I'm in first year general computer school right now, learning web design, scripting, etc.

Interested in setting up a home server using crappy computer + Linux of some kind. Not for people to actually come and look at, not interesting in violating ISP terms, just for learning, hosting things in an environment where they work, seeing how things behave differently on the web, etc.

Primary purpose would be web server, but not excluding file or email.

Is this safe? Would I be compromising my home network? Putting a host on the net for others to abuse? Any suggestions on where to look to learn what is necessary?

I'm a proficient Linux user, windows power user, but by no means an expert. Just wondering where to look, I'd rather self teach anyway. Just seems dangerous should a mistake be made.

Any thoughts? Search here doesn't yield much but there seem to be some types that would know this.

Since you don't need to make it accessible to others, it's perfectly fine to keep it on your home network, or even just localhost.

Should like to access from work/school/other though. If possible; part of the purpose of the exercise is learning real world issues.

Try FreeNAS. Its free and pretty flexible.

Right, sorry. Specifics.

I can follow instructions to set it up. Reasonably familiar with open source solutions.

1) Is it safe/secure.
2) What am I going to miss that needs doing to make it safe/secure?

Cheers.

part of the purpose of the exercise is learning real world issues.
Aside from security concerns there is no fundamental difference between LAN and "real world".

Some ISPs actually block the server ports to prevent you from running a home server, rather than just relying on their terms of service. Better check on that if you're going to want remote access from outside your home.

1) fail2ban
2) no root user (sudo only)
3) use non-standard ports for your web server and SSH server
4) SSH access only (no telnet, no FTP)

Not sure what "email" you're going to set up, since you'd need a domain and a static IP to handle incomign email. You can set up an email gateway quite easily, and not need to expose anything to the outside world.

Everything else is covered by a multitlude of documents, all written by people doing the same thing as you, going back 15+ years.

Also, you can use this as an opportunity to learn about routers and firewalls, as you'll have to poke a hole in your firewall for each service on your server you want to expose to the outside world.

Not sure what "email" you're going to set up, since you'd need a domain and a static IP to handle incomign email.A dynamic DNS should be fine for testing and even more so for "learning".

3) use non-standard ports for your web server and SSH server


Seriously? ;) OP's website will be so quiet I doubt he'll learn anything....

Personally, I would:
1) Read various hardening document before you expose it to the world, understand the reason behind each hardening measure.
2) Run stuff on their standard ports so you get external hit - IMHO a big part of sysadmin (at least for *nix admins) is reading the logs and understand what is happening on your system.

1) fail2ban
2) no root user (sudo only)
3) use non-standard ports for your web server and SSH server
4) SSH access only (no telnet, no FTP)

Not sure what "email" you're going to set up, since you'd need a domain and a static IP to handle incomign email. You can set up an email gateway quite easily, and not need to expose anything to the outside world.

Everything else is covered by a multitlude of documents, all written by people doing the same thing as you, going back 15+ years.

Also, you can use this as an opportunity to learn about routers and firewalls, as you'll have to poke a hole in your firewall for each service on your server you want to expose to the outside world.


Seriously? ;) OP's website will be so quiet I doubt he'll learn anything....

Personally, I would:
1) Read various hardening document before you expose it to the world, understand the reason behind each hardening measure.
2) Run stuff on their standard ports so you get external hit - IMHO a big part of sysadmin (at least for *nix admins) is reading the logs and understand what is happening on your system.

Thank you.

That was the whole point. Rather than just FTP something to a hosting company and not thinking about it, I would like to learn what is going on in the back end.

Just looking on where to start reading, I am not naive enough to run something like this without understanding it. Google search 'home web server' brings back 10+ years of the same question, all with different answers. I think in this case it is better to try and find it directly.

More than willing to go look it up myself, just wondering what is can't miss/often missed/must read.

Rather than just FTP something to a hosting company and not thinking about it, I would like to learn what is going on in the back end.Does that involve learning to deal with the consequences of getting your LAN hacked into? If not then just get a VPS and have all the fun there.

That was the whole point. Rather than just FTP something to a hosting company and not thinking about it, I would like to learn what is going on in the back end.

Rent an unmanaged virtual private server (VPS) instead. This way you're still in full control of the server and have to handle all the back end stuff, but no matter how badly you mess something up it isn't going to compromise the security of your home computers.

I personally have services with BuyVM and Hostigation, so would recommend either of them

EDIT: Didn't notice xalex0 already recommended a VPS, making this redundant. I'll leave it in though, just to show a VPS really is the best option for what you want to do.

Thank you.

That was the whole point. Rather than just FTP something to a hosting company and not thinking about it, I would like to learn what is going on in the back end.

Just looking on where to start reading, I am not naive enough to run something like this without understanding it. Google search 'home web server' brings back 10+ years of the same question, all with different answers. I think in this case it is better to try and find it directly.

More than willing to go look it up myself, just wondering what is can't miss/often missed/must read.

1. Official docs:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/index.html

I am assuming you are learning this to advance your career. Based on my experience, most company use either RedHat/CentOS and SuSE. Therefore I think it's beneficial if you start with their docs.

As for security - I used to read NSA's hardening guide for RHEL (CentOS).

Secondly, I would avoid any GUI configuration tools - even if it's from the vendor, do everything via the command line.

Cheap VPS is a good option, if you have some money to spare.

Cheap VPS is a good option, if you have some money to spare.You can even get one from amazon for free for a year.

What about a pogoplug running archlinux arm? $50 or less and youve got a very functional web/email/file server.

Definitely dont mix home file with web and email.

Like other said get a VPS for web + email

Thank you.

That was the whole point. Rather than just FTP something to a hosting company and not thinking about it, I would like to learn what is going on in the back end.

Just looking on where to start reading, I am not naive enough to run something like this without understanding it. Google search 'home web server' brings back 10+ years of the same question, all with different answers. I think in this case it is better to try and find it directly.

More than willing to go look it up myself, just wondering what is can't miss/often missed/must read.

5) strong password on your remote account. Also, don't create accounts for anyone else.

Once upon a long time ago, the HOWTO documents on linux.org were a good source for all the basic info.

What about a pogoplug running archlinux arm? $50 or less and youve got a very functional web/email/file server.However, if it's hacked into then your whole LAN is compromised.

However, if it's hacked into then your whole LAN is compromised.

This is true, but learning about what happens when you get compromised is part and parcel of learning about servers and system administration. Not that I'm saying it should be encouraged, but after you get compromised, you (presumably) learn from your horrible mistakes.

This is true, but learning about what happens when you get compromised is part and parcel of learning about servers and system administration. Not that I'm saying it should be encouraged, but after you get compromised, you (presumably) learn from your horrible mistakes. Absolutely. That's why I only suggested to use VPS if the above is not the goal.