howto bootstrap your own server at home (with a dynamic IP)
// October 14, 2010
Warning: running a server of any kind at home is a security risk. Security problems are sometimes found in server software, and these can be exploited to gain access to or damage your files. Your computer must be kept absolutely up to date with Software Update or the equivalent for your operating system if you intend to run a web server on it. This doesn’t eliminate the risk — it only minimizes it. You run a server at home entirely at your own risk. If you do choose to run a server at home, I recommend finding an old PC (or like me an old MacMini) on the curb and setting it up as your home server, reducing the danger to your own computer. I’m not responsible for any damage you may encounter by following this guide. I’m just a crazy hacker with too much time on my hands. NOT A SECURITY EXPERT.
As you may know, hosting Ruby on Rails applications can take quite a bit of system resources. And it also helps to have root privileges on the machine that’s hosting your app. Since i have some time at hand and a willingness to save money, i’ve setup my spare MacMini to host DumpYourTime.com and also MontrealHackers.com. It works well. And since i switched from a 512mb CloudServer at Rackspace, i want to note that the performances are better on my own server. I can handle almost 2 times more requests per seconds. And of course, this cheap power comes with some drawbacks: vulnerability to power and network outage, to name a few. But since i’m not hosting any critical information or service, i can live with that. Here’s a guide on how to do this at home.
- A Computer: is a MacMini that has Snow Leopard on it. I use Apache with Passenger to host the Rails applications.
- The Internet: I use Bell (I’m in Quebec, Canada) as my Internet provider. So i have a dynamic IP (as opposed to Static IP. Static IP is not available with my ISP. Thus the workaround that i’ll explain to host your site with a Dynamic IP). Note that if you’re using Videotron, you can’t serve anything on port 80 (the port that HTTP is using).
- A ZoneEdit.com account: or any other Dynamic DNS, like Dyndns will do. But i like ZoneEdit because it’s cheaper and it just works. You need this because you ISP is giving you a different IP address once in a while and you don’t want your sites to be down because your domain is no longer pointing to the correct IP. If you had your own static IP (in fact, i think you would need 2 static IPs to setup a DNS server) you wouldn’t need that.
Setup your router (2wire, from Bell)
- Go to http://192.168.2.1/ in your browser
- Go to this tab (http://grab.by/6RFi). in english it says something like Your Home Network.
- You should see a list of all the computers in your network. Find the one that will serve your web sites (by logging into this computer and looking at the output of ifconfig in the terminal) and click on this link (http://grab.by/6RFv) next to it. To modify the parameters of what applications can serve requests on this computer.
- Next to Select the computer, make sure it’s the right IP that is selected. And next to Modify the parameters [...] (http://grab.by/6RFC), check the DMZPlus option (the last one). Click Terminer (or Finish). This step will basically let connections on every ports to go on the machine that you’ve selected. (For some reasons it didn’t work when i tried to just permit HTTP individually.) So make sure you…
Protect your Computer!
- Activate your firewall on your machine to only permit the SSH and HTTP ones. (see http://www.macobserver.com/tmo/article/snow_leopard_enabling_the_built-in_firewall/)
- Make sure you activate only the services that you absolutely need in the Sharing preferences of your server (inside Apple menu > System Preferences.), like the Web Sharing (HTTP) and Remote Login (SSH) .
- Install and setup Fail2ban.
- Subscribe to the Apache security mailing list to get the latest security updates (and fixes) for Apache.
- Keep you system up to date. Religiously (at least like every week) check if there is any update that you can install via Software Updates.
Setup your Domain in ZoneEdit.com
- login to zoneedit.com
- Click Add Zones
Enter your Domain Name, example : montrealhackers.com A confirmation page will tell you this (NOTE: your nameservers are likely to be different than mine):
IMPORTANT: Before your "montrealhackers.com" site is live you must contact your registrar (the people from whom you purchased this domain name) and tell them to change its nameservers to: Nameserver 1: ns13.zoneedit.com (188.8.131.52) Nameserver 2: ns9.zoneedit.com (184.108.40.206) Current DNS information: . nameserver = A.ROOT-SERVERS.NET. . nameserver = B.ROOT-SERVERS.NET. . nameserver = C.ROOT-SERVERS.NET. . nameserver = D.ROOT-SERVERS.NET. . nameserver = E.ROOT-SERVERS.NET. . nameserver = F.ROOT-SERVERS.NET. . nameserver = G.ROOT-SERVERS.NET. . nameserver = H.ROOT-SERVERS.NET. . nameserver = I.ROOT-SERVERS.NET. . nameserver = J.ROOT-SERVERS.NET. . nameserver = K.ROOT-SERVERS.NET. . nameserver = L.ROOT-SERVERS.NET. . nameserver = M.ROOT-SERVERS.NET. Current registrar information: Domain Name: MONTREALHACKERS.COM Registrar: NEW DREAM NETWORK, LLC Whois Server: whois.dreamhost.com Referral URL: http://www.dreamhost.com Name Server: DNS1.STABLETRANSIT.COM Name Server: DNS2.STABLETRANSIT.COM Status: ok Updated Date: 03-sep-2010 Please Note: We are not a domain name registrar. All domain names must be registered with an accredited registrar before you will be able to use our DNS servers! NOTE: Even after you change the nameservers it takes 72 hours for your site to go live. This is a limitation of the Internet/TLD registry, not our service.
- Just click “Start editing Zone”
- Click on IP Addresses.
in the Name field, enter “www”, and in the “Numeric IP” field, enter the IP of your machine. (find out your IP address by going to http://whatismyipaddress.com/) It will then show you a page like this:
Are you sure you would like to add the following IP Addresses? Both "www.montrealhackers.com" and "montrealhackers.com" will have the IP 220.127.116.11. Only "www.montrealhackers.com" will have the IP 18.104.22.168, and please leave "montrealhackers.com" the way it is. (not recommended)
- Click Yes for the first question, because i want to have both montrealhackers.com AND www.montrealhackers.com to redirect to my server’s IP address. Now you should see your two names redirecting to your IP Address.
On your server machine, add this to your crontab:
@hourly /opt/local/bin/wget -O - --http-user=xxxxxxxxxx --http-passwd=xxxxxxxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=www.montrealhackers.com' @hourly /opt/local/bin/wget -O - --http-user=xxxxxxxxxx --http-passwd=xxxxxxxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=montrealhackers.com'
(You might need to change your path to the wget command. Find it by looking at the output of “which wget” in the terminal) Basically it just makes a GET request to the zoneedit server every hours to update them with your IP address. If it did not change, nothing happens. If it did change, it’s updated on their end so when they receive requests to your domain, they redirect to your new IP address.
- You’ll have to wait a couple of hours before modifying your nameservers on your registrar’s control panel for the zoneedit ones.
That's about it.
Questions? Comments? Feel free to contact me.