How to Expose Local Web Server to the Internet with PageKite on Ubuntu

Normally if you want to visit your home web server from outside, you need to set up dynamic DNS because your ISP doesn’t give you a static public IP address. But some ISPs in the world don’t even assign a dynamic public IP address to each subscriber. Many subscribers share a single public IP address. In this scenario, dynamic DNS won’t work and that’s where PageKite comes in.

PageKite is an open-source tunneled reverse proxy that is capable of bypassing NATs (network address translation), firewalls and making local web servers and SSH servers visible to the public Internet. If you are a web developer or have some self-hosted services like NextCloud on your home network, then PageKite can help you access them remotely over the Internet. PageKite is written in Python, so it can run on many kind of devices.

Note: Making your web server/SSH server visible to the Internet also expose them to hackers.

How Pagekite works

  1. Your services, typically one or more HTTP servers, run on localhost.
  2. You run pagekite as a back-end connector, on the same machine.
  3. Another instance of pagekite runs as a front-end relay on a machine with a public IP address, in “the cloud”.
  4. The back-end pagekite connects to the front-end, and creates a tunnel for the configured services.
  5. Clients, typically web browsers, connect to the front-end and request service. The front-end relays the request over the appropriate tunnel, where the back-end forwards it to the actual server. Responses travel back the same way.

Running your own front-end relay costs a little money, but PageKite developers offer a 31 days free account for you to try it out. Let’s see how to use PageKite with a free account. This tutorial will only show how to expose local web server. Exposing local SSH server will be discussed in another tutorial.

How to Install and Use PageKite on Ubuntu Linux with a Free Account

First, install a web server, such as Apache, on your local Linux computer. On Debian/Ubuntu based Linux distro, run the following command to install Apache web server.

sudo apt install apache2

Start the web server

sudo systemctl start apache2

Now Apache is listening on port 80. We use PageKite to make it visible to the Internet. Install PageKit on your Linux computer using the following command.

Debian 8/9, Ubuntu 16.04/18.04,  Raspbian and derivatives

sudo apt install pagekite

Next, run the following command. Replace name with your desired subdomain.

pagekite name.pagekite.me

It will first ask you if you want to use the free PageKite.net service. Since you don’t have your own PageKite server yet, choose Y.
pagekite tutorial

Then PageKit will prompt you to sign up for a PageKite.net account using your email address.

pagekite ubuntu

You account details including password will be sent to your email address. Open the email and click the link in it to activate your account. Then enter Y to continue and save your settings.

install pagekite ubuntu 16.04

Now PageKite will connect to the front end.

pagekite localhost

And you should be able to access your local web server using a domain name.

name.pagekite.me

or

https://name.pagekite.me

pagekite tutorial tunneled reverse proxy

To stop PageKite, press Ctrl+C in the terminal window. If you want to run PageKite in the background, use --daemonize option.

pagekite --daemonize name.pagekite.me

To stop daemonized PageKite, run

pkill pagekite

You can password protect your web page with HTTP basic authentication like below.

pagekite name.pagekite.me +password/username=pass

Pagekite.net allows paid members to use their own domain names by setting up CNAME record. Instructions can be found on its website.

How to Run Your Own PageKite Server

The free trial of pagekite.net is very limited. However, we can run our own PageKite server (aka the front end) on a public-facing Linux VPS (Virtual Private Server). Although this costs money, but running your own PageKite server is well worth it. If you choose to pay PageKite.net service, then for 5 USD a month, you get only 4GB of transfer quota.

pagekite pricing

If you buy a Linux VPS from Linode and run your own PageKite server on it, then for 5 USD per month, you get 1TB of transfer. Besides, you can do other interesting projects on your VPS like setting up your own VPN.

pagekite tutorial

You will also need a domain name. You may have heard of GoDaddy, but trust me, you want to buy domain names from Namecheap because their price is lower than GoDaddy and they give you whois privacy protection free of charge.

