How to repurpose your old phone into a web server

Original Article ↗ Hacker News Discussion ↗

Exposing the phone to the internet

  • Common pattern: run a tunnel from the phone to something with a public IP:
    • WireGuard or SSH reverse tunnel to a cheap VPS; VPS acts as reverse proxy.
    • Cloudflare Tunnel / cloudflared to expose HTTP(S) without opening ports.
    • Some VPN providers (e.g., mentioned with port‑forwarding) can also work.
  • Simple SSH example: ssh -R :80:localhost:80 user@remote on the phone, then proxy from the VPS’s port 80 to that reverse tunnel.
  • Dynamic DNS is another option if ISP does not block ports and you can forward from your home router.

ISP policies and bandwidth concerns

  • Several commenters say most ISPs do not “ban” for running small servers; they mainly care about:
    • Total monthly volume and any caps.
    • Sustained saturation of the line causing network issues.
  • Traffic being encrypted means the ISP sees volume and endpoints, not what you’re doing.
  • Clauses against “servers” are described as mostly to prevent someone building a pseudo–data center on residential plans.
  • IPv4 exhaustion and carrier behavior have made direct self-hosting more complex than in the 1990s.

Software approaches (Android vs Linux distributions)

  • postmarketOS with a mainline kernel gives a “real Linux” environment; then any distro (e.g., Arch ARM) can run.
  • But many phones are stuck on vendor kernels with unpatched vulnerabilities, making exposure to the public internet risky.
  • Several argue you don’t need postmarketOS:
    • Termux + a web server (nginx, Caddy) on a high port is enough.
    • No root needed if using ports >1024; add a tunnel for public access.

Security considerations

  • Concern that exposing an old, unpatched Android or vendor kernel is “adding devices to a botnet.”
  • Risk strongly depends on what you expose:
    • Static file server is seen as relatively low‑risk.
    • Complex stacks (e.g., WordPress) greatly increase attack surface.

Battery, power, and fire risk

  • Major recurring worry: lithium batteries swelling or becoming a fire hazard when phones are left plugged in 24/7.
  • Conflicting experiences:
    • Some say onboard charging logic keeps a constant safe state.
    • Others report multiple “spicy pillow” failures on always‑plugged phones and handhelds.
  • Mitigations discussed:
    • Physically removing the battery (sometimes destructively) and powering via battery contacts or dedicated “fake battery” circuits.
    • Using timer switches so the charger only runs briefly each day.
    • “Bypass charging” modes on a few devices that run off external power without cycling the battery.
    • Physical containment ideas (boxes, sand, distance from living areas) for worst‑case fears.

Reliability and suitability vs other hardware

  • Some report old phones used as 24/7 servers becoming unstable over time, speculated due to constant “high load” vs typical idle usage.
  • Others note that phones already run 24/7 in pockets; the real difference may be sustained CPU/network load and thermal behavior.
  • Debate over “why a phone at all?”:
    • Phones offer built‑in UPS (battery) and are already on-hand.
    • Critics argue a used small PC, NAS, or $50 used server is simpler, safer, and easier to service than a glued-shut phone.

Finding and reusing suitable devices

  • Practical hassles: postmarketOS support is limited; phone naming is confusing on used markets.
  • Suggested tactics:
    • Buy supported models cheaply on auction sites.
    • Search by exact part number instead of marketing name to avoid mislisted phones.

Miscellaneous reuse ideas and tangents

  • Other repurposing examples: toasters and vacuums running services; wardriving rigs; BOINC compute nodes; serial‑to‑TCP gateways; iOS web‑server apps.
  • One commenter notes alternative tunneling tools (e.g., Localtonet) and Termux-based containerization (proot-distro, proot-docker) as lighter-weight ways to get “server-like” behavior on Android.