Thoughts on Running a Web Server Through a VPN

l008com

Limp Gawd
Joined
Jun 20, 2002
Messages
339
This is going to be a wordy post because the devil is in the details.

For many years, I've been running a fairly popular, fairly profitable website. In the very beginning, some 17 years ago, I hosted the site at home on my residential cable internet connection. Over time, the site grew and got more serious. With the advent of AdSense, it started making money. It wasn't long before I moved from a home server to a traditional web hosting account. But that also didn't last too long. More features lead to unusual needs that are not compatible with shared hosting, so I started running my own server, collocated in a data center. I've been running things this way for close to 15 years.

The data center is about 1000 miles away, so after stressfully using tower computers for a few years (plus computers in general just weren't as stable back then as they are now), I switched to 1U rack-mount servers with features like dual redundant power supplies and Lights-Out-Management. It only costs me $52 a month to collocate a single 1U server, and it has worked very well. But still, it would make my life much easier on many different levels, if I could host the site at home again. I've looked into this, but the costs were always too high and the speeds too slow. But over time they've gotten better and better. I've been in the tech industry for almost as many years as I've ran this website, and getting stuck on a business internet plan at home just gives me that bad feeling inside. It would cost more than I'm paying now, but what happens when they decide to pump the rates up? I'll be stuck with them because I can't easily send the home server off to a data center. The home server will be a desktop computer. I'd have to build a whole new rack-mount from scratch.

I'm glossing over a lot of the finer details, but there's a lot of reasons why hosting at home would not be a great idea. But this brings us to the idea I had the other day.....

Many people use 3rd party VPN services to hide what they're doing online, or to hide their geographic location. But what if I got a VPN service with a static, fairly local IP address. (which you can easily get, inexpensively). Then I could use my faster (100/100), cheaper ($40) residential internet connection, run a home server that connects to this VPN service, and once it did, it would magically become my server. All of my domain names would be pointing to my static IP with the VPN provider.

I let this idea bounce around in my head for a day and it really seems great. Lots of Pros! The cost of home internet, plus the VPN account would be cheaper than my collocation alone. It would be running off of 100/100 internet, so it would be very fast. I wouldn't need a fancy rackmount server with dual power supplies. I could keep a usb clone of my server's HD and in a pinch, boot any computer I had handy off that drive and let it become the server, just as soon as it connects to the VPN. Backing up the server would be super easy, maintaining it would be super easy. Upgrades would be easy. And if an upgrade goes awry for any reason, restoring the server from a backup... you guessed it... super easy since it's local.

In theory, I could even move the server around. If I used a laptop for example, I could take the computer over my mothers house, connect it to the VPN, and minus the 10 minute driving downtime, I'd now be hosting everything right out of her house instead of mine. I could take the whole server on vacation with me! Silly ideas like that (that I would probably never do) show a very interesting level of flexibility this system would give me.

I'm falling in love with the idea of running this server at home, through a VPN tunnel.
But it also makes me nervous. I've never used a VPN in this way. It seems like it should work, but it would have to work perfectly. The VPN would have to be connected 24/7. If it ever got knocked off, it would have to instantly auto-reconnect. My lack of experience is where this thread comes in.
I'm hoping to get some input and feedback from anyone who has done this before... if there are any of you?
But I'm also interesting in hearing from anyone that works extensively or at least regularly with VPNs.
I'm not talking about "I use a cheap VPN to torrent through". Not interested in that.
But if you have any experience running VPNs as an admin, or using them in a more professional setting, I'd like to hear your input on this idea!
 
My experience between consumer cable internet vs business-class is the service. The place I worked at a few years ago was a small shop, < 20 people, and they had business cable. The few times that there were problems, our IT guy was able to get them on the phone immediately and get whatever it was done in short order. Compare that to the consumer service I have at home: I have downtime about once a year and have to call them and run through the idiot script before they do whatever they do on their side to get it working. A few years ago I called and they couldn't get it working on their end, and it took 2 days to get a tech over. Turns out the neighbor had cancelled their service, and they did a street disconnect, and they disconnected me by mistake. My point being - you get what you pay for. Pay for business-class, get reliability and responsiveness, pay for consumer and get blown off once a year. If your website is a business, treat it like a business.

