If you are willing to roll up your sleeves and get technical, serving your website at home can be done safely and securely without changing your firewall. There are some steps to do, but at the end it will save you money and it will give you some real-world IT experience.
So to self-host your WeeWX website, I would do the following NOTE: This is a high-level checklist. there are lot of steps for each item. 1. Get a domain name. Porkbun.com is cheap, but Google Domains works too. 2. You need to have a NameServer Service to tell the internet where your website is. My checklist will use CloudFlare (free). They have a bunch of services that we are going to use to make this happen. 3. Once you buy your domain name, you will need to point it to Cloudflare's Servers. Cloudflare's setup will walk you through it. This will take 4 - 24 hours to propagate across the internet (your response may vary). 4. Once it is propagated (Cloudflare sends an email to you), You will setup your website inside the tool. We are going to setup "Zero Trust" tunnel that will create a secure tunnel between cloudflare and your server. I have a video that walks this whole process through (including configuring cloudflare) https://youtu.be/eojWaJQvqiw This tunnel is the KEY. This tunnel will encrypt the traffic coming to your domain, secure your domain with an SSL Certificate, and essentially expose it directly on your server. Again this service is free for small domains (like weather station sites!) and does not expose your network to the internet directly. 5. Within the tool you will configure your Server name and the port (80) that your webserver is now hosting your WeeWX site. You will have to install a package from Cloudflare to act as the broker for the connection. The video goes over a container-approach, but in Cloudflare's documentation, they cover a linux server install. The benefits of doing this approach are: 1. Site gets a free SSL certificate (https:) that is handled by Cloudflare 2. Cloudflare acts as a reverse proxy to broker your connection from the internet to your server and port. 3. connection between Cloudflare and your server is secure. You do not need to open a port for this. 4. You get website statistics and other security features for your website for free from cloudflare. Check out the video and let me know if this helps. There are other resources on the internet that can help on this setup. Doug Jenkins On Tue, Jan 3, 2023 at 11:46 AM vince <vinceska...@gmail.com> wrote: > If you're asking that question, you really shouldn't do it for security > reasons. There are soooo many bots and automated scanners out there > looking for victim sites that you'd be massively attacked within literally > a minute or two. Please don't. Really. > > But to answer - you'd need to alter your home firewall to permit incoming > web traffic to 'only' that computer and tcp/ip port. Ideally you would > have your webserver also running 'only' https (a bit hard on a LAN to do), > have lots of logging (syslog), blocking typical attacks (fail2ban) and > hopefully even alerting that attacks are even happening. You should also > segment your network so it's on an isolated VLAN so it can't be used as a > jumping off point to attack your other home network devices. That requires > special network hardware usually, and some additional level of expertise. > It's a big lift to do correctly. > > Simpler answer is to spend a few bucks/month and spin up a AWS Lightsail > VM and use weewx's RSYNC uploader to update the Internet webserver with the > weewx-generated data automatically. Lightsail is free for 3 months trial, > then $3.50/month. Small price to pay for peace of mind. > > You'd still have to harden your Lightsail VM, but that's far easier to > learn how to do. Get a lets-encrypt ssl certificate to use only https. > Use the Lightsail console to let 'just' https in. Install fail2ban. Very > doable. Lots of guides out there for how to do so if you google a bit. > > > On Tuesday, January 3, 2023 at 4:23:59 AM UTC-8 kb3...@gmail.com wrote: > >> I was able to get the local network page of my weewx station but how do >> you see this from the public ip? >> >> -- > You received this message because you are subscribed to the Google Groups > "weewx-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to weewx-user+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/weewx-user/4a1e2ea1-74c3-4f08-ac28-2267cb1148f5n%40googlegroups.com > <https://groups.google.com/d/msgid/weewx-user/4a1e2ea1-74c3-4f08-ac28-2267cb1148f5n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/CACC0i0wiy_rGYdZWohX1Z%3D9BJ%3DEFCbmGKg3Wh4%3D%2BBMRzYxtKPQ%40mail.gmail.com.
