HomeServer - gdamjan/gdamjan.github.io GitHub Wiki

Why

Everyone should have their own server. For me, the cheapest option was my home desktop which already is turned on 24/7 and connected to the internet. The upload is not great on ADSL (1mbit/s) but that could be improved fairly easy (optics are already an affordable option).

Pros: your data is in the safety of your own home. Makes it harder for someone to go on a fishing expedition and seize your data (or worse, silently monitor everything). Also cheaper.

Cons: the infrastructure at your home is certainly worse than at a dedicated hosting provider.

What

  • dyndns
  • ssh + google-authenticator
  • nginx - http and ssl frontend
  • uwsgi_php - app server
  • OwnCloud - file storage, CardDav and CalDav server
  • OpenVpn
  • transmission-daemon

How

One my OpenWRT router I have a dyndns client that always updates my no-ip host name whenever my ip address changes. Then in its firewall I have port forwards setup for ssh (port 22) and https (port 443) to the desktop computer. Lastly, I have an openvpn server using certificates in a layer3 routing configuration (all documented in openwrts http://wiki.openwrt.org/doc/howto/vpn.openvpn).

The desktop/server is running ArchLinux. I have installed nginx from Arch package and uwsgi-php and owncloud from AUR. This is enough for running the OwnCloud instance as explained in the https://wiki.archlinux.org/index.php/Owncloud#Nginx_.2B_uwsgi_php_alternative.

Nginx is running with a self-signed certificate as explained in its http://wiki.nginx.org/HttpSslModule.

Ssh is configured to use https://aur.archlinux.org/packages/libpam-google-authenticator/ as a 2-factor authentication. That's how I can connect to ssh securely enough even without my ssh key. The ssh pam config is: 

# /etc/pam.d/sshd
...
auth            required        pam_google_authenticator.so

Important settings in /etc/ssh/sshd_config are: 

...
#PasswordAuthentication yes           # yes by default
ChallengeResponseAuthentication yes   # no by default
...

TODO

  • asterisk + chan_mobile - call from anywhere in the world via internet
  • asterisk + fixed line - same thing
  • buddycloud node - distributed social network, file sharing, etc
  • refuge.io
  • GateOne web shell (or shellinabox, or ipython notebook)
  • web irc, web jabber
  • integrate OwnCloud with my Music folder
  • two-step authentication in nginx (preferably google-authenticator)
Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️