Is running the site from home really worth the convenience compared to relying on a off-site datacenter, which presumably would have redundant internet, power, plus a secure location? I get that you say your use case is really unique, but I can't imagine remote management would be that bad.

Edit: You run whatsmyip.org? That's my go-to when needing to find my public IP, and your random site loader is awesome as well. Keep up the good work man!
 
Last edited:
Luckily that's not really an issue here. I live in an area where all of the ISPs are very mature and have been around for a long time. I also do tech support in this area, outages are very rare, especially with FiOS. And my experience with "business class" tech support has not really been any better than residential. I don't consider that angle to be a very big factor here. Plus with the VPN solution, I have the extra safety net of being able to simply move my server anywhere I need to. I can bring it over a family members house and run it there for a few days if I have to. Which is a nice safety net to have. Same with power. Power failures are very rare here, especially ones over an hour or so. It's a very reliable infrastructure, otherwise I wouldn't even consider this.
 
You'll have to be careful of the terms of service and acceptsble use policies. Most residential providers prohibit hosting servers. Just because they can't see what you're sending and receiving, it doesn't mean they can't tell what you're doing. They'll see 24/7 activity hitting a single port that originates off network followed by a larger quantity of data leaving your system. They'll know you're likely running a dedicated server of some sort and could suspend or terminate your service.
 
No reason to host at home, it is NOT easier, and will cost more, to your bottom line when things go down, do you have redundant power, internet, cooling and all that? You go down a couple times you lose users, simply as that. You say power doesn't go down often but end users hate when they can not get to a site.

Pack up your server and take it to family, and do they have fast internet, now you have to change DNS records, assuming they have static IP's...

VM's, NO reason to have physical hardware for a website any more, Azure, AWS, look at OVH, i always loved using them. One problem with Azure and AWS is once you get into multiple vCPu's price gets high real fast...but if you do the site our properly you can do several smaller VM's.

Also use cache servers with NGINX or a CDN to host off your content faster. I ran the infra for an online poker site and we had 3 front end proxies (1vCPU / 2G / 10G HD each, that took hits after having commercials on ESPN during the world series of poker), 1 in Europe and 2 in NA with the main servers in our datacenter in Central America. Things ran smooth as butter, but we did also use Geo IP DNS services and had Neustar /UltraDNS as our provider.

I think the issue is, do you value YOUR time, because everything you want to do, is making more work for you in the end.
 
I would just look at doing things in aws or one the other major cloud providers.
 
The problem with hosting at home is that it seems great for awhile. Then something goes wrong and you get downtime and the issues start to pile up like crazy.

I actually do host a few services out of my house, but they are not websites. They are monitoring and backup services for clients that can tolerate a few minutes of downtime if necessary (no user or process is dependent on them fully).
That said, I would never use a basic consumer internet service. I have business fiber, that even then I wish I had a backup line for, but it works very well. It is not just about the 'uptime', it is also about service/support and routing. Much fewer hops (and fewer points for issues) with the business service vs. normal consumer service.

Also, I have redundant servers, backup power, dual networks, hot-spare hardware and VMs that all help alleviate downtime issues. Far from what I would run at a work production environment, but better than a computer sitting on a home internet connection.
 
Guys guys guys. I know there are a million different ways to host a website these days. The point of this thread wasn't "whats the best way to host a site", the point was to get any info I could about the one option that I know very little about, which would be running a server at home through a VPN tunnel.


Pack up your server and take it to family, and do they have fast internet, now you have to change DNS records, assuming they have static IP's...

The whole point of this post is using a VPN to tunnel my server to a fixed "doorway". In the VPN scenario, I would not need a static IP, a family member would not need a static IP, and I wouldn't have to touch any DNS if I were going to temporarily move the server.
 
