Setting up Web Server & File Storage

[blpeterjr]

Good morning guys and gals,

I am a small business owner and am looking to install a file storage system for my company. In addition, I figured why not host my own website files and save some costs there as well. My initial thought was to go with an OS like TrueNAS. After looking through their forums I found everyone recommending FreeBSD to set up websites as well. So here I am.

I have been reviewing a lot of information as this is a new OS to me. I am very familiar with computers and programming. However, how would one accomplish setting up a server on FreeBSD to have something like TrueNAS, but with a web server that can serve two different websites. My websites are not busy by any means and are just informational, but I would like to eliminate web hosting fees if possible. I would love to have a dashboard that is informational such as TrueNAS' dashboard that shows information about the server, file storage, etc. That is something I can work on overtime as well but the ultimate goal is to have a file storage system that is accessible from the outside (using NextCloud or something is fine) and having a webserver set up to serve two different URLs. I have been reviewing some youtube videos regarding setting up Nginx, Apache, MySQL, etc. However, nothing for setting up multiple websites nor a file management system like TrueNAS.

Any thoughts?

Thank you all!

 

[SirDice]

However, how would one accomplish setting up a server on FreeBSD to have something like TrueNAS

You install TrueNAS. Really, there's no point in running FreeBSD only to make it act and work like TrueNAS. Then just install TrueNAS and be done. People here use FreeBSD mostly plain, they install what they need and manage it from the command line. Either by hand or for larger operations using things like Puppet or Ansible to maintain a whole bunch of servers.

My websites are not busy by any means and are just informational, but I would like to eliminate web hosting fees if possible.

So where's it going to run then? On your company's internet connection? How much bandwidth do you have? What about leaving the device running 24/7 and the costs of the hardware, power and that internet connection? Did you compare it with that? Really, it sounds like you can just go to one of those really cheap shared hosting companies and have a website up and running within a few hours and it'll cost pennies.

I would love to have a dashboard that is informational such as TrueNAS' dashboard that shows information about the server, file storage, etc.

Then install TrueNAS.

 

[blpeterjr]

You install TrueNAS. Really, there's no point in running FreeBSD only to make it act and work like TrueNAS. Then just install TrueNAS and be done. People here use FreeBSD mostly plain, they install what they need and manage it from the command line. Either by hand or for larger operations using things like Puppet or Ansible to maintain a whole bunch of servers.


So where's it going to run then? On your company's internet connection? How much bandwidth do you have? What about leaving the device running 24/7 and the costs of the hardware, power and that internet connection? Did you compare it with that? Really, it sounds like you can just go to one of those really cheap shared hosting companies and have a website up and running within a few hours and it'll cost pennies.


Then install TrueNAS.

These are my thoughts as well as far as just installing TrueNAS. It seems easier to learn quickly, especially with me being very new to FreeBSD. I was just looking into it as it was recommended by the TrueNAS community.

 

[SirDice]

FreeBSD is an OS. You can do whatever you want with it. There are about 43000+ potential packages you could install. Ranging from simple applications to complete environments. They all have one thing in common though, you need to know what you're doing. Following a couple of howto's is one thing, actually understanding what you're implementing is a whole different level.

It seems easier to learn quickly

Yes, they spent a lot of time and resources to customize their install to make that possible. It's not something you can build with a few tools, some configuration file editing and a couple of hours. They spent several years developing to get it where it is now.

 

[im]

Use TrueNAS for storage, and any provider for web site.
Do not mix the different roles on the same device. Websites usually a primary target for a lot of worms.
Having a site and a storage on the same device might be a source of security problems.

I have been reviewing some youtube videos regarding setting up Nginx, Apache, MySQL, etc. However, nothing for setting up multiple websites

You can try to build your own hosting, but it require some time for installation and support.
For hosting multiple web-sites read about: apache virtual servers, nginx multiple 'server {}' directives.
Necessity of "https" will require a knowledge about https-sni
Your own hosting useful when you know how to build it, and know all your site dependencies.
For small sites It will never be a cost-efficient.

 

[jmos]

[…] but with a web server that can serve two different websites. […] I have been reviewing some youtube videos regarding setting up Nginx, Apache, MySQL, etc. However, nothing for setting up multiple websites

That's about "how to set up a webserver", there's nothing to know specially about FreeBSD. It's quite simple to set up a working public webserver with database connections (and more than one Domain / website), but if you want it secure there's knowledge, a concept and understanding required - and not just a manual. And also someone who looks permanent after what's going on on such a machine: logfiles, updates, checks of some places like /tmp/-directories, certificates etc.… (It's scary how lazy some companies / people run their webservers - and don't even notice when third parties are hijack their machine… only when the server stops working someone becomes active.)

