9.3 KiB
cssclass | Alias | Tag | Date | DocType | Hierarchy | TimeStamp | location | CollapseMetaTable | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
recipeTable |
|
|
2021-08-26 | Personal | Root2 |
|
Yes |
Parent:: @Networks, @Computer Set Up
^Top
name Save
type command
action Save current file
id Save
^button-SelfHSave
Self-hosting
title: Summary
collapse: open
This note explores self-hosting through its infrastructure and associated services.
style: number
Infrastructure
This section sums up required infrastructure for self-hosting online services.
Hardware
An option is to look at a Virtual Private Server (VPS) service. This also solves the issue of the access to the Internet, that is more and more advised to not come from a home connection.
title: Tip
A good aggregator for low-cost VPS [here](https://lowendbox.com)
Otherwise, physical hardware include:
Product | Type | Price range |
---|---|---|
Synology (DS218/220+) |
NAS | £250/300 |
Dell Poweredge Tower Server T30 |
Server | £300/400 |
HP Z420 |
Workstation | £400 |
==WIP==
OS & Applications
#^Top Linux is the most common OS for servers. Ubuntu, Debian or CentOS the most common distributions. MacOS would require a Virtual Machine to run properly.
Internet connection
More and more literature point that a home Internet connection may not be the most appropriate way for a server to connect to the Internet. ISPs limit traffic to manage bandwidth and comply to legislations.
Domain
title: privacy-friendly domain manager
[Njalla](https://njal.la/)
Domain management is important for several reasons: email and email routine can only be defined once per domain. As such, email services (self-hosting, email aliasing) need to be run on separate domains.
For self-hosting, the folllowing domain will be used: mfxm.fr
title: Warning
Sub-domains to be defined with **webhost**.
Security
Security is paramount at the points of connection to the server. SSH protocols are secured but csn be intercepted. Two different ways of protection can be implemented:
RSA Key
title: Documentation
[SSH Key Tutorial](https://www.linode.com/docs/guides/use-public-key-authentication-with-ssh/)
[SSH Key Tutorial 2](https://upcloud.com/community/tutorials/use-ssh-keys-authentication/)
All documentation to implement such control can be found VPS Console Dialogue#Securing Server access.
VPN
title: Documentation
[SSH VPN](https://openvpn.net/community-resources/how-to/)
Not tested.
Other security considerations
Additional measures can be found below and are in majority described VPS Console Dialogue#Editing the Server's SSH config.
title: Documentation
[Securing SSH](https://www.redhat.com/sysadmin/eight-ways-secure-ssh)
Continuity & backups
title: Documentation
[Local backup](https://blog.ssdnodes.com/blog/vps-backups-simple-overthinking/)
[Hot Copy](https://programmerbear.com/how-to-backup-your-entire-server-or-vps-while-its-running-using-linux-hot-copy/)
Backups are managed through the tar command and dispatched over the network with rclone. Instructions can be found VPS Console Dialogue#Backing up a server.
Server Monitoring
title: Documentation
[Monit](https://mmonit.com/)
[Performance Co-Pilot](https://pcp.io/)
[Nagios](https://nagios.org)
Monitoring is implemented through a free and open-source tool called Configuring Monit.
Other Apps include: dockprom CrowdSec - The open-source & collaborative IPS
Running multiple services on the same hardware
title: Considerations to start
[Tutorial](https://cyberhost.uk/getting-started/)
[Caddy tutorial](https://cyberhost.uk/caddy-setup/)
[Nginx Proxy Manager tutorial](https://cyberhost.uk/npm-setup/)
In essence, to run multiple services on the same hardware, a few basic steps need to be taken to ensure that each service runs properly.
Consideration | Tool | Description |
---|---|---|
Compartimentalise services into containers |
Configuring Docker | Creates containers that can be run independently |
Simplify docker commands |
docker-compose | Enables to create 'script' for docker commands |
Route internet traffic appropriately |
reverse proxy: nginx, Configuring Caddy | Enables to route addresses to the appropriate containers and manage SSL certificates (and https forcing) |
Self-hosted services
A list of FOSS services can be found here
Service | OS | Technical reqs | Description |
---|
**Email service**
| Linux | 2GB RAM recommended | self-host an #Email service**Email aliases**
| Linux | 2GB RAM; ports: 22, 25, 80, 443 | an #Email alias service\ like [SimpleLogin](https://simplelogin.io) **Nextcloud** | Linux | 500M RAM; MySQL & SQL Lite; PHP 8.0; Apache 2.4 with PHP or nginx with PHP | #Personal cloud syncing instance**Instant Message**
| Linux | 2/4GB RAM; ports & other extensions | Element instance for #Instant Messenging**VPN**
| Linux | 500MB RAM | Host a private #VPN
Email service
#^Top Email service can be fully built but has many components to it: server, database, imap, caldav, carddav, DNS specificities, spam whitelisting as well as security (server access & spam filtering). It can therefore be tideous to build an email service from scratch. Pre-packaged solitions exist to manage all components:
- IRedMail
- Mail-in-a-Box
- Docker-mailserver which is command-line-only and to be built more extensively than the two other alternatives
title: Documentation
[Reddit Documentation](https://reddit.com/r/selfhosted/comments/6h88qf/on_selfhosted_mail_servers/)
[Tutorial](https://github.com/ajgon/self-hosted-mailserver/blob/master/docs/nsa-proof-your-e-mail-in-2-hours.md)
Email alias service
title: Documentation
[Tutorial](https://github.com/simple-login/app)
Personal /Nextcloud & syncing
title: Documentation
[Tutorial](https://nextcloud.com/athome/)
[Tutorial2](https://blog.ssdnodes.com/blog/installing-nextcloud-docker/)
title: Build your own
[Web interface](https://github.com/mickael-kerjean/filestash)
Instant Messenging
title: Documentation
[[Element]]
VPN
Easy service to set-up through WireGuard #^Top
title: Documentation
[Tutorial](https://www.makeuseof.com/how-host-own-vpn/)
title: VPS plans
[Cheap single-location VPN VPS](https://my.webhorizon.in/order/config/index/nat/?group_id=24&pricing_id=282)
[With multi jurisdiction option](https://natvps.net/)
ShortURL
#^Top Through Wordpres with Thirsty Affiliates: free of charge.
Self hosting ideas
Photos
title: Photoprism
Self-hosted photo management solution: [here](https://photoprism.app/)
title: Piwigo
[Website](https://piwigo.org/)
CMS
title: Hugo
Open source CMS solution: [here](https://gohugo.io/)
Tools
Tool | Self-hosted service | Link to tutorial | Sub-domain |
---|
Youtube with no ads
| **Piped** | [here]([](https://piped-docs.kavin.rocks/docs/self-hosting/)) | videos | **AdGuard Home** | [here](https://cyberhost.uk/adguard-setup/) | dns-resolverOnline identity
| **authentik****authelia** | [Welcome \| authentik](https://goauthentik.io/)
[GitHub - authelia/authelia: The Single Sign-On Multi-Factor portal for web apps](https://github.com/authelia/authelia) | identity
Database: MySQL, MariaDB, Postgres
App | Database |
---|---|
AdGuard | none |
title: VPS ideas
[MikroVPS - FR](https://my.mikrovps.net/cart.php?a=checkout&gid=34&language=English&pid=584&promocode=LEB2021LXC50&utm_source=lowendbox&utm_medium=display&utm_campaign=lbpromo2021)