But this brings us to the idea I had the other day.....

Many people use 3rd party VPN services to hide what they're doing online, or to hide their geographic location. But what if I got a VPN service with a static, fairly local IP address. (which you can easily get, inexpensively). Then I could use my faster (100/100), cheaper ($40) residential internet connection, run a home server that connects to this VPN service, and once it did, it would magically become my server. All of my domain names would be pointing to my static IP with the VPN provider.

No, they don't. I doubt that even 0.01% of the online population would use a VPN for this purpose. 99.9% of VPN use is employee/office related.

When you look at something making you money, ask yourselft the following.

1) Who is accountable for this solution (You would be)
2) How much control does accountable person hold (Again, you, and you have no control over said VPN service)
3) How long could said service be unavailable? (Forever as far as you know)

Basically, You are talking about reducing control, stability and speed with what you planned out above.
 
I've given this some thought myself but with a VPS and VPN that I run. I would love to be able to host my web stuff at home as it just gives me more control and you can go higher spec without paying more per month.

Most ISPs unfortunately are still stuck with the archaic "no web servers" rules, and most also don't offer static IPs so you'd have to mess with a dynu or no-ip type hostname which is kind of a pain if you have lot of domains and just want to run your own DNS. You obviously want a proper static IP to run a DNS server.

So basically you have a VPS that acts as the "web presence" and listens on the ports that you're hosting stuff of of, such as port 80 and 443, and email and so on. But it redirects the packets through the VPN to the home server. Not sure if or how this can be done though, but I imagine it can? Would be kinda interesting.

What's actually cool with that is should something happen to the VPS you could quickly spin up another somewhere else, redirect DNS, and be up and running again. No data migration or anything needed. All that would be taken care of at home. Backups at home are also easier since home disk space is super cheap compared to "online" disk space. You can also do a full OS image of the server/VM because you have the physical access to do it. So you always have an image ready to go should something happen and you need to rebuild it.

I ended up finding a super good deal at OVH a while back though and that server has been good enough for my needs since. My only complaint with OVH is that they don't do automatic payments and I have to do it manually. Super annoying. I just have a reminder set on my phone so I don't forget.
 
Do you need that control though, really, no you dont and your not getting more control just because you can run down stairs and touch the hardware. Your giving up control because you are adding in SO many other factors you need to deal with that with out expensive spare parts, redundancy and other things...you can not control.
 
Do you need that control though, really, no you dont and your not getting more control just because you can run down stairs and touch the hardware. Your giving up control because you are adding in SO many other factors you need to deal with that with out expensive spare parts, redundancy and other things...you can not control.

I disagree with your assessment of control, and adding vs removing factors. Having the computer in the same house absolutely gives me more controls. And the "SO MANY" other factors I'm adding are just my home internet reliability and the reliability of the VPN service. Which isn't very many more factors than the current situation, a server living in a data center that I also have no control over.
 
I've given this some thought myself but with a VPS and VPN that I run. I would love to be able to host my web stuff at home as it just gives me more control and you can go higher spec without paying more per month.

Most ISPs unfortunately are still stuck with the archaic "no web servers" rules, and most also don't offer static IPs so you'd have to mess with a dynu or no-ip type hostname which is kind of a pain if you have lot of domains and just want to run your own DNS. You obviously want a proper static IP to run a DNS server.

So basically you have a VPS that acts as the "web presence" and listens on the ports that you're hosting stuff of of, such as port 80 and 443, and email and so on. But it redirects the packets through the VPN to the home server. Not sure if or how this can be done though, but I imagine it can? Would be kinda interesting.

What's actually cool with that is should something happen to the VPS you could quickly spin up another somewhere else, redirect DNS, and be up and running again. No data migration or anything needed. All that would be taken care of at home. Backups at home are also easier since home disk space is super cheap compared to "online" disk space. You can also do a full OS image of the server/VM because you have the physical access to do it. So you always have an image ready to go should something happen and you need to rebuild it.

