Self-hosting Adventures Part 1

- development self-hosting privacy tutorial

With the threat to privacy and information security due to new policies from tech giants like Microsoft, Google, Facebook, etc., I started exploring open-source self-hosted alternatives to various applications that I personally use. I had pretty low expectations for these sorts of services, however, I was pleasantly surprised with the quality of the products and resources that I found online. I will go into more details with the specifics of these services with later posts.

The Hardware

PCPartPicker part list / Price breakdown by merchant

Type Item Price
CPU Intel Core i5-6400 2.7GHz Quad-Core Processor Purchased For $293.78
Motherboard Gigabyte GA-H110M-S2HP Micro ATX LGA1151 Motherboard Purchased For $101.68
Memory Crucial 4GB (1 x 4GB) DDR4-2133 Memory Purchased For $36.44
Storage Kingston SSDNow V300 Series 120GB 2.5” Solid State Drive Purchased For $64.39
Storage Western Digital Red 2TB 3.5” 5400RPM Internal Hard Drive Purchased For $138.97
Case Fractal Design Node 804 MicroATX Mid Tower Case Purchased For $118.64
Power Supply Corsair CSM 450W 80+ Gold Certified Semi-Modular ATX Power Supply Purchased For $90.37
Prices include shipping, taxes, rebates, and discounts
Total $844.27
Generated by PCPartPicker 2016-07-09 16:00 EDT-0400

Server setup

After a lot of debate between popular server-friendly linux distributions, I decided to go with Ubuntu Server. The main reasons for choosing this was because of the vast amount of resources available and support of services targetting this particular distribution. If any service only officially supports one flavour of Linux, it’s almost always Ubuntu Server. After messing up my setup twice (both while trying to configure LVM after the initial installation), I finally managed to get a partition table that I was happy with:

sda                        8:0    0 111.8G  0 disk
├─sda1                     8:1    0   512M  0 part /boot/efi
├─sda2                     8:2    0   244M  0 part
└─sda3                     8:3    0 111.1G  0 part
  ├─io--vg-root (dm-0)   252:0    0 107.1G  0 lvm  /
  ├─io--vg-swap_1 (dm-1) 252:1    0   3.9G  0 lvm  [SWAP]
  └─io--vg-home (dm-3)   252:3    0 466.1G  0 lvm  /home
sdb                        8:16   0   1.8T  0 disk
└─sdb1                     8:17   0   1.8T  0 part
  ├─io--vg-data (dm-2)   252:2    0   1.4T  0 lvm  /var
  └─io--vg-home (dm-3)   252:3    0 466.1G  0 lvm  /home

As it can be seen, I allocated my /root, /boot and swap partition to the SSD, while keeping my home directory and /var on the hard drive. When running a service that requires the use of a database, those databases go into /var, which is the standard destination for these types of data. Home mainly contains my Syncthing folder and occassionally I use it as a workspace for experimental builds. As the usage grows, I hope to easily extend the storage of both /home and /var using LVM.

Then comes the topic of security, probably the most important part of this project. I never had experience with this before, but following a couple of guides I setup a firewall (using ufw), private/public key SSH, two-factor authentication, and login timeout mechanism (using fail2ban). For further reading, please read this short guide. Port forwarding and remote access had to be enable on my routers end so that I could SSH and maintain my server from anywhere I want. I did have some problems with dynamic IP, and ended up transfering my domain to NoIP and installed their automatic DDNS update client on my server.

Services

I primarily have an nginx web server running which contains server blocks to redirect different hosts to different ports on the server. The primary types of services that I will be focusing on deploying are:
- File syncing
- Communication platform
- Git server
- Notes and to-do manager
- Finance manager
- Static web server

Once all these are taken care of, I have plans to extend the range of services by adding things such as:
- Email server
- Social networking (Diaspora)
- Nylas email sync engine
- Cozy (replacement for Google services like calendar, drive, etc)

And probably a lot more to come. For each of these (types of) services, I plan to go into more specific details on later posts. This draws the conclusion to my first part. Next up I will discuss setting up TLS/SSL certificate with Let’s Encrypt on an nginx server instance and separating server blocks.