Question

  • Creator
    Topic
  • #4239525

    Web hosting from home office

    by lloyd ·

    I need to host several small websites from my home office. I have Verizon FIOS internet service, a static IP address, several domain names, and a well-provisioned Intel NUC with Linux OS. I’m concerned about LAN security so please critique my plan.

    1. Assign static IP on NUC in 192.168.1.xx range
    2. Close all ports on NUC
    2. Define firewall on NUC to open ports 80 and 443.
    3. Upload NGINX as proxy server
    5. Get SSL certificate
    6. My Gateway G100 router supports port forwording so configure for NUC IP

    Is this sufficient to serve web content while protecting the rest of the devices on my LAN from malicious exploits?

    Many thanks,

    LRP

You are posting a reply to: Web hosting from home office

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

  • Author
    Replies
    • #4239541
      Avatar photo

      The answer to all “protect from (sic) all mailicious”

      by rproffitt ·

      In reply to Web hosting from home office

      Is going to be no.

      NGINX and your web server won’t save you from exploitable web pages. Example: Little Johnny Drop Tables XKCD (google that.)

      So while you might have protected some exploits you left other attack vectors open. There is no simple fix for this such as port blocking.
      You have to sanitize web inputs and more.

      Finally, many ISPs block inbound traffic on port 80 and 443 so be sure you check that before you invest much time or money.

    • #4239544

      My hope was to get helpful how-to info

      by lloyd ·

      In reply to Web hosting from home office

      Are you saying that it’s impossible to host on-prem and big cloud is the only way?

      Do others agree?

      I have a Verizon business account so ports 80 and 443 are open and router supports port forwarding.

      Many thanks,

      LRP

      • #4239550
        Avatar photo

        The question was

        by rproffitt ·

        In reply to My hope was to get helpful how-to info

        “Is this sufficient to serve web content while protecting the rest of the devices on my LAN from malicious exploits?”

        To that question the answer is no.

        “Are you saying that it’s impossible to host on-prem and big cloud is the only way?”

        My answer was to the first question. To this second question, you claim the ISP doesn’t block 80 and 443 so you can host. That’s a different question than your first post.

        “Do others agree?”

        I sure folk will agree you can self host. But as I noted, your plan doesn’t address all exploits and I can’t possible list them all except to note that malicious attacks extend beyond port attacks.

    • #4239807

      Reply To: Web hosting from home office

      by alissonhines9 ·

      In reply to Web hosting from home office

      Your home office website hosting plan prioritizes security , which is great. Here’s a quick rundown:

      Strengths:

      Static IP: Essential for domain pointing.
      Firewall: Limits open ports for security.
      NGINX: Efficient for hosting multiple sites.
      SSL Certificate: Encrypts data for protection.
      Port Forwarding: Directs web traffic effectively.
      Areas to Improve:

      Consider a separate network for your server.
      Customize firewall rules for better control.
      Ensure NGINX configuration routes traffic correctly.
      Implement basic server hardening measures.
      Regularly monitor logs and backup data.
      Following these tips will enhance your website hosting security.

    • #4239811

      Thanks, Alisson!

      by lloyd ·

      In reply to Web hosting from home office

      …for your helpful response.

      LRP

Viewing 3 reply threads