-
You control what you post.
-
You can definitively take down your website by unplugging it.
-
Commercial hosting starts around $5 per month, so hosting at home may(?) be cheaper in the long run.
-
Learning about networking is fun, and useful for future projects.
In this project you'll learn to set up an Ubuntu-based web server on a single-board computer, using Apache HTTP Server to serve your website. You'll configure Apache the proper way, letting you host multiple websites on the same machine if you wish. Then you'll set up a firewall and turn on port forwarding on your home router, exposing your web server to the open web. You'll finish by configuring Dynamic DNS (DDNS) with a domain or subdomain, so your website will remain accessible even when your home IP address changes.
The examples in this zine use the Orange Pi Zero 2W (OPZ2W), an inexpensive single-board computer that uses very little power. You can buy an OPZ2W with 1 GB of RAM for around $20, but you'll need some additional hardware to get up and running.
We sell complete home web server kits at Iffy Books. The kit costs $49 as of May 2024, and includes the following:
• Orange Pi Zero 2W single-board computer w/1 GB of RAM
• 32 GB microSD card
• microSD card reader
• 2 Amp USB power supply
• USB-C power cable
• Mini HDMI to HDMI adapter
• USB-C to 2x USB-A adapter
• USB-A to Ethernet adapter
• Ethernet cable
You'll also need the following:
• A monitor (or TV) with HDMI video input
• An HDMI cable
• A keyboard with a USB cable
❏ If you've already registered a domain and you'd like to create a subdomain for this project, the only thing you need to do at this point is decide what subdomain to use. For the examples below we'll use the subdomain zinegallery.iffybooks.net. We'll update your domain records later in the project.
Each subdomain string can be up to 63 characters long, case insensitive.
❏ Go to a domain registry website of your choice, choose a domain name, and enter your credit card info to pay. Namecheap.com is one popular option, but there are many others.
If you have a static IP address, you can get a free subdomain from freedns.afraid.org or dynv6.com. However, we weren't able to get those free subdomains working with Dynamic DNS, which is needed if your home IP address changes often. If you know of a free subdomain provider that allows creating NS records, let us know!
❏ Next you'll download the Ubuntu Server operating system image for your device. If you're using an Orange Pi Zero 2W, go to the following URL:
Here's a QR code for the URL above, in case you're using the printed version of this zine and you don't want to type it out:
❏ Under Ubuntu Image, click Downloads.
That link will take you to a directory on Google Drive. (The folks at Orange Pi are using Google Drive to avoid paying for bandwidth.)
❏ Double click on the directory Linux6.1 kernel version image to open it.
❏ Double click on the directory For development boards with 1GB_2GB memory... to open it.
❏ Right click the file with server in the filename and select Download to download the compressed disk image file.
❏ Find the file you just downloaded, Orangepizero2w_1.0.0_ubuntu_jammy_server_linux6.1.31.7z, in your File Explorer/Finder. Double click the file to extract its contents.
❏ You'll end up with a directory containing a disk image file ending with .img, along with a .sha checksum file.
❏ Now go to etcher.balena.io and download balenaEthcher, which you'll use to flash the Ubuntu image onto your microSD card. balenaEtcher is available for macOS, Windows, and Linux.
❏ Insert your microSD card into your microSD card reader and plug it into your computer's USB port. (If your computer only has a USB-C port, use the USB-C to USB-A adapter included in your kit.)
❏ Open balenaEtcher, click Flash from file, and select the .img disk image file you just extracted.
❏ In balenaEtcher, click Select target and select your microSD card.
❏ Click Flash! to write the Ubuntu disk image to your microSD card, which will take 5 minutes or so.
❏ Insert the flashed microSD card into the card slot on your single-board computer. The printed side of the microSD card should be facing away from the board.
❏ Find the USB-C power cable and connect it to your USB power supply. Plug the other end of the cable into the outer USB-C port, closest to the corner of the board.
