NaibofTabr

You’re welcome. I tried to do basically the same thing a few years back (run a WordPress site from a RPi on my home network - and also a Minecraft server) and so I tried to write up the problems I ran into - I probably forgot some, but those are the major hurdles. I learned a lot along the way.

I should also point out that if you rent hosting space (from linode or inmotion or digitalocean or many other options) then problems 1 & 4 become much easier, and 2 & 3 go away entirely (most people don’t host public websites on their home networks because of these and other issues).

Happy to help. If you’re interested in learning networking more thoroughly, I want to point you to Professor Messer especially the Network+ content. He has far more complete explanations than I could write (and it’s free!). Even if you’re not interested in getting any certs, the explanations will be helpful.

So your goal is to host a publicly accessible static website from a computer in your home. There are a few problems you need to overcome before even worrying about configuring any software. You need some more basic networking knowledge first.

0. Basic Networking Theory - you should read a brief explanation of the OSI 7-layer network model. You don’t have to try to memorize this and you won’t really understand it until you start actually doing stuff, but you should read it for some basic terminology and to understand that there are distinct steps through which communication between computers happens.

   When you start running into problems (“why can’t I access the server? I did all the tutorial steps”), figuring out which layer the problem is in will help guide you to the solution:

   • is there a bad cable? -> 1. Physical
   • do I have the right IP address? -> 3. Network
   • is the firewall port closed? -> 4. Transport

1. Privacy/Security/Safety - don’t host a publicly accessible website from your personal computer. Just don’t. To make this happen you will have to open a hole in your network security that makes your computer accessible from the public internet. Don’t do this on your daily driver computer. Don’t do this with any device that has any files on it that you care about or any access to any personal information. Don’t.

   Set up your web server/learning environment on a clean, dedicated system. This could be an old laptop or a Raspberry Pi (an older 3B model will work just fine for this) or whatever cheap computer hardware you have, as long as it can run Linux and has a physical network port (using WiFi will give you extra headaches for getting this working). If you think you might want to expand your projects in the future, you can get a used Dell server for very little money, and add more hard drives as needed. Wipe the hard drive and install Debian or Ubuntu server as a base, there’s lots of resources out there for setting up web services on either.

2. Restricted Ports - you are most likely on a residential internet connection. Most residential ISPs close ports for security reasons, especially 80. For example, here is Cox’s list of restricted ports. You will need to find your ISP’s equivalent list and understand what you can and can’t do with your connection.

   There are workarounds, primarily through port forwarding. You will need admin access to your router to set this up. I recommend that you read that entire article because it probably applies directly to your situation.

3. Dynamic IP Address - most people still find it easier to work with IPv4 addresses - I won’t go into IPv6 right now, but you should read a little about it just for awareness. Your residential internet most likely has a dynamic IPv4 address, which means you can’t rely on that address staying the same forever (or even until next week), which means that you can’t configure your Cloudflare domain name to point to a single IPv4 address.

   Dynamic DNS is the solution for this, and again you’ll need admin access to your router to set it up.

4. HTTPS/TLS/SSL - if you get through all those issues then you probably have a working website, but now you’re seeing something like this when you try to view it in your browser:

   This doesn’t mean that you can’t get to your website - it just means that you can only do it via HTTP and not HTTPS, which the browser is warning you (and anyone else trying to view your website) is not secure. You can either just accept that this alert will always come up, and that you have to click through it, or you can learn about TLS and getting an SSL/TLS certificate. This is a later topic - it doesn’t matter and probably won’t make sense until after you’ve got your web server online.

The first two ads I see under the article are for hearing aids, which probably describes the target market for this thing.

I finally solved this problem in my desktop by having two separate M2 drives, one for Windows and one for Linux. Boot & grub live on the Linux drive and Windows never touches it.

With Linux and Windows on one drive, this is super annoying.

See also: BOFH

Run Qubes

Run whatever OS environment you need, in its own instance. Run a virtual networking stack. Crosslink your environments as needed. Segregate your environments as needed. Create new environments as needed. Destroy them as needed. Expand your virtual infrastructure.

Experiment with BSD and then realize that TrueNAS Scale is the last NAS environment you’ll ever need, and you didn’t really want to spend time on BSD anyway. Expand your server and network infrastructure.

Run every environment. Realize that you actually have a lot to learn about Windows, especially server and AD forests, and all the stuff you’ve complained about is actually kind of petty next to the monolith of professional computing environment that Microsoft has built (and also keeps making unnecessary self-harming changes to, and wtf is with user CALs anyway?). Learn to do user and domain management for real. Then learn what the real problems with Microsoft are.

Experiment with Redox, then give up and do something more useful with your time.

