Access php from outside the local network?



  • Hi all,

    After researching for a while I have not figured out how to access the php webserver hosted on my omega 2 from outside the local network. I have php7 up and running perfectly, and it can be accessed from my local network, but for my project, it needs to be accessed from the internet, at this point i don't even know if this is possible. I am not good at networking :(

    Thank you in advance!



  • @Abdiel-Perez-Tellez said in Access php from outside the local network?:

    I am not good at networking :(

    And you think it's a good idea to let the Internet have access to your Omega2? Let me guess: you just placed your PHP-files under the /www-directory, but you didn't remove the Onion Console or the setup-wizard or secure them in any way? If you opened access to the web-server like that, anyone on the Internet could then access the setup-wizard and the Console -- very bad idea.



  • @WereCatf And you think it's a good idea to let the Internet have access to your Omega2?

    it's not for you to decide what he does with his Omega2. He paid for it. It's his property. There are plenty of reasons to run a web server on an Omega2. Sure, he may be going about it the wrong way, but the only way he's going to learn is by making mistakes, not by being shut down by someone unfamiliar with his needs or goals.

    If you don't have a solution to his problem, then resist the temptation to post.



  • @WereCatf I am maybe not that good at networking, but I am not stupid. Part of my question it is "I don't even know if this is possible". I just need to know if it is possible for now, and how to make it happen. I use to divide mi problems by logic sections. If this is possible, then I will worry about security later. I am not completely dumb regarding networking, I know a couple of things about uhttpd, ports, folder permissions and other stuff. When I say "I am not good at networking", it means I am not a networking "guru". Thank you for taking your time for reading my post!



  • @WayneL Thank you! I like programming because you can't never say "it can't be done", because I know there is always a way... I am pretty sure there is a way for doing what I want. I know a got to take into consideration the security issue, but I will worry about it after my first step: get access from the interner. Thank you for taking time to read my post! and also @WereCatf one too :)



  • @Abdiel-Perez-Tellez , if you want help about your network you should tell us how it looks like ... how the Omega is connected to the internet and if you use probably a Ethernet extention ... because the Omega has to be configured as Router if you use more than one Network configuration. There is also a firewall active.



  • @Luciano-S. It is a wifi conection, no ethernet extention. I also forgot to mention it is an omega2.



  • @WayneL said in Access php from outside the local network?:

    it's not for you to decide what he does with his Omega2. He paid for it. It's his property. There are plenty of reasons to run a web server on an Omega2. Sure, he may be going about it the wrong way, but the only way he's going to learn is by making mistakes, not by being shut down by someone unfamiliar with his needs or goals.

    If you don't have a solution to his problem, then resist the temptation to post.

    You keep seeing things no one said. I didn't tell him that he can't do it, nor did I say that running a web-server on an Omega2 shouldn't be done at all. My point is securing it before connecting to the Internet. We have Mirais and all because of all the insecure devices connected to the Internet, and they're a problem everyone, plus then there's the thing that I don't want @Abdiel-Perez-Tellez having his network broken into, either!



  • @Abdiel-Perez-Tellez said in Access php from outside the local network?:

    @Luciano-S. It is a wifi conection, no ethernet extention. I also forgot to mention it is an omega2.

    If your Omega2 is connected to another network at home, then yes, it is perfectly possible to make it accessible from the Internet. You just need to access your router and set up port-forwarding to the Omega2 in the router's settings. But I really, strongly suggest you look into securing your Omega2 first before setting up port-forwarding, you do not want the bad guys being able to get in your Omega2 and from there inside your network.



  • @WereCatf I was doing this right now: "just need to access your router and set up port-forwarding to the Omega2 in the router's settings", and yes, I am on a second network I have at home just for testing. I don't want to compromise my main one. Thanks!



  • @abd Have you tried pagekite.net? it is an open souce pyhton, but not so sure if can run on Omega2. It sure run on raspi...



  • @Victor-Tagayun
    I have tried it and it works, but not extensively. You have to install python though.



  • I'm with @WereCatf , the security is not something you think after you plan your deployment, the security must come from the beginning. Mirai was no joke, it was a very serious thing.

    First the services lhe Omega2 offers: port 22 for SSH, ports 80 and 443 for console an your php website. You should remove console totally. Remove SSH root login with password, add other accounts with SSH certificates for login.
    Second, the network where the Omega2 is connected. This is a general topic, and better than this forum, you should read about generic home servers. Deploy a DMZ network, set a good firewall, an IDS, etc.

    Is it possible? If you have an ISP, yes, you can access it from the Internet. Usual topics to search about: NAT, DMZ, DNS, the dynamic or static IP your ISP will give you, etc.



  • @José-Luis-Cánovas that is very informative. Do you have guides that novice like me can follow along how to setup these? Like what you state "You should remove console totally. Remove SSH root login with password, add other accounts with SSH certificates for login."



  • @Victor-Tagayun I don't know specific guides, this is more about experience with the services and reading man pages.
    Notice that you want to embrace a lot right now, you may desperate in some point. Hang on there.

    • Remove console: The default web pages the Omega2 comes with are stored in some .../www directory, and the web server will have some info about the webpage to serve. All that may come in the docs, find them (you may encounter them while setting your own web) and then delete them, because if they are still up, someone from the internet could attack your Omega2 through the onion console.
    • SSH no root login: ssh service must have a configuration file, for example in /etc/ssh.conf (I don't know if that is the file). Inside it, many parameters for the service, like the port to listen to, the possibility to login with name and password, if that login can be the user root, etc. The idea is that nobody can access as root from the internet, neither you, use serial to act as root. Also the web service shouldn't run as root, that's why you add another user, for example omega, with less privileges.

    Search google topic by topic, "ssh non root login", "linux add new user", "web service firewall recommended configuration", etc.


Log in to reply
 

Looks like your connection to Onion Community was lost, please wait while we try to reconnect.