Jump to content
RESET Forums (homeservershow.com)

Best server network-within-a-network setup


bwnet
 Share

Recommended Posts

Hi all

 

So I'm a web developer alongside a designer and we rent some office space from another business. I have a spare desktop with Windows 10 that I'd like to setup with Storage Spaces as both a psuedo-NAS, a web development server and somewhere where our Dropbox and Google Drive accounts can be synced and then shared to us as simple network drives. Fairly straight-forward so far. But there are a few questions I have with this setup.

 

1. In terms of hardware setup, I plan to connect the building's internet connection via ethernet straight into the server. I'd then like to be able to create a network-within-a-network so that I can make the server into a wireless access point and have our systems connect to it. I'd want our systems to be able to see the shared network drives and virtualised server, and access the Internet plugged into the ethernet port, but keep all of that hidden from the rest of the building/wider network. In essence, a one-way system. I thought this could be accomplished with port forwarding/blocking and bridging connections?

 

2. For the web dev server, I plan to run CentOS in a VirtualBox environment. Failing that, we can use WAMP but my experience has been that its performance is lacking. In any case, the idea being that we can build locally, which should be much quicker. However, from time to time we'd like clients to be able to view their websites from their own systems so we'd probably be looking at dynamic DNS. As the domain/IP is usually intrinsic to the code (for example, on WordPress), is there a dynamic DNS client/server that can map to a domain name and recognise when the server is on the local network (ensuring we don't upload/access via the Internet back to our local server) or on the wider Internet? Perhaps I'm approaching this whole problem the wrong way.

 

3. We'd want to be able to dial-in from home occasionally but I presume this doesn't require much more than a simple VPN server setup and some port forwarding, possibly on the building's router (which I can get sorted).

 

Grateful for any help as this is, by far, the most complicated server I've had to build!

Edited by bwnet
Link to comment
Share on other sites

You can probably do that with a single computer, but I'd suggest you look at changing two parts of your setup.

 

1. Use a router instead of the server to handle isolating the networks from each other.  Otherwise you'll have to mess around with making sure that only certain interfaces can access some of the resources or you'll be exposing your shares to the rest of the building.

 

2. I'd suggest running ESXi or Hyper-V or similar on the hardware and putting Windows 10 and CentOS under that.  If you don't want to mess with the router, you could actually use this to have a virtualized router running pfSense or Untangle that has direct access to the uplink port and then provides access to the clients that are connected via Wireless or through a virtual adapter to the other virtual machines.  In this case I suspect that ESXi might be the best choice, but I don't know if 6 still has a free version and what it's limits might be.

 

Other comments:

Most web servers (or at least I know for certain Apache and IIS) can recognize the domain name they're being accessed as and provide a different web site based on that, as long as HTTPS isn't involved.  In that case it gets more complicated quickly,

VPN isn't too hard once you know what the rest of your system is.  One concern with both VPN and a Web Server is are you sure that the building owners will be willing to forward specific ports to your computer and they aren't already using them for something?

Link to comment
Share on other sites

  • 1 month later...

I'd just really echo what Andne has said.

 

I wouldn't recommend using your server as a network edge device. I'd opt for a firewall which can also handle your VPN connections. pfSense is a good choice - you can find suitable hardware for reasonable money.

 

I'd second the recommendation to run ESXI and virtualise on top of that. Or, tbh, you could possibly run a Linux desktop distro. I know there is definitely a linux flavour of dropbox that works quite well. I'd be suprised if there wasn't a linux desktop Google drive app. Although you will need to look at configuring Samba and/or NFS for your file sharing.

 

In terms of your actual network, if you have a requirement to move large files around, I'd recommend using ethernet. Even if wi-fi speeds are sufficient, you might find in an office environment or densely populated urban area where there are already multiple wi-fi networks, it's not stable enough. I'd suggest using a Gigabit switch and running some ethernet cables to your desks.

 

For the webhosting, you will have your internal domain and external domain. In Apache2/Nginx speak they will resolve to different virtual hosts. With IIS (Internet Information Services) on a Windows desktop OS, I believe that you might be struggling as you are limited to one web site (similar to virtual host) and a maximum of ten connections. That bumps you up to running Windows Server at considerable extra cost. You might be able to fudge around only using one website with some routing inside your IIS applications, but my recommendation would be Nginx. I've picked it up much faster than Apache2 and within a space of a week, I've got 6 virtual hosts for various domain names running from one server.

 

So there's my two penneth.

 

I'd also consider some sort of local source control repository and build/deploy server. It's investing more time up front, especially with the hurdles deploying changes to MySQL databases but the automation will save you time in the long run.

Edited by afasoas
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...