Pretty cool. I had no idea Cloudflare offered this. On Tue, Jan 3, 2023 at 6:40 PM Doug Jenkins <d...@dougjenkins.com> wrote:
> If you are willing to roll up your sleeves and get technical, serving your > website at home can be done safely and securely without changing your > firewall. There are some steps to do, but at the end it will save you money > and it will give you some real-world IT experience. > > So to self-host your WeeWX website, I would do the following > > NOTE: This is a high-level checklist. there are lot of steps for each item. > > 1. Get a domain name. Porkbun.com is cheap, but Google Domains works too. > 2. You need to have a NameServer Service to tell the internet where your > website is. My checklist will use CloudFlare (free). They have a bunch of > services that we are going to use to make this happen. > 3. Once you buy your domain name, you will need to point it to > Cloudflare's Servers. Cloudflare's setup will walk you through it. This > will take 4 - 24 hours to propagate across the internet (your response may > vary). > 4. Once it is propagated (Cloudflare sends an email to you), You will > setup your website inside the tool. We are going to setup "Zero Trust" > tunnel that will create a secure tunnel between cloudflare and your server. > I have a video that walks this whole process through (including configuring > cloudflare) > > https://youtu.be/eojWaJQvqiw > > This tunnel is the KEY. This tunnel will encrypt the traffic coming to > your domain, secure your domain with an SSL Certificate, and essentially > expose it directly on your server. Again this service is free for small > domains (like weather station sites!) and does not expose your network to > the internet directly. > > 5. Within the tool you will configure your Server name and the port (80) > that your webserver is now hosting your WeeWX site. You will have to > install a package from Cloudflare to act as the broker for the connection. > The video goes over a container-approach, but in Cloudflare's > documentation, they cover a linux server install. > > The benefits of doing this approach are: > > 1. Site gets a free SSL certificate (https:) that is handled by Cloudflare > 2. Cloudflare acts as a reverse proxy to broker your connection from the > internet to your server and port. > 3. connection between Cloudflare and your server is secure. You do not > need to open a port for this. > 4. You get website statistics and other security features for your website > for free from cloudflare. > > Check out the video and let me know if this helps. There are other > resources on the internet that can help on this setup. > > Doug Jenkins > > On Tue, Jan 3, 2023 at 11:46 AM vince <vinceska...@gmail.com> wrote: > >> If you're asking that question, you really shouldn't do it for security >> reasons. There are soooo many bots and automated scanners out there >> looking for victim sites that you'd be massively attacked within literally >> a minute or two. Please don't. Really. >> >> But to answer - you'd need to alter your home firewall to permit incoming >> web traffic to 'only' that computer and tcp/ip port. Ideally you would >> have your webserver also running 'only' https (a bit hard on a LAN to do), >> have lots of logging (syslog), blocking typical attacks (fail2ban) and >> hopefully even alerting that attacks are even happening. You should also >> segment your network so it's on an isolated VLAN so it can't be used as a >> jumping off point to attack your other home network devices. That requires >> special network hardware usually, and some additional level of expertise. >> It's a big lift to do correctly. >> >> Simpler answer is to spend a few bucks/month and spin up a AWS Lightsail >> VM and use weewx's RSYNC uploader to update the Internet webserver with the >> weewx-generated data automatically. Lightsail is free for 3 months trial, >> then $3.50/month. Small price to pay for peace of mind. >> >> You'd still have to harden your Lightsail VM, but that's far easier to >> learn how to do. Get a lets-encrypt ssl certificate to use only https. >> Use the Lightsail console to let 'just' https in. Install fail2ban. Very >> doable. Lots of guides out there for how to do so if you google a bit. >> >> >> On Tuesday, January 3, 2023 at 4:23:59 AM UTC-8 kb3...@gmail.com wrote: >> >>> I was able to get the local network page of my weewx station but how do >>> you see this from the public ip? >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "weewx-user" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to weewx-user+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/weewx-user/4a1e2ea1-74c3-4f08-ac28-2267cb1148f5n%40googlegroups.com >> <https://groups.google.com/d/msgid/weewx-user/4a1e2ea1-74c3-4f08-ac28-2267cb1148f5n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "weewx-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to weewx-user+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/weewx-user/CACC0i0wiy_rGYdZWohX1Z%3D9BJ%3DEFCbmGKg3Wh4%3D%2BBMRzYxtKPQ%40mail.gmail.com > <https://groups.google.com/d/msgid/weewx-user/CACC0i0wiy_rGYdZWohX1Z%3D9BJ%3DEFCbmGKg3Wh4%3D%2BBMRzYxtKPQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/CAPq0zEB8AWBJ8h6YD_pUYTehBNkVzPqxz0mqOi0-N%3DHkjyaKhw%40mail.gmail.com.
