melchiorbv
/
Obsidian
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4c354023b1'
${ noResults }
Obsidian/05.02 Networks/Selfhosting.md

354 lines
9.1 KiB
Raw Normal View History Unescape

push all
3 years ago
---
cssclass: recipeTable
Alias: ["Self host", "Self hosting", "Self-host", "Self-hosting"]
Tag: ["Server", "Computer", "Security", "Privacy", "Web"]
Date: 2021-08-26
DocType: "Personal"
Hierarchy: "Root2"
TimeStamp:
location: [45.8714213, 2.3970385]
CollapseMetaTable: Yes
---
Parent:: [[@Networks|Networks]], [[@Computer Set Up|Computer Setup]]
---
^Top
 
```button
name Save
type command
action Save current file
id Save
```
^button-SelfHSave
 
# Self-hosting
 
```ad-abstract
title: Summary
collapse: open
This note explores self-hosting through its infrastructure and associated services.
```
 
```toc
style: number
```
 
---
 
### Infrastructure
[[#^Top|TOP]]
 
This section sums up required infrastructure for self-hosting online services.
 
#### Hardware
An option is to look at a **Virtual Private Server** (VPS) service. This also solves the issue of the access to the Internet, that is more and more advised to not come from a home connection.
```ad-tip
title: Tip
A good aggregator for low-cost VPS [here](https://lowendbox.com)
```
Otherwise, **physical hardware** include:
| Product | Type | Price range
|--------|-------|-----------
|<p style="color:green">**Synology (DS218/220+)**</p> | NAS | £250/300
|<p style="color:cyan">**Dell Poweredge Tower Server T30**</p> | Server | £300/400
|<p style="color:maroon">**HP Z420**</p> | Workstation | £400
==WIP==
&emsp;
#### OS & Applications
[[#^Top|TOP]]
**Linux** is the most common OS for servers. **Ubuntu**, **Debian** or **CentOS** the most common distributions.
**MacOS** would require a Virtual Machine to run properly.
&emsp;
#### Internet connection
More and more literature point that a home Internet connection may not be the most appropriate way for a server to connect to the Internet. ISPs limit traffic to manage bandwidth and comply to legislations.
&emsp;
#### Domain
[[#^Top|TOP]]
xmas update
3 years ago
```ad-info
title: privacy-friendly domain manager
[Njalla](https://njal.la/)
```
push all
3 years ago
Domain management is important for several reasons: email and email routine can only be defined once per domain. As such, email services (self-hosting, email aliasing) need to be run on separate domains.
For self-hosting, the folllowing domain will be used: **mfxm.fr**
```ad-warning
title: Warning
Sub-domains to be defined with **webhost**.
```
&emsp;
#### Security
Security is paramount at the points of connection to the server. SSH protocols are secured but csn be intercepted. Two different ways of protection can be implemented:
&emsp;
##### RSA Key
[[#^Top|TOP]]
```ad-info
title: Documentation
[SSH Key Tutorial](https://www.linode.com/docs/guides/use-public-key-authentication-with-ssh/)
[SSH Key Tutorial 2](https://upcloud.com/community/tutorials/use-ssh-keys-authentication/)
```
All documentation to implement such control can be found [[VPS Console Dialogue#Securing Server access|here]].
&emsp;
##### VPN
```ad-info
title: Documentation
[SSH VPN](https://openvpn.net/community-resources/how-to/)
```
Not tested.
&emsp;
##### Other security considerations
Additional measures can be found below and are in majority described [[VPS Console Dialogue#Editing the Server's SSH config|here]].
```ad-info
title: Documentation
[Securing SSH](https://www.redhat.com/sysadmin/eight-ways-secure-ssh)
```
&emsp;
#### Continuity & backups
[[#^Top|TOP]]
```ad-info
title: Documentation
[Local backup](https://blog.ssdnodes.com/blog/vps-backups-simple-overthinking/)
[Hot Copy](https://programmerbear.com/how-to-backup-your-entire-server-or-vps-while-its-running-using-linux-hot-copy/)
```
Backups are managed through the **tar** command and dispatched over the network with **rclone**. Instructions can be found [[VPS Console Dialogue#Backing up a server|here]].
&emsp;
#### Server Monitoring
[[#^Top|TOP]]
```ad-info
title: Documentation
[Monit](https://mmonit.com/)
[Performance Co-Pilot](https://pcp.io/)
[Nagios](https://nagios.org)
```
Monitoring is implemented through a free and open-source tool called [[Configuring Monit|monit]].
&emsp;
---
&emsp;
### Running multiple services on the same hardware
[[#^Top|TOP]]
&emsp;
```ad-tip
title: Considerations to start
[Tutorial](https://cyberhost.uk/getting-started/)
[Caddy tutorial](https://cyberhost.uk/caddy-setup/)
[Nginx Proxy Manager tutorial](https://cyberhost.uk/npm-setup/)
```
In essence, to run multiple services on the same hardware, a few basic steps need to be taken to ensure that each service runs properly.
&emsp;
| Consideration | Tool | Description
|---------------|------|------------
xmas update
3 years ago
