For anonymous downloads (i.e. non-authenticated), just use any popular web server and add SSL certs using "Let's Encrypt" certs. These are free for 90 days at a time. Most personal websites use them. I've been using them for a long time and update the certs every 77 days through a script. Actually, for trivial needs, the update can be 100% automatic. This is expected. https://letsencrypt.org/getting-started/
For authenticated access, use sftp.
- Install ssh-server and you get sftp for free. ssh is how Unix-like OSes communicate for non-anonymous needs.
- Install fail2ban to prevent brute force attacks.
- Setup ssh-keys from the clients to the server. Don't use passwords. These are the 3 commands, run on the client:
Code:
$ ssh-keygen -t ed25519
$ ssh-copy-id -i ~/.ssh/id_ed25519.pub username@remote
$ ssh username@remote
- Setup port translation from the WAN router, so you don't expose 22/tcp to the internet. Pick some random high port, say 58422/tcp and forward that to the LAN static IP of your server 22/tcp.
To make access easier from the client, setup the ~/.ssh/config file with a LAN stanza and a WAN stanza for access to the server when you are on the LAN or on the WAN. They use different ports. This way, you'll never need to remember that port. Something like this:
Code:
host share-lan
user joe
hostname 192.168.22.32
port 22
host share-wan
user joe
hostname your-public-static-ip-on-the-internet-OR-DNS-name
port 58422
That's it. Now you can use that client system with any sftp-client to have access to files or to push files to the remote system. BTW, you also have ssh access, so remote terminals can be used and about 50 other things are possible over ssh as well. rsync, scp, backups, ssh-tunnels, SOCKS proxy, remote desktops, all leverage ssh, so the possible options are nearly unlimited.
Most Linux file managers work with sftp:// URLs after the ssh-client software is installed. It sorta just works like browsing local disks.
If you just need a 1-time file transfer, you can also use magic wormhole between any two systems. This is a bit clunky because every transfer will have a random passphrase to receive the file(s). https://magic-wormhole.readthedocs.io/en/latest/ The good thing about wormhole is that it is safe to share files with strangers and the transfers are encrypted. This isn't for on-demand, anybody, transfers. It is just to hard for that.
Allowing HTTP for file uploads is problematic from a security standpoint. For downloads, setting up a static file website is pretty easy. There are easy ways to share all the files in the current directory without forcing any authentication. Almost every scripting language has a short command, often 1-line, webserver. No HTTPS/TLS however. Good for quick stuff inside your LAN until you are used to sftp, scp, rsync.
Of course, there are always 50+ options to any problem. You probably just want to setup the web server with Let's Encrypt TLS certs. That's the most expected.
Bookmarks