A short intro before the body. Click any field to edit.
At this stage I connect the outside world to my home server.
Up until now, everything has been running internally on my local network. Now I need to allow limited external access so the system can actually function as a real web and mail server.
I only expose the minimum required services:
Web access (HTTP / HTTPS)
Secure email access (IMAP for mobile/email clients)
Everything else remains blocked from the internet.
All traffic is forwarded to the Ubuntu serverβs static local IP address:
(This is the fixed IP set in Stage 3)
On the home router, I create port forwarding rules:
π Web traffic
Port 80 (HTTP) β Ubuntu server IP
Port 443 (HTTPS) β Ubuntu server IP
This allows:
websites to load publicly
SSL/secure access later via Virtualmin
Port 993 (IMAPS) β Ubuntu server IP
This allows:
secure email access from outside the home network
iPhone / Android mail apps to connect safely
encrypted inbox retrieval via IMAP
No other ports are opened to the internet.
This includes:
SSH (kept internal only)
Database ports
Virtualmin admin panel (10000)
The system is intentionally locked down.
.
This configuration ensures:
Only web traffic is publicly accessible
Only secure email retrieval is allowed externally
No unnecessary services are exposed
Attack surface is kept extremely small
Router interfaces vary widely, so the exact steps depend on the device.
However, the logic is always the same:
Forward external port β internal Ubuntu server IP β same port number
At the end of this stage: