The internet can feel like it's built for speed.
You join a new service and you're presented with a feed. The name tells you all you need to know. The feed is the actor. You are the thing that is acted upon. You don't control the feed. Your role is
Buy the cheapest laptop you can find, with a broken screen it’s fine.
Install debian 12 on it
give it a memorable name, like “server”
go to a DNS registrar of your choice, maybe “porkbun” and buy your internet DNS name
for example “MyInternetWebsite.tv”, this will cost you 20$/30$ for the rest of your life, or until we finally abolish the DNS system to something less extortionnate
Install webmin and then apache on it
go to your router,
give the laptop a static address in the DNS section
Some router do no have the ability to apply a static dhcp lease to computers on your network, in that case it will be more complicated or you will have to buy a new one, one that preferably supports openwrt.
then go to port forwarding and forward the ports 80 and 443 to the address of the static dhcp lease
now use puttygen to create a private key, copy that public key to your linux laptop’s file called /root/.ssh/authorized_keys
go to the webmin interface, which can be accessed with http://server.lan:10000/ from any computer on your PC
and setup dynamic dns, this will make the DNS record for MyInternetWebsite.tv change when the IP of your internet connection changes, which can happen at any time, but usually rarely does. But you have to, or else when it changes again, your website and email will stop working.
Now go to your desktop computer, and download winsshfs, put in your private key and mount the folder /var/www/html/ to a drive letter like “T:”
Now, whatever you put in T: , will be the content of your very own internet web server enjoy
While i appreciate the detailed response here i did make another comment letting OP know i’m in a similiar situation as them, i use Docker Engine & Docker Compose for my self-hosting needs on a 13th Gen Asus Nuc (i7 model) running Proxmox with a Debian 12 VM. My reverse proxy is traefik and i am able to receive SSL certificates on port :80/:443 (also have Fail2Ban setup) however, i can’t for the life of me figure out how to expose my containers to the internet.
On my iPhone over LTE/5G trying my domain leads to an “NSURLErrorDomain” and my research of this error doesn’t give me much clarity.
This is a snippet of my docker-compose.yml
services:
homepage:
image: ghcr.io/gethomepage/homepage
hostname: homepage
container_name: homepage
networks:
- main
environment:
PUID: 0 # optional, your user id
PGID: 0 # optional, your group id
HOMEPAGE_ALLOWED_HOSTS: my.domain,*
ports:
- '127.0.0.1:3000:3000'
volumes:
- ./config/homepage:/app/config # Make sure your local config directory exists
- /var/run/docker.sock:/var/run/docker.sock #:ro # optional, for docker integrations
- /home/user/Pictures:/app/public/icons
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.homepage.rule=Host(`my.domain`)"
- "traefik.http.routers.homepage.entrypoints=https"
- "traefik.http.routers.homepage.tls=true"
- "traefik.http.services.homepage.loadbalancer.server.port=3000"
- "traefik.http.routers.homepage.middlewares=fail2ban@file"# - "traefik.http.routers.homepage.tls.certresolver=cloudflare"#- "traefik.http.services.homepage.loadbalancer.server.port=3000"#- "traefik.http.middlewares.homepage.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.0/24, 172.18.0.0/16, 208.118.140.130"#- "traefik.http.middlewares.homepage.ipwhitelist.ipstrategy.depth=2"
traefik:
image: traefik:v3.2
container_name: traefik
hostname: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- main
ports:
# Listen on port 80, default for HTTP, necessary to redirect to HTTPS
- target: 80
published: 55262
mode: host
# Listen on port 443, default for HTTPS
- target: 443
published: 57442
mode: host
environment:
CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token # note using _FILE for docker secrets# CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN} # if using .env
TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
secrets:
- cf_api_token
env_file: .env# use .env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./config/traefik/traefik.yml:/traefik.yml:ro
- ./config/traefik/acme.json:/acme.json
#- ./config/traefik/config.yml:/config.yml:ro
- ./config/traefik/custom-yml:/custom
# - ./config/traefik/homebridge.yml:/homebridge.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.my.domain`)"#- "traefik.http.middlewares.traefik-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.0/24, 208.118.140.130, 172.18.0.0/16"#- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`my.domain`)"#- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=my.domain"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.my.domain"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "traefik.http.routers.traefik.middlewares=fail2ban@file"
Image of my port-forwarding rules (note; the 3000 internal/external port was me “testing”)
Follow up question, did you have trouble exposing port :80 & :443 to the internet? Also are you also using Swarm or Kubernetes?
I have the docker engine setup on a machine along side Traefik (have tried Nginx in the past) primarily using Docker Compose and it works beautifully on LAN however I can’t seem to figure out why I can’t connect over the internet, I’m forced to WireGuard/VPN into my home network to access my site.
No need to provide troubleshooting advice, just curious on your experience.
Lol, no. I made a usercss for this (currently not released) but explicitly disabled it here. But that one uses a base style that switches via @prefers light/dark:
I agree with everything here. The internet wasn’t always a constant amusement park.
I’m rather proud of my own static site
If you don’t mind me asking, how do you host your site?
