Series Articles:Home Server
Previous articles introduced the installation and deployment of the home server PVE, network situation, and power supply situation. This one mainly discusses how to set up a website.
The solution introduced in this article has been running for nearly 4 months and is currently running well!
The article title was generated by AI, and it is indeed better than what I could come up with~~~
The deployment solution provided in this article is for learning and testing purposes only. Please delete it immediately after learning.
The deployment solution provided in this article is for learning and testing purposes only. Please delete it immediately after learning.
The deployment solution provided in this article is for learning and testing purposes only. Please delete it immediately after learning.
More Content:Home IDC / Proxmox
Special Reminder
Using public IP of home broadband to set up a website is illegal, as domestic website construction must have an ICP filing.
ICP filing has two subjects: one is personal, and the other is the access provider (Tencent Cloud, Alibaba Cloud, etc.).
Using home broadband to set up a website obviously does not have an access provider, so it cannot be filed. So you know…
Building a website on domestic servers requires completing: ICP filing, public security filing, to officially launch the website.
Currently, building a website on overseas servers does not require various filings, including Hong Kong, Singapore, etc.
However, if you build an illegal website, that is definitely not acceptable! Be a law-abiding citizen~!
Website Building Model
I simply drew a diagram; below is my method (not debating the legality of this method, just sharing).
If you have a filed domain name, you can choose a domestic cloud server.
Some friends ask: Since I already have an overseas server, why still set up a home server?
If your website is just a static page, you may only need some storage space.
But if your website needs 1T+ disk space? 16G of RAM? A better CPU? Better computing power?
If you purchase an overseas server according to these requirements, the price is not cheap. You only need to buy an overseas server with particularly good network. Then purchase a slightly higher configuration physical host yourself. Isn’t that more cost-effective?
However, this approach has its pros and cons, as home servers do not guarantee SLA like formal data centers!
The website I am currently running uses mongodb and Redis, which leads to particularly high memory usage. The 8G memory of the Du Fu KS3C bought in 2016 is already insufficient. However, upgrading the configuration would cost nearly 20 euros per month.
So I have this series of articles!
Choosing a Host
When choosing an overseas host, first consider: low network latency, no packet loss.
I am currently using Azure, with very low latency for the three domestic networks. Other recommendations are AWS (Asia-Pacific data center), and the Huawei Cloud Singapore server that I got for free a few days ago.
If it’s a domestic host, the network is generally not bad. Just choose according to the situation.
NAT Traversal
Currently, I choose to use FRP for NAT traversal! Reference article: FRP focuses on NAT traversal reverse proxy application, deployment practical tutorial
The blogger directly tunnels the 80 and 443 ports of the overseas server through the TCP protocol to the home server because I do not have other home broadband.
If your overseas host needs to set up multiple websites and is not on the same home broadband, you can choose HTTP/HTTPS protocol.
As for the deployment method, I will not repeat it here. Just refer to the article above.
The content below in this article is all about TCP protocol tunneling!
Summary of Troubleshooting
Below are some issues encountered during the troubleshooting process, as well as solutions!
frpc Configuration
The following is the frpc configuration content, for reference only!
Special Note:<span>transport.proxyProtocolVersion="v2"</span>, otherwise you cannot get the real IP of the visitor.
serverAddr ="xx.xx.xx.xx"
serverPort =12345
auth.method ="token"
auth.token ="12345"
[[proxies]]name ="http"
type ="tcp"
localIP ="127.0.0.1"
localPort =80
remotePort =80
transport.proxyProtocolVersion ="v2"
[[proxies]]name ="https"
type ="tcp"
localIP ="127.0.0.1"
localPort =443
remotePort =443
transport.proxyProtocolVersion ="v2"
Blocking IPs
When running a site, it is inevitable to encounter some malicious IPs. With the FRP tunneling method, it is impossible to use a firewall to intercept visitor IPs.
Method 1: Some websites support configuring visitor blacklists.
Method 2: Use Nginx to intercept blacklists. Below is my shared configuration.
Main configuration vhost, add <span>include /usr/local/nginx/conf/extend/blocklist.conf;</span>
server{listen 80 proxy_protocol;listen [::]:80 proxy_protocol;listen 443 ssl http2 proxy_protocol;listen [::]:443 ssl http2 proxy_protocol;......
include /usr/local/nginx/conf/extend/blocklist.conf;
......
Create a new file:<span>/usr/local/nginx/conf/extend/blocklist.conf</span> Paste the content below (the content below is what I am currently intercepting, you can modify this configuration according to your situation).
The writing format is IP CIDR, if you don’t understand, you can search for it~
deny 64.124.0.0/16;deny 14.153.0.0/16;deny 14.155.0.0/16;deny 188.64.171.0/22;deny 176.9.253.0/22;deny 192.162.165.0/22;deny 46.246.65.0/22;deny 27.46.69.0/22;deny 117.65.27.0/22;deny 220.178.134.0/22;deny 220.178.135.0/22;deny 47.76.209.0/22;deny 47.76.99.0/22;deny 37.115.124.3;deny 95.28.32.33;deny 212.86.109.70;deny 185.127.165.170;deny 176.57.69.61;deny 91.121.181.191;deny 37.235.49.125;deny 91.132.138.42;deny 62.113.118.27;deny 31.23.194.19;deny 62.113.118.27;deny 220.179.219.136;deny 183.202.103.69;deny 112.49.246.219;deny 203.218.244.48;deny 113.87.185.76;deny 120.237.85.78;deny 183.238.149.14;deny 189.1.223.135;deny 183.239.175.174;
Reverse Proxy Websites
For example, for some overseas users, to access our website faster or to increase the load capacity of the website.
We can use the home server to reverse proxy the website. How to make the least changes?
For example, the blog address: 51.RUYO.net
Step 1: Configure Host on the home server (replace the IP with the real one)
115.115.115.115 51.ruyo.net
Step 2: Configure Nginx vhost, directly reverse proxy <span>51.ruyo.net</span> directly.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /usr/local/nginx/conf/ssl/ruyo.net.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/ruyo.net.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-8-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name 51.ruyo.net;
location / {
proxy_pass https://51.ruyo.net;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 160;
client_max_body_size 2000m;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Final Summary
This method still has some drawbacks, as automatically issuing domain certificates may have problems. Because the IP for domain resolution and the actual issued IP are inconsistent.
Other issues can be discussed in the comments~
Reminder: For more complete and follow-up, please click:Read the original text to discover!
