I have long wanted to “touch” Internet services by setting up a web server from scratch and releasing it to the Internet. In this article I want to share my experience in turning a home router from a narrowly functional device into an almost complete server.

It all started with the fact that the TP-Link TL-WR1043ND router, which served faithfully, ceased to satisfy the needs of the home network, I wanted the 5GHz band and quick access to files on the drive connected to the router. Having looked at profile forums (w3bsit3-dns.com, ixbt), sites with reviews and looking at the assortment of local stores, I decided to purchase Keenetic Ultra.

In favor of this particular device, good reviews of the owners have worked:

  • lack of problems with overheating (I had to abandon Asus products here);
  • reliability in work (struck out here by TP-Link);
  • ease of setup (I was afraid not to cope and crossed out Microtik).

I had to come to terms with the cons:

  • no WiFi6, I wanted to take equipment with a margin for the future;
  • 4 LAN ports, I wanted more, but this is no longer a home category.

As a result, we got such a “server”:

ITKarma picture

  • on the left is the optical terminal of Rostelecom;
  • on the right is our experimental router;
  • wire to the router is connected to a cluttered m.2 SSD of 128 GB, placed in a USB3 box with an aliexpress, now it is neatly fixed to the wall;
  • in the foreground an extension cord with independent disconnection of sockets, the wire from it goes to an inexpensive UPS;
  • in the background is a bundle of twisted pair cables - at the stage of apartment renovation I immediately planned RJ45 sockets in the places where the equipment was supposed to be installed, so as not to depend on the clutter of WiFi.

So, we have the equipment, it is necessary to configure it:

ITKarma picture

  • the initial setup of the router takes about 2 minutes, specify the parameters for connecting to the provider (my optical terminal is switched to bridge mode, the router lifts the PPPoE connection), the name of the WiFi network and password are basically everything, the router starts and works.

ITKarma picture

We set the forwarding of external ports to the ports of the router itself in the "Network Rules - Forwarding" section:

ITKarma picture

ITKarma picture

Now you can go to the “advanced” part, which I wanted from the router:

  1. functionality of a small NAS for a home network;
  2. acting as a web server for several private pages;
  3. personal cloud functionality for accessing personal data from anywhere in the world.

The first is implemented by built-in tools, without requiring much effort:

  • we take the drive intended for this role (flash drive, memory card in the card reader, hard drive or SSD in the external box and format it in Ext4 using MiniTool Partition Wizard Free Edition (I don’t have a linux computer on hand, it can be built-in). As I understand it, when working, the system only writes logs to the USB flash drive, so if limit them after setting up the system - you can use memory cards, if you plan a lot and often write to the drive - it is better to SSD or HDD.

ITKarma picture

After that we connect the drive to the router and watch it on the system monitor screen

ITKarma picture

We click on “USB drives and printers” in the “Applications” section and set up the share in the “Windows Network” section:

ITKarma picture

And we have a network resource that can be used from Windows computers, if necessary, connecting as a drive: net use y: \\ \ SSD/persistent: yes

The speed of such an impromptu NAS is quite sufficient for home use, it uses the entire gigabit over the wire, and the speed over WiFi is about 400-500 megabits.

ITKarma picture

Configuring storage is one of the necessary steps to configure the server, then we need:
- acquire a domain and a static IP address (you can do without this using Dynamic DNS, but I already had a static IP, so it turned out to be easier to use Yandex free services - delegating the domain there , we get DNS hosting and mail on our domain);

ITKarma picture

- configure the DNS server and add A-records indicating your IP:

ITKarma picture

The entry into force of the domain delegation settings and DNS takes several hours, so we are simultaneously setting up the router.

First you need to install the Entware repository, from which we can put the necessary packages on the router. I used this instruction , I just didn’t upload the installation package via FTP, but created a folder directly on the previously connected network drive and copied the file there in the usual way.

Having accessed via SSH, change the password with the passwd command and set the opkg install command [package names] with all the necessary packages:

ITKarma picture

During the configuration, the following packages were installed on the router (the result of the output of the opkg list-installed command):

