HomeServer

Damjan Georgievski edited this page Oct 28, 2018 · 1 revision

Why

Everyone should have their own server. For me, the cheapest option was my home desktop which already is turned on 24/7 and connected to the internet. The upload is not great on ADSL (1mbit/s) but that could be improved fairly easy (optics are already an affordable option).

Pros: your data is in the safety of your own home. Makes it harder for someone to go on a fishing expedition and seize your data (or worse, silently monitor everything). Also cheaper.

Cons: the infrastructure at your home is certainly worse than at a dedicated hosting provider.

What

  • dyndns
  • ssh + google-authenticator
  • nginx - http and ssl frontend
  • uwsgi_php - app server
  • OwnCloud - file storage, CardDav and CalDav server
  • OpenVpn
  • transmission-daemon

How

One my OpenWRT router I have a dyndns client that always updates my no-ip host name whenever my ip address changes. Then in its firewall I have port forwards setup for ssh (port 22) and https (port 443) to the desktop computer. Lastly, I have an openvpn server using certificates in a layer3 routing configuration (all documented in openwrts http://wiki.openwrt.org/doc/howto/vpn.openvpn).

The desktop/server is running ArchLinux. I have installed nginx from Arch package and uwsgi-php and owncloud from AUR. This is enough for running the OwnCloud instance as explained in the https://wiki.archlinux.org/index.php/Owncloud#Nginx_.2B_uwsgi_php_alternative.

Nginx is running with a self-signed certificate as explained in its http://wiki.nginx.org/HttpSslModule.

Ssh is configured to use https://aur.archlinux.org/packages/libpam-google-authenticator/ as a 2-factor authentication. That's how I can connect to ssh securely enough even without my ssh key. The ssh pam config is:

# /etc/pam.d/sshd
...
auth            required        pam_google_authenticator.so

Important settings in /etc/ssh/sshd_config are:

...
#PasswordAuthentication yes           # yes by default
ChallengeResponseAuthentication yes   # no by default
...

TODO

  • asterisk + chan_mobile - call from anywhere in the world via internet
  • asterisk + fixed line - same thing
  • buddycloud node - distributed social network, file sharing, etc
  • refuge.io
  • GateOne web shell (or shellinabox, or ipython notebook)
  • web irc, web jabber
  • integrate OwnCloud with my Music folder
  • two-step authentication in nginx (preferably google-authenticator)
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.