I would not do this in my situation, but if i had needs and the desktop is the only thing i had to work with I would use docker or a VM in order to segment it afro my workstation/desktop
On Wed, Jul 16, 2025 at 4:57 AM Scott L. via PLUG-discuss < [email protected]> wrote: > If it's bound to localhost (127.0.0.1[https://127.0.0.1]), is not opening > listening ports externally (or said ports are blocked), and is > effectively walled off from the Internet, the risk is very low. > > You could always block the program at the software level (and I would), > but ideally you'd want to avoid forwarding any ports or allowing external > (WAN) communication. > > It's not unusual to run a web server on-demand, such as to preview a web > page you're coding (e.g., when utilizing a JS-based framework). This > would be preferable to running it 24/7 if possible. > > The weak point will probably be your router. Most consumer routers allow > you to manually forward ports (which you wouldn't want to do here), but > they'll also often automatically allow the program out via either UPnP > and/or NAT-PMP (if requested). > > If you know the program doesn't trigger that, or you've disabled it, you > should be fine. It's really a matter of segmenting it from the Internet. > If you're confident that you can do that, then you should be golden. > > --- > Scott Lopez > Email: [email protected] > Web: https://bio.neteng.pro > ---------------------------------------- > > Jul 14, 2025 1:43:29 AM David Schwartz <[email protected]>: > > > I found that article and forwarded it to Keith. It was specifically > > about setting up and running a local web service for your own personal > > needs. The guy was not a developer. In fact, a couple of things he said > > he uses this for suggest just the opposite. He very briefly mentions > > external access, but that was clearly not the focus of the article. > > > > But I think Keith's question has to do with security implications of > > running a local web service on your main machine for LOCAL use at > > localhost. > > > > I’ve got a LAN at home and I’ve given some thought to what it would > > take to run a server on one machine ONLY for internal access. I almost > > set it up at one point, but changed my mind, but I haven’t ruled it > > out. > > > > That article includes a single command you can run on a Mac to turn on > > your web server. > > > > Windows includes IIS, and he shows how to activate it. Newer versions > > only install it if you request, and it’s easy to start it up as a > > service. > > > > But MAMP, WAMP, and similar solutions have been available for about 20 > > years now and I haven’t heard much about any security issues simply > > from running them on localhost / 127.0.0.1[https://127.0.0.1] . > > > > Is there anything to worry about? > > > > -David Schwartz > > > > > > > >> On Jul 14, 2025, at 12:10 AM, Eric Oyen via PLUG-discuss > >> <[email protected]> wrote: > >> > >> Honestly, > >> I would rather the web server be on it’s own dedicated vm with minimal > >> other services running and it’s own internal IP address on a virtual > >> bridge answerable to the external ethernet interface. This is actually > >> similar to what I ran post 2000 using VMWARE. > >> External ethernet card 1: unposted by host OS, linked to OpenBSD vm as > >> internet interface > >> 2nd ethernet interface was attached to internal virtual bridge that > >> was also connected as a second interface to the openBSD vm. Host OS > >> was linked to virtual bridge along with all other vm’s. This way, all > >> instances and the host OS were protected behind the OpenBSD instance > >> which acted as the firewall. One of those instances was a web server > >> that hosted a simple website (one of the many things I tried to learn > >> how to do). > >> > >> At the time, that configuration for VMWare was not even supported, let > >> alone documented. So, I had a pretty unique setup (and I did document > >> it eventually and submitted it to the dev team at VMWare). Oh man, > >> were they surprised. > >> > >> -Eric > >> From the Central Offices of the Technomage Guild, Virtual Environments > >> Coordinator Dept. > >> > >> > >> On Jul 13, 2025, at 3:00 PM, Keith Smith via PLUG-discuss > >> <[email protected]> wrote: > >> > >> Hi, > >> > >> A friend sent me an article about a guy that always configures a web > >> server on his desktop. I did some work with a guy who configured his > >> daily driver MAC as a web server and used it for development. > >> > >> I'm running Kubuntu on my desk top and Ubuntu on my virtualization. > >> > >> I could configure my desktop as a web server.... however I an not so > >> sure I want to. > >> > >> My main concern is security. > >> > >> What are your thoughts? > >> > >> Thanks!! > >> > >> Keith > >> --------------------------------------------------- > >> PLUG-discuss mailing list: [email protected] > >> To subscribe, unsubscribe, or to change your mail settings: > >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > >> > >> --------------------------------------------------- > >> PLUG-discuss mailing list: [email protected] > >> To subscribe, unsubscribe, or to change your mail settings: > >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > --------------------------------------------------- > PLUG-discuss mailing list: [email protected] > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen
--------------------------------------------------- PLUG-discuss mailing list: [email protected] To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