Now, suppose you have bought a VPS and a domain name, here’s how to run the front end pagekite server. Install Ubuntu 18.04 OS on your VPS in Linode control panel. Then SSH into your VPS and install Pagekite with the commands below.

sudo apt update

sudo apt install pagekite

The pagekite.net website also has instructions on installing RPM packages on CentOS. Once pagekite is installed, the configuration directory is located at /etc/pagekite.d/ . We need to edit 20_frontends.rc file.

sudo nano /etc/pagekite.d/20_frontends.rc

Comment out the line that reads defaults because we don’t want to use the pagekite.net service. Next, add the following lines at the end of the file. Replace kite.your-domain.com with your own domain name and your-secret-key with your preferred secret key. I use my domain name kite.csmage.com as an example.

isfrontend
runas=nobody:nogroup
ports=80,443
protos=http,https
domain=http,https:kite.your-domain.com:your-secret-key

Save and close the file. Then start Pagekite server with the command below, specifying the option file. Because PageKite server needs TCP port 80 and 443 to work, so we need to prefix the command with sudo.  Also make sure no other process on your VPS are using these two ports.

sudo pagekite --optfile=/etc/pagekite.d/20_frontends.rc

To run Pagekite server in the background, use --daemonize option.

sudo pagekite --optfile=/etc/pagekite.d/20_frontends.rc --daemonize

In your DNS manager, create a sub-domain for pagekite with A record pointing to the IP address of your VPS like below.

A     kite.your-domain.com    12.34.56.78

Create a Systemd Service Unit for PageKite Server

The default systemd service file /lib/systemd/system/pagekite.service is intended for use as a client. We can create a separate systemd service file for PageKite server.

sudo nano /etc/systemd/system/pagekite.service

Copy and paste the following lines into the file.

[Unit]
Description=PageKite
After=network.target

[Service]
Type=simple
ExecStart=/usr/bin/pagekite --clean --optdir=/etc/pagekite.d/
TimeoutStopSec=5
KillMode=mixed

PermissionsStartOnly=true
Restart=on-abnormal
RestartSec=2s
LimitNOFILE=65536
WorkingDirectory=/tmp

# Hardening
[email protected] @debug @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=strict
ProtectKernelModules=yes
ProtectKernelTunables=yes

[Install]
WantedBy=multi-user.target

Save and close the file. Then reload systemd for the change to take effect.

sudo systemctl daemon-reload

Next, open 10_account.rc file

sudo nano /etc/pagekite.d/10_account.rc

This is a configuration file used by PageKite client. The PageKite systemd service will read every .rc file in /etc/pagekite.d/ directory in lexicographical order, so we need to comment out everything in this file. After that, you can kill the daemonized pagekite server process.

sudo pkill pagekite

Restart it with systemctl.

sudo systemctl start pagekite

To enable auto start at system boot time, run

sudo systemctl enable pagekite

To disable auto start, run

sudo systemctl disable pagekite

Check its status.

systemctl status pagekite

Configure Pagekite Client to Use Your Own Server

On your local computer where the Pagekite client is installed, edit the 10_account.rc file.

sudo nano /etc/pagekite.d/10_account.rc

Replace the value of kitename and kitesecret with the domain name and secret key you specified on your Pagekite server, respectively. And comment out the last line.

run pagekite server

Save and close the file. Then edit 20_frontends.rc file.

sudo nano /etc/pagekite.d/20_frontends.rc

Comment out the line that reads defaults. Then add the following line.

frontend = your-pagekite-server-IP:80

run pagekite front end

Save and close the file. Next, rename 80_httpd.rc.sample to 80_httpd.rc

sudo mv /etc/pagekite.d/80_httpd.rc.sample /etc/pagekite.d/80_httpd.rc

Restart Pagekite service on the local computer.

sudo systemctl restart pagekite

Your local Pagekite client should now be connected to your own Pagekite server. You can check the connection details by running:

sudo systemctl status pagekite

And your local web server is now exposed to the Internet. If the connection to the Pagekite server is lost, the Pagekite service will attempt to re-establish a connection.

how to use pagekite

Note: If you run command pagekite name.pagekite.me on your local computer, it will use the ~/.pagekite.rc user configuration file, which defaults to using pagekite.net service.

Multiple Virtual Hosts

This section explains how to make multiple Apache virtual hosts on your home network visible to the Internet. First, let me create two example Apache virtual hosts.

