NaibofTabr

You’re welcome. I tried to do basically the same thing a few years back (run a WordPress site from a RPi on my home network - and also a Minecraft server) and so I tried to write up the problems I ran into - I probably forgot some, but those are the major hurdles. I learned a lot along the way.

I should also point out that if you rent hosting space (from linode or inmotion or digitalocean or many other options) then problems 1 & 4 become much easier, and 2 & 3 go away entirely (most people don’t host public websites on their home networks because of these and other issues).

Happy to help. If you’re interested in learning networking more thoroughly, I want to point you to Professor Messer especially the Network+ content. He has far more complete explanations than I could write (and it’s free!). Even if you’re not interested in getting any certs, the explanations will be helpful.

So your goal is to host a publicly accessible static website from a computer in your home. There are a few problems you need to overcome before even worrying about configuring any software. You need some more basic networking knowledge first.

0. Basic Networking Theory - you should read a brief explanation of the OSI 7-layer network model. You don’t have to try to memorize this and you won’t really understand it until you start actually doing stuff, but you should read it for some basic terminology and to understand that there are distinct steps through which communication between computers happens.

   When you start running into problems (“why can’t I access the server? I did all the tutorial steps”), figuring out which layer the problem is in will help guide you to the solution:

   • is there a bad cable? -> 1. Physical
   • do I have the right IP address? -> 3. Network
   • is the firewall port closed? -> 4. Transport

1. Privacy/Security/Safety - don’t host a publicly accessible website from your personal computer. Just don’t. To make this happen you will have to open a hole in your network security that makes your computer accessible from the public internet. Don’t do this on your daily driver computer. Don’t do this with any device that has any files on it that you care about or any access to any personal information. Don’t.

   Set up your web server/learning environment on a clean, dedicated system. This could be an old laptop or a Raspberry Pi (an older 3B model will work just fine for this) or whatever cheap computer hardware you have, as long as it can run Linux and has a physical network port (using WiFi will give you extra headaches for getting this working). If you think you might want to expand your projects in the future, you can get a used Dell server for very little money, and add more hard drives as needed. Wipe the hard drive and install Debian or Ubuntu server as a base, there’s lots of resources out there for setting up web services on either.

2. Restricted Ports - you are most likely on a residential internet connection. Most residential ISPs close ports for security reasons, especially 80. For example, here is Cox’s list of restricted ports. You will need to find your ISP’s equivalent list and understand what you can and can’t do with your connection.

   There are workarounds, primarily through port forwarding. You will need admin access to your router to set this up. I recommend that you read that entire article because it probably applies directly to your situation.

3. Dynamic IP Address - most people still find it easier to work with IPv4 addresses - I won’t go into IPv6 right now, but you should read a little about it just for awareness. Your residential internet most likely has a dynamic IPv4 address, which means you can’t rely on that address staying the same forever (or even until next week), which means that you can’t configure your Cloudflare domain name to point to a single IPv4 address.

   Dynamic DNS is the solution for this, and again you’ll need admin access to your router to set it up.

4. HTTPS/TLS/SSL - if you get through all those issues then you probably have a working website, but now you’re seeing something like this when you try to view it in your browser:

   This doesn’t mean that you can’t get to your website - it just means that you can only do it via HTTP and not HTTPS, which the browser is warning you (and anyone else trying to view your website) is not secure. You can either just accept that this alert will always come up, and that you have to click through it, or you can learn about TLS and getting an SSL/TLS certificate. This is a later topic - it doesn’t matter and probably won’t make sense until after you’ve got your web server online.

I plan to RAID1 them and use them as boot drives

This will not work unless the mainboard is handling the RAID control in firmware. If you are doing software RAID then the OS must boot before the array can be accessed.

If you just want to set up a NAS, you can get a used PowerEdge tower for very little money, and it will work a lot better than what you have planned.

Like it or not, commercial computing is primarily Microsoft environments. Businesses are moving to Azure/O365, but there’s still a lot of on-prem AD out there, and a lot of businesses that are stuck in between with some form of hybrid hodge-podge. It’s definitely more difficult to do admin tasks for individual Windows endpoints vs. Linux, but on the other hand there is no FOSS equivalent for AD forest management. In a corporate environment, the ability to manage large numbers of endpoints at scale is more important.