I ended up finding a super good deal at OVH a while back though and that server has been good enough for my needs since. My only complaint with OVH is that they don't do automatic payments and I have to do it manually. Super annoying. I just have a reminder set on my phone so I don't forget.

This is where my plan came from, but then I realized you don't need the VPS endpoint. All you need is the 3rd party VPN with a static IP at the other end (which they do offer). Since most VPN users are just using it to hide their activities, all they want is a passthrough tube to the internet. They offer static IP services so that would take care of needing a VPS.
 
No, they don't. I doubt that even 0.01% of the online population would use a VPN for this purpose. 99.9% of VPN use is employee/office related.

When you look at something making you money, ask yourselft the following.

1) Who is accountable for this solution (You would be)
I would be, just like all available solutions

2) How much control does accountable person hold (Again, you, and you have no control over said VPN service)
I'd have as much control over the VPN service as I would with a VPS or Collocation provider, which would be none. Unless you run your own data center, you have to accept that some links in the chain are going to be other's responsibilities.

3) How long could said service be unavailable? (Forever as far as you know)
Again no different than a VPS or collocation service. Technically it could go down forever

Basically, You are talking about reducing control, stability and speed with what you planned out above.
I disagree with that assessment. It's still a 3rd party service that a company far away will run. But its a one-function service which makes it likely to be more reliable than a more complicated service like a VPS provider. And having the actual server in-house significantly increases control over that part of the equation. I don't think I'll be reducing stability at all. I'll have to see if there is any meaningful reduction in speed. I'm going to do some tests at some point soon, hosting my site on a quickly set up VPN server for a day.
 
I'm certainly not seeing the logic behind why you want to have the server at your house, but then VPN it to another server in a datacenter somewhere so that can be the front end to your webserver? All of the issues aside from hosting the server yourself, you are now in exactly the same boat you are trying to avoid which is that your VPN is going to someone else's datacenter that you have no control over. So all you've accomplished is making everything more difficult and complex, but not solving the root of the problem. If you want complete control then it would make more sense to just host it from your house directly from your own IP. Otherwise you would go down the same path as 99.9% of the other web servers out there and just virtualize the server in a datacenter and stop worrying about the underlying hardware that it's running on.


I will say that VPN tunnels go down all the time. Because you are expecting random traffic from point A to point B to make it's way flawlessly through the "cloud", there are times where it will go down. Auto-reconnect works until it doesn't, and then you need to have a way to know that VPN is down, and then respond when it is down. I just recently had a VPN tunnel go down between a couple of sites, and no one noticed for about 6 hours. If you don't have 24 / 7 support staff, then it comes down to you to be monitoring it as your end users aren't going to be calling you up every time the connection drops. Monitoring software definitely helps, but it has to get to the right people in the right format for it to be useful. If I get an alert the VPN goes down, but it's an email that gets thrown into a folder, and I don't check that email often on the weekends, the monitoring doesn't do a lot of good.

I don't think I'll be reducing stability at all.

This point I can in fact drive home. You 100% will reduce stability versus a cloud provider. If I have a website that is redundantly being provided from multiple geolocations somewhere in the country, (Which any web provider worth their salt would offer) it doesn't matter if say the entire city of Chicago went dark and that datacenter went down, your site will remain up and running out of say Virginia instead. There is no impact to the end users, and you don't have to lift a finger or be hovering over your phone 24 / 7 to do anything to make this happen. There are people in charge of making sure it all goes flawlessly, and will fix issues long before you even knew a problem occurred.

But if you're talking about running a VPN to a cloud provider reducing stability for your home server, then no I'd be willing to bet that the VPN provider will have better uptime than you could possibly get from your home, so they aren't going to drag down your 9's. When that Semi truck plows through the one telephone poll that has all of the fiber for your county hanging from it right next to the main road, even if you have 2 ISPs you're still going down. I've certainly never seen that happen multiple times over my career. (sarcasm)
 
Last edited:
I would be, just like all available solutions


I'd have as much control over the VPN service as I would with a VPS or Collocation provider, which would be none. Unless you run your own data center, you have to accept that some links in the chain are going to be other's responsibilities.


