http(s) port from the outside via subdomains, so the URL doesn’t need a port.
I can post the specs later, with an edit.
Edit: I don’t know how much the electricity costs, because I currently don’t pay for the electricity. But I have a 200W Power Supply and the machine is idling around a lot, as the service just not often used, but sporadic.
First of all you need that your ISP actually gives you an IP that points back to your home network. It’s not uncommon that your IP points to some ISP NAT that routes the internet to many houses, making it impossible to expose some device in your network to the internet.
It was my case, then I needed to call them and ask to have an IP that goes directly to my gateway.
After that you can go to your gateway and do port forwarding from the internet to your server in your home. For example, you can forward port 80 from internet to your server private IP on port 80, so when someone browsers your IP it will get whatever page is hosted on your server.
About server tech specs, it depends on what you want to host. I used to host a personal Nextcloud server in a raspberry pi, which is really power efficient and cheap to maintain. Maybe you’ll want a server with higher specs that might draw more power. It’s really up to what you wanna do specifically.
None of that is needed with cloudflare zero trust + tunneling. You simply install an agent on the machine and configure internal IP:port you want to access the outside in the cloudflare portal, pointing to a domain you own. You can even allow passwords to access internal IPs directly if you want.
Of course you can use a reverse proxy to expose your apps to the internet.
Here’s another similar solution that you can self host in a cheap cloud VM:
That also requires you to manage updates and security on that device… If you want less work not more zero trust cloudflare is a great free solution. I used to use nginx proxy manager which is free as a reverse proxy but again one less machine to worry about. I literally just migrated days ago and I couldn’t be happier.
That’s a question ChatGPT would excel at… It sounds like it might be a big task for your shoes, but here goes (100% organic reply, mind you):
- get a Raspberry Pi, install your web app, make sure you can reach it on the LAN
- forward the port your web-app is running on to the Raspberry Pi: app is now reachable under IP:port from the internet)
- set up a domain with a provider that supports dyndns, set up a job on the Pi to regularly check in with the dyndns provider and tell it your current WAN IP: app is reachable on your own domain; success
This is leaving out any security measures and you will want to take care of those before opening your home LAN to the world! Have fun learning!