First virtual host

sudo nano /etc/apache2/sites-available/site1.csmage.com.conf

Content in this file:

<VirtualHost *:80>
       ServerName site1.csmage.com
       DocumentRoot /var/www/site1.csmage.com/
</VirtualHost>

Create the document root directory.

sudo mkdir /var/www/site1.csmage.com/

Then create an index.html file.

echo "This is site #1." | sudo tee /var/www/site1.csmage.com/index.html

Second virtual host

sudo nano /etc/apache2/sites-available/site2.csmage.com.conf

Content in this file:

<VirtualHost *:80>
       ServerName site2.csmage.com
       DocumentRoot /var/www/site2.csmage.com/
</VirtualHost>

Create the document root directory.

sudo mkdir /var/www/site2.csmage.com/

Then create an index.html file.

echo "This is site #2." | sudo tee /var/www/site2.csmage.com/index.html

Enable these two virtual hosts.

sudo a2ensite site1.csmage.com

sudo a2ensite site2.csmage.com

Reload Apache web server for the changes to take effect.

sudo systemctl reload apache2

PageKite Server Configuration

Edit the 20_frontends.rc file on the PageKite server.

sudo nano /etc/pagekite.d/20_frontends.rc

Add two domain definitions like below.

domain=http,https:site1.csmage.com:secret-key
domain=http,https:site2.csmage.com:secret-key

Save and close the file. Then restart PageKite.

sudo systemctl restart pagekite

PageKite Client Configuration

Edit the 80_httpd.rc file on local computer.

sudo nano /etc/pagekite.d/80_httpd.rc

Add two back-end defintions like below.

service_on = http:site1.csmage.com : localhost:80 : secret-key
service_on = http:site2.csmage.com : localhost:80 : secret-key

Save and close the file. Then restart PageKite.

sudo systemctl restart pagekite

Finally, add DNS A record for each subdomain. Now if I visit http://site1.csmage.com, I get

install pagekite ubuntu

If I visit http://site2.csmage.com, I get

pagekite debian

As you can see, Pagekite correctly responded to each HTTP request. If it’s not working for you, check if your secret keys match or if there’s typo in your configuration file.

How to Enable HTTPS

We can terminate TLS either at the back-end or at the front-end. The former is easier and more convenient. So I will show you how to install TLS certificate on the local computer. We can obtain free Let’s Encrypt TLS certificate for each subdomain. First, install Let’s Encrypt client (certbot) and the Apache plugin on the local computer.

sudo apt install certbot python3-certbot-apache

Then obtain and install TLS certificate for each subdomain with the commands below.

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --must-staple --email your-email-address -d site1.your-domain.com

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --must-staple --email your-email-address -d site2.your-domain.com

Explanation:

  • --agree-tos: Agree to terms of service.
  • --redirect: Redirect HTTP to HTTPS
  • --hsts: Enable strict transport security header.
  • --staple-ocsp: Enable OCSP stapling
  • --must-staple: Adds the OCSP Must Staple extension to the certificate.

After certificates are successfully obtained and installed, edit the 80_httpd.rc file on the local computer.

sudo nano /etc/pagekite.d/80_httpd.rc

Add two HTTPS back-end definition like below. Notice that HTTPS requests will be sent to port 443 on localhost.

service_on = https://site1.your-domain.com : localhost:443: your-secret-key
service_on = https://site2.your-domain.com : localhost:443: your-secret-key

Save and close the file. Then restart pagekite client.

sudo systemctl restart pagekite

Now my sites are automatically redirected to HTTPS.

how pagekite works

run your own pagekite server

Auto Renew TLS Certificate

The certbot debian package ships with its own cron job (/etc/cron.d/certbot) and a systemd timer (/lib/systemd/system/certbot.timer) to automatically renew TLS certificate. So you don’t need to manually add cron job or systemd timer. The timer runs certbot.service twice a day. You can check its status with:

systemctl status certbot.timer

If the certbot cron job detects that there’s also a systemd timer, then it won’t run the renew command.

That’s it! I hope this PageKite tutorial helped you make your local web server accessible over the Internet. Take care.

Rate this tutorial
[Total: 5 Average: 4.4]

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • If my answer helped you, please consider supporting this site. Thanks :)