It all started with the fact that the TP-Link TL-WR1043ND router, which served faithfully, ceased to meet the needs of the home network, I wanted a 5 GHz band and quick access to files on a drive connected to the router. After looking through the specialized forums (w3bsit3-dns.com, ixbt), sites with reviews and looking at the range of local stores, I decided to purchase Keenetic Ultra.
In favor of this particular device, good reviews from the owners worked:
- no problems with overheating (here we had to abandon Asus products);
- reliability in work (here I crossed out TP-Link);
- ease of setup (I was afraid not to cope and crossed out MikroTik).
I had to come to terms with the cons:
- no WiFi6, I wanted to take equipment with a margin for the future;
- 4 LAN ports, I wanted more, but this is no longer a home category.
As a result, we got this "server":
- on the left is the optical terminal of Rostelecom;
- on the right is our experimental router;
- a wire to the router is connected to the lying around m.2 SSD 128 GB, placed in a USB3 box from aliexpress, now it is neatly fixed on the wall;
- in the foreground is an extension cord with independent disconnection of sockets, the wire from it goes to an inexpensive UPS;
- in the background there is a bundle of twisted pair - at the stage of renovating the apartment, I immediately planned RJ45 sockets in the places where the equipment was supposed to be located, so as not to depend on WiFi clutter
So, we have the equipment, we need to configure it:
- the initial configuration of the router takes about 2 minutes, we specify the parameters for connecting to the provider (my optical terminal is switched to bridge mode, the PPPoE connection is raised by the router), the name of the WiFi network and the password - in principle, everything, the router starts and works.
We put forwarding of external ports to the ports of the router itself in the "Network rules - Forwarding" section:
Now you can go to the "advanced" part, which is what I wanted from the router:
- functionality of a small NAS for a home network;
- acting as a web server for several private pages;
- personal cloud functionality for accessing personal data from anywhere in the world.
The first is implemented in built-in tools, requiring little effort:
- (, , SSD Ext4 MiniTool Partition Wizard Free Edition ( linux , ). , , , β , β SSD HDD.
After that, we connect the drive to the router and observe it on the system monitor screen.
Click on "USB drives and printers" in the "Applications" section and set up a share in the "Windows network" section:
And we have a network resource that can be used with computers under Windows, connecting, if necessary, as a drive: net use y: \\ 192.168.1.1 \ SSD / persistent: yes
The speed of such an improvised NAS is quite sufficient for home use, it uses all gigabit over the wire, over WiFi the speed is about 400-500 megabits.
Configuring the storage is one of the necessary steps to configure the server, then we need to:
- purchase a domainand a static IP address (you can do without this using Dynamic DNS, but I already had a static IP, so it turned out to be easier to use free Yandex services - by delegating a domain there , we get DNS hosting and mail on our domain);
- configure DNS servers and add A-records pointing to your IP: It
takes several hours for the domain and DNS delegation settings to take effect, so we are simultaneously configuring the router.
First, you need to install the Entware repository, from which we can install the necessary packages on the router. I followed this instruction, only did not upload the installation package via FTP, but created a folder directly on the previously connected network drive and copied the file there in the usual way.
After gaining access via SSH, we change the password with the passwd command and put all the necessary packages with the opkg install [package names] command:
During the configuration, the following packages were installed on the router (the output of the opkg list-installed command):
Package List
bash β 5.0-3
busybox β 1.31.1-1
ca-bundle β 20190110-2
ca-certificates β 20190110-2
coreutils β 8.31-1
coreutils-mktemp β 8.31-1
cron β 4.1-3
curl β 7.69.0-1
diffutils β 3.7-2
dropbear β 2019.78-3
entware-release β 1.0-2
findutils β 4.7.0-1
glib2 β 2.58.3-5
grep β 3.4-1
ldconfig β 2.27-9
libattr β 2.4.48-2
libblkid β 2.35.1-1
libc β 2.27-9
libcurl β 7.69.0-1
libffi β 3.2.1-4
libgcc β 8.3.0-9
libiconv-full β 1.11.1-4
libintl-full β 0.19.8.1-2
liblua β 5.1.5-7
libmbedtls β 2.16.5-1
libmount β 2.35.1-1
libncurses β 6.2-1
libncursesw β 6.2-1
libndm β 1.1.10-1a
libopenssl β 1.1.1d-2
libopenssl-conf β 1.1.1d-2
libpcap β 1.9.1-2
libpcre β 8.43-2
libpcre2 β 10.34-1
libpthread β 2.27-9
libreadline β 8.0-1a
librt β 2.27-9
libslang2 β 2.3.2-4
libssh2 β 1.9.0-2
libssp β 8.3.0-9
libstdcpp β 8.3.0-9
libuuid β 2.35.1-1
libxml2 β 2.9.10-1
locales β 2.27-9
mc β 4.8.23-2
ndmq β 1.0.2-5a
nginx β 1.17.8-1
openssl-util β 1.1.1d-2
opkg β 2019-06-14-dcbc142e-2
opt-ndmsv2 β 1.0-12
php7 β 7.4.3-1
