2
I have a tiny personal website (currently under construction) hosted on my raspberry pi. I also want to setup an OwnCloud server, but on my actual desktop computer for several reasons (not only related to security, but mostly for usability in my specific case).
So I have a no-ip.org domain (free) and my router forwards port 80 requests to the pi. All working fine. For having a domain pointing to my owncloud server I setted my router to redirect requests from port 7654 (random one I chose) to port 80 on my desktop. Then I configured a no-ip domain to redirect the cloud domain to http://my.website.domain:7654, which is then redirected to my desktop.
Works perfectly. Maybe this isn't a great setup, but I'm really avoiding to mess with apache's configs as much as I can, because I've had problems in the past (security wise). And it works fast (remember it's a personal thing, not going to have much traffic).
So... I also configured no-ip domain to keep my owncloud url the same, instead of simply redirecting pages. I found it is called URL masking, and it's done by using a frame.
Ok, my questions are:
If I go to the source code of the owncloud website, I can see it's a frame redirecting to another port on another website. My issue is: is this a security risk? Anyone can know that they can directly access that page by using the url:port in their browser. Maybe it's not an issue, as anyone who runs my IP through a port scanner would probably find those ports being used. But I wonder (it's my desktop pc, would hurt me a lot more than just hacking into my RPi :P )..
Is there a way to completely hide that redirection, without going too deep on apache's configurations?
Am I being paranoid, idiotic and just plain stupid? :D
Thank you for any feedback you provide!
1It isn't a security risk per se, as you pointed out anyone could run a port scan on you public IP anyway. What you're looking for is called a "forward proxy" but I'm not sure whether no-ip.org provides such service or not. – Jean-Karim Bockstael – 2014-09-05T07:52:46.507
1Thank you for reply! I ended up using the same setup, as it's not a security risk like you pointed out, but new information is always important – fgarci03 – 2014-09-10T16:57:15.287