Question

7

Is portforwarding to my localhost on my personal Ubuntu computer secure?

rated 0 times [ 7] [ 0] / answers: 1 / hits: 510 / 1 Year ago, tue, may 30, 2023, 10:15:49

After installing Lamp on my personally Ubuntu computer, I am running a application that needs to connect to the web to send SMTP mail; for example, paypal needs a www address to notify about successful or failed payments...

I managed to fix the issue by acquiring a free .tk domain, changing my router preference, and port forwarding to my computer IP.

Is this secure? I have a firewall, restricting only access to port:80. It is my personal computer, where I have personal files (with exception of my /var/www folder).

Is there a better alternative?

I was thinking of installing a Ubuntu Server on VMware Workstation, and port forwarding to the virtual server instead, but it might take too much resources.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

uquelighted

Add To Favorites

Follow

Total Points: 242

Total Questions: 110

Total Answers: 106

Location: Cyprus

Member since Tue, Sep 22, 2020

4 Years ago

answered 1 Year ago raacket · Accepted Answer

It will be as secure as your Web server configuration and your Web application, just like it would be were it deployed on a "real" Web server. If the Web server is running as the www-data user, you could change your home directory permissions to something that the www-data user cannot read:

cd ~

chmod 750 .

Run that while logged in as your own username. The rest cannot be guessed without lots information from you including the Web application itself. But, at least this much may offer a little more peace of mind knowing your files in your home directory will not be read.

Add another layer by creating a .htaccess file in the DOCUMENT_ROOT (/var/www/ ?) so that anyone who access the Web server will need to supply a username and password first. This could always be removed at deployment time.

Assuming you are using Apache... edit your Apache config file to make sure that any AuthConfig directives you add will work. Within the 'Directory' directive that specifies your document root, make sure you have AuthConfig in your AllowOverride statement:

AllowOverride AuthConfig

Or, you could use "All":

AllowOverride All

This lets us put Apache directives in .htaccess files. Now create a password file somewhere outside the public portion of the Web site. Here I create (-c) a password file named passwords in /usr/local/etc/apache/ with the initial user, my_username. It will prompt for password.

sudo mkdir -p /usr/local/etc/apache/

sudo htpasswd -c /usr/local/etc/apache/passwords my_username

Then put some Apache AuthConfig directives in the document root. If the document root is /var/www/, then use your favorite editor to create a new file name .htaccess...

sudo vim /var/www/.htaccess

The contents of that file ...

AuthType Basic

AuthName "My Web App"

AuthUserFile /usr/local/etc/apache/passwords

Require user my_username

Save. Change owner and permissions, if running as www-data:

sudo chown www-data /var/www/.htaccess

sudo chmod 400 /var/www/.htaccess

Now no one can use the Web server without username and password, plus the Web server cannot read your personal files. I do not know how or if this password method could work, though, when PayPal is redirecting back to you.

I suppose you could move the .htaccess in and out of the /var/www directory as needed while you are developing the PayPal return portion of your Web app.