Install Xen Orchestra on some cheap secondhand Dell server you bought off eBay. Run a proper VM cloud environment. Run everything on top of it. Create your own VM golden images for the environments you use most often. Your personal computer doesn’t even have a local OS installed anymore, it’s just a terminal that runs whichever VM you need from your Xen server at the moment. Reject limitations.

OS elitism is for the weak and the simple. Enlightenment is understanding the strengths and weaknesses of each platform, and getting the best from all of them.

Yeah, it’s a good concept and I’d like to see more options like it on the market, but it kind of runs against the current consumer electronics profit model and the way the electronics supply chain is structured.

It does seem like consumer awareness is changing, and there’s more and more demand for sustainable and long-life products. Hopefully that continues. I think “vote with your wallet” applies to this sort of thing.

Fairphone is offering a solution to this by designing devices that are repairable and have guaranteed software updates, though it requires some compromises.

• because the phone is not sealed, its waterproof/dustproof rating is lower
• the specs are lower than other phones in the same price range - this is probably due to the modular design and the need to assure the supply of replacement parts
• the phone is only designed for the EU - it may not support the network bands used in other parts of the world

Development was dead for years, so dead that it wasn’t included in new release repositories

Clementine was a fork that was pretty good, but I think had more ambitions than active developers.

Strawberry later forked from Clementine and is still being developed, and they’re doing well, but they aren’t building on the KDE framework.

KDE has a really nice suite of applications and utilities. No other desktop environment really compares on that level (and Amarok is back!).

XFCE &etc are also good if you are running lightweight hardware (not just old hardware) but still want a desktop environment.

CLI is best for servers and remotely managed/headless systems.

I plan to RAID1 them and use them as boot drives

This will not work unless the mainboard is handling the RAID control in firmware. If you are doing software RAID then the OS must boot before the array can be accessed.

If you just want to set up a NAS, you can get a used PowerEdge tower for very little money, and it will work a lot better than what you have planned.

Has it been proven to happen on Windows 11? Not that I can point to specifically. 11 hasn’t been in general use long enough to see a real pattern of behavior.

I was a mixed Windows and Linux user through the full life cycle of the Cortana implementation. The number of times they changed or moved Cortana related settings through the years was just ridiculous. It finally came down to having to manually change registry settings to keep it from scanning your files and messing with basic local search, and even if you did that you had to make sure the registry values were still set after version updates because they would get unset without warning.

I have no trust left for Microsoft, only suspicion.

“Authorized” in the sense that even if I set all these options to No, a future Windows update will reset them and not tell me.

but it literally says it will update outside of active hours.

Yeah, but it lies.

And the privacy toggles are set when you install the OS. You can untick all of them the last time I checked.

But a future Windows update will reset them without informing the user.

Microsoft respects user choice about as well as Republicans respect voting rights.

How else would you say /etc ?

Like it or not, commercial computing is primarily Microsoft environments. Businesses are moving to Azure/O365, but there’s still a lot of on-prem AD out there, and a lot of businesses that are stuck in between with some form of hybrid hodge-podge. It’s definitely more difficult to do admin tasks for individual Windows endpoints vs. Linux, but on the other hand there is no FOSS equivalent for AD forest management. In a corporate environment, the ability to manage large numbers of endpoints at scale is more important.

You probably shouldn’t be using iPerf3 on Windows, but instead use the native nttcp.

tracert is included with Windows by default, no need to install a separate utility. robocopy is also included with Windows and can be used to do incremental backups if that’s your use case.

If you have to manage Windows systems you should learn about Windows-native tools, rather than trying to drag the Linux-native tools you’re used to onto Windows just for the sake of familiarity.

That said, installing (and updating) software on Windows is absolutely a pain compared to the relative simplicity of a Linux package manager and I’m 100% with you on that. I highly recommend chocolatey, which attempts to work as a package manager for Windows. All of the software that you install with chocolatey can be updated with a single command, similar to running updates in a package manager on Linux. If you can implement this on the Windows systems that you have to manage, it will make things easier.

You will own nothing and like it have no recourse.

Qubes - an OS that compartmentalizes system functions (including userspace) into separate VMs, with the intent of keeping them secure from each other. Kind of an internal zero-trust approach. Complicated to use.

Alpine Linux - stripped down to create a reduced attack surface, with the intent to provide only packages which have been vetted for security. Fairly straightforward.

Redox OS - a Unix-like OS written in Rust (not actually Linux). Limited, still kind of a prototype.

Damn Small Linux has been revived with a new version recently, which is nice to see.

HoloISO - a community built reimplementation of the Steam Deck OS.

read-only Friday