Home Server Setup Guide

This guide details the setup of an Ubuntu home server using a Beelink Mini PC, focusing on Docker-based services for self-hosting, including Nextcloud, Pi-hole, and monitoring tools like Grafana. It emphasizes security measures such as SSH key-based authentication, firewall configuration, and SSL certificate management via Certbot. The project aims to balance performance, cost, and expandability while prioritizing data privacy and control through self-hosted applications.

This guide provides an overview of the setup process for an Ubuntu home server, including steps for setting up various services and tools to maximize functionality and ease of use. Before starting, ensure you have the following: - A server with Ubuntu installed. - Basic understanding of Linux terminal commands. - Internet connection. Our home server project is powered by the Beelink R5-5560U Mini PC. The system specifications were carefully chosen to deliver optimal performance for the services we intend to run. Here are the key specifications of our server: The choice of this server reflects a balance between cost, performance, and expandability. It has the power to handle the services we intend to run while offering room for future expansion. NOTE: Many of the guides below may be unnecessary as Portainer has an extensive list of templates Here's an overview of the tools and services we will be setting up: - ZFS RAIDZ Setup - SSH Setup - Samba Setup - FTP Setup - Rsync Setup - Nginx Setup - Certbot Setup - File Browser Setup - Nextcloud Setup - PiHole Setup - Heimdall App Dashboard - Shell in a Box Setup - Grafana Setup - Prometheus Grafana Setup - Zabbix Grafana Plugin We decided to use Docker for the majority of our services due to the numerous advantages it offers. Docker's containerization technology allows for efficient utilization of system resources, high scalability, improved isolation, and simplified version control. With Docker, each application runs in a self-contained environment with its own set of libraries and dependencies. This significantly reduces potential conflicts between applications and allows for easy updates and rollbacks. The services chosen for our home server were based on a combination of user needs, available resources, and a desire for self-hosting to ensure data privacy and control. - Nextcloud provides a self-hosted cloud storage solution, giving you control over your data. - Heimdall is used for creating a unified, visually pleasing, and easily accessible dashboard for all of our applications. - Certbot is utilized for managing SSL certificates, ensuring secure communication to our server. - Nginx serves as our web server and reverse proxy, making our services accessible and secure. - Grafana, Zabbix, and Prometheus are used for network and system monitoring, helping identify and diagnose issues. Security was a key focus during the development of this project. - SSH provides secure remote access to our server, which is crucial for administration purposes. - Certbot automates the process of obtaining and renewing SSL certificates, providing encrypted connections to our services. - Pi-hole is used as a network-wide ad-blocker, not only improving browsing experience but also blocking malicious ads that could pose a threat to our network. To ensure a secure and reliable system, consider implementing the following security measures as you set up your home server: - Configure SSH for secure remote access: Set up key-based authentication, limit user access, and change the default port. Keep your SSH daemon up-to-date. - Implement a firewall to control network traffic: Use tools like UFW or Firewalld to create specific rules for required traffic, apply a default deny policy, and monitor logs for suspicious activity. - Secure your Docker images: If using Docker, regularly update images, use trusted official images, and consider implementing scanning tools like Anchore for vulnerability detection. - Segregate your network: Isolate services using network segmentation techniques such as VLANs or subnetting, and implement network access controls to limit communication between segments. - Manage user access: Create and manage user accounts with defined permissions, enforce the principle of least privilege, and use auditing tools to monitor user activities. - Encrypt data and use certificates: Use tools like Certbot to obtain SSL/TLS certificates, ensuring encrypted data transmission, and encrypt stored sensitive data at rest. - Perform regular security audits: Conduct ongoing security assessments of your system, monitor logs using tools like Logwatch, implement intrusion detection systems like Snort, and stay informed about emerging threats and best practices. By considering these action points and using appropriate tools, you can establish a secure and reliable home server environment. To ensure the reliability and stability of our services, comprehensive monitoring is essential. - Grafana provides a powerful platform for visualizing metrics, which can be used for system and network monitoring. - Prometheus collects time series data, providing the raw data for Grafana to visualize. - Zabbix is used alongside Grafana for its advanced network monitoring capabilities, providing alerts and detailed network metrics. The implementation process for each service is detailed in its respective section. However, it typically follows these steps: - Setting up the Base System: Install the base system Ubuntu and configure basic settings. - Installing Docker: Install Docker on the base system. - Setting up each Service: Set up each service in a Docker container. This involves pulling the Docker image for the service, configuring it, and starting it up. - Configuring Nginx and Certbot: Configure Nginx and Certbot to make the services accessible over HTTPS. - Setting up Monitoring: Set up Grafana, Prometheus, and Zabbix to monitor the system and network. If you encounter any issues while setting up or managing your server, refer to the documentation provided for each service. Additionally, consider searching for or asking questions on community forums or the GitHub page of the respective service. Setting up a home server with these services can provide a powerful and flexible solution for file sharing, network monitoring, ad-blocking, and more. With Docker, managing these services becomes much more straightforward, making this project accessible even to those new to home servers. While setting up and maintaining a home server requires some effort, the payoff in terms of control and flexibility is significant.