So, I've been trying to accomplish this for a while. First I posted asking for help getting started, then I posted about trying to open ports on my router. Now, I proudly post about being able to show the world (for the first time ever) my abysmal lack of css and html skills.
I would like to thank everyone in this community, specially to those who took the time to answer my n00b questions. If you'd like to see it, it will be available at: https://kazuchijou.com/
(Beware however, for you might cringe into oblivion and back.)
Since this website is hosted on my desktop computer, there will be some down-time here and then, however I'll leave it on for the next 48 hours (rip electricity bill) only for you guys to see. <3
Now, there are a couple of things that need addressing:
I set it up as a cloudflare tunnel and linked it to my domain. However, I still don't know any docker at all (despite using it for the tunnel), and the process was too incredibly and stupidly easy. I don't think I learned as much as I expected and I didn't feel challenged at all.
The original idea was to do some port forwarding. (This was foolish and a bit of a waste of time). Despite getting a "public-ip-address" from my ISP, I still was unable to open ports successfully. I kept getting the same error again and again. If you'd like to read my original post about port forwarding you may follow this link: "[Solved] ((lie)) Noob stuck on port-forwarding wile trying to host own raw-html website. Pls help".
While I know doing this represents a security risk, I still wanted to at least have a small success with port forwarding. I just wanted to have the raw-internet-connection experience, you know? like, the basics and such. And Cloudflare is holding my hand way too hard, I want to feel like I can shoot myself in the foot (without actually doing so)
But to be honest, I'm quite happy with the outcome. There are many other avenues I'd like to explore in the future, like setting up a reverse proxy with nginx or even darknet hosting (as sugested by another commentor).
I hope to keep learning and some day help another poor soul like myself in a similar situation. I thank you again guys, you're the best.
[TL;DR] This is the best and most helpful community ever! thx <3
How do you protect your home network?
Uhhhh... Prayers?
So far the only protection I've got is running it through a cloudflare tunnel. And that's it.
Then why did you expose it to the internet?
He didn't.
He exposed it to cloudflare
"They're the same picture"
Not that I am saying it is bad necessarily. Cloudflare does add a extra level of protection. In fact I would say that the chances of a compromise go way down. My concerned is that a lack of knowledge could lead to a compromise.
Thanks! I appreciate your concern.
This website is just a personal fun project, and I haven't got anything to lose if it gets compromised. On the contrary I've gained a lot so far, and I might gain even more if something bad were to happen to it.
No one can hack into the knowledge and experience I've gained so far.
If you've got any advice on security tools, good practices, etc. I'd appreciate them! I may lack the knowledge, but not the will to learn more
Yeah, I bring this up because I’ve been playing around with a similar idea of a simple html website for documenting personal projects. My site still isn’t really live, but I have it running on a vm through a cloud flare tunnel, similar to you.
I'd love to see your website btw!
Yeah! That's cool, I haven't had any issues so far.
Everyday I get a bunch of logs of bots trying to access files and folders that don't exist. It seems that they are targeting wordpress sites because all the files start with 'wp-' for example, some tried to access 'wp-admin/credentials', but since my site isn't wordpress I'm not worried. Besides, I'm pretty sure that I could implement some rules on the firewall or even on nginx to block access to said directories by (for example) redirecting them to a different page.
The concern is that your device could start serving a different task without you knowing. It might end up being used to help mask hijacked Azure accounts for instance.
The biggest thing I can recommend is least privilege and defense in depth. You want your setup to be compartmentalized as much as possible and you should aim for minimal permissions. The idea is that even if a security hole is exploited the blast radius is limited.
You are probably fine. It is just something to keep in mind.