DarkElvenAngel
Posts: 1912
Joined: Tue Mar 20, 2018 9:53 pm

Looking for advice on web project.

Thu Oct 14, 2021 6:45 pm

Hello everyone,

I've been tasked to come up with a database design and front end. In the past I've used PHP and MySQL to do this but times have changed and I'm thinking if this is the best way to do things?

The front end and database servers will be added to my home network, I'm planning to use a Pi for this most likely a B+. I have faster Pi's available if I need one, for now I'd like to integrate with the existing setup.

The Web server will be behind a VPN and thus not accessible unless the client device (A cell phone and a Tablet in this case) has the proper keys. This is already setup and working I can browse my local network from anywhere my VPN can connect. Is there an easy method to use HTTPS?

The important thing is this is basically a single user application, It will have not be used by just anyone, however the data must be secure. In the past I've used web hosting services and purchased domain names ect. In this case We have a budget goal of zero meaning we don't want to pay for services we don't already have. Development time and any work I do is not factored in the budget.

In summary I'm looking to set up a database that can be accessed on a remote device that will allow for a secure connection and will be easy maintain.

User avatar
topguy
Posts: 7231
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: Looking for advice on web project.

Sun Oct 17, 2021 1:48 pm

Is there an easy method to use HTTPS?
You mean instead of VPN or on top of VPN ?

Anyway, https://letsencrypt.org/docs/ has instructions how to easily create keys for your domain and creates Apache config for you. You need a domain for this, you can get a subdomain from https://freedns.afraid.org/
I've used PHP and MySQL to do this but times have changed and I'm thinking if this is the best way to do things?
It hasnt changed THAT much... if its what you know, then you save on time to learn something new.

DarkElvenAngel
Posts: 1912
Joined: Tue Mar 20, 2018 9:53 pm

Re: Looking for advice on web project.

Mon Oct 18, 2021 12:06 am

Thanks for the reply,

Yes I'm going to put the HTTPS behind the VPN. Thanks for the links currently using duckDNS hopefully that works okay with this.

It's good knowing that I can use my old code.

I was wondering if MySQL is still the correct choice for a server or should I be looking for the other database server I recall some news a while back and people were switching to something else MariaDB maybe? I've always suck with MySQL however if something else offers better performance on a Pi then I would give it a try.

DarkElvenAngel
Posts: 1912
Joined: Tue Mar 20, 2018 9:53 pm

Re: Looking for advice on web project.

Mon Oct 18, 2021 12:28 am

I see a problem now that I'm reading through the let's encrypt docs. The site needs to be accessed from the web without the VPN for this to work properly?

So is it possible to use a firewall to block the port 80 unless I'm updating a certificate? Would a self signed certificate work?

User avatar
topguy
Posts: 7231
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: Looking for advice on web project.

Tue Oct 19, 2021 10:02 am

I just opened for port 80 temporarely when creating the certs and then disabled it afterwards.

User avatar
rpdom
Posts: 19157
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Looking for advice on web project.

Tue Oct 19, 2021 10:32 am

DarkElvenAngel wrote:
Mon Oct 18, 2021 12:06 am
I was wondering if MySQL is still the correct choice for a server or should I be looking for the other database server I recall some news a while back and people were switching to something else MariaDB maybe? I've always suck with MySQL however if something else offers better performance on a Pi then I would give it a try.
If you install MySQL on Raspberry Pi OS (or most up to date Linux OSen), you will get MariaDB instead. It is fully compatible.
Unreadable squiggle

DarkElvenAngel
Posts: 1912
Joined: Tue Mar 20, 2018 9:53 pm

Re: Looking for advice on web project.

Tue Oct 19, 2021 1:07 pm

topguy wrote:
Tue Oct 19, 2021 10:02 am
I just opened for port 80 temporarely when creating the certs and then disabled it afterwards.
If I understand this correctly then I will need to set the router will need to forward port 80 to the Pi and that Pi will have a firewall to block the forwarded port when it's not in use?

I'll have to look up how to achieve this is there a recommendation for a firewall?
rpdom wrote: If you install MySQL on Raspberry Pi OS (or most up to date Linux OSen), you will get MariaDB instead. It is fully compatible.
Alright thanks.

My current setup has lighttpd am I going to need to change this server?

User avatar
topguy
Posts: 7231
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: Looking for advice on web project.

Thu Oct 21, 2021 8:55 am

If I understand this correctly then I will need to set the router will need to forward port 80 to the Pi and that Pi will have a firewall to block the forwarded port when it's not in use?
Or just disable/remove the forwarding of port 80 in the router again.
During installation og the certs, I think the script also asks you if you want to enable automatic redirection from http (port 80) to https (port 443).

DarkElvenAngel
Posts: 1912
Joined: Tue Mar 20, 2018 9:53 pm

Re: Looking for advice on web project.

Sat Oct 23, 2021 3:33 am

topguy wrote:
Thu Oct 21, 2021 8:55 am
Or just disable/remove the forwarding of port 80 in the router again.
During installation og the certs, I think the script also asks you if you want to enable automatic redirection from http (port 80) to https (port 443).
I can do a schedule on the router as to when the port will be forwarded. My understanding is that I need to set up a cron event to update my certificate every so often.

I've been busy with other things, however I've got the database server up and a self signed cert running so I can confirm that my browser says https://example.com the ground work is starting to take shape. With all this now I can figure out how to get a valid key for the site hopefully.

Return to “Networking and servers”