melchiorbv
/
Obsidian
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0e9e064ba5'
${ noResults }
Obsidian/05.02 Networks/Selfhosting.md

9.2 KiB
Raw Blame History Escape

Alias Tag Date DocType Hierarchy TimeStamp location CollapseMetaTable
Self host
Self hosting
Self-host
Self-hosting
Server
Computer
Security
Privacy
Web
2021-08-26 Personal Root2
45.8714213
2.3970385
Yes

Parent:: @Networks, @Computer Set Up

^Top

name Save
type command
action Save current file
id Save

^button-SelfHSave

Self-hosting

title: Summary
collapse: open
This note explores self-hosting through its infrastructure and associated services.


style: number

Infrastructure

#^Top

This section sums up required infrastructure for self-hosting online services.

Hardware

An option is to look at a Virtual Private Server (VPS) service. This also solves the issue of the access to the Internet, that is more and more advised to not come from a home connection.

title: Tip
A good aggregator for low-cost VPS [here](https://lowendbox.com)

Otherwise, physical hardware include:

Product Type Price range

Synology (DS218/220+)

 NAS £250/300

Dell Poweredge Tower Server T30

 Server £300/400

HP Z420

 Workstation £400

==WIP==

OS & Applications

#^Top Linux is the most common OS for servers. Ubuntu, Debian or CentOS the most common distributions. MacOS would require a Virtual Machine to run properly.

Internet connection

More and more literature point that a home Internet connection may not be the most appropriate way for a server to connect to the Internet. ISPs limit traffic to manage bandwidth and comply to legislations.

Domain

#^Top

title: privacy-friendly domain manager
[Njalla](https://njal.la/)

Domain management is important for several reasons: email and email routine can only be defined once per domain. As such, email services (self-hosting, email aliasing) need to be run on separate domains.

For self-hosting, the folllowing domain will be used: mfxm.fr

title: Warning
Sub-domains to be defined with **webhost**.

Security

Security is paramount at the points of connection to the server. SSH protocols are secured but csn be intercepted. Two different ways of protection can be implemented:

RSA Key

#^Top

title: Documentation
[SSH Key Tutorial](https://www.linode.com/docs/guides/use-public-key-authentication-with-ssh/)
[SSH Key Tutorial 2](https://upcloud.com/community/tutorials/use-ssh-keys-authentication/)

All documentation to implement such control can be found VPS Console Dialogue#Securing Server access.

VPN
title: Documentation
[SSH VPN](https://openvpn.net/community-resources/how-to/)

Not tested.

Other security considerations

Additional measures can be found below and are in majority described VPS Console Dialogue#Editing the Server's SSH config.

title: Documentation
[Securing SSH](https://www.redhat.com/sysadmin/eight-ways-secure-ssh)

Continuity & backups

#^Top

title: Documentation
[Local backup](https://blog.ssdnodes.com/blog/vps-backups-simple-overthinking/)
[Hot Copy](https://programmerbear.com/how-to-backup-your-entire-server-or-vps-while-its-running-using-linux-hot-copy/)

Backups are managed through the tar command and dispatched over the network with rclone. Instructions can be found VPS Console Dialogue#Backing up a server.

Server Monitoring

#^Top

title: Documentation
[Monit](https://mmonit.com/)
[Performance Co-Pilot](https://pcp.io/)
[Nagios](https://nagios.org)

Monitoring is implemented through a free and open-source tool called Configuring Monit.

Other Apps include: dockprom CrowdSec - The open-source & collaborative IPS

Running multiple services on the same hardware

#^Top 

title: Considerations to start
[Tutorial](https://cyberhost.uk/getting-started/)
[Caddy tutorial](https://cyberhost.uk/caddy-setup/)
[Nginx Proxy Manager tutorial](https://cyberhost.uk/npm-setup/)

In essence, to run multiple services on the same hardware, a few basic steps need to be taken to ensure that each service runs properly.

Consideration Tool Description

Compartimentalise services into containers

 Configuring Docker Creates containers that can be run independently

Simplify docker commands

 docker-compose Enables to create 'script' for docker commands

Route internet traffic appropriately

 reverse proxy: nginx, Configuring Caddy Enables to route addresses to the appropriate containers and manage SSL certificates (and https forcing)

Self-hosted services

#^Top

A list of FOSS services can be found here

Service OS Technical reqs Description
Email service Linux 2GB RAM recommended self-host an #Email service

**Email aliases**

| Linux | 2GB RAM; ports: 22, 25, 80, 443 | an #Email alias service\ like [SimpleLogin](https://simplelogin.io) **Nextcloud** | Linux | 500M RAM; MySQL & SQL Lite; PHP 8.0; Apache 2.4 with PHP or nginx with PHP | #Personal cloud syncing instance

**Instant Message**

| Linux | 2/4GB RAM; ports & other extensions | Element instance for #Instant Messenging

**VPN**

| Linux | 500MB RAM | Host a private #VPN

Email service

#^Top Email service can be fully built but has many components to it: server, database, imap, caldav, carddav, DNS specificities, spam whitelisting as well as security (server access & spam filtering). It can therefore be tideous to build an email service from scratch. Pre-packaged solitions exist to manage all components:

  1. IRedMail
  2. Mail-in-a-Box
  3. Docker-mailserver which is command-line-only and to be built more extensively than the two other alternatives
title: Documentation
[Reddit Documentation](https://reddit.com/r/selfhosted/comments/6h88qf/on_selfhosted_mail_servers/)

[Tutorial](https://github.com/ajgon/self-hosted-mailserver/blob/master/docs/nsa-proof-your-e-mail-in-2-hours.md)

Email alias service

#^Top

title: Documentation
[Tutorial](https://github.com/simple-login/app)

Instant Messenging

#^Top

title: Documentation
[[Element]]

Website

title: CMS
Open source CMS solution: [The worlds fastest framework for building websites | Hugo](https://gohugo.io/)
Or [Jekyll • Simple, blog-aware, static sites | Transform your plain text into static websites and blogs](https://jekyllrb.com/)
Or [Eleventy, a simpler static site generator.](https://www.11ty.dev/)

ShortURL

#^Top Through Wordpres with Thirsty Affiliates: free of charge.

Self hosting ideas

#^Top

Photos
title: Photoprism
Self-hosted photo management solution: [here](https://photoprism.app/)

title: Piwigo
[Website](https://piwigo.org/)

Tools

#^Top

Tool Self-hosted service Link to tutorial Sub-domain

Youtube with no ads

| **Piped** | [here]([](https://piped-docs.kavin.rocks/docs/self-hosting/)) | videos

NextDNS\

| **AdGuard Home** | [here](https://cyberhost.uk/adguard-setup/) | dns-resolver

Online identity

| **authentik**
**authelia** | [Welcome \| authentik](https://goauthentik.io/)
[GitHub - authelia/authelia: The Single Sign-On Multi-Factor portal for web apps](https://github.com/authelia/authelia) | identity | Online pantry | Grocy | [grocy - ERP beyond your fridge](https://grocy.info/) | groceries |

Gist/pastebin

| Drift | [GitHub \| Drift](https://github.com/MaxLeiter/Drift) | snippet |

Database: MySQL, MariaDB, Postgres

App Database
AdGuard none 
title: VPS ideas
[MikroVPS - FR](https://my.mikrovps.net/cart.php?a=checkout&gid=34&language=English&pid=584&promocode=LEB2021LXC50&utm_source=lowendbox&utm_medium=display&utm_campaign=lbpromo2021)

#^Top