You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

328 lines
8.9 KiB

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
Alias: ["Self host", "Self hosting", "Self-host", "Self-hosting"]
Tag: ["Server", "Computer", "Security", "Privacy", "Web"]
Date: 2021-08-26
DocType: "Personal"
Hierarchy: "Root2"
TimeStamp:
location: [45.8714213, 2.3970385]
CollapseMetaTable: Yes
---
Parent:: [[@Networks|Networks]], [[@Computer Set Up|Computer Setup]]
---
^Top
 
```button
name Save
type command
action Save current file
id Save
```
^button-SelfHSave
 
# Self-hosting
 
```ad-abstract
title: Summary
collapse: open
This note explores self-hosting through its infrastructure and associated services.
```
 
```toc
style: number
```
 
---
 
### Infrastructure
[[#^Top|TOP]]
 
This section sums up required infrastructure for self-hosting online services.
 
#### Hardware
An option is to look at a **Virtual Private Server** (VPS) service. This also solves the issue of the access to the Internet, that is more and more advised to not come from a home connection.
```ad-tip
title: Tip
A good aggregator for low-cost VPS [here](https://lowendbox.com)
```
Otherwise, **physical hardware** include:
| Product | Type | Price range
|--------|-------|-----------
|<p style="color:green">**Synology (DS218/220+)**</p> | NAS | £250/300
|<p style="color:cyan">**Dell Poweredge Tower Server T30**</p> | Server | £300/400
|<p style="color:maroon">**HP Z420**</p> | Workstation | £400
==WIP==
&emsp;
#### OS & Applications
[[#^Top|TOP]]
**Linux** is the most common OS for servers. **Ubuntu**, **Debian** or **CentOS** the most common distributions.
**MacOS** would require a Virtual Machine to run properly.
&emsp;
#### Internet connection
More and more literature point that a home Internet connection may not be the most appropriate way for a server to connect to the Internet. ISPs limit traffic to manage bandwidth and comply to legislations.
&emsp;
#### Domain
[[#^Top|TOP]]
```ad-info
title: privacy-friendly domain manager
[Njalla](https://njal.la/)
```
Domain management is important for several reasons: email and email routine can only be defined once per domain. As such, email services (self-hosting, email aliasing) need to be run on separate domains.
For self-hosting, the folllowing domain will be used: **mfxm.fr**
```ad-warning
title: Warning
Sub-domains to be defined with **webhost**.
```
&emsp;
#### Security
Security is paramount at the points of connection to the server. SSH protocols are secured but csn be intercepted. Two different ways of protection can be implemented:
&emsp;
##### RSA Key
[[#^Top|TOP]]
```ad-info
title: Documentation
[SSH Key Tutorial](https://www.linode.com/docs/guides/use-public-key-authentication-with-ssh/)
[SSH Key Tutorial 2](https://upcloud.com/community/tutorials/use-ssh-keys-authentication/)
```
All documentation to implement such control can be found [[VPS Console Dialogue#Securing Server access|here]].
&emsp;
##### VPN
```ad-info
title: Documentation
[SSH VPN](https://openvpn.net/community-resources/how-to/)
```
Not tested.
&emsp;
##### Other security considerations
Additional measures can be found below and are in majority described [[VPS Console Dialogue#Editing the Server's SSH config|here]].
```ad-info
title: Documentation
[Securing SSH](https://www.redhat.com/sysadmin/eight-ways-secure-ssh)
```
&emsp;
#### Continuity & backups
[[#^Top|TOP]]
```ad-info
title: Documentation
[Local backup](https://blog.ssdnodes.com/blog/vps-backups-simple-overthinking/)
[Hot Copy](https://programmerbear.com/how-to-backup-your-entire-server-or-vps-while-its-running-using-linux-hot-copy/)
```
Backups are managed through the **tar** command and dispatched over the network with **rclone**. Instructions can be found [[VPS Console Dialogue#Backing up a server|here]].
&emsp;
#### Server Monitoring
[[#^Top|TOP]]
```ad-info
title: Documentation
[Monit](https://mmonit.com/)
[Performance Co-Pilot](https://pcp.io/)
[Nagios](https://nagios.org)
```
Monitoring is implemented through a free and open-source tool called [[Configuring Monit|monit]].
Other Apps include:
[dockprom](https://github.com/stefanprodan/dockprom)
[CrowdSec - The open-source & collaborative IPS ](https://crowdsec.net/)
&emsp;
---
&emsp;
### Running multiple services on the same hardware
[[#^Top|TOP]]
&emsp;
```ad-tip
title: Considerations to start
[Tutorial](https://cyberhost.uk/getting-started/)
[Caddy tutorial](https://cyberhost.uk/caddy-setup/)
[Nginx Proxy Manager tutorial](https://cyberhost.uk/npm-setup/)
```