❏ Plug your USB-C to 2x USB-A adapter into the inner USB-C port, closer to the middle of the board. (Note: You can power your computer using either USB-C port, but only the inner port works for connecting USB hardware such as a keyboard.)
❏ Connect a USB keyboard to the USB-C to 2x USB-A adapter.
❏ Find the Mini HDMI port on your computer and plug in the Mini HDMI to HDMI adapter.
❏ Connect an HDMI cable to the Mini HDMI to HDMI adapter. Plug the other end into the HDMI port on your monitor or TV.
❏ Set up your single-board computer, keyboard, and monitor somewhere close to your home router.
❏ Plug your computer's USB power supply into a wall outlet.
❏ After a brief startup sequence, your screen will look like this:
(Note: From this point on we'll invert the colors in screen captures in order to use less toner in the printed zine.)
❏ First you'll set a password for the current user. Type passwd at the command prompt, then press enter.
❏ For the current password, type orangepi and press enter. You won't see any characters appear onscreen as you type. Then choose a new password and enter it. Write down your new password and/or store it in a password manager app.
You're currently logged in as a user called orangepi. Next you'll switch to the root user and change its password.
❏ Type su root and press enter. At the prompt, enter the default password orangepi.
❏ Now type passwd and press enter to set a new password for your root account.
❏ When you're done, run the command su orangepi to switch back to the user orangepi.
If the onscreen text is too small to read comfortably, follow the steps below to increase the size. Otherwise you can skip to the next section.
❏ Run the following command to open the console-setup preferences file using the text editor nano:
sudo nano /etc/default/console-setup
❏ Use the arrow keys on your keyboard to move the cursor to the line beginning with FONTSIZE=. Delete the value 8x16 and replace it with 16x32.
❏ When you're finished, press ctrl + X on your keyboard to close the file. At the bottom left of your screen you'll see the prompt "Save modified buffer?" Type y for "yes," then press enter.
❏ Press enter again to confirm the filename.
❏ Tip: You can use the command clear at any time to clear the screen.
❏ Now run the command sudo update-initramfs -u to confirm the new font size.
❏ Restart your computer with sudo reboot. When your computer finishes rebooting, the onscreen text will be bigger.
We strongly recommend connecting your single-board computer to your home router using an Ethernet cable. If you need to use wi-fi temporarily, you can skip to the next section.
❏ Plug your Ethernet-to-USB adapter into your single-board computer via the USB-C to 2x USB-A adapter.
❏ Connect an Ethernet cable to the Ethernet-to-USB adapter.
❏ Connect the other end of the Ethernet cable to an Ethernet port on the back of your home router.
❏ To confirm you're connected to the internet, you can run the following ping command on your single-board computer:
ping iffybooks.net
If you get output that looks like this, then you're connected to the internet:
64 bytes from 104.248.2.93: icmp_seq=1 ttl=54 time=17.613 ms
64 bytes from 104.248.2.93: icmp_seq=2 ttl=54 time=12.127 ms
64 bytes from 104.248.2.93: icmp_seq=3 ttl=54 time=24.315 ms
64 bytes from 104.248.2.93: icmp_seq=4 ttl=54 time=14.224 ms
64 bytes from 104.248.2.93: icmp_seq=5 ttl=54 time=19.906 ms
64 bytes from 104.248.2.93: icmp_seq=6 ttl=54 time=13.988 ms
Press ctrl + C to close ping and return to the command prompt.
Hosting a website via wi-fi isn't recommended, because maintaining a long-term wireless connection is a headache. If you want to keep using wi-fi temporarily because Ethernet isn't an option, here's how to set it up.
❏ Run the command sudo orangepi-config to launch the Orange Pi configuration utility.
❏ You'll see a prompt that reads "Configuration cannot work properly without a working internet connection." Press any key to continue.
❏ Use the down arrow key to select the Network menu, then press enter.
