.dev domains are required to only be reachable via https. You've not mentioned that in the post, so I'm guessing port 443 is not serving or even listening.
I'd delete the screenshot with your IP visible. You never know...
this post was submitted on 03 Mar 2025
8 points (83.3% liked)
Selfhosted
43945 readers
548 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
Hello!!! <3
So i'm trying to host my own lil website server! I already got httpd on my fedora (GNU/Linux) device, forwarded the 80 port to my router and - TADA I can access my simple index.html site from anywhere now via the IPv4 address! I even tried it on my phone at work, and I was able to reach my home server!
I have now purchased some nice domain smorty.dev rather cheaply on porkbun but - as you may find out when clicking on the link - it doesn't forward to my server yet ;(
I have already setup the A address record thingy on porkbun, which can even be verified by running ping smorty.dev in the terminal, as it retrieves the current IPv4 address of my router
CODE BLOCK
maria@fedora:~$ ping smorty.dev
PING smorty.dev (79.241.82.75) 56(84) bytes of data.
64 bytes from www.smorty.dev (79.241.82.75): icmp_seq=1 ttl=63 time=8.35 ms
64 bytes from www.smorty.dev (79.241.82.75): icmp_seq=2 ttl=63 time=6.53 ms
64 bytes from www.smorty.dev (79.241.82.75): icmp_seq=3 ttl=63 time=5.94 ms
^C
***
smorty.dev ping statistics
***
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 5.937/6.937/8.345/1.024 ms
I searched online and found some people talking about a Windows HOSTS file, so I found the equivalent for GNU/Linux, which is /etc/hosts and that file now looks like this
CODE BLOCK
maria@fedora:~$ cat /etc/hosts
# Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# See hosts(5) for proper format and other examples:
# 192.168.1.10 foo.example.org foo
# 192.168.1.13 bar.example.org bar
79.241.82.75 www.smorty.dev
127.0.0.1 www.smorty.dev
Soooo there is clearly a connection there, but the actual forwarding in the browser to my website doesn't seem to work ;(
I am *somewhat sure I exported this correctly...
IMAGE OF ROUTER INTERFACE
EDIT: I completely forgot to mention what the address records look like... and maybe they are kinda important for my problem sooo here they are!
SCREENSHOT FROM ADDRESS RECORDS
if someone here could share some advice maybe - that would be super great :)
The bots are a much bigger threat than Lemmy
Is your web server set up to use a domain? Like if you're using Apache vhosts or anything, I'm pretty sure you need to configure your domain in there too, and then restart the web server.
As others have said, close port 80. I actually stopped exposing ports a while back. I just configured always on vpn on my phone instead. Much more secure.
Unless you’re using outdated server software, there’s nothing inherently insecure with exposing ports to the Internet. Be it port 80 or 443. Just keep everything up to date and maybe add fail2ban to stop people poking around.
There is always a risk. Nothing is 100% secure. It's low but the risk is there. Noobies also make configuration mistakes which can impact security severely.
Don't forget about heart bleed, the openssl vulnerability that went undetected for years.
My home shit is also not funded by a Corp with all kinds of fancy threat detection and prevention stuff. I don't have the time or desire to deal with it, nor do I need to serve other users, only my own needs. Therefore vpn is more secure.
but i wanna have a website others can access too. I tried using VPNs for cool stuff already (like controlling my lil raspberry robot from work with my phone) but I want this website to be available to all the people...
should i just bite the bullet and rent some hosting service? Or is there still hope for me putting "setup home website server" on my resume?
I’ll pitch in here.. so website dns (porkbun) is configured to point to your home in, great!
2 things need to happen.
- Your router needs to expose ports 80 and/or 443 for HTTP and HTTPS access. If you are only doing HTTPS then 80 isn’t really necessary. These ports need forwarded to a reverse proxy, such as NGINX or Apache.
- You need to have a reverse proxy setup that can translate the domain name that is being sent to a local IP address:port. You should be able to find some relatively simple/easy reverse proxy configuration generators online to help you get that setup. You’ll want to setup SSL certificates while you’re at this too. Look up “nginx certbot lets encrypt” and that should get you pointed in the right direction.
Once those are done, in theory, you should be able to access your website outside of your home network using your domain name.
I must have been doing websites wrong for decades by not forwarding through a reverse proxy. I admit a good one like caddy makes tls easy, but unless you have several backends for one site theres no need. The reverse proxy part of load balancer is very similar to a port forward, but on layer 7 instead of 3 or 4
I wouldn't say you're doing it wrong, but a reverse proxy allows you to not only have a specific domain to use and multiple backends, etc... but it also can translate to not needing to have a port open for every single service you run on the backend.
RP's can certianly be a load balancer, but usually for home lab / selfhosted purposes, we don't need a load balancer.
Your domain name resolves fine for me, and it's true you'll need to set up https for it to work in a browser, but even with curl I get a timeout. Maybe you stopped running httpd?
The hosts is mostly so your computer can connect out to other websites, but doesn't matter for being able to connect to something you're serving.
Instead of httpd, maybe try out Caddy. It makes https pretty simple and free once you have a working Caddyfile.
There is so many things wrong with this post...
You have become the classic case of knowing enough to be dangerous.
Please start by closing off port 80. Do not ever expose anything to the internet without proper security measures. You want to use https (so port 443) and you should consider if you really need to expose it at all. My guess is that your browser is not allowing plain http traffic since it is a security nightmare. (Someone could man in middle it and take control of your browser plus there is lots of information your browser sends to the server) If you still want a public server you can use caddy in a container on a preferably dedicated device. You don't want to just run a service from your main device since if it gets exploited you are in trouble. httpd is not industry standard (although you can use it) so I would be careful about blindly trusting it. You want a multilayer defense with possibly some sort of rate limiting to stop bots from destroying it.