I think you should take baby-steps and focus first on just getting something running for you to use. Maybe first experiment with configuring an application you’d like in a virtual machine before you spend money on hardware too.

Be extremely careful. Plenty of people are really smart and malicious, so you need to isolate it from everything on your network. You’re giving random people remote code execution on your local network, which is like the worst case scenario for security.

Install proxmox on a computer with plenty of RAM and CPU and you’ll be able to create VMs which you can give out or rent out to anyone.

In regards to access, ipv4 is not a good idea. Especially not residential IP addresses., You should get ipv6 addresses maybe from a tunnelbroker. But anyways, first you need the server with the hypervisor (which is what you’re looking for) and then you can slowly run tests, learn and eventually figure out networking.

Btw, it might be cheaper to simply rent a server, which would solve the issue of ip addresses. OVH has cheap servers and a proxmox install wizard.

Just please don’t use it for anything sensitive until you can find someone to give a quick check up in regards to security to make sure you haven’t missed anything. Unlike a regular PC, this one is expected to receive inbound connections which has its risks.

But don’t worry about that too much now. Find an old computer or rent a server, install proxmox and start testing, playing around and learning.

Edit: chatgpt is good when wanting to learn this stuff. Especially gpt-4, but even gpt-3.5 will do. Just don’t trust it blindly as it still messes up about 20% of the time. But it’s often better than googling for tutorials since you can’t often find what you’re looking for.

Edit2: the setup I propose will allow you to divide a regular computer into 100s of virtual ones limited only by the total RAM, disk and CPU. If you only want a web server on dedicated hardware get a raspberry pi, because my proposal would be overkill. But it’s the closest to “being your own cloud provider”.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

12 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.

[Thread #240 for this sub, first seen 25th Oct 2023, 05:25] [FAQ] [Full list] [Contact] [Source code]

Your basic requirements are:

• Some kind of domain / subdomain payed or free;
• Home ISP that has provides public IP addresses - No CGNAT BS;
• Ideally a static IP at home, but you can do just fine with a dynamic DNS service such as https://freedns.afraid.org/ (will update your domain with your dynamic IP when it changes);
• Ideally a home ISP that allows for “bridged” mode or has a ONT device + router where you can add a switch in between and have the server directly connected to the Internet, with its own public IP, outside of your home network (more bellow);

Hardware coices:

Don’t get server hardware, use regular desktop/laptop machines as they’ll be more than enough for you. Server hardware is way more expensive and won’t be of any advantage. If you’re looking to buy you can even get very good 9-10th gen Intel CPUs and motherboards that are perfect to run servers (very high performance) but that people don’t want because they aren’t good to play the latest games.

This hardware is also way more power efficient and sometimes even more powerful than any server hardware that you might get for the same price. Get this hardware for cheap and enjoy.

If you don’t require a TON of computer power some people might suggest ARM board, such as the Raspberry Pi, but be careful with those. ARM is great for power savings but compared to consumer hardware is it shit when it comes to performance and reliability. Also I personally like to avoid the Raspberry Pi and their stuff as much as possible. They’ve done good things for the community however they’ve some predatory tactics and shenanigans that aren’t cool. Here a few examples of what people usually fail to see:

• Requires a special tool to flash. In the past it was all about getting a image and using etcher, dd or wtv to flash it into a card, now they’re pushing people to use Raspberry Pi Imager. Without it you won’t be able to easily disable telemetry and/or login via network out of the box;
• Includes telemetry;
• No alternative open Debian based OS such as Armbian (only the Ubuntu variant);
• Raspberry Pi 5 finally has PCI. But instead of doing what was right they decided to include some proprietary bullshit connector that requires yet another board made by them. For those who are unware other SBC manufacturers simply include a standard PCI slot OR a standard NVME M2 slot. Both great option as hardware for them is common and cheap;
• It is overpriced and behind times.