Basics of more than one website on one Apache: Your server should have a static IP address. All domains this server serves get the A record of this machine. So all HTTP requests are reaching this one Apache. And of course you'll have to configure your Apache. Each website gets a section like this (and each of its domains should be included):

<VirtualHost *:80>
        ServerAdmin admin@domain.com
        DocumentRoot /usr/local/www/apache24/data/website-1-directory
        ServerName www.domain1.com
        ServerAlias domain1.com
        ServerAlias www.domain1.net
        ServerAlias domain1.net
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        ErrorLog /var/log/apache/domain1.com.error.log
        CustomLog /var/log/apache/domain1.com.access.log combined
</VirtualHost>

So when the webserver is asked of an URL, the webserver knows now,that for the domain "domain1.com" the webseite of the directory "/usr/local/www/apache24/data/website-1-directory" has to be served. I recommend to set up a third, empty default / fallback webspace (just a ".htaccess" with a "deny" for everything), so that "weird things" cannot bother your website.

For tests in a save environment I recommend a server in your local network or a virtual machine. To get the domain setup tested you'll add to your "/etc/hosts" (Win & Mac has equivalents to that) f.e.:

192.168.10.9    domain1.com
192.168.10.9    domain1.net

So in this example your own computer now requests the local server with the IP "192.168.10.9", if you're typing "domain1.com" in your webbrowser.

 

[SirDice]

<Directory /> 
   Options FollowSymLinks 
   AllowOverride All 
</Directory>

This is bad. Really bad. You're mixing up <Location> with <Directory> here. That should be:

<Directory /usr/local/www/apache24/data/website-1-directory>
   Options FollowSymLinks 
   AllowOverride All 
</Directory>

OP, see how easy it is to fall into serious configuration errors? Even people that mean well can and will provide the wrong information. NEVER take examples from the internet without understanding what they do or how it works.

 

[ralphbsz]

Setting up a simple web site that serves static HTML pages, using a non-secure (no SSL, no https) connection, is pretty easy. Install the apache package, set up a directory from which to serve the static web pages, copy the web pages into it, configure the server. It would take me 5 minutes, although I'm sure I would get it wrong, with many mistakes (similar to the one SirDice just pointed out). Where it gets harder and requires maintenance: You need to serve https today; browsers are (correctly but obnoxiously) complaining about unencrypted http. Getting a SSL certificate is free and not very difficult, but doing it the first time is a bit difficult. Setting up interesting web pages, with database connections, and version control, is not easy.

What's even worse: Hosts that serve web pages are the #2 target for hackers to attack (ssh ports are #1). You have to do an extremely good job at securing your server. That pretty much starts with having the publicly visible server host on a machine of its own, outside the firewall, isolated from the secure internal network. This is where it starts to get interestingly difficult.

My suggestion would be: Leave the web hosting to someone else. Today, there are several places where you can get free hosting for a few simple static pages. For one small non-profit organization where I help out we use "Google Sites", but there are lots of other options. If you want more than a few static pages, there are lots of inexpensive hosting companies.

 

[richardtoohey2]

My suggestion would be: Leave the web hosting to someone else. Today, there are several places where you can get free hosting for a few simple static pages

This.

OpenSSL is about to release some high severity bug fixes - if you are running your own web server - you will have to watch out for things like that and make sure you are patched and up-to-date.

As im says, separate the two roles - one set-up for web, one for files/storage.

And as SirDice says - if TrueNAS is something that seems good to you, just use it. Or Linux. Or Windows. Whatever.

Unless you have the time, energy & interest in learning how to do it from scratch it's easier to go with a solution that ticks your boxes. It can be fun and very rewarding to learn and achieve your goals, but if not something that floats your boat - just go for the easy option (but make sure you are keeping things up-to-date).

 

[SirDice]

By all means install FreeBSD and experiment away. That's how I started 20+ years ago. FreeBSD has all the tools, bells and whistles, you're going to need or want. There's really a lot you can learn, setting up a website, with PHP, then a database. And it's not going to stop there, add DNS, DHCP. Try some firewalling. Move to virtual machines, jails. Whatever floats your boat. But, please, do so on your own closed off network, with some old otherwise useless hardware. Do NOT experiment with your company's data, your livelihood depends on it. Seriously. It's fine if you destroy some test data, it's a whole different ballpark if you destroy your administration of the last couple of years. You're going to make mistakes, screw up, destroy data. Reinstall, start over a million times. That's all part of the learning experience. You can do without the experience of destroying your livelihood.