Package List
bash - 5.0-3
busybox - 1.31.1-1
ca-bundle - 20190110-2
ca-certificates - 20190110-2
coreutils - 8.31-1
coreutils-mktemp - 8.31-1
cron - 4.1-3
curl - 7.69.0-1
diffutils - 3.7-2
dropbear - 2019.78-3
entware-release - 1.0-2
findutils - 4.7.0-1
glib2 - 2.58.3-5
grep - 3.4-1
ldconfig - 2.27-9
libattr - 2.4.48-2
libblkid - 2.35.1-1
libc - 2.27-9
libcurl - 7.69.0-1
libffi - 3.2.1-4
libgcc - 8.3.0-9
libiconv-full - 1.11.1-4
libintl-full -
liblua - 5.1.5-7
libmbedtls - 2.16.5-1
libmount - 2.35.1-1
libncurses - 6.2-1
libncursesw - 6.2-1
libndm - 1.1.10-1a
libopenssl - 1.1.1d-2
libopenssl-conf - 1.1.1d-2
libpcap - 1.9.1-2
libpcre - 8.43-2
libpcre2 - 10.34-1
libpthread - 2.27-9
libreadline - 8.0-1a
librt - 2.27-9
libslang2 - 2.3.2-4
libssh2 - 1.9.0-2
libssp - 8.3.0-9
libstdcpp - 8.3.0-9
libuuid - 2.35.1-1
libxml2 - 2.9.10-1
locales - 2.27-9
mc - 4.8.23-2
ndmq - 1.0.2-5a
nginx - 1.17.8-1
openssl-util - 1.1.1d-2
opkg - 2019-06-14-dcbc142e-2
opt-ndmsv2 - 1.0-12
php7 - 7.4.3-1
php7-mod-openssl - 7.4.3-1
poorbox - 1.31.1-2
terminfo - 6.2-1
zlib - 1.2.11-3
zoneinfo-asia - 2019c-1
zoneinfo-europe - 2019c-1

Perhaps there was something superfluous here, but there is a lot of space on the drive, so I did not understand it.

After installing the packages, we configure nginx, I tried with two domains - on the second, https is configured, and while the stub hangs. 81 and 433 internal ports are used instead of 80 and 443, since router admins hang on normal ports.

user nobody; worker_processes 1; #error_log/opt/var/log/nginx/error.log; #error_log/opt/var/log/nginx/error.log notice; #error_log/opt/var/log/nginx/error.log info; #pid/opt/var/run/nginx.pid; events { worker_connections 64; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log/opt/var/log/nginx/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 81; server_name milkov.su www.milkov.su; return 301 https://milkov.su$request_uri; } server { listen 433 ssl; server_name milkov.su; #SSL support include ssl.conf; location/{ root/opt/share/nginx/html; index index.html index.htm; error_page 500 502 503 504/50x.html; location =/50x.html { root html; } } } </spoiler> <spoiler title="etc/nginx/ssl.conf"> ssl_certificate/opt/etc/nginx/certs/milkov.su/fullchain.pem; ssl_certificate_key/opt/etc/nginx/certs/milkov.su/privkey.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; ssl_dhparam/opt/etc/nginx/dhparams.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_stapling on; 

To make the site work on https, I used the well-known dehydrated script, installing it on this manual . This process did not cause any difficulties, it only stumbled on the fact that in the text of the script for working on my router you need to comment out a line in the file /opt/etc/ssl/openssl.cnf:

[openssl_conf] #engines=engines 

And I note that the generation of dhparams.pem with the command "openssl dhparam -out dhparams.pem 2048" on my router takes more than 2 hours, if it were not for the progress indicator, I would lose patience and reboot.

After receiving the certificates, restart nginx with the command "/opt/etc/init.d/S80nginx restart". In principle, the configuration is completed on this, but the site is not yet - if we put the index.html file in the/share/nginx/html directory, we will see a stub.

<!DOCTYPE html> <html> <head> <title>Тестовая страничка!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Тестовая страничка!</h1> <p>Это простая статическая тестовая страничка, абсолютно ничего интересного.</p> </body> </html> 

To place the information beautifully, it’s easier for a non-professional like me to use ready-made templates, after a long search of various directories I found templatemo.com - there is a good selection of free templates that do not require compulsory attribution (which is rare on the Internet, most of the templates in the license require you to save a link to the resource where they came from).

We select the appropriate template - there it is for a variety of cases, download the archive, and unpack it into the/share/nginx/html directory, you can do this already from your computer, then edit the template (it will require minimal knowledge of HTML so as not to break the structure) and replace the graphics as shown in the figure below.

ITKarma picture

Summary: the router is quite suitable for placing a light site on it, in principle - if a heavy load is not expected, you can install and php , and experiment with more complex projects (look at nextcloud/owncloud, like there are successful installations on such hardware). The ability to install packages raises its usefulness - for example, when it was necessary to protect the PC's RDP port on the local network, put knockd on the router - and port forwarding to the PC was opened only after port knocking.

Why exactly a router, and not a regular PC? A router is one of the few computer hardware that works in many apartments around the clock, a home router is usually absolutely silent and a light site with less than a hundred visits per day will not bother him at all.