Again no different than a VPS or collocation service. Technically it could go down forever


I disagree with that assessment. It's still a 3rd party service that a company far away will run. But its a one-function service which makes it likely to be more reliable than a more complicated service like a VPS provider. And having the actual server in-house significantly increases control over that part of the equation. I don't think I'll be reducing stability at all. I'll have to see if there is any meaningful reduction in speed. I'm going to do some tests at some point soon, hosting my site on a quickly set up VPN server for a day.

In ALL other senarios, you have someone to hold accountable, Datacenter providers have SLA's, you can hold them to the fire if need be.

Your "VPN" solution, you have no one but yourself to blame if it breaks, and nothing in your control to fix, and a likely shady vendor who doesn't care about your "Service"
 
I get the OPs point, he is asking if anyone has done it, and what they thought. He isn't asking if its a good idea or if we think if he should or should not do it. I really doubt that he will find anyone who has done it.

It's not an ideal situation and I don't understand what the VPN gets you other than complexity and the ability to hide the site's traffic from your ISP, or by using the IP address of the VPN, you are making the actual IP address/physical location of the web server more difficult to locate. It just seems that you are adding more unecessary links to the chain. You also have to consider the latency added by the VPN.If you use a dynamic dns updator, you could move the site to other IPs at family and friends place like you describe without the need of a VPN.

I agree with others above its definitely not a good idea to do it this way.

Here are 4 more things to consider:
  1. Depending how much traffic your website generates, you are decreasing the available bandwidth you can use for your home Internet activities. If you Internet connection is "slow" now that you have the website up and running, anyone at the house is going to hate it. If you take your server to your friend's house, is it going to use all of their available and prevent them from using the Internet?
  2. Do you have the appropriate hardware and skills to design and implement the infrastructure needed to do this.
  3. Do you have the appropriate skills and time to handle any security issues that may arise? Is your server completely isolated from the rest of your house? How do you plan on isolating the networks? I.e. is the "alexa", wemo, security cams, Nest thermostat etc. able to hack your site from the inside? Same could be said about your web server, if compromised can it be used to monitor your activity i.e. capture bank info, sensitive documents... If you do appropriately segregate the networks, how do you plan on administering the web server and such?
  4. How are you going to view the website appropriately as if you were not in the same place? I.e. can you view it exactly like your external customers? How are you going to handle hairpinning the router?
 
Last edited:
the entire complexity of the VPN could simply be replaced by a DDNS setup, except for the cases where you don't have any control over your edge router, i.e. if you're at a hotel or something...

you could do it a lot simpler with a simple proxy set up on a VPS.... make your own little VPN forwarding a port through....



buuuut, at that point.... just use the VPS!
 
Websites of little use (are copies of extant sites) become slower and less reliable. News at 11.
 
And the "SO MANY" other factors I'm adding are just my home internet reliability and the reliability of the VPN service. Which isn't very many more factors than the current situation, a server living in a data center that I also have no control over.

I think you are intentionally being myopic. If you think your home environment is anywhere even remotely close to the availability in a scalable datacenter you are fooling yourself. You are comparing running a web server on some Frankenstein computer on a home broadband circuit vs a web server being placed in a flexible and highly available virtual environment.

In any case, you've made up your mind before you even started this thread. It didn't go the way you wanted and now you just want to argue with the people who you've solicited for opinions. So, best of luck to you.
 
I don't think it's so much about reliability but control and cost. In a home setup you have virtually unlimited options as to what kind of server setup you can do, because anything you do is only going to cost you one time and you have physical access so you can set it up pretty much any way you want and change it any time you want. So for example if you want a huge 24 bay file server and bunch of VM servers, you can easily do that and only have to pay for it once. The equivalent setup in a data centre would either cost you (a lot) per month if leasing, or if it's your own server but it's colocated it might be a more flat fee but you have less control over it's physical setup as you have no physical access. If something happens like a drive failure you can't just walk up to it and change the drive, you have to pay support to do it and hope they don't pull the wrong drive out by error and kill the raid array, at least if you're the one doing it it's on you.

