We are still actively working on the spam issue.

Difference between revisions of "Home server Original"

From InstallGentoo Wiki
Jump to: navigation, search
(Added information on 3.3v pin issue)
(Removed media automation and remote access, will expand upon further. Added server software and admin software (needs to be updated and refined))
Line 205: Line 205:
  
 
==Remote access==
 
==Remote access==
Setting up SSH access enables you to:
+
SSH
===Tunneling===
 
Create a tunnel and use it as a proxy for environments that block certain DNS requests or pages and to encrypt your data
 
===Wake on LAN===
 
Turn on a PC on your LAN [https://wiki.archlinux.org/index.php/Wake-on-LAN Arch Wiki guide]
 
===Web hosting===
 
Host webpages, use nginx or apache [https://library.linode.com/web-servers/nginx/installation/debian-6-squeeze debian nginx guide]
 
===Proxy===
 
You can use a proxy [http://www.debiantutorials.com/installing-and-configuring-squid-proxy-server/ guide]
 
====Compression====
 
[http://freecode.com/projects/ziproxy Ziproxy] (Opera style web compression, including images)
 
==Media automation==
 
===Torrenting===
 
Use a daemon like transmission or deluge
 
===TV Series===
 
You can use a daemon like [http://sickbeard.com/ Sickbeard]
 
===Movies===
 
You can use a daemon like [https://couchpota.to/ Couchpotato]
 
===Music===
 
You can use a daemon like [https://github.com/rembo10/headphones/ Headphones]
 
  
==VoIP==
+
==Server software==
You can use mumble-server (free), ventrilo or teamspeak (non-free)
+
A basic list of software and their use cases to consider running:
 +
* BBS Server: Mystic BBS, Synchronet
 +
* Compiling Speeding Up: ccache, distcc
 +
* Decentralised Social Network: MediaGoblin, GNU social
 +
* Direct Connect Server: uhub
 +
* DLNA: ReadyMedia (a.k.a. MiniDLNA), Universal Media Server
 +
* E-Mail: Exim + Dovecot (with procmail for filtering)
 +
* FTP: vsftpd
 +
* Honeypot: LaBrea, Nova, Honeyperl
 +
* IRC: ngIRCd, InspIRCd
 +
* IRC Fileserver (filesharing): iroffer
 +
* IRC bouncer: ZNC
 +
* MUD: PennMUSH
 +
* Music Player (and server): MOC (Music On Console), MPD (with vimus/ncmpcpp)
 +
* Proxy: Tinyproxy
 +
* Search Engine: YaCy, Searx
 +
* Torrent Search Engine: magnetico
 +
* Usenet Server: Leafnode, InterNetNews
 +
* VPN: WireGuard
 +
* Web Cache (accelerator): Squid
 +
* Web Server(lightweight, simple): GNU Libmicrohttpd, darkhttpd
 +
* Video Player (on the console): MPlayer, VLC (nvlc)
 +
* VoIP: Linphone
 +
* Volunteer Computing (donate CPU time to science): BOINC (+ boinctui)
  
 +
==System administration software==
 +
 +
* Backup: Rsync
 +
* Batch Renamer: qmv (renameutils)
 +
* Duplicate Files Removal: Fdupes
 +
* File Archiver (simplified): Atool
 +
* File Manager: Midnight Commander, Ranger
 +
* Drive Profiling: Smartmontools, hdparm
 +
* Filesystem Benchmark: MBW, Bonnie
 +
* General Benchmarking: HPC Challenge Benchmark, Sysbench, ProcBench
 +
* Network Profiling: iperf
 +
* Power Management: PowerTOP, TLP
 +
* System Tracing: strace
 +
* System Information: inxi, zCI
 +
* Hardware Information: dmidecode, dmesg, lshw, lspci, lsblk, blkid
 +
* Software Information: uname, lsb_release, vrms, ldd, file
 +
* Configuration Management (simple): cdist
 +
* Control Panel: Webmin
 +
* Disk Usage: Ncdu
 +
* Hardware Monitoring: lm-sensors (psensor for a GUI), Hddtemp, acpiclient
 +
* Logs: Logcheck, multiTail, lnav
 +
* Network Flow: nfdump (nfsen)
 +
* Network Latency: bmon
 +
* Network Monitoring: tcptrack, vnStat, iftop
 +
* Ports: psad
 +
* Processes: lsof
 +
* Serials: slsnif
 +
* System Latency: LatencyTOP
 +
* System Monitor: procps (ps, free, vmstat, top, pmap, nice), Sysstat (sar, mpstat, pidstat, iostat, sadf), nmon, htop, procinfo
 +
* HIDS: Tiger (with Samhain and chkrootkit)
 +
* Firewall: nftables, iptables, ufw
 +
* Network Intrusion Detection: Suricata
 +
* Network Intrusion Prevention: Sshguard, fail2ban
  
