Site file server idea

Not sure what you're asking. VPNs are relatively easy to setup, but you'd still need to have some kind of external line connected to the server. The easiest way out there is probably Debian + OpenVPN; there's a myriad of tutorials for that on the internet.

If you're talking about creating a fileserver for this site itself, that would be great, but I'm not sure how VPNs would come into play here.

 

We have 26 locations all connected via VPN tunnels, here's a rough diagram of what it needs to look like.



The easiest way to make this work is to have your private gateway servers also be your VPN servers. The two locations have to be on different ip address subnets as pictured. (web servers on the 10.0 subnet and the file servers on 10.1 subnet). This way the gateways can handle all of the routing.

For example if a request is made from the web server (lets say its ip is 10.0.0.2) to a file server (who ip is 10.1.0.2) the gateway server will receive the request because 10.1.0.2 is not a part of the web servers subnet. The gateway service will ask the VPN service if is know what to do with the 10.1 subnet and it will take the request and forward it to the file servers gateway which can send it to the file server.

The VPN service have to know the public IP addresses of the each gateway, so you will need static IP addresses, or ip addresses that don't change very often (but you will have update the servers when they change). You could also use dyndns if you don't want to get a static ip.


Your best bet of doing this would be with Debian or CentOS, unless you have some spare copies of windows server laying around which is a little more user friendly.

 

Are you interested in selling one of the servers?

Shipping for one of those is usually pretty high, but if the specs and price are right, I would take it off your hands.

 

Yeah, you could configure a SSH shell to redirect SFTP/anything to you own ip address (a SSH tunnel), but it'd be transparent to the end user that would connect to the remote shell only. I could do this in my living room, but I dunno about online hosting/services.

 

Pretty much what a reverse proxy usually does, doesn't even have to be VPN.
Keep in mind that obviously your server bandwidth will be limited by your (probably consumer) connection, which is obviously less than ideal.

 

If the server is using your personal internet connection, then it has to use your personal IP. You can encrypt hard rives and traffic though. You don't have to publish it to any dns servers. The only computer that will know what your public ip is would be the web server. If you encrypt its hard drive and only allow the web server to make connections to your public ip then you should be golden.

I realize that there could be a lot of legal issues holding some of this material on file servers, here is what i would do to protect yourself.

Download a copy of CentOS and configure it's firewall to only allow connections from the web sites IP address on sftp port. block everything else (even ping and all other icmp data). This way it looks like your ip address doesn't even exist, nothing will ever reply back unless it's the assembler games website on port 22 (sftp).

Next make the website the middle man. The website server can mount the sftp share as a drive and publicly share it from there over another protocol.

Encrypt the file servers hard drives using lvm to spread it across multiple drives and maybe even some type of very obscuring raid (like raid 5). This would be very hard to get any data off of if a seizure of the server were to happen.

I can help you out with building the firewall rules and setup of the servers if you would like, should be fairly straight forward

 

That is brilliant!
It's always fun to see some outside of the box thinking.
I'm amazed at how much there is to learn about being a sys admin.

(Sorry for the OT)