Exposing your Home Server to the Big Bad Internet
How not to get into trouble
It finally happened, my free trial at Google Cloud ran out so all my services are down. I’m in no rush to get them back up, they’re all just demonstrations that I use when I write articles. But I’d like to have someplace to host them so the front-ends that I have on Netlify have some data. Currently, my wine and cheese pairing app has no data so you get this sad screen:
So I made the decision to expose one of my servers to the Internet. This is not a decision to take likely, punching a hole in your router's firewall is something that must be done cautiously. And the server that you expose must always have the latest security patches. Even then, there are no guarantees, there are a lot of bad actors out there looking for a place to store illicit data or turn your computers into bitcoin mining zombies. I’ve done it before, and the Nginx logs soon become filled with vulnerability probes, looking for someone that installed an out-of-the-box server and didn’t bother changing the passwords.
To follow along with this article, you will need a server, a router that allows you to establish virtual hosts, and a way to control your DNS. I use Cloudflare and they will also be providing me with HTTPS termination and HTTPS communication to our backend server. My description of how to configure your router will be vague because all routers are different, so you’re going to need to know how to access and configure your router. And if you don’t use Cloudflare, you’ll have to know how to control your DNS with whatever service you have.
I have a refurbished rack server that was pretty inexpensive on Amazon. On it, I’m going to install Ubuntu and MicroK8s using my old article Playing With VMs and Kubernetes as a guide. Except that I’m not going to use VMs, I’m going to install MicroK8s right on the bare-metal. I’m also not going to install the SMTP server, the Nginx server, or the Jenkins server, just plain MicroK8s with the dns and metallb addons installed.
I’m also going to install the Nginx Ingress module as described in my article How to…