❏ Use the down arrow key to select the WiFi menu, then press enter.
❏ You'll see a list of available wi-fi networks. Select your home network, then press enter.
❏ Enter your password at the prompt.
❏ Use the arrow keys to select Quit, then press enter.
❏ Use the arrow keys to select Back , then press enter.
❏ Now select Exit. Then press enter to close the configuration menu.
❏ Now that you're connected to the internet, you'll want to update your software packages. This step is important because some packages may need updates for security reasons.
❏ Type the command below (actually two commands separated by &&), then press enter.
sudo apt update && sudo apt -y upgrade
❏ Enter your password at the prompt and press enter. It may take 10+ minutes for your packages to download and update.
A firewall is a piece of software that restricts access to your device over the network. In this section you'll install and configure the firewall program ufw, short for Uncomplicated Firewall, which will monitor network requests and permit or deny each one depending on rules you set up.
❏ You'll start by installing ufw. Run the command sudo apt install ufw, then follow the prompts to finish installation.
❏ Run the command below to deny incoming network connections by default.
sudo ufw default deny incoming
❏ Run the command below to allow outgoing network connections by default.
sudo ufw default allow outgoing
❏ Run the command below to allow incoming TCP connections on port 80:
sudo ufw allow 80/tcp
❏ Now run the command below to allow incoming TCP connections on port 22. This will make it possible to connect to your server via SSH, which we'll set up in a later section.
sudo ufw allow 22/tcp
❏ Now run the command sudo ufw enable to turn on your firewall.
Next you'll install Apache HTTP Server, one of the most widely used web server programs. (Note: The term "web server" can refer to a piece of software that serves websites, like Apache. "Web server" can also refer to the computer the software is running on.)
❏ Run the command below to install Apache. You'll be prompted to enter your password.
sudo apt install apache2
Now you'll make a directory to store your website files in. The mkdir command makes a directory, and the -p option creates any parent directories in the path if they don't already exist.
❏ Type the command below to create the directory you'll use for your website files, replacing zinegallery.iffybooks.net with the domain you chose earlier.
sudo mkdir -p /var/www/zinegallery.iffybooks.net
❏ Use chown to set the current user (orangepi) as the owner of the directory you just created. Replace zinegallery.iffybooks.net below with the name of the directory you just created.
sudo chown -R $USER:$USER /var/www/zinegallery.iffybooks.net
❏ Now use chmod to set read-write-execute permissions for the directory /var/www/. The 755 option means only the owner (orangepi) can write to the directory, while all users will have read and execute permissions.
sudo chmod -R 755 /var/www/
❏ Use cd to change your current working directory to the directory you just created. (Tip: After typing /var/www/ and the first letter or two of your directory name, press tab to autocomplete the rest of the pathname.)
cd /var/www/zinegallery.iffybooks.net/
❏ Next you'll use the text editor nano to create a file called index.html. This will be the first page people will see when they visit your website.
sudo nano index.html
❏ Now you'll type out some HTML code for a basic web page, just to use as a test. You can adapt the code below, or do a web search for example HTML code.
<!DOCTYPE html>
<html>
<head>
<title>Zine Gallery</title>
</head>
<body>
<h1>Welcome to the Zine Gallery!</h1>
<p>(still under construction!)</p>
</body>
</html>
❏ When you're ready to save your file, press ctrl+X to exit. Follow the prompts at the bottom of the screen to save the file.
❏ Run the command below to change your current working directory to /etc/apache2/sites-available.
cd /etc/apache2/sites-available/
❏ Type ls and press enter to see what files are in the current directory.