 

[zirias@]

Well, experience is one factor, fully agree on that. The other thing that worries me is the idea to save money that way. All the maintenance work that HAS to be done typically isn't "for free". And as soon as you have a host exposed to the internet, there's no excuse to miss ANY security fix, be it an upgrade to the base system, to your webserver software, or to the configuration (e.g. cipher suites that aren't secure any more), and so on. Still, this is only half of the story, you also have to account for hardware failure with a solid backup plan. And then, you might want to think about acceptable downtimes. For my private stuff, I do have full regular backups, but recovery would take me at least a day in case of an incident that requires complete reinstallation – that's most of the time unacceptable for a business. I'd say even a cheap webhoster offers a service level you can't reach yourself unless you invest a LOT more.

That all said, I still think it can be ok to have e.g. a jail with a webserver exposed to the internet on the same machine, separated in a different VLAN. Of course, with remote Spectre attacks now being a real thing, this can't give the same level of security as dedicated hardware, but taking probabilities into account, it might be acceptable. Whether it makes sense, well, see above

 

[Jose]

I agree with all the previous posts in this thread. Do use Truenas, and do separate your file storage from your Web server. Those control dashboards you like are a prime target for cracking on the Web. I'm so sick of seeing Cpanel URLs in my logs.

If you want to mess with a Web server for experimentation, there are simpler choices than Nginx or Apache. I'm a fan of www/thttpd, and not just because it reminds me of Bill the Cat.

 

[drhowarddrfine]

I'm a fan of www/thttpd, and not just because it reminds me of Bill the Cat.

I always thought the same.

 

[Mjölnir]

TrueNAS will soon be Linux inside... Brrr... A FreeBSD-based, really free alternative is XigmaNAS. Please keep in mind: the electricity costs to run your hardware @home 24x7 to serve your websites will easily outweight the fees for a professionally hosted website. Plus, usually that will be in a professionally maintained data centre, with UPS, regular backup, good & redundant internet connection etc.pp., all bells & whistles that you'll not be able to implement @home below costs of several k$/month.

 

[hruodr]

Please keep in mind: the electricity costs to run your hardware @home 24x7 to serve your websites will easily outweight the fees for a professionally hosted website.

Unless it runs in a SoC like a amd geode. There are some thin clients that do not take much electricity.
And if he wants to run his storage system 24 hours a day, then also can run there a web server,
but the question is, if it is a good idea to connect the file server to the internet (I would keep it local).

 

[balanga]

I very much agree with separating a web server and business file server, having the former on a public network, ideally as a VPS so that you have full control over it, apart from the headache of power outages etc and someone will be on hand to investigate any non-FreeBSD issues which might arise. You can always use your internal file server as a backup/stager for the live web server.

 

[CLUBTURBO]

FreeBSD Is A Super Server.
I Have Been Using It For
Many Years Off And On.

Using FreeBSD Jails,
Apache Proxy Servers,
And, Maybe PF As A Firewall /
All Around Work Horse Is Top Notch.
Not A Lot Of Complexity At All.

The Learning Curve Is Some What
Slower? Due To Reading Documentation
And Finding Others Workings Setups.

But Sorting Out The Basic How To
Information Is Not To To Hard?

If Your Able, Learning This Information
And How To Apply It Is Worth The Effort.
I Always Setup A Few Things, leave It Be.

Then Learn More On Top Of What I Have Working?
Then Set It All Up Again, Keep This Going Till
I Have What I Need, Or What Others Need.

But Again, The Logic Of This Is Pretty Simple Setup.
The Learning Curve Can Be Slower?

But Once You See It All At One Time Working?
Its Pretty Simple, And A Tough Setup To Beat.

Somethings Are Better Documented Under
FeeBSD And OpenBSD. Good Books For Thumbing
About To See The Graphic Topology Mainly.

Anyways, I Am Addressing The Logic Your Facing
Using FreeBSD Mainly.

Here Is A Small Little Work Up As A Case In Point.

Building a FreeBSD NAS Part 3: System setup - davd.io

FreeBSD is the ideal system to use when building a server. It's reliable and rock-solid and it's file system ZFS not only offers anything you would expect from a file system but is also easy to set up and to maintain. This is why I chose it to power my NAS.

www.davd.io