For what’s worth the NanoPi M4 released in 2018 with a RK3399 already had a PCI interface, 4GB of RAM and whatnot and was cheaper than the Raspberry Pi 3 Model B+ from the same year that had Ethernet shared with the USB bus. If you still want ARM and you’re about just serving a few websites, cloud service wtv pick a Chinese brand such as friendlyelec or rockpi. More computing for less money and a lot less proprietary BS.

Mini computers from big brands though, for 100€ you can get an HP Mini with an i5 8th gen + 16GB of ram + 256GB NVME that obviously has a case, a LOT of I/O, PCI (m2) comes with a power adapter and more importantly it outperforms a RPi5 in all possible ways. Note that the RPi5 8GB of ram will cost you 80€ + case + power adapter + bullshit pci adapter + sd card + whatever else money grab.

Side not on alternative brands, HP mini units are reliable the BIOS is good and things work. Now the trendy MINISFORUM is cool however their BIOS come out of the factory with wired bugs and the hardware isn’t as reliable - missing ESD protection on USB in some models and whatnot.

Quick check list for outward facing servers:

1. Isolate them from your main network. If possible have then on a different public IP either using a VLAN or better yet with an entire physical network just for that - avoids VLAN hopping attacks and DDoS attacks to the server that will also take your internet down;
2. If you’re using VLANs then configure your switch properly. Decent switches allows you to restrict the WebUI to a certain VLAN / physical port - this will make sure if your server is hacked they won’t be able to access the Switch’s UI and reconfigure their own port to access the entire network. Note that cheap TP-Link switches usually don’t have a way to specify this;
3. Only expose required services (nginx, game server, program x) to the Internet. Everything else such as SSH, configuration interfaces and whatnot can be moved to another private network and/or a WireGuard VPN you can connect to when you want to manage the server;
4. Use custom ports with 5 digits for everything - something like 23901 (up to 65535) to make your service(s) harder to find;
5. Disable IPv6? Might be easier than dealing with a dual stack firewall and/or other complexities;
6. Use nftables / iptables / another firewall and set it to drop everything but those ports you need for services and management VPN access to work - 10 minute guide;
7. Use your firewall to restrict what countries are allowed to access your server. If you’re just doing it for a few friends only allow incoming connection from your country (https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching)

Realistically speaking if you’re doing this just for a few friends why not require them to access the server through WireGuard VPN? This will reduce the risk a LOT and won’t probably impact the performance. This is a decent setup guide https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-debian-11 and you might use this GUI to add/remove clients easily https://github.com/ngoduykhanh/wireguard-ui

make it available to anyone

To do what?

First of all you need that your ISP actually gives you an IP that points back to your home network. It’s not uncommon that your IP points to some ISP NAT that routes the internet to many houses, making it impossible to expose some device in your network to the internet.

It was my case, then I needed to call them and ask to have an IP that goes directly to my gateway.

After that you can go to your gateway and do port forwarding from the internet to your server in your home. For example, you can forward port 80 from internet to your server private IP on port 80, so when someone browsers your IP it will get whatever page is hosted on your server.

About server tech specs, it depends on what you want to host. I used to host a personal Nextcloud server in a raspberry pi, which is really power efficient and cheap to maintain. Maybe you’ll want a server with higher specs that might draw more power. It’s really up to what you wanna do specifically.

That’s a question ChatGPT would excel at… It sounds like it might be a big task for your shoes, but here goes (100% organic reply, mind you):

• get a Raspberry Pi, install your web app, make sure you can reach it on the LAN
• forward the port your web-app is running on to the Raspberry Pi: app is now reachable under IP:port from the internet)
• set up a domain with a provider that supports dyndns, set up a job on the Pi to regularly check in with the dyndns provider and tell it your current WAN IP: app is reachable on your own domain; success

This is leaving out any security measures and you will want to take care of those before opening your home LAN to the world! Have fun learning!

What does a “home AWS” mean?