php7-mod-openssl β 7.4.3-1
poorbox β 1.31.1-2
terminfo β 6.2-1
zlib β 1.2.11-3
zoneinfo-asia β 2019c-1
zoneinfo-europe β 2019c-1
busybox β 1.31.1-1
ca-bundle β 20190110-2
ca-certificates β 20190110-2
coreutils β 8.31-1
coreutils-mktemp β 8.31-1
cron β 4.1-3
curl β 7.69.0-1
diffutils β 3.7-2
dropbear β 2019.78-3
entware-release β 1.0-2
findutils β 4.7.0-1
glib2 β 2.58.3-5
grep β 3.4-1
ldconfig β 2.27-9
libattr β 2.4.48-2
libblkid β 2.35.1-1
libc β 2.27-9
libcurl β 7.69.0-1
libffi β 3.2.1-4
libgcc β 8.3.0-9
libiconv-full β 1.11.1-4
libintl-full β 0.19.8.1-2
liblua β 5.1.5-7
libmbedtls β 2.16.5-1
libmount β 2.35.1-1
libncurses β 6.2-1
libncursesw β 6.2-1
libndm β 1.1.10-1a
libopenssl β 1.1.1d-2
libopenssl-conf β 1.1.1d-2
libpcap β 1.9.1-2
libpcre β 8.43-2
libpcre2 β 10.34-1
libpthread β 2.27-9
libreadline β 8.0-1a
librt β 2.27-9
libslang2 β 2.3.2-4
libssh2 β 1.9.0-2
libssp β 8.3.0-9
libstdcpp β 8.3.0-9
libuuid β 2.35.1-1
libxml2 β 2.9.10-1
locales β 2.27-9
mc β 4.8.23-2
ndmq β 1.0.2-5a
nginx β 1.17.8-1
openssl-util β 1.1.1d-2
opkg β 2019-06-14-dcbc142e-2
opt-ndmsv2 β 1.0-12
php7 β 7.4.3-1
php7-mod-openssl β 7.4.3-1
poorbox β 1.31.1-2
terminfo β 6.2-1
zlib β 1.2.11-3
zoneinfo-asia β 2019c-1
zoneinfo-europe β 2019c-1
Perhaps there is something superfluous here, but there is a lot of space on the drive, so I did not figure it out.
After installing the packages, we configure nginx, I tried with two domains - the second one is configured with https, and while the stub is hanging. 81 and 433 internal ports instead of 80 and 443 are used, since the router's admin panels hang on the normal ports.
etc / nginx / nginx.conf
user nobody;
worker_processes 1;
#error_log /opt/var/log/nginx/error.log;
#error_log /opt/var/log/nginx/error.log notice;
#error_log /opt/var/log/nginx/error.log info;
#pid /opt/var/run/nginx.pid;
events {
worker_connections 64;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /opt/var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 81;
server_name milkov.su www.milkov.su;
return 301 https://milkov.su$request_uri;
}
server {
listen 433 ssl;
server_name milkov.su;
#SSL support
include ssl.conf;
location / {
root /opt/share/nginx/html;
index index.html index.htm;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
etc / nginx / ssl.conf
ssl_certificate /opt/etc/nginx/certs/milkov.su/fullchain.pem;
ssl_certificate_key /opt/etc/nginx/certs/milkov.su/privkey.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_dhparam /opt/etc/nginx/dhparams.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_stapling on;In order for the site to work on https, I used the well-known dehydrated script, installing it according to this instruction . This process did not cause any difficulties, I stumbled only on the fact that in the text of the script to work on my router, it is necessary to comment out the line in the /opt/etc/ssl/openssl.cnf file :
[openssl_conf]
#engines=enginesAnd I note that generating dhparams.pem with the command "openssl dhparam -out dhparams.pem 2048" on my router takes more than 2 hours, if it were not for the progress indicator, I would have lost patience and rebooted.
After receiving the certificates, restart nginx with the command "/opt/etc/init.d/S80nginx restart". In principle, this completes the setup, but the site does not yet exist - if we put the index.html file in the / share / nginx / html directory, we will see a stub.
<!DOCTYPE html>
<html>
<head>
<title> !</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1> !</h1>
<p> , .</p>
</body>
</html>To place information beautifully, it is easier for a non-professional like me to use ready-made templates, after a long search of various directories I found templatemo.com - there is a good selection of free templates that do not require an obligatory attribution (which is rare on the Internet, most of the templates in the license require you to keep a link to the resource where they were obtained from).
We choose a suitable template - there is for a variety of cases, download the archive, and unpack it into the / share / nginx / html directory, you can do this from your computer, then edit the template (here you need minimal knowledge of HTML so as not to break the structure) and replace the graphics as shown in the picture below.
Summary: the router is quite suitable for hosting a light site on it, in principle - if a heavy load is not expected, you can install php and experiment with more complex projects (I look at nextcloud / owncloud, it seems there are successful installations on such hardware). The ability to install packages raises its usefulness - for example, when it was necessary to protect the RDP port of the PC in the local network, put knockd on the router - and port forwarding to the PC was opened only after port knocking.
Why a router and not a regular PC? A router is one of the few computer hardware that works around the clock in many apartments, a home router is usually absolutely silent and a light site with less than a hundred visits per day will not strain it at all.