I have a publicly available web service running from my home network. It's running on it's own vlan behind very strict rate limited inbound/outbound pf rules, proxied behind chrooted nginx with all methods but GET turned off, with only generated static content running directly in nginx (pfstat!). The actual website is a small blogsum instance running in chrooted apache that isn't directly publicly available. The pf machine and the nginx/apache machines are all running up-to-date 5.4-STABLE builds.
Granted, the web site is not terribly *interactive* from the outside (i.e. no comments), but I wasn't designing for that =)
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
|