Buy the cheapest laptop you can find, with a broken screen it’s fine. Install debian 12 on it give it a memorable name, like “server” go to a DNS registrar of your choice, maybe “porkbun” and buy your internet DNS name for example “MyInternetWebsite.tv”, this will cost you 20$/30$ for the rest of your life, or until we finally abolish the DNS system to something less extortionnate Install webmin and then apache on it go to your router, give the laptop a static address in the DNS section Some router do no have the ability to apply a static dhcp lease to computers on your network, in that case it will be more complicated or you will have to buy a new one, one that preferably supports openwrt. then go to port forwarding and forward the ports 80 and 443 to the address of the static dhcp lease now use puttygen to create a private key, copy that public key to your linux laptop’s file called /root/.ssh/authorized_keys go to the webmin interface, which can be accessed with http://server.lan:10000/ from any computer on your PC and setup dynamic dns, this will make the DNS record for MyInternetWebsite.tv change when the IP of your internet connection changes, which can happen at any time, but usually rarely does. But you have to, or else when it changes again, your website and email will stop working. Now go to your desktop computer, and download winsshfs, put in your private key and mount the folder /var/www/html/ to a drive letter like “T:” Now, whatever you put in T: , will be the content of your very own internet web server enjoy
While i appreciate the detailed response here i did make another comment letting OP know i’m in a similiar situation as them, i use Docker Engine & Docker Compose for my self-hosting needs on a 13th Gen Asus Nuc (i7 model) running Proxmox with a Debian 12 VM. My reverse proxy is traefik and i am able to receive SSL certificates on port :80/:443 (also have Fail2Ban setup) however, i can’t for the life of me figure out how to expose my containers to the internet.
On my iPhone over LTE/5G trying my domain leads to an “NSURLErrorDomain” and my research of this error doesn’t give me much clarity.
This is a snippet of my docker-compose.yml
services: homepage: image: ghcr.io/gethomepage/homepage hostname: homepage container_name: homepage networks: - main environment: PUID: 0 # optional, your user id PGID: 0 # optional, your group id HOMEPAGE_ALLOWED_HOSTS: my.domain,* ports: - '127.0.0.1:3000:3000' volumes: - ./config/homepage:/app/config # Make sure your local config directory exists - /var/run/docker.sock:/var/run/docker.sock #:ro # optional, for docker integrations - /home/user/Pictures:/app/public/icons restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.homepage.rule=Host(`my.domain`)" - "traefik.http.routers.homepage.entrypoints=https" - "traefik.http.routers.homepage.tls=true" - "traefik.http.services.homepage.loadbalancer.server.port=3000" - "traefik.http.routers.homepage.middlewares=fail2ban@file" # - "traefik.http.routers.homepage.tls.certresolver=cloudflare" #- "traefik.http.services.homepage.loadbalancer.server.port=3000" #- "traefik.http.middlewares.homepage.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.0/24, 172.18.0.0/16, 208.118.140.130" #- "traefik.http.middlewares.homepage.ipwhitelist.ipstrategy.depth=2" traefik: image: traefik:v3.2 container_name: traefik hostname: traefik restart: unless-stopped security_opt: - no-new-privileges:true networks: - main ports: # Listen on port 80, default for HTTP, necessary to redirect to HTTPS - target: 80 published: 55262 mode: host # Listen on port 443, default for HTTPS - target: 443 published: 57442 mode: host environment: CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token # note using _FILE for docker secrets # CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN} # if using .env TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS} secrets: - cf_api_token env_file: .env # use .env volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ./config/traefik/traefik.yml:/traefik.yml:ro - ./config/traefik/acme.json:/acme.json #- ./config/traefik/config.yml:/config.yml:ro - ./config/traefik/custom-yml:/custom # - ./config/traefik/homebridge.yml:/homebridge.yml:ro labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=http" - "traefik.http.routers.traefik.rule=Host(`traefik.my.domain`)" #- "traefik.http.middlewares.traefik-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.0/24, 208.118.140.130, 172.18.0.0/16" #- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}" - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - "traefik.http.routers.traefik-secure.entrypoints=https" - "traefik.http.routers.traefik-secure.rule=Host(`my.domain`)" #- "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare" - "traefik.http.routers.traefik-secure.tls.domains[0].main=my.domain" - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.my.domain" - "traefik.http.routers.traefik-secure.service=api@internal" - "traefik.http.routers.traefik.middlewares=fail2ban@file"Image of my port-forwarding rules (note; the 3000 internal/external port was me “testing”)
I host it via docker+nginx on my own hardware.
I’m in the same boat (sorta)!
Follow up question, did you have trouble exposing port :80 & :443 to the internet? Also are you also using Swarm or Kubernetes?
I have the docker engine setup on a machine along side Traefik (have tried Nginx in the past) primarily using Docker Compose and it works beautifully on LAN however I can’t seem to figure out why I can’t connect over the internet, I’m forced to WireGuard/VPN into my home network to access my site.
No need to provide troubleshooting advice, just curious on your experience.
With respect to the presentation of your site, I like it! It’s quite stylish and displays well on my phone.
If you don’t mind me asking, how are you hosting your site?
I like your pictures!
Thank you!
Well…
Maybe that’s a dark mode thing? I know Dark Reader breaks almost anything with an already dark theme.
Lol, no. I made a usercss for this (currently not released) but explicitly disabled it here. But that one uses a base style that switches via @prefers light/dark:
@media (prefers-color-scheme: dark) { :root { --text-color: #DBD9D9; --text-highlight: #232323; --bg-color: #1f1f1f; … } } @media (prefers-color-scheme: light) { :root { … }Guess your site uses one of them too.
I admit I used Publii for my builder. I can’t program CSS for crap. I’m far more geared towards backend dev.