We hear great stories from entrepreneurs saying that they started their business from basement. It makes people think how these entrepreneurs ran successful web sites from a small office in their home or corner of their basement. Is it hard? No, it is not if you have some basic software development and IT background. In this article, I will share my experience with hosting web application on my personal machine in my basement. Hopefully it will provide you necessary information that you can use to do it yourself if you ever find the need to it.
Before you gather the resources required to host your application, you will need to define the functionality of your application. For sake of discussion in this article, I will define the requirements as below.“I will host an application that is accessible over internet. This application will show web pages to my users. The web pages will show data that will be stored in a database. The application will allow users to send me messages that I will receive via email.”
Based on the requirements, I will need following infrastructure and services.
Shortly I will describe why do I need above mentioned resources. Before that, I will explain the mechanics of accessing web pages.
When a user requests a web page from a browser, typical information flow looks like below.
Now that we know how the communication flows between different services to achieve the end goal, I will translate it to the infrastructure and resources you are going to need.
It all starts with deciding the domain name of your website. Once you have decided the name, pick any domain registrar like GoDaddy, Network Solutions etc. and purchase your domain.
It is important that users of your web site feel secure when they access information on your website. We all must know that if the website address is not accessed through HTTPS, it is not safe. These days all browsers do flag all the website that do not use HTTPS. You are warned by the browsers about it. Do buy SSL certificate for your domain name.
In your home network, designate a machine that will act as a web server. Depending on your knowledge of Operating System and corresponding web server, use the one that you are very comfortable with.
In your home network, install a database server (Microsoft SQL Server, MySql, PostgreSQL etc.) on a machine. You can use same machine as your Web Server machine for this purpose. I will recommend keeping them separate from security point of view. I will talk more about security later in this article.
This is a very important decision in this set up. For home internet, we usually do not ask our internet service provider (ISP) for a static IP address. There is really no need for it. In the communication flow, steps 1 and 2 are to establish a destination location for your server that is hosting the web site. If there is no static IP address for the web server, browser will not be able to call the correct location to get the web pages if IP address changes. There are dynamic services available that can update the DNS servers automatically when IP address of the machine changes. In my opinion, it is worth getting a static IP address from your internet service provider. Most of the internet service providers issue a static IP address under business accounts. It does not mean you have to be a big business. Anybody can request a static IP address by paying additional monthly cost.
Now we need to figure how does this all translate to setting up your home network setup to host a secure website.
A typical home network setup looks like below.
A set up where you have ISP’s modem connected to a router in your home. Then you have some devices that are connected through wireless connection, and some may be connected with CAT5/CAT6 cable.
When the modem establishes connection with ISP’s backend network, an IP address is assigned to your modem. In the diagram I have shown it as 22.214.171.124. This is not a real IP address. For a home network account, this IP address is not static. A lot of time it does not change for months or years. But there is no guarantee that this will not change.
Your devices also need a unique IP address. This is handled by your router. Unless you have specific need to assign specific IP addresses to devices, the router is configured in DHCP mode. It dynamically assigns private IP addresses from its range. Most of the time this range will be from 192.168.1.1 to 192.168.1.255.
Let’s trim down this diagram to what it will look for a set up that is going to host your web site in your home.
Earlier I explained how the browser resolves IP addresses of web server and then gets the web pages from it. For this process to work in your home network, the information has to flow along the Green path above.
This path translates to following configuration of your domain and information flow.
You may have some additional functionality that requires some more data processing. But for a very simple web site, above steps covers the whole functionality.
Earlier I had mentioned role of static IP address. Now you can see where that fits in. For the outside world, the entry point in your home network is IP address assigned on your modem.
The outside request for the web page lands on your modem. Now the modem does not know what to do with this request. This request has come on port 80/443. Unless there is some default web server configured on the modem or router, the request is dead. The user will get a message that your web site cannot be found.
What you need is a mechanism that will tell the router
“If you see a request that is trying to access HTTP information on port 80/443, forward it to the machine that has an IP address of 192.168.1.2”.What this mechanism is doing is that it is forwarding request on public IP address to a private IP address in your home network. This is all transparent to the outside world. As far as the web browser is concerned, the request has been served by some machine that has public IP address of 126.96.36.199.
Different router vendors have different set up and different way to describe this forwarding mechanism. They all have different user interface to facilitate settings up of this forwarding and translation. I personally use Google Mesh router. So, I will show you screenshots from my set up. In Google Home, this is available under WiFi advanced set up. It is called Port Management.
Second screenshot describes the mechanism. It shows that all requests that come to my router on 4 different ports are forwarded to one machine in my home network in my basement.
A million-dollar question that you have in your mind “Is this secure?” or “How do I secure this web site?”. As soon as a public facing IP address is available on internet, with in a matter of few second you will notice that some BOTs will start running scans against your server. These bots are trying to exploit any vulnerabilities in your machine or web application to gain access to private information. So how are you going to secure it.
Very common attacks on a website are as follows.
Most of these attacks are mitigated by Web Application Firewall (WAF). No, you don’t need to buy any new device for WAF in your home network. I personally use services offered by Cloudflare (https://cloudflare.com). They offer a free plan that works very well for a simple web site hosted in your home network. Following image shows all the security that you will get with Cloudflare.
It is very easy to configure and does a great job. It provides detailed information about type of attacks that are happening on your website and how those are getting blocked. You will need to regularly review web server logs to check requests that may be getting through to your web site. Then you can fine tune rules in Cloudflare.
There are few additional steps you can take for additional security.
In a typical home network set up, there are two things that you need to worry about.
You can mitigate power outage by installing a UPS. For internet outage there is not much you can do. You are at the mercy of your ISP. Afterall it is a home network and not a business set up. If your application does require very high uptime, then I would not recommend running it from your basement. If you can tolerate outage of few hours, you are good to go.
You may be asking how I know that this all works. I run my experimental web site RoboPies (https://www.robopies.com) from my basement. What can I say? I love pies. This is my technology playground.
I have my set up as blow.
Feel free to drop me a line if you have any questions or want some help setting this up in your home environment.