Home server best practices and ideas

clownfish · 2012-05-29 16:42:30

Hi forum,

last Friday I built a home server and set up Arch. The actual purpose of the server is to be a simple, network accessible file server for two laptops, a desktop PC and the Western Digital TV Live Player. A ready to use NAS would do the job, but only buying the single components (just a Mini ITX case, Intel Atom Mainboard, RAM and a harddisk) and installing Arch satisfies my do-it-yourself needs. It works pretty well. After installing and configuring OpenSSH and Samba, I installed a LAMP so that the SSH and the Samba daemons don't feel alone. But actually I don't really need the webserver. I also read the Comprehensive Server Guide which seems to be a "work in progress".
Now I'm looking for some ideas and guides, what else I can do with the flexibility of an Arch installation on a home server. I thought about using it to control the lights and other electronics over a smartphone, but that are just wild dreams. So question one to all home server owners:
For what do you use your home server?

As I'm pretty new to administering my own server, I feel like beeing lost in the woods. I couldn't find really much about best practices, dos and don'ts. For example I can't decide where to store the folders shared over the network. Currently I added a new user named "files". In it's home directory I created some folders and created the Samba shares on them. I don't know why, but that smells bad. And for some reason I don't feel comfortable with just creating a folder for example called "data" in the root where I could store the folders for the shares. So question two:
Do you know some guides about best practices for server administration?

drcouzelis · 2012-05-29 17:11:47

I still consider myself as pretty new to hosting my own website and SSH server.

I noticed I was getting quite a bit of traffic or pings or whatever from China and other places where I don't know anyone who should be accessing my computer. So I use iptables + ipset to block a ton of IP addresses, mainly by country. For example, I block all IP addresses from Sealand.

ewaller · 2012-05-29 19:27:17

Sounds like you are doing fine on your own. Learn by doing.

I would suggest you protect yourself from the rest of the world. Look at
fail2ban to minimize brute force attacks. Also, consider requiring ssh keys.

Xyne · 2012-05-29 20:41:34

You could use /srv, which is intended for server files. The "http" and "ftp" users have their home directories in there. I don't use that myself because it just doesn't feel right to me either. Besides, I wouldn't want to risk server files eating up space on my root partition. I would probably create a shared directory in /home and use some tools to manage it. Take a look at the setgid bit (chmod) and access control lists (ACLs) (setfacl, getfacl). You might also find maown useful if you need to make sure that everything in that directory belongs to one user.

As for other uses of a home server, you could set up a centralized package cache using network shares, but be careful when cleaning out the cache with pacman -Sc (I would just go with pacserve, but I'm understandably biased ).

You could also set up a centralized backup server. Just for fun, set it up so that the server only stores encrypted files, e.g. by using rsync to upload files in an eCryptfs or EncFS encrypted directory.

Other ideas:
* set up a VPN
* run a Git server for synchronizing configuration files
* play around with LDAP
* try to create a Beowulf cluster
* turn the home network into a surveillance system and oppress the other residents using blackmail and usb nerf missile turrets

error: silliness overflow, aborting post

firecat53 · 2012-05-29 21:47:10

Setup Notes:
1. First, change your default SSH port away from 22.
2. Make sure you setup public key authentication, and use ssh-agent(or gpg-agent) on your other computers for access, with strong passwords.
3. If you have personal websites, setup http digest authentication to keep them private, easily.

Stuff I do:
1. My own git repos in /srv/git
2. Personal sites (screenshots, configs, vimwiki html files) in /srv/http
3. Samba shares for music/video on /mnt/media
4. Samba shares for personal files at /home/me, /home/wife, /home/kid1, etc. Kids shares can only be read by me, wife or them...not the other kids
5. Each computer is backed up to the server /mnt/backup/hostname. I just backup Documents folders from Windows machines, and certain files from /home, /etc/, /var and /boot, crontabs, and package lists from linux machines (rdiff-backup).
6. Server backs up /mnt/backup to webhost using duplicity and encryption (gpg-agent). I like this backup setup because I use rdiff-backup for local backups, which is very easy to access. I exclude the rdiff-backup-data directories from the offsite duplicity sync, because it does it's own incremental backups, while still being encrypted and compressed.
7. Unison runs on my laptop/desktop to sync configuration files, mail, and documents to/from the server (star pattern)
8. Server runs offlineimap to archive mail, which is then transferred via unison to/from laptop/desktop as well. Prevents having to run multiple instances of offlineimap. Also, all the mairix indexing is done on the server and the databases are sync'd via unison to laptop/desktop. Indexing really drags down my old laptop!
9. Server runs rss2email to pull my RSS feeds into a mail folder (also sync'd via unison)