| <p style="color:cyan">**Compartimentalise services into containers**</p> | **[[Configuring Docker\|docker]]** | Creates containers that can be run independently
push all
3 years ago
| <p style="color:turquoise">**Simplify docker commands**</p> | **docker-compose** | Enables to create 'script' for docker commands
xmas update
3 years ago
| <p style="color:teal">**Route internet traffic appropriately**</p> | reverse proxy: **nginx**, **[[Configuring Caddy\|caddy]]** | Enables to route addresses to the appropriate containers and manage SSL certificates (and https forcing)
push all
3 years ago
&emsp;
---
&emsp;
### Self-hosted services
[[#^Top|TOP]]
&emsp;
A list of FOSS services can be found [here](https://github.com/awesome-selfhosted/awesome-selfhosted)
| Service | OS | Technical reqs | Description
|--------|----|----------------|--
<p style="color:orange">**Email service**</p> | Linux | 2GB RAM recommended | self-host an [[#Email service]]
<p style="color:green">**Email aliases**</p> | Linux | 2GB RAM; ports: 22, 25, 80, 443 | an [[#Email alias service\|alias service]] like [SimpleLogin](https://simplelogin.io)
**[[Nextcloud]]** | Linux | 500M RAM; MySQL & SQL Lite; PHP 8.0; Apache 2.4 with PHP or nginx with PHP | [[#Personal cloud syncing]] instance
<p style="color:purple">**Instant Message**</p> | Linux | 2/4GB RAM; ports & other extensions | [[Element]] instance for [[#Instant Messenging]]
<p style="color:violet">**VPN**</p> | Linux | 500MB RAM | Host a private [[#VPN]]
&emsp;
#### Email service
[[#^Top|TOP]]
Email service can be fully built but has many components to it: server, database, imap, caldav, carddav, DNS specificities, spam whitelisting as well as security (server access & spam filtering). It can therefore be tideous to build an email service from scratch. Pre-packaged solitions exist to manage all components:
1. [IRedMail](https://www.iredmail.org/)
2. [Mail-in-a-Box](https://mailinabox.email/)
3. [Docker-mailserver](https://hub.docker.com/r/tvial/docker-mailserver/) which is command-line-only and to be built more extensively than the two other alternatives
```ad-info
title: Documentation
[Reddit Documentation](https://reddit.com/r/selfhosted/comments/6h88qf/on_selfhosted_mail_servers/)
[Tutorial](https://github.com/ajgon/self-hosted-mailserver/blob/master/docs/nsa-proof-your-e-mail-in-2-hours.md)
```
&emsp;
#### [[Email alias]] service
[[#^Top|TOP]]
```ad-info
title: Documentation
[Tutorial](https://github.com/simple-login/app)
```
&emsp;
#### Personal [[/Nextcloud|cloud]] & syncing
[[#^Top|TOP]]
```ad-info
title: Documentation
[Tutorial](https://nextcloud.com/athome/)
[Tutorial2](https://blog.ssdnodes.com/blog/installing-nextcloud-docker/)
```
```ad-tip
title: Build your own
[Web interface](https://github.com/mickael-kerjean/filestash)
```
&emsp;
#### Instant Messenging
[[#^Top|TOP]]
```ad-info
title: Documentation
[[Element]]
```
&emsp;
#### VPN
Easy service to set-up through [WireGuard](https://www.wireguard.com/)
[[#^Top|TOP]]
```ad-info
title: Documentation
[Tutorial](https://www.makeuseof.com/how-host-own-vpn/)
```
```ad-note
title: VPS plans
[Cheap single-location VPN VPS](https://my.webhorizon.in/order/config/index/nat/?group_id=24&pricing_id=282)
[With multi jurisdiction option](https://natvps.net/)
```
&emsp;
#### ShortURL
[[#^Top|TOP]]
Through Wordpres with [Thirsty Affiliates](https://thirstyaffiliates.com): free of charge.
&emsp;
#### Self hosting ideas
[[#^Top|TOP]]
##### Photos
```ad-info
title: Photoprism
Self-hosted photo management solution: [here](https://photoprism.app/)
```
```ad-info
title: Piwigo
[Website](https://piwigo.org/)
```
&emsp;
##### CMS
```ad-info
title: Hugo
Open source CMS solution: [here](https://gohugo.io/)
```
&emsp;
##### Tools
[[#^Top|TOP]]
| Tool | Self-hosted service | Link to tutorial | Sub-domain
|------|---------------------|---------------|-------
xmas update
3 years ago
<p style="color:orange">Youtube with no ads</p> | **Piped** | [here]([](https://piped-docs.kavin.rocks/docs/self-hosting/)) | videos
<p style="color:orangered">[[NextDNS\|DNS resolver]]</p> | **AdGuard Home** | [here](https://cyberhost.uk/adguard-setup/) | dns-resolver
2022 SoY cleanup
3 years ago
<p style="color:orange">Online identity</p> | **authentik**<br>**authelia** | [Welcome \| authentik](https://goauthentik.io/)<br>[GitHub - authelia/authelia: The Single Sign-On Multi-Factor portal for web apps](https://github.com/authelia/authelia) | identity
push all
3 years ago
Database: MySQL, MariaDB, Postgres
| App | Database
|------|----------
| **AdGuard** | *none*
```ad-info
title: VPS ideas
[MikroVPS - FR](https://my.mikrovps.net/cart.php?a=checkout&gid=34&language=English&pid=584&promocode=LEB2021LXC50&utm_source=lowendbox&utm_medium=display&utm_campaign=lbpromo2021)
```
[[#^Top|TOP]]
&emsp;
&emsp;