Access php from outside the local network?
-
@Abdiel-Perez-Tellez , if you want help about your network you should tell us how it looks like ... how the Omega is connected to the internet and if you use probably a Ethernet extention ... because the Omega has to be configured as Router if you use more than one Network configuration. There is also a firewall active.
-
@Luciano-S. It is a wifi conection, no ethernet extention. I also forgot to mention it is an omega2.
-
@WayneL said in Access php from outside the local network?:
it's not for you to decide what he does with his Omega2. He paid for it. It's his property. There are plenty of reasons to run a web server on an Omega2. Sure, he may be going about it the wrong way, but the only way he's going to learn is by making mistakes, not by being shut down by someone unfamiliar with his needs or goals.
If you don't have a solution to his problem, then resist the temptation to post.
You keep seeing things no one said. I didn't tell him that he can't do it, nor did I say that running a web-server on an Omega2 shouldn't be done at all. My point is securing it before connecting to the Internet. We have Mirais and all because of all the insecure devices connected to the Internet, and they're a problem everyone, plus then there's the thing that I don't want @Abdiel-Perez-Tellez having his network broken into, either!
-
@Abdiel-Perez-Tellez said in Access php from outside the local network?:
@Luciano-S. It is a wifi conection, no ethernet extention. I also forgot to mention it is an omega2.
If your Omega2 is connected to another network at home, then yes, it is perfectly possible to make it accessible from the Internet. You just need to access your router and set up port-forwarding to the Omega2 in the router's settings. But I really, strongly suggest you look into securing your Omega2 first before setting up port-forwarding, you do not want the bad guys being able to get in your Omega2 and from there inside your network.
-
@WereCatf I was doing this right now: "just need to access your router and set up port-forwarding to the Omega2 in the router's settings", and yes, I am on a second network I have at home just for testing. I don't want to compromise my main one. Thanks!
-
@abd Have you tried pagekite.net? it is an open souce pyhton, but not so sure if can run on Omega2. It sure run on raspi...
-
@Victor-Tagayun
I have tried it and it works, but not extensively. You have to install python though.
-
I'm with @WereCatf , the security is not something you think after you plan your deployment, the security must come from the beginning. Mirai was no joke, it was a very serious thing.
First the services lhe Omega2 offers: port 22 for SSH, ports 80 and 443 for console an your php website. You should remove console totally. Remove SSH root login with password, add other accounts with SSH certificates for login.
Second, the network where the Omega2 is connected. This is a general topic, and better than this forum, you should read about generic home servers. Deploy a DMZ network, set a good firewall, an IDS, etc.Is it possible? If you have an ISP, yes, you can access it from the Internet. Usual topics to search about: NAT, DMZ, DNS, the dynamic or static IP your ISP will give you, etc.
-
@José-Luis-Cánovas that is very informative. Do you have guides that novice like me can follow along how to setup these? Like what you state "You should remove console totally. Remove SSH root login with password, add other accounts with SSH certificates for login."
-
@Victor-Tagayun I don't know specific guides, this is more about experience with the services and reading man pages.
Notice that you want to embrace a lot right now, you may desperate in some point. Hang on there.- Remove console: The default web pages the Omega2 comes with are stored in some
.../www
directory, and the web server will have some info about the webpage to serve. All that may come in the docs, find them (you may encounter them while setting your own web) and then delete them, because if they are still up, someone from the internet could attack your Omega2 through the onion console. - SSH no root login: ssh service must have a configuration file, for example in
/etc/ssh.conf
(I don't know if that is the file). Inside it, many parameters for the service, like the port to listen to, the possibility to login with name and password, if that login can be the userroot
, etc. The idea is that nobody can access as root from the internet, neither you, use serial to act as root. Also the web service shouldn't run as root, that's why you add another user, for exampleomega
, with less privileges.
Search google topic by topic, "ssh non root login", "linux add new user", "web service firewall recommended configuration", etc.
- Remove console: The default web pages the Omega2 comes with are stored in some