# Allowing others to access our webpage At this point your server is fully functional. It dont matter if you only have the static site, or if you choose to add your language of choice to extend the functionality, all the steps beyond this point are the same. Some of you were here for the networking class, For those of you who were not lets quickly go over a few things. The internet has a variety of protocols. The ones that we are focusing on are http and https. Those will use port 80 and 443. Additionally if you want your ssh to be accessible from outside your home network, 22 will be in use. Think of a port at a channel that data can pass through. Your home router is intelligent. It knows that most people browsing the web will be doing it via http/https. this means that it expects outgoing traffic on port 80 & 443. However, infrequently do people have INCOMING traffic. Most routers are not configured to have incoming traffic request to access data from within your lan. Therefore this will likely be disabled by default. In a similar way as your router, your computer has a way to manage ports aswell. This is often the firewall on your pc. Your personal experiences may differ from mine, but a good example would be when i was younger and had a stolen copy of minecraft. When you host a world to your lan to have other local players join, it requires 25565 to accessible to other computers from your computers firewall. Well the official and popular third party clients by default will have this port open when you cast the game to lan. Stolen copies often dont come with these conveniences. I bring this up because this was my first experience with the subject. Im sure others have similar stories with printers and the such. You need to manage your firewall to allow access to outside users. If you choose not to do this, your web server will only be accessible to yourself: 127.0.0.1. If you have been a developer for some time you are probably familiar with localhost:XXXX. this is the same thing. On linux we will use ufw to manage these firewalls to make sure that our website is accessible to our lan. Once this is done then we will move onto doing the same thing for our router. Before we do this, start your server, then from your client device try to go to the ip of the server. The address you search for will be the same as the address you use to ssh into the server. when navigating to this address in your browser you are sending a http get request (via port 80) to your server. If you get a response and the webpage loads then you can skip the next step. By default apache 2 *should* open this port automatically. Its always done it for me, however i know that not everyone will have the same experiences. If your page does not load we will use ufw to manually open the port on the server. ssh in and run `ufw -h`. If you get no response then `apt install ufw` like you would expect. To run the ufw command we will need sudo as we are changing our firewall which is pretty important. Normally here we can enable specifically incoming, or specifically outgoing but we want both. Additionally we have the option to specify if we want tcp or udp. tcp is a bit slower but more reliable and speed is not super important for a simple web-server so lets run `sudo ufw allow 80/tcp` <br> `sudo ufw allow 443/tcp` If you want to get a self-signed certificate in the future then open 443, otherwise 80 will be enough for http. Double check that everything worked with `sudo ufw status`. Onto the routers. Every manufacture is different. Ive done this with openwrt, tplink, and netgear. you may have to poke around a bit to find everything but the names will be similar. First we want to give our server a static ip if it dont already have one. running `ip a` you can find your mac. it will be 12 characters, grouped by 2's, and seperated by colins. example: 12:34:56:ab:cd:ef. it should stand out. Now in your router head to your advanced settings and find a section labeled "static ip" or "DHCP". In this menu you look for the device that has the matching mac address that you just looked up. Enter that mac address into the address reservation input along side the ip that you want to permanently assign it. Keep in mind that your router has a range of ip's that i can give out. For example, mine, and many north American routers will be 192.168.0.XXX. the router can give out an ip between 192.168.0.000 and 192.168.0.100. Yes its possible to go higher, but default ranges often fall between those values. Plus how often do you have 100+ devices online at the same time, the default is good for homes but possibly not places like airports. Now that your servers ip will not change you need to set certain ports to be open just like with your firewall. There are a few options to do this with similar processes. virtual servers, port triggering, port forwarding, DMZ, uPNP are what to look for. uPNP is supposed to be intelligent and automatically forward ports that it finds open but ive never had good luck with it. DMZs open EVERY port for a device within your network, this is not recommended but can be helpful if you cant get anything to work and need to determine what is, and isnt the problem. The rest will allow manual configuration. You enter the static ip of your server, enter the port that you want it to open, then enter in the port for it to listen for. This gives you options. it means that you can have your router listen on port 80 for your server, but users from outside have request come into a specific port of your choosing. There are thousands of unused ports. Most people never make use of this, but you can navigate to websites and specify what port you want. so i can say google.com:443 or chat-to.dev:80 and it works. Just make sure that if you choose to customize your outgoing port that whoever is connecting knows to mywebsite.io:69 or whatever. check to make sure :69 is not in use beforehand. By default your web browser will automatically append :80 or :443 to urls so if you have no good reason to customize, dont. now that your server is hooked up to your router, and your router to the internet people outside can visit. how. your site dont have a domain yet, and it dont need one. However just like your internal ip, your external ip changes over time. If you want to check your ip head to [whatismyisp.com](https://whatismyisp.com). ask a friend from outside your network to head to that ip, your website should load. you can test this yourself with a vpn. Lets get ourself a domain. im not going to walk through this too much because noip has a better guide, with images! how nice. so yea, make a no-ip account. No-ip gives out free subdomains. a subdomain is like mail.google.com. the domain is google.com, but appending mail to the beginning changes everything. This is often done to have a site with multiple languages like en.mysite.io & ru.mysite.io. this is also a nice way to get extra webpages for specific purposes from your hosting provider for free. to progress you will need to install a piece of software on your server from noip's guide. all this software does is every once in a while, it sends a ping out to check to see what its own ip is. if it comes back with the same address nothing happens. If a change is detected, it will alert no ip to edit the address of your domain. so from no-ip's POV it would see. mysub.domain.com -> 123.45.678.90 becomes 012.34.567.89 and edits it automatically. If you have a tp link router or netgear router like me, they offer free services that do this too. They call it d-dns for dynamic-dns. Its the same thing as getting a free subdomain from noip but the router handles the changing ip rather then software on your server dealing with it. It dont matter what you choose, its really all the same. there are other providers aswell, i think yunohost has a free ddns but i think it only works with openwrt routers or something, not sure, look it up or just use noip. now your server is assessable from its domain name. You are done if you are ok with http. For those who want https you will want a cert. This is important if your site has logins and that type of stuff because encryption will help keep people from watching that shouldn't be watching. The directions vary based on where you are so heres a [guide](https://www.howtogeek.com/devops/how-to-create-and-use-self-signed-ssl-on-apache/). If you have made it this far, this guide will be simple. Remember this is on a personal server, this is how it identifies its self. You can fill this with bogus info, atleast where i am at. Some places take stuff seriously. the US dont so i personally will be mr.Zuckerburg from the human-impersonation department at meta inc, stationed on the moon. Once this is done you should stop getting a "http only" warning when visiting your site warning you that you should be wary to enter important credentials. You may still get a self-signed warning saying that the legitimacy could be dubious. If you want to be professional you can get a real domain, and a real ssl cert and just point it at your home server. This guide does not cover that. Thats it folks! :)