 
[[Category:Tutorials]]
 
[[Category:Tutorials]]

Revision as of 03:45, 20 December 2020

Imbox move.png
Imbox move.png
MOVE CANDIDATE
This page is being proposed to be moved to somewhere else. Relevant discussion may be found on the talk page. Reason: Merge with Setting up a Server

Please note: If you are going to run ANY services that can be accessed from the external internet, beyond the confines of your home, please secure your system per Setting up a Server.

Home servers are about learning and expanding your horizons. De-botnet your life. Learn something new. Serving applications to yourself, your family, and your frens feels good. Put your /g/ skills to good use for yourself and those close to you. Store their data with proper availability redundancy and backups and serve it back to them with a /comfy/ easy to use interface.

Most people get started with NAS. It’s nice have a /comfy/ home for all your data. Streaming your movies/shows around the house and to friends. Know all about NAS? Learn virtualisation. Spun up some VMs? Learn networking by setting up a pfsense box and configuring some vlans. There's always more to learn and chances to grow. Think you’re god tier already? Setup openstack and report back to /hsg/.

Things that are online today might not be online forever. It's good to have a copy of something because you never know when it might get taken down due to copyright strikes or Big Tech censorship.

Hardware

Depends on your use case. A simple file server can be run on an SBC with a couple hard drives attached. If you want to do more fancy things like virtualisation, streaming 4K movies, etc you are going to want better hardware. If you plan on using ZFS or Btrfs, server grade hardware and ECC ram are recommended but not required.

Storage

Shucking

It's massively cheaper to buy WD Easystores or WD Elements (when they go on sale) than it is to buy an equivalent size NAS hard drive like WD Red/Iron wolf. Just remember: YOU VOID YOUR WARRANTY. If your drive fails you are most likely fucked. When you buy regular NAS drives you are basically paying more for the warranty.

A note on WD externals, Some 8 and 10TB drives are air-filled rather than filled with helium. These air-filled drives can run significantly hotter than the helium ones. Check the model number with Crystal Disk Info before shucking, if it has an H it is most likely a helium drive. If you have airflow constraints in your case, it might be better to try and get Helium drives, otherwise it shouldn't be much of an issue.

Some other things to consider if you decide to shuck:

  • Shucked drives under 8tb might be SMR drives.
  • Shucked drives lack the middle mounting hole that most other drives have. You may need an adaptor for your HDD trays if your case doesn’t support them. Some cases might not have adaptors at all, research before buying your case!

Guide on how to shuck

3.3v pin issue
These pins

Shucked drives WILL NOT BOOT with most consumer power supplies. This is because of a feature on enterprise drives that lets administrators reboot hard drives by powering the 3.3 volt pin which isn’t used on consumer hard drives. Consumer PSUs, of course, always power this pin, so the hard drive will be stuck in an infinite boot loop and never power on. This can be solved by covering the first three pins on the hard drive with insulating Kapton tape.

  • DO NOT use liquid electrical tape. This can damage the drive.
  • DO NOT cut the Sata power cable this can damage the drive and your PSU.
  • Molex to sata adapters DO work but be careful, as some of the poorly made ones can catch fire. I wouldn’t risk it.

SMR v CMR

SMR stands for "shingled magnetic recording" It's an alternative method to conventional magnetic recording (CMR) that traditional hard drives use. While SMR technology allows for greater data density, they are also slow compared to CMR. These drives are bad for NAS use cases and especially bad for ZFS due to compatibility issues. Just avoid them all together. WD Red guide for which models are SMR and which are CMR. All Seagate NAS drives are CMR. Easystores/Elements 8tb and above should be safe.

