As you might infer from the above image, I prefer clean/minimalistic designs. Admittedly, it wasn't that empty prior to today; it had an icon based left-navigation bar that I tore off in favor of a foreboding "No one is here," touch.
On the path to creating a more attractive website I found myself at a cross road; should I:
- Purchase a domain name?
- Should I host the site at the university or at home?
- Would it be possible to host the server at my home due to a dynamic IP configuration brought to you buy a low-grade FIOS package?
- Did I have any spare low-footprint hardware lying around to get this job done right?
Not so surprisingly, I had answers for all of these questions! I had previously dabbled with my own home server configurations using low-footprint (w/ respect to energy) configurations. One trip to my office closet and I unearthed my old Mac Mini G4. Perfect.
cat /proc/cpuinfo processor : 0 cpu : 7447A, altivec supported clock : 1249.999995MHz revision : 1.2 (pvr 8003 0102) bogomips : 83.24 timebase : 41620997 platform : PowerMac model : PowerMac10,1 machine : PowerMac10,1 motherboard : PowerMac10,1 MacRISC3 Power Macintosh detected as : 287 (Mac mini) pmac flags : 00000010 L2 cache : 512K unified pmac-generation : NewWorld Memory : 1024 MBBefore you go, "please, not an OS X server," I counter that thought with a, "I am not crazy." In fact, the idea of running OS X on the Mac Mini is a bit ludicrous for these reasons:
- The last OS it could run was Leopard... and it was a bit resource challenged (in fact I had Leopard on it at one time). We SHOULD argue that running an outdated operating system places us in risk because of known vulnerabilities on a platform no longer supported = pwnage.
- Maximum supported memory is ~1GB. As you can see in the above, I've already done this upgrade.
- The challenge of using outdated software packages. I'd imagine that MacPorts or equivalent would be fine for building your own software, which I would RECOMMEND HIGHLY if you're dead set on this method.
- Debian runs great on this platform, so why not?
Debian, of course, was my solution for this little project. The latest version is supported, and Debian has provided time tested reliable implementation/software management... and I know my way around Debian well because of years spent on Ubuntu [ISO here]. While installing on Debian you might note that you can opt of a desktop enviornment (gnome2), and I would recommend doing so. However, if you're new to server administration - than go for it... I had weakly-benchmarked my machine running gnome-session and it was idling with ~1-3 CPU utilization and approximately ~377868KB (.36GB) of RAM with a few users actively looking at the website and myself running top.
Also along the path of installation you will be asked to check certain purposes in which this server will be run. A few of them I selected: DNS Server, Web Server, Email Server. Obviously everyone will have a different use case for their little mini, but it doesn't hurt to skip things you aren't sure about because apt makes it easier down the road. I was going to advise to go a head and install, but from a security mindset that's not preferable as it would be more stuff to lock down until you have the chance to come back and play.
Once you have Debian installed, be sure to upgrade the current software stack via the package manager. That done, you're ever closer to having that server facing the outside world. A few things I would recommend in preparation:
- Find your IP address; type: ip addr.
- Log in to your home router via the web interface (or ssh if you have a cool linux based router). Verizon Fios' default IP on the local network is 192.168.1.1.
- In your interface, be sure to port forward to the network device that reflects your servers IP. Again, if you're using Verizon Fios' router - this option will be under the advanced tab.
- Note that you will want to forward port 80 (HTTP) and 22 (SSH - in Verizon this is a custom port forwarding configuration).
- Now that this is done, get your external IP address (lazy/acceptable way: http://www.whatismyip.com/).
- Navigate to that IP address over http in your url bar, and BOOM. You should be greeted to the default apache "hello world," being served from your server.
Now I will leave the configuration of apache to you, though I would recommend:
- Use Virtual Hosts.
- Be careful of being to permissive with your directory permissions.
- Uninstall apache mods that you aren't going to use.
- If using a database backend for anything... pick a random root user password would you!
Great - we have our server facing the world. Let's address a personal feeling toward ssh - turn off passwords, root remote login, and use public keys. I especially don't like when I check my logs and had someone port knocking every damn thing and trying every known user/password combo possible. Alright, let's move to the last problem - dealing with a dynamic IP.
If you're an average consumer, chances are that you haven't subscribed to Verizon business to benefit from a static IP. As such, you have a dynamic IP configuration that apparently renews every time you reboot your router (this is neither confirmed or denied, some claim different reasons though it does renew at some point). Let me not ramble and make this concise - sometimes that IP address that you typed in your URL bar earlier, to access your website, changes. This is problematic because if you want to sign up for a domain name, you're screwed every time your IP changes. That is because a DNS lookup would result in the incorrect IP. Additionally, if you were to manually update the domain name it takes time to propagate (unless you're just forwarding with it... in which case it's acceptable... annoying none-the-less).
There is a solution to this mess! Dynamic DNS. Services that provide DynDNS are great because they provide clients (some being open source like ddclient) for updating services when your IP changes and they can provide a middle-man black box solution for propagating the change. I am currently using such a setup myself. Specifically I am:
- Subscribed to no-ip.com for their DynDNS services with a free hostname.
- Registered michaelrushanan.org with GoDaddy Domain Registrar.
- Forwarding with a mask the domain to micharu123.no-ip.org.
As you can see I have a funny setup going on up there. Well, it's because I didn't put too much thought in getting this together (bigger fish to fry as it were). I purchased the domain from GoDaddy assuming that I could easily configure a DynDNS service. Well, DO NOT DO THAT! GoDaddy doesn't have support for this, unless it's an ugly hack, much like what I am doing now. I, instead, recommend investing into the registration serviced provided by DynDNS providers. Check that said service provider is ICANN approved and you should be good! For the time being, the next 60 days, I can not transfer my domain name... so forwarding with masking will have to just suffice.
My mistake now your lesson, check out my new website ;). Shameless plug!
No comments:
Post a Comment