Any way to run a webserver from home, without exposing home IP address? Maybe proxy?

[mxmaniac]

I'd like to setup a home web server, inside of a DMZ at home. Nothing high end, just primarily for experimentation, personal use, or maybe very limited visitors.

I am very security conscious though. I do have other private services running at home inside my network like SSH, security cameras, RDP, etc. They all have strong passwords, use obscure ports, and my IP address is dynamic, so I'm confident about security. Still, I don't want script kiddies to think "Hey, look at this website, lets do a full port scan of this IP address, and see what ports are open. Nor do I want my IP location blatantly exposed.

Wondering if there is a good way (perferrably free), to setup some sort of proxy or something, so that the website has a different IP address than my personal home address and port 80 is the only one that will show open on a port scan (But I can still access all my personal services with my real IP address).

 

[dave_the_nerd]

Amazon AWS free tier.

 

[Saulbadguy]

Run your webserver on a non standard port if you want.

 

[IndyColtsFan]

What you're actually looking for is called a reverse proxy.

 

[mxmaniac]

Doing a year free trial of that AWS is an interesting option to think about. Although I'm hoping to find a way to actually run this from home.

If I just run the webserver on a nonstandard port, a port scan of its IP address will still reveal all my other nonstandard ports, and it won't really be as accessible without specifically entering the port number into the browser.

I'm hoping to make this easily publicly available, yet still isolated from my main network, appearing to be from a different IP address.

 

[dave_the_nerd]

Doing a year free trial of that AWS is an interesting option to think about. Although I'm hoping to find a way to actually run this from home.

If I just run the webserver on a nonstandard port, a port scan of its IP address will still reveal all my other nonstandard ports, and it won't really be as accessible without specifically entering the port number into the browser.

I'm hoping to make this easily publicly available, yet still isolated from my main network, appearing to be from a different IP address.

Then you need a reverse proxy that's not in your home, or a VPN connection to a proxy server somewhere else.

Just configure an nginx reverse proxy on an AWS system and try it out - it's cake.

 

[Red Squirrel]

For added security, make a separate vlan, and anything that faces the internet goes on that vlan. Then in the firewall you restrict what that vlan can access on the rest of the network. PFsense and a cheap gigabit 24 port managed switch off ebay works well for this.

Treat each VM on that vlan as if it was internet facing, so proper firewall etc... that way if one gets exploited due to an exploit in the http software or other listening port they can't (as easily) compromise the other servers.

 

[John Connor]

What you're actually looking for is called a reverse proxy.

This.

Cloudflare or Sucuri. Just make sure you some how privatize your domain registration. I've heard Namesilo and Namecheap are pretty good. https://www.namesilo.com/Support/WHOIS-Privacy

For a good firewall with HIPS check out Untangle.

If your website uses PHP check out ZBblock.