K3CAN

Python’s webserver is meant to be a quick option for testing, and shouldn’t be used for a publicly accessible website. You’ll want a proper webserver for that.

You would need access to the router for the port forwarding, so if you can’t access it, you’ll need an alternative option. The next best option is a commercial reverse proxy, most commonly that’s Cloudflare’s “tunnel” product. Essentially, Cloudflare acts as a man-in-the-middle, forwarding from a public address directly to your local server. It’s pretty easy to set up and it takes advantage of common router settings to open ports from the inside, where the router’s firewall rules are typically quite lenient. This also works with CGNAT, so no need to figure that out. The downside is that Cloudflare gets access to all the data that passes through them, even passwords. So if your website happens to have a lot of sensitive data, you’ll need to decide whether you trust them with that data. They do not get access to your normal web browsing or anything, just the data passing between the public address and your local server. Another potential downside is that they prohibit media streaming, so if your website serves a lot of videos, you’ll want a different option.

Google Cloudflare tunnels homelab and cloudflared for more info. There’s a bunch of YouTube videos and tutorials on setting it up. It’s not perfect, but it’s a free and easy way to selfhost from a limited network environment.

I’m guessing you want to selfhost, rather than use a hosting service?

When you say you have your site already, do you mean it’s hosted on a local webserver, or just that you have the files?

If it’s just the files, you’ll need to choose a webserver. I like NGINX myself, but lighttpd is another option (there’s quite a few options, really, but sticking to a well known option is generally more secure).

Configuration will depend on the server you choose, but then you’ll put the files into three “root folder” used by the webserver. This isn’t the system root ( ‘/’ ), but a different folder specified as the root of your web page, usually ‘/var/www/html or /srv/www/html’.

Once the files are in place, you can test the site by using the web browser on another PC and entering the local IP address of the server. If everything looks good, you can set up port forwarding on your router to forward public port 80 to port 80 on the local server.

Lastly, you will need a DNS provider which will point your domain to the IP address of your router. Assuming you have residential service, you will need to determine whether your IP address is static or dynamic, or if your ISP is utilizing CGNAT. Depending on those factors, you may need to do some additional setup.

Once it is working, your next step will likely be to set up SSL and port forwarding on 443. That will allow your website to be accessed over https, which is the standard for the modern Internet.

I have hosted my own website and a blog for a while, and there are definitely some additional steps I would recommend to take, but the above is your basic starting point.

Late to the party, but if you really want a GUI for ZFS, 45drives has a ZFS plug-in for cockpit that works quite well.

That’s called dynamic DNS (it’s the dd in ddclient).

I selfhost my blog without a static IP. You just need Dynamic DNS.

Keep in mind that your outbound bandwidth might be different from your inbound. I get 300mbps in, but only 5mbps out. It’s not noticeable during normal Internet use, but as you start sharing content publicly, limited bandwidth becomes really noticeable.

There are some tools to help, but things are sort of specific to particular aspects. Lynis for general systems, ntopng for networks, and such.

For 90% of stuff, though, you can just stick to stable repos and upgrade on a schedule and you’ll be alright.

I tried a bunch, zoneminder, motioneye, frigate, etc., before finally settling in AgentDVR. It offers a fair bit of flexibility via MQTT and “just worked” with my PTZ camera.

You’re not a “target” as much as you are “a thing that exists.” These aren’t targeted attacks.

That said, you can look into adding some additional measures to your webserver if you haven’t already, like dropping connections if a client requests a location they shouldn’t, like trying to access /admin, /…/…, /.env, and so on.

On nginx, it could be something like:

location ^/\.|)/admin|/login {
    return 444;
}

Of course, that should be modified to match whatever application you’re actually using.

I self host.

I use nginx as a reverse proxy with crowdsec. The backends are nginx and mariadb. Everything is running on Debian VMs or LXCs with apparmor profiles and it’s all isolated to an “untrusted” VLAN.

It’s obviously still “safer” to have someone else host your stuff, like a VPS or Github Pages, etc, but I enjoy selfhosting and I feel like I’ve mitigated most of the risk.

If you’re going to be playing with custom locations and such, it might be worth using nginx directly instead of through the limitations of NPM.

I know I’m a bit late to the conversation, so I don’t know if this is still helpful… But I have a camera with “AI Detection” built into it and it appears to send alerts via its ONVIF connection. I’ve disabled motion and other detectors on my NVR (AgentNVR) and instead configured it to just wait for an alert from the camera itself to start recording. It’s been working quite well.

My initial plan was to use a coral TPU and frigate, but the Coral/Gasket drivers appear to be pretty old and I couldn’t get them to work properly, myself.

I have a couple Libre Office files where I document the non-technical stuff for my own quick reference, like network layout in Draw, or IP and port assignments in Calc. I use a git repo to store and organize podman scripts, systemd unit files, configs, etc. Probably not the most elegant solution, but it’s simple and FOSS.

Reverse proxy is Nginx Proxy Manager.