❏ Use cp to make a copy of the file 000-default.conf. In the example below, the new file will be called zinegallery.iffybooks.net.conf. Yours should be the domain you chose earlier, followed by .conf.
sudo cp 000-default.conf zinegallery.iffybooks.net.conf
❏ Now you'll use nano to open the configuration file you just created.
sudo nano zinegallery.iffybooks.net.conf
❏ Use your arrow keys to move the cursor to the line DocumentRoot /var/www/html. Delete html at the end and replace it with the name of the directory where your website files are located (i.e., the domain you chose). Here's an example:
DocumentRoot /var/www/zinegallery.iffybooks.net
❏ When you're ready to save your file, press ctrl+X to exit. Follow the prompts at the bottom of the screen to save the file.
❏ Run the following command to have Apache enable your website:
sudo a2ensite zinegallery.iffybooks.net.conf
❏ Next, run this command to disable the site Apache runs by default:
sudo a2dissite 000-default.conf
Ordinarily, you'd run the command systemctl reload apache2 at this point to restart the Apache server. But we're rebooting the computer after the next step, so it isn't necessary this time.
❏ Run the command cd /etc/apache2/ to change your curent working directory to /etc/apache2/. Then use ls to view the directory's contents.
❏ Use the following command to open the configuration file ports.conf with the text editor nano.
sudo nano ports.conf
❏ Find the line beginning with "Listen" and update it to match the line below. This change will expose your Apache website to other devices on your network.
Listen 0.0.0.0:80
❏ When you're ready to save your file, press ctrl+X to exit. Follow the prompts at the bottom of the screen to save the file.
❏ Type the command reboot and press enter to reboot your computer.
❏ Run the command ip addr to find your IP address on the local network. Look for a line beginning with inet 192.168., which will be under enx0... if you're using Ethernet, or wlan0 if you're using wi-fi. In the example below the server's local IP address is 192.168.1.46.
❏ On a computer connected to the same network as your server, open a web browser, type the server's IP address in the address bar, and press enter. You should see your test website!
Typically, when you connect a computer to a network it's assigned a local IP address by a DHCP server program running on the router. Every time you connect, your machine will be given an arbitrary address that isn't already taken, typically beginning with 192.168.
Alternatively, your computer can announce its own static IP address, which never changes. In this case you'll need a static IP address to set up port forwarding, which we'll cover in a future step.
❏ Run the command sudo orangepi-config to launch the Orange Pi configuration utility.
❏ Select the Network menu and press enter.
❏ Select IP and press enter.
❏ Select the enx0... option if your computer is connected via Ethernet.
❏ Select Static and press enter.
❏ Next to Address, enter the local IP address you'd like to use. It should begin with 192.168.1. and end with a number from 2 to 254. You may want to leave this option as-is, because you know your DHCP-assigned IP address isn't being used by another device. Press enter to save your configuration.
❏ Select Back and press enter.
❏ Select Exit and press enter to close the configuration utility.
❏ Run the command sudo orangepi-config to open the Orange Pi configuration utility.
❏ Select System and press enter.
❏ Select SSH and press enter.
❏ The first three options (PermitRootLogin, Password Authentication, and PubkeyAuthentication) should be selected by default. Move your cursor to Save and press enter to enable SSH access.
❏ Select Back and press enter.
❏ Select Exit and press enter to close the configuration utility.
❏ Type the command reboot and press enter to reboot your computer.
❏ From a terminal window on your desktop computer, run the following command to start an ssh session with your server.
ssh orangepi@192.168.1.44
❏ When you're done, you can use the command exit to end the ssh session.
❏ On your desktop computer, go to Documents and create a directory with the same name as the domain/subdomain you're using. In the example below, the directory is called zinegallery.iffybooks.net.
❏ Open a plaintext editor and write some HTML for a new home page. (In the example below we're using Sublime Text.)
❏ Save the file to the website directory you just created, with the name index.html.
❏ If you want, add more pages, images, and files to your website directory. The example page we created above includes links to two PDF files.
❏ Open a terminal window on your desktop computer and type out a command like the one below, substituting your website directory name and the local IP address you're using. Press enter. You'll be prompted to enter the root password for your single-board computer.
scp -r ~/Documents/zinegallery.iffybooks.net/ root@192.168.1.46:/var/www/
❏ Open a browser window on your desktop computer, type your server's IP address in the address bar, and press enter. You should see your updated site!
