Skip to content

pviotti/vps

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits

apps

apps

 
 

vms

vms

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

renovate.json

renovate.json

 
 

Repository files navigation

VPS

This repo holds scripts and configuration files to self-host some web services such as Bitwarden and Nextcloud on a private server. The goal is to have a simple (as in: concise, programmatic and declarative), cheap and secure setup to handle file synchronization and credential management for a few users (e.g. <10).

VPS on Azure

Prerequisites
  • Azure CLI - and select the right Azure subscription: 
    az login; az account set --subscription "NameOfSubscription"
  • .NET

In the vms folder is a Farmer script that creates a virtual machine on Azure with this specs:

  • SKU: Standard B2s 2vCPUs, 4GB RAM, 60GB SSD (~20€/mo as of 8/2020)
  • region: North Europe
  • OS: Ubuntu 20.04

To create the virtual machine, change directory to vms and:

  1. copy env.example to .env and edit it as suitable for username, password, host and resource name
  2. issue: make deploy. The script will deploy the VM and generate the related ARM template json file. A setup script similar to setup-vm.sh will be executed upon deployment to install required tools (e.g. Docker, etc)
  3. setup passwordless authentication
    • copy your public key to the VM: ssh-copy-id -i ~/.ssh/mypub.key user@server
    • editing the following settings in /etc/ssh/sshd_config on the VM: PasswordAuthentication no; ChallengeResponseAuthentication no; UsePAM no. Then restart sshd: sudo systemctl restart ssh.
  4. set up start and stop VM automation during off hours as described here, and make the VM IP static (TODO: automate)

Applications

Prerequisites This setup assumes you own a DNS domain, and you've made its "A Record"s for naked domain ("@") and subdomains ("*") point to the VM's public IP. Failing that, you'll still be able to run the applications, but Caddy will have issues creating the certificates to use for the HTTPS connections. Notice that while Azure virtual machines have a public DNS name (e.g. name.region.cloudapp.azure.net), their DNS setting does not allow using subdomains, so it won't work.

The apps directory contains a Docker Compose file to run Bitwarden and Nextcloud (with its MariaDB database) behind Caddy reverse proxy. At the end of the instructions

  • Nextcloud will be reachable at https://nc.<your domain> and https://<your domain>
  • Bitwarden will be reachable at https://bw.<your domain>

To deploy the applications:

  1. copy the app directory to your server (or clone this repo)
  2. change to apps folder, copy env.example to .env and edit it as suitable
  3. run make up. You can follow the progress of the setup by issuing make log.

Maintenance

Applications upgrade

To upgrade the applications just issue:

docker-compose pull
docker-compose down
docker-compose up -d

Or, more cautiously, issue the same commands but for one application at a time, e.g.docker-compose pull nextcloud. Beware that some applications require additional steps when upgrading between major versions, so make sure to read their upgrade documentation too.

👷 To do

  • add instructions for adding Prometheus and Graphana to monitor host VM, Docker and applications
  • add instructions for backup
  • automate the remaining manual steps of VM creation

References

About

A simple recipe for file synchronization and password management on a virtual private server (VPS)

Topics

azure nextcloud selfhosted vps caddyserver bitwarden

Resources

Readme
Activity

Stars

7 stars

Watchers

2 watching

Forks

1 fork
Report repository

Contributors 3

  •  
  •  
  •  

Languages