Now in a perfect world, residential ISPs would allow you to run servers, and offer static IPs - then you don't even need to bother with the VPN part which yes, will add a layer of failure and latency. But the VPN in this case would bypass the ISP rules and give you a static IP. Yeah you can host stuff without a static IP but you have to mess around with no-ip and similar services instead of running a proper DNS server.

Personally for my websites I chose the leased server route myself, but I can kind of see the attraction to what OP is trying to do and I am actually kinda curious how it works out. Just not sure how to do the IP forwarding part, but I imagine it's something you can do in iptables.


As a side note one of my home servers has over 1,300 days of uptime. Just because a home environment is not a SAS Type II data centre does not automatically make it less reliable. My other servers have been rebooted for reasons or others throughout the years, that one server just happens to have never needed it. It's running Fedora Core 9 and currently only does internal mail and other misc stuff. I need to migrate the rest of the stuff and retire it. lol.

I have also heard of stories of data centres going down. Google "the planet datacenter explosion". That's a fun one. Murphy will get you, anywhere you are.
 
Last edited:
Yall are assuming that the VPN provider will let you route the way your hoping, which they probably will not.
 
Most home ISP services have data caps. Just because the VPN hides what's in the packets, it doesn't hide the number or size of packets. Chances are pretty good that a 24/7 high traffic website would bust most home data caps in short order. Not to mention your non business data usage adds in as well.

What happens when the VPN service you select changes their TOS, raises rates or gets sued by some media company over piracy concerns and just pulls the plug?
 
I started out much the same way you did. I actually added a second cable modem and once my web server was crashing every 6hrs under high load, I decided that I needed to find a host. I lost the convenience of publishing massive amounts of media quickly locally, but I gained some redundancy with a host and much, much better serving options. (I did have to add a 3rd cable modem to have enough bandwidth to upload to my host quickly enough, but this was a decade ago.)

Today I have a virtual private server and like it that way. Sure, I could still have the media hosted at home on a server, but it's just as big an issue anymore. Plus, I have someone to call if things mess up.

As far as using the VPN, besides hiding the actual IP, I don't see too much of a benefit versus going with a cloud-based solution. And if you did so, you could have an IPsec VPN tunnel between your cloud and your home so you theoretically could have a backup server at home ready to go at a second's notice. But that's kinda the hosts' job too.
 
Most home ISP services have data caps. Just because the VPN hides what's in the packets, it doesn't hide the number or size of packets. Chances are pretty good that a 24/7 high traffic website would bust most home data caps in short order. Not to mention your non business data usage adds in as well.

What happens when the VPN service you select changes their TOS, raises rates or gets sued by some media company over piracy concerns and just pulls the plug?
MOST have data caps? i don't think that's the case at all....

MOST don't have data caps....
 
MOST have data caps? i don't think that's the case at all....

MOST don't have data caps....

Well this varies by the day...

https://en.wikipedia.org/wiki/Internet_in_the_United_States

Comcast - 25M
Charter - 23M


Those two combined have more subscribers than the rest of the players. Comcast suspended caps for a while, but currently has Caps on their plans again. Charter currently doesn't have caps as part of a merger condition. So until they can side skirt that I guess you would be correct until 2022. I think it would be hard to drill down into the data to actually figure out the rest, because AT&T, Verizon, centurylink, cox, and probably others both have caps and don't have caps. If you have an older service such as cable or DSL, there are usage caps. If you have fiber you probably don't have a cap.

So at this point my best guess is that slightly more than half have usage caps, so your perspective would depend upon which half you are in.
 
Comcast absorbed TWC customers have no caps, that's a huge percentage... I would still venture to say a very healthy majority don't have caps
 
reverse caching proxy in a vps with the server at home connected by vpn
It is done all the time to speed up content to different areas of the world.
 
Back
Top