That's about it (other than the home surveillance system to oppress other residents with blackmail and usb nerf missile turrets throughout the house )

Scott

Last edited by firecat53 (2012-05-29 21:50:21)

/dev/zero · 2012-05-29 22:26:06

clownfish wrote:

As I'm pretty new to administering my own server, I feel like beeing lost in the woods. I couldn't find really much about best practices, dos and don'ts. ... So question two:
Do you know some guides about best practices for server administration?

You're treating the word "server" as though it captures all use cases. A server is just a computer that offers services. Each service has its own risks and best practices. Your server is safest when it offers no services; you bring in more risks with each extra service you run. You say you don't need LAMP: well turn it off!

Since you're serving samba shares and ssh, you will need to look up security for those packages separately. The Simple Stateful Firewall is a good start, but then also do some googling for samba and ssh best practices. Some have already been offered, but you're better off doing your own research rather than throwing yourself on the mercy of an internet forum.

anrxc · 2012-05-30 01:23:06

last Friday I built a home server and set up Arch.
For what do you use your home server?

It can be the central /var/cache/pacman/pkg storage so you only ever download updates once for your whole LAN. It can be used for distributed compiling for building AUR packages. It can be used as a Tor gateway for the whole LAN.

clownfish · 2012-05-30 07:34:12

/dev/zero wrote:

but then also do some googling for samba and ssh best practices.

I did

/dev/zero wrote:

Some have already been offered, but you're better off doing your own research rather than throwing yourself on the mercy of an internet forum.

That's a killer for 99% of all forum threads. What else would be the sense of a forum like this? Actually most of the content Google throws out are forum threads

Anyway: Thanks for all the replies and ideas so far! /srv seems to be a good place for some of the shares. I just found this interesting list: http://www.pathname.com/fhs/pub/fhs-2.3.html

skanky · 2012-05-30 09:05:07

Do you have external usb drives? If so, there can be some issues with them spinning down. I had all sorts of issues with that. Seems to depend on the drive enclosure as much as anything.

zenlord · 2012-05-31 16:09:09

Seems like I can add something to this thread.

I have used my homeserver as a central data-server through NFS and DLNA. The allow me to share every bit of data to all computers and other devices on the network. It is easy to organize backups (well, a redundant copy through rsync anyway).

I have apache and postgres running to test out works-in-progress (but I should disable them when they're not used (frequently)).

When I move to my new house next month, I will be adding DAViCal to setup a centralized calendar- and addressbook-server to make also that data accessible to my smartphone. I am looking forward to extend my DLNA-capacities to new music players in multiple locations around the house...

And the 'soho-server' to serve files to my wife's office will also have asterisk on board to make calling over VoIP possible and even allow some control (opening doors etc.) with a buttonpress on the Snom-telephones.

I have also prepped the house for domotica, but I was unable to find something decent that is compatible with linux. I even have to install windows to program our light switches... Our system is operable via HTTP, so I do not depend on windows the whole time...

Good luck an enjoy the 'voyage'

rwd · 2012-06-02 11:29:29

I found this an interesting list uses of a personal server:

http://wiki.debian.org/FreedomBox/ExampleProjects

Arch Linux

#1 2012-05-29 16:42:30

Home server best practices and ideas

#2 2012-05-29 17:11:47

Re: Home server best practices and ideas

#3 2012-05-29 19:27:17

Re: Home server best practices and ideas

#4 2012-05-29 20:41:34

Re: Home server best practices and ideas

#5 2012-05-29 21:47:10

Re: Home server best practices and ideas

#6 2012-05-29 22:26:06

Re: Home server best practices and ideas

#7 2012-05-30 01:23:06

Re: Home server best practices and ideas

#8 2012-05-30 07:34:12

Re: Home server best practices and ideas

#9 2012-05-30 09:05:07

Re: Home server best practices and ideas

#10 2012-05-31 16:09:09

Re: Home server best practices and ideas

#11 2012-06-02 11:29:29

Re: Home server best practices and ideas

Board footer