Posted: Tue Jul 16, 2024 4:57 Post subject: Best way to deploy HTTPS and FTP servers
I have so many spare dd-wrt routers and Lenovo servers. I want to make one of these into a HTTP and FTP server (but not today). Maybe even with video streaming too. I have a static IP but no actual domain right now, but would get one if I deem there is a secure way to do this.
I absolutely hate the idea of putting any part of my LAN on the world wide web. There is simply no way to keep it 100% safe, I know that.
Is putting it on a DMZ the best option and let it fight for itself? Maybe doing a vlan is with proper iptables rules? I just am not sure which is best and most secure as there are a plethora of options I think (including Cloudflare).
Opinions? _________________ - Linksys EA8500: I-Gateway, WAP/VAP 5ghz only. Features: WDS-AP, VLANs, Samba, WG, Entware - r58662
- Linksys EA8500: 802.11s Secondary w/VLAN Trunk - r58662
- Linksys MX4300: 802.11s Primary w/VLAN Trunk over 5ghz. 2.4ghz WAP/VAP only - r58662
- Linksys MX4300 (WAP/VAP (7)) Multiple VLANs over single trunk port. Entware/Samba r58662
- Linksys MR7350: Testing r58662
- Linksys Velop WHW03v1 x2: OpenWRT w/GRETAP tunnel for VLANs on VAPs
- OSes: Fedora 39, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '95, never having owned a Windows PC.
If it's just for YOU and your trusted family and friends, then establish your own VPN server on the LAN. Cloudflare will work too, but it's probably overkill, and unnecessarily introduces a third-party. You might also limit access by VPN clients to specific LAN ips and ports via the firewall just as a precaution.
OTOH, if it's for the wider public at large, then use Cloudflare. Now your public IP remains hidden (static or dynamic, doesn't matter). You're protected against DDOS attacks. You can add additional layers of authentication and geo blocking w/ little effort.
Of course, if you're behind CGNAT, then Cloudflare becomes a necessity, regardless of the above two scenarios. Not unless you're prepared to roll your own VPS solution.
This would not be for wide public access. Mostly just family/friends. I am not behind a CGNAT and presently subscribe to a ddns service even though I have a staic IP. My ISP switched everyone over to static IPs around 3 mos ago.
If I were to do this on an old router, I would use Entware for both the https and ftp servers. I would not use the built in ones for sure but I will probably just use one of my many Lenovo servers running Fedora or some RHEL spinoff such as Oracle.
I am not planning to do this real soon, probably this Fall/Winter. Just wanting some advance preparation for it. Presently I am concentrating on a full rebuild of my 45 year old Pioneer SX-780 receiver which died this past weekend. Ugh! _________________ - Linksys EA8500: I-Gateway, WAP/VAP 5ghz only. Features: WDS-AP, VLANs, Samba, WG, Entware - r58662
- Linksys EA8500: 802.11s Secondary w/VLAN Trunk - r58662
- Linksys MX4300: 802.11s Primary w/VLAN Trunk over 5ghz. 2.4ghz WAP/VAP only - r58662
- Linksys MX4300 (WAP/VAP (7)) Multiple VLANs over single trunk port. Entware/Samba r58662
- Linksys MR7350: Testing r58662
- Linksys Velop WHW03v1 x2: OpenWRT w/GRETAP tunnel for VLANs on VAPs
- OSes: Fedora 39, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '95, never having owned a Windows PC.
Joined: 08 May 2018 Posts: 15250 Location: Texas, USA
Posted: Tue Jul 16, 2024 16:29 Post subject:
I am currently looking into this myself. Simply to provide an un-censored resource. Seems that gmail, gsuite, et al are not too keen on certain content or email addresses.
<off-topic>
lexridge wrote:
Presently I am concentrating on a full rebuild of my 45 year old Pioneer SX-780 receiver which died this past weekend. Ugh!
Radio Shack / Realistic had a similar unit way back when. Love old stereo hardware, but if I had any, my neighbors wouldn't love it as much as I do
</off-topic> _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Oh yeah, an email server would also be a huge plus! I have been trying like hell to de-Google myself as best as possible, even 100% switching to duckduckgo nearly a year ago on all my computers and phone. Google still mostly controls the phone however, no way around that really without flashing a de-googled ROM to it. I don't do Apple either!
<off-topic>
Re: Old stereo equipment. Hoping to fix this SX-780 sooner than later. I have had the rebuild kit for it for nearly 18 months because I KNEW it would fail sooner or later, just because of the age and capacitors just don't have the best of life. I am also going to replace the Darlington power packs with modern replacements which are cleaner and slightly higher output (50 watts vs 45 watts p/c). I don't have to worry about neighbors. This amp is both louder and cleaner than my modern Onkyo which is rated at 120watts p/c. The difference between Class A and Class D amps I guess....and beautiful old build quality.
I believe many of the late 70s Radio Shack receivers were built by either Technics or NEC, depending on the model. Good stuff too, as was the JCP MCS series. _________________ - Linksys EA8500: I-Gateway, WAP/VAP 5ghz only. Features: WDS-AP, VLANs, Samba, WG, Entware - r58662
- Linksys EA8500: 802.11s Secondary w/VLAN Trunk - r58662
- Linksys MX4300: 802.11s Primary w/VLAN Trunk over 5ghz. 2.4ghz WAP/VAP only - r58662
- Linksys MX4300 (WAP/VAP (7)) Multiple VLANs over single trunk port. Entware/Samba r58662
- Linksys MR7350: Testing r58662
- Linksys Velop WHW03v1 x2: OpenWRT w/GRETAP tunnel for VLANs on VAPs
- OSes: Fedora 39, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '95, never having owned a Windows PC.