❏ Open a web browser on a desktop computer and enter the IP address for your home router's admin panel. There's a good chance the IP address is 192.168.1.1. Press enter, then log in with your admin password. (The admin password may be printed on the back of your router, depending on your ISP.)
❏ If your ISP is V*******, you'll need to click Advanced at the top of the window to switch to the advanced admin panel.
❏ Navigate to Security & Firewall, then Port Forwarding.
❏ Under Application, give your server a name. The example is called Zine Gallery Server. For Original Port and Forward to Port, enter 80. Protocol should be set to TCP. Under Fwd to Addr, type the static IP address you chose for your server. Under Schedule, Select Always.
❏ When you're done, click Add to list to create your port forwarding rule. Then click Apply Changes.
❏ To confirm port forwarding works, go to ipchicken.com and find your home IP address.
❏ Copy and paste your home IP address into the URL bar and press enter, and you should see your website.
❏ Go to freedns.afraid.org. Scroll down and click Sign up Free.
❏ Enter your info to create a new account.
❏ Open your email and follow the confirmation link.
❏ Go back to freedns.afraid.org and click Domains in the left column.
❏ Click Add a domain into FreeDNS.
❏ In the text box at the top of the page, enter the domain or subdomain you're using. Then select Shared: Private from the dropdown menu below. Click Submit.
❏ The next page will confirm that your domain has been added to the system. It also says your domain has been temporarily marked as broken, which is normal.
❏ Next you'll update your domain records to use the following name servers for your domain/subdomain:
- NS1.AFRAID.ORG
- NS2.AFRAID.ORG
- NS3.AFRAID.ORG
- NS4.AFRAID.ORG
If you're using a domain you just registered, you can update your domain records on the site where you registered it. If you used GoDaddy, for example, open your Domain Portfolio and click on a domain to open Domain Settings. Then click on the DNS tab.
If you're creating a subdomain with a domain you're already using, you can update your domain records through your VPS provider or hosting service. On DigitalOcean, for example, you can find domain settings under Manage > Networking > Domains.
❏ Create a new NS (name server) record for the domain or subdomain you're using, and enter ns1.afraid.org as the same server. Click Create Record.
❏ Repeat the previous step, creating three more NS records with the following name servers: ns2.afraid.org, ns3.afraid.org and ns4.afraid.org. You'll enter the same subdomain every time.
Next you'll install ddclient, a program that intermittently checks your single-board computer's IP address. If it changes, ddclient will update your DDNS provider.
❏ On your single-board computer, run the following command to install a software package you'll need to use ddclient. Type y at the propmpt and press enter to confirm.
sudo apt install libio-socket-ssl-perl
❏ Run the command below to install ddclient. Type y at the propmpt and press enter to confirm.
sudo apt install ddclient
❏ After installation, a setup wizard will launch. Use your arrow keys to select freedns.afraid.org from the list of DDNS providers. Press enter to continue.
❏ Now enter the username for your account on freedns.afraid.org.
❏ Type our your freedns.afraid.org account password and press enter. You'll be prompted to enter your password again to confirm it.
❏ Select Web-based IP discovery service, then press enter to continue.
❏ Type out the domain/subdomain you're using and press enter.
❏ Finally, run the command below to have ddclient check your current IP address every 5 minutes.
sudo ddclient -daemon 5m
If you don't see any error messages when you run this command, that's a good thing. It means ddclient is running properly.
❏ Now go to a browser on your desktop computer and enter your domain or subdomain in the URL bar. You should see your website! If not, wait five minutes for DNS servers to update and try again.
😻
Anti-Copyright 2024
Iffy Books
404 S. 20th St., PHL
iffybooks.net
Updated June 14, 2024