You probably shouldn’t be using iPerf3 on Windows, but instead use the native nttcp.

tracert is included with Windows by default, no need to install a separate utility. robocopy is also included with Windows and can be used to do incremental backups if that’s your use case.

If you have to manage Windows systems you should learn about Windows-native tools, rather than trying to drag the Linux-native tools you’re used to onto Windows just for the sake of familiarity.

That said, installing (and updating) software on Windows is absolutely a pain compared to the relative simplicity of a Linux package manager and I’m 100% with you on that. I highly recommend chocolatey, which attempts to work as a package manager for Windows. All of the software that you install with chocolatey can be updated with a single command, similar to running updates in a package manager on Linux. If you can implement this on the Windows systems that you have to manage, it will make things easier.

You will own nothing and like it have no recourse.

Qubes - an OS that compartmentalizes system functions (including userspace) into separate VMs, with the intent of keeping them secure from each other. Kind of an internal zero-trust approach. Complicated to use.

Alpine Linux - stripped down to create a reduced attack surface, with the intent to provide only packages which have been vetted for security. Fairly straightforward.

Redox OS - a Unix-like OS written in Rust (not actually Linux). Limited, still kind of a prototype.

Damn Small Linux has been revived with a new version recently, which is nice to see.

HoloISO - a community built reimplementation of the Steam Deck OS.

Now you do what they told ya… now you’re under control

And even if the cooperation doesn’t last, it’s an opportunity for the open source developers to work with the product engineers and get direct information from them right now. There’s nothing as valuable as talking to the guy that actually designed the thing, or the guy who can make changes to the product code.

Even if that relationship doesn’t hold long term, the information gathered in the short term will be useful.

If I were part of this project this is what I’d be going for. Push the company to give you direct contact with the relevant engineers, right now while the negative public opinion is fresh and they’re most willing to make concessions, and then get as much out of that contact as you can. Take them at their word, make them actually back it up, take advantage of the offer to cooperate. Sort the rest of it out later.

Yes, it is damage control. That’s OK.

The whole point of spreading the word about an incident like this is to get public attention on it, and make the company realize that the way they’ve handled things was bad.

A letter like this indicates that they’ve realized they fucked up and they want to do things differently going forward. That doesn’t mean they’re suddenly trustworthy, but it does mean they can be negotiated with.

The correct response is to accept the offer of working together. We want to encourage companies to be cooperative and discourage insular, proprietary behavior. If you slap away the offered hand then you discourage future cooperation, and now you’re the roadblock to developing an open system.

When you start getting the results that you want, don’t respond with further hostility.

I was referring to OP’s use of IPQuick. This isn’t a service I’m familiar with and it doesn’t seem to be affiliated with any organization that I’m familiar with either.

1. Assuming that you mean that you are using the domain name to point to services which are at a residential, dynamic IP address, you will need to set up a Dynamic DNS service.

2. If a product is free, you’re the product.

You might be interested in the Banana Pi BPI-R4, which has an officially supported OpenWRT image and costs ~US$110.

Nah, that sounds complicated. Just open port 22 and forward it your server.

It’s up to about 300 now.

Do you know about the Minecraft Uncensored Library?

Services which were freely offered when creators added their content to YouTube, at no charge to YouTube, with no indication that there would be an attempt to charge an access fee.

YouTube encouraged the community to build a theme park while not paying even minimum wage to most of the builders, then decided to charge the community for admission to the park they built. This should be regarded as fraud and/or theft.

There is still a wall around the content hosted on YouTube.

You mean the stuff that people uploaded to YouTube, which YouTube didn’t create for themselves, and has no right to build a wall around?

I used to run a Minecraft server with PaperMC on an RPi4, and I would only give the java environment 2G of RAM. It never crashed except when I overloaded it with plugins. The same Pi was also hosting Pihole and Ubiquiti UNMS. As long as you aren’t planning on hosting hundreds of players at the same time, you should be fine with whatever (and assuming you’re doing this at home on residential internet, your network would be the bottleneck anyway). I do recommend PaperMC, it improves the performance and stability of Minecraft and it’s a fork of Spigot so it’s compatible with most plugins.

Also /u/ShellMonkey is correct about used server hardware. You can pick up a Dell PowerEdge for about $200.

And you can support wonderful, consumer-friendly businesses like TicketMaster at the same time!