In essence, to run multiple services on the same hardware, a few basic steps need to be taken to ensure that each service runs properly.
&emsp;
| Consideration | Tool | Description
|---------------|------|------------
| <p style="color:cyan">**Compartimentalise services into containers**</p> | **[[Configuring Docker\|docker]]** | Creates containers that can be run independently
| <p style="color:turquoise">**Simplify docker commands**</p> | **docker-compose** | Enables to create 'script' for docker commands
| <p style="color:teal">**Route internet traffic appropriately**</p> | reverse proxy: **nginx**, **[[Configuring Caddy\|caddy]]** | Enables to route addresses to the appropriate containers and manage SSL certificates (and https forcing)
&emsp;
---
&emsp;
### Self-hosted services
[[#^Top|TOP]]
&emsp;
A list of FOSS services can be found [here](https://github.com/awesome-selfhosted/awesome-selfhosted)
| Service | OS | Technical reqs | Description
|--------|----|----------------|--
<span style="color:orange">**Email service**</span> | Linux | 2GB RAM recommended | self-host an [[#Email service]]
<p style="color:green">**Email aliases**</p> | Linux | 2GB RAM; ports: 22, 25, 80, 443 | an [[#Email alias service\|alias service]] like [SimpleLogin](https://simplelogin.io)
**[[Nextcloud]]** | Linux | 500M RAM; MySQL & SQL Lite; PHP 8.0; Apache 2.4 with PHP or nginx with PHP | [[#Personal cloud syncing]] instance
<p style="color:purple">**Instant Message**</p> | Linux | 2/4GB RAM; ports & other extensions | [[Element]] instance for [[#Instant Messenging]]
<p style="color:violet">**VPN**</p> | Linux | 500MB RAM | Host a private [[#VPN]]
&emsp;
#### Email service
[[#^Top|TOP]]
Email service can be fully built but has many components to it: server, database, imap, caldav, carddav, DNS specificities, spam whitelisting as well as security (server access & spam filtering). It can therefore be tideous to build an email service from scratch. Pre-packaged solitions exist to manage all components:
1. [IRedMail](https://www.iredmail.org/)
2. [Mail-in-a-Box](https://mailinabox.email/)
3. [Docker-mailserver](https://hub.docker.com/r/tvial/docker-mailserver/) which is command-line-only and to be built more extensively than the two other alternatives
```ad-info
title: Documentation
[Reddit Documentation](https://reddit.com/r/selfhosted/comments/6h88qf/on_selfhosted_mail_servers/)
[Tutorial](https://github.com/ajgon/self-hosted-mailserver/blob/master/docs/nsa-proof-your-e-mail-in-2-hours.md)
```
&emsp;
#### [[Server Alias|Email alias]] service
[[#^Top|TOP]]
```ad-info
title: Documentation
[Tutorial](https://github.com/simple-login/app)
```
&emsp;
#### Instant Messenging
[[#^Top|TOP]]
```ad-info
title: Documentation
[[Element]]
```
&emsp;
#### Website
```ad-info
title: CMS
Open source CMS solution: [The worlds fastest framework for building websites | Hugo](https://gohugo.io/)
Or [Jekyll • Simple, blog-aware, static sites | Transform your plain text into static websites and blogs](https://jekyllrb.com/)
Or [Eleventy, a simpler static site generator.](https://www.11ty.dev/)
```
&emsp;
#### ShortURL
[[#^Top|TOP]]
Through Wordpres with [Thirsty Affiliates](https://thirstyaffiliates.com): free of charge.
&emsp;
#### Self hosting ideas
[[#^Top|TOP]]
##### Photos
```ad-info
title: Photoprism
Self-hosted photo management solution: [here](https://photoprism.app/)
```
```ad-info
title: Piwigo
[Website](https://piwigo.org/)
```
&emsp;
##### Tools
[[#^Top|TOP]]
| Tool | Self-hosted service | Link to tutorial | Sub-domain
|------|---------------------|---------------|-------
<p style="color:orange">Youtube with no ads</p> | **Piped** | [here]([](https://piped-docs.kavin.rocks/docs/self-hosting/)) | videos
<p style="color:orangered">[[NextDNS\|DNS resolver]]</p> | **AdGuard Home** | [here](https://cyberhost.uk/adguard-setup/) | dns-resolver
<p style="color:orange">Online identity</p> | **authentik**<br>**authelia** | [Welcome \| authentik](https://goauthentik.io/)<br>[GitHub - authelia/authelia: The Single Sign-On Multi-Factor portal for web apps](https://github.com/authelia/authelia) | identity
| <a style='color:orange'>Online pantry</a> | Grocy | [grocy - ERP beyond your fridge](https://grocy.info/) | groceries
&emsp;
Database: MySQL, MariaDB, Postgres
| App | Database
|------|----------
| **AdGuard** | *none*
```ad-info
title: VPS ideas
[MikroVPS - FR](https://my.mikrovps.net/cart.php?a=checkout&gid=34&language=English&pid=584&promocode=LEB2021LXC50&utm_source=lowendbox&utm_medium=display&utm_campaign=lbpromo2021)
```
[[#^Top|TOP]]
&emsp;
&emsp;