Overview
This project involved purchasing a domain, setting up a secure cloud server on a Raspberry Pi, configuring DNS settings, and deploying a website using HTTPS. I integrated several key technologies and overcame technical challenges related to SSH, firewalls, SSL, and DNS management. This website serves both as a portfolio of my work and a personal cloud solution, reflecting my journey into cybersecurity and web development.
Inspiration and Objective
- Showcase my growing knowledge in IT and cybersecurity.
- Set up a personal cloud server for hands-on experience with server management and security tools.
Phase 1: Acquiring Knowledge
- Google IT Support Professional Certificate – foundational skills in networking, system administration, and security.
- CompTIA IT Fundamentals (ITF+) – fundamental understanding of IT concepts and tools.
- Explored Raspberry Pi for server management and cloud hosting.
- Set up passwordless SSH access and practiced with UFW and IPTables firewalls.
Phase 2: Domain and Hosting Infrastructure
- Purchased the domain bpcloud.app through GoDaddy and configured DNS settings.
- Used a Raspberry Pi 5 with a 1TB SSD as a web server and cloud storage solution.
- Installed Nextcloud to experiment with cloud-based file sharing and self-hosted cloud solutions.
Phase 3: Configuring Security
- Installed Fail2Ban to protect the server from brute-force attacks.
- Configured UFW firewall rules to allow only necessary traffic (SSH, HTTP, HTTPS, DNS).
- Ensured passwordless SSH access for secure remote management.
Phase 4: Website Deployment and SSL Setup
- Faced and resolved “Access through untrusted domain” error by adding bpcloud.app to the trusted domains list in Nextcloud.
- Installed Certbot to validate the SSL certificate and ensured HTTPS access for secure communication.
- Redirected traffic to the non-www version of the domain to avoid certificate mismatch errors.
Key Challenges and Solutions
1. Firewall Blocking DNS and ICMP Traffic
Issue: DNS queries and ping (ICMP) requests were blocked, causing network connectivity problems.
Solution: Re-ordered IPTables rules to allow DNS and ICMP traffic before the default DROP rule.
2. SSH Key Authentication Issues
Issue: Passwordless SSH access failed due to misconfiguration in sshd_config.
Solution: Uncommented the necessary lines in sshd_config and set proper permissions on .ssh and authorized_keys files.
3. Public IP Access Issues
Issue: Encountered an "Access through untrusted domain" error with Nextcloud.
Solution: Added bpcloud.app to the trusted domains list in Nextcloud’s configuration.
4. SSL Certificate Setup
Issue: Errors during SSL setup and certificate validation.
Solution: Used Certbot to correctly configure SSL and redirected traffic to non-www for consistency.
5. Repository Connection Issues Due to IPv6
Issue: Repository access failed because IPv6 was prioritized.
Solution: Forced the system to use IPv4 by modifying the apt configuration.
6. Switching from IPTables to UFW
Issue: Faced conflicts while switching firewalls.
Solution: Removed IPTables and enabled UFW with appropriate rules for SSH, HTTP, and HTTPS.
Technologies and Tools Used
- Raspberry Pi 5 with 1TB SSD
- GoDaddy (Domain, SSL Certificate)
- Nextcloud
- UFW Firewall, IPTables
- Fail2Ban
- SSH, Terminus (iPhone App)
- Certbot for HTTPS
- ChatGPT (as an assistant for troubleshooting and research)