Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOlVED] How would be a minimal setup for a vm webserver
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
vcmota
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2017
Posts: 131

PostPosted: Mon Mar 19, 2018 5:31 pm    Post subject: [SOlVED] How would be a minimal setup for a vm webserver Reply with quote

I wanna setup a virtual machine inside one of my physical machines to be a server for my personal website. I have never done that before, but I have been reading a lot about it for some time. Since this is all new to me, my major concern is securiy, and this is why I want to do it inside a virtual machine first and use the minimal possible setup. I wonder if I really figured out how this minimal setup should be. I plan to setup the vm with the following capabilities: nginx (server, enabling only the necessary tools), ddclient (I dont have static IP, so I will need to use a DNS service) and iptables (I want to block any access which is not exclusively to read the contents of the website). Is this all I need? For now the website wont run nor client neither sever side codes, for the near future it will work solely to display some public information about my job and research. I know there are hundreds of hosting services out there, but in the future (not so distant) I plan to use the website to run demonstrantions of simulation that I build, and this must be interactive with input obtained from the client side. Since the codes to be run in the server where written by myself in both fortran and C, and I need to control all the process in order to identify eventual bugs in the codes, a host service probably wont do the job.

Last edited by vcmota on Sat Mar 24, 2018 1:59 am; edited 1 time in total
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1692

PostPosted: Mon Mar 19, 2018 6:27 pm    Post subject: Reply with quote

A possibility that you may want to look at, is using docker as your vm. It would take a little bit of getting used to on getting setup and everything; but comes with several benefits that would satisfy your requirements. One of the nice parts on docker, is that it uses significantly less memory than a full vm. You can just make a container that uses the ngix image, and it will handle grabbing ngix for you (and any other services you want), so you only need to manage your website (possibly putting that in it's own container). Changes done inside a running container when it is shutdown, so you don't need to worry about if someone modified the data (just restart the container and it will be back to default). The container configuration allows you to define what network/ports the container is available on. Then a added bonus, for when you decide to move the stuff to a hosted server; you can easily just transfer the containers to a web provider (amazon does support running docker containers); so you can easily move it off your system later.

A downside, is that it con be a hassle if you want to save data from a container; and communicating between docker images isn't always easy.
https://docs.docker.com/samples/library/nginx/
https://docs.docker.com/
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42583
Location: 56N 3W

PostPosted: Mon Mar 19, 2018 7:36 pm    Post subject: Reply with quote

vcmota,

A VM does not always help with security.

You will need a service like no-ip to keep track of your dynamic IP changing.
Before you get a domain name, do check that your ISP does not block http and https ports.
Using non standard ports will work for you for testing but not the rest of the world.

Your first line of defence is not running any listening services you don't need. You have to defend the entire system, not just the VM. IPtables can stop baddies phoning home if they do get in.
You will only forward ports 80 and 443 from the outside world ... maybe only one of them.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
vcmota
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2017
Posts: 131

PostPosted: Sat Mar 24, 2018 1:35 am    Post subject: Reply with quote

Thank you both ct85711 and NeedySeagon. I have learn from your answers, and decided to hold on to a cloud server service for now. In the future I will need the local server, so I will certainly come back into this. Thank you again.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum