Disclaimer: This post contains NSFW-ish content.
My other blog was flagged as NSFW for too many times in the last 5 years. I really don't know why. Maybe it's because the way I write. Maybe people don't like NSFW posts, although they read 50 Shades of Grey... I don't care.
Well, this isn't only for Pi. The title could also be "How to make a tiny web server on a Linux running device", but it was just too long so I've decided to think about something smaller. Because I'm not a girl. If I was a girl I didn't have a Pi, I'd have a muffin and I'd dream about big things. But I have a tiny Pi and a webserver.
First of all, if you want a websever at home, you should find some hardware and a place for it to put. My Pi sits on my desktop. You also want to find a hardware that doesn't make noise (a fanless server is the best thing ever) if you want to put it near you. Think small.
Second, you must think from what type of server and what software you want.
Let's say that I can access my server from any part of the world. That being said, I don't need a display, so I also don't need additional software like display/video drivers. Get rid of them. You don't need them and they are also bad for security.
Also, don't use Apache. It doesn't matter if you have a massive shitload of computational power. Go for something light. Go for something that isn't bloated. Apache runs at around 200MB of memory. My whole setup had a maximum of 51MB of memory eaten by kernel, ftp, and nginx.
Think about your served content.
You want a forum, then you'll need php, mysql and maybe other. You will probably want a minimum of 1-1.5GB of RAM memory, and a CPU that can go to at least 2GHz. Multi core is even better. Having 2 CPUs is also better than only one single-core.
For a blog, for example Wordpress, can run from a Pi, but don't do that. You will have a huge latency serving a page. I'm not saying that you musn't experiment, but IMHO it's overkill.
I think I've made a mart choice with nginx and a static content. You don't have that many vulnerabilities for having just a webserver with no PHP. I mean, I already found and fixed a vulnerability in my setup. And think of this: I'm serving static content and being scanned for a PHP installation to exploit every day. Having PHP is... like a bomb waiting to explode. Yes, having a forum requires PHP, but at least don't opt for Apache.
The third recommandation is to watch out for suspicious behavior. You know when you borrow your things to someone and they make a change, then when they return them, it feels strange? That's what I'm talking about. If you notice something strange, investigate.
Set your permissions right. A nice permission rule can make a big difference. Trust me. File permissions, webserver permissions, etc. It doesn't matter. For example, I've disabled every request that isn't a GET request. That's because I only serve static content. For instance
curl -X POST big-bum.uni.cx
[24/Jan/2014:20:44:04 +0200] "POST / HTTP/1.1" 444 0 "-" "curl/7.34.0"
from the webserver. The said vulnerability of my site was because of a simple permission. It wasn't a security issue but a space eating, a CPU and IO saturating one. Think about it.
Setting a firewall is also a good idea.
I've setup my Linux running router to act as a firewall and DNS server. You probably want to have a firewall running in front of your server. For example, I'm also running a monitoring software on my Pi. It can be accessed on 8080 port, but only locally. If I enable forwarding for port 8080 in my firewall, it can be accessed from outside. Also, I've redirected SSH through my computer and only some IP adresses can access it. That being said, (hopefully) only I can control my server.
Experience is always handy. It's not my first time with servers. It's not my first time with Linux either. I'm not a sysadmin, but I consider myself tech savvy enough to understand how a webserver works. I had trouble with DNS. I've watched a video on YouTube on how DNS works and I finaly understool why you have to pay for a domain name and why you can't register a domain for free(as in free beer). I'm not agreeing with this, because this means that the Internet isn't that free as you know, but in about 50 minutes I understood enough about DNS.
All the things written here were based on experience gained from around 4 years in which I played around with Linux. Permissions, nginx, PHP, that curl thing you see above, all of that was learned by myself with no help whatsoever.
Let's see now how far I got with this site:
- almost two weeks. (22:38:39 up 13 days, 6:24, 1 user, load average: 0,00, 0,01, 0,05)
- 128 unique visitors. Without search engines. I've just overflowed a signed byte.
- site is indexed by Google. Bing refuses to index it, fetching as bingbot throws a "Download of robots.txt" error. Bing is being Bing...
- this little piece of hardware is incredible. Could you imagine you could connect with other people with 40 bucks? I'm not saying about my server, but about the Raspberry Pi. You could chat with other people from other countries. With 40 bucks. Yes, you could do more with the Pi, but imagine we are in year 2000. How many of you could predict that someday a computer small as a credit card will exist and with only 40$ you could browse the Internet? There are better alternatives, but for a low budget, this is perfect. The CPU is not very powerfull, but for browsing wikipedia or using it for learning new things it's the best computer under 50$.
That's all for today.