List of SMR drives.

SSD

SSDs are recommended for the OS and programs only, or for use in cache, or ARC cache in ZFS in place of expensive ram. Don't buy SSDs for main storage unless you want to spend tens of thousands. Check out the SSD buying guide for more on SSDs.

SATA ports

There are a number of options for increasing the number of drives your server can support. The best and recommended approach is to use a SAS HBA with SAS to Sata breakout cables. Each SAS port can support up to 4 Sata drives (or even more if you use an expander). You can find used LSI SAS HBAs on ebay for relatively cheap which have ~2 internal ports, or 8 total Sata drives. Avoid SAS1 cards as they are far too old by now and have some limitations.

Sata HBAs and port multipliers/Expanders are not recommended. They are garbage and not worth buying. Sata port multipliers specifically can cause issues when you try to us any kind of Raid with them.

There are some counterfeit LSI cards on the market, avoid Chinese sellers, sellers with no return policy, etc.

How to buy non counterfeit LSI.

Good video on how to spot counterfeits.

NAS

Only buy a prebuilt NAS if you want to spend more and get less. They are typically woefully under powered for the price and you’re better served with a $65 odroid than a $300 QNAP/Synology. That said, they are the most noob friendly option with a GUI interface for setup.

Racks and Cases

Operating systems

OMV is good enough if all you are storing is rarely accessed (pirated) media. Even standard Linux like Ubuntu supports software raid and filesystems like OpenZFS. TrueNAS core (formerly FreeNas) is BSD based and fairly simple to install and use but server grade hardware and ECC memory are recommended.

Linux

You should run Debian, RHEL or CentOS if you want GNU/Linux.

Debian based distros like Ubuntu are easy to work with and have plenty of documentation.

CentOS is a free alternative to RedHat and is also fairly popular.

Ubuntu usually does retarded things with their packages and versions (lib*-ubuntu1.l2), and pulls unstable software from Debian Sid.

Rolling release distros (Arch, Fedora) are not really good for a server, because it's supposed to stay working, and it shouldn't break/change it's behaviour on updates.

Gentoo is usually too much trouble to be worth it, but it's ok.

Use Mdadm + LVM, ZFS on Linux (ZoL), or Snapraid + mergerFS for RAID.

TrueNAS

You should also consider a NAS-centric operating system for a home server - FreeBSD-based TrueNAS, the successor and replacement for FreeNas. A FreeBSD based OS that utilizes ZFS. Has many available plugins for things like PLEX, bitorrent, and more.

Free software and has simple GUIs to set up your services. Keep in mind it will install to the ENTIRE DRIVE and you won't be able to use the install drive for anything else. Server grade hardware is recommended.

TrueNAS Documentation.

Open Media Vault

Good for storing infrequently changed files like media files.

Website doesn't have much to show for. Check the forums for guides.

Supports Snapraid as a plugin. Can be used with mergerFS to pool drives together. Needed for mergerFS.

Installation guide.

Proxmox

A Linux based Virtualization Environment that has built in ZFS support, Linux container support, and more.

Your CPU must support Virtualization in order to run [1]. (VT-x on Intel, AMD-V for AMD).

ECC Ram is recommended as per usual with ZFS.

Xpenology

A free version of the OS Synology uses for their NAS products. Obviously you won't get any support from Synology if you use this.

Supports differently sized physical disks and adding hard drives to expand as needed.

unRAID

Comes with it's own RAID solution that technically isn't real RAID because all parity is stored on one or two disks. Not free, you need to fork over some money to buy it.

Supports differently sized physical disks and adding hard drives to expand as needed.

File Systems and RAID

You may want to consider a RAID array for long-term file storage. RAID is not a backup. Not even RAID 1. RAID doesn't protect against accidental deletion or total failure of an array. We STRONGLY recommend a 3-2-1 backup strategy. 3 Copies, 2 on site, 1 remote. If you cannot afford that, backing up to external drives or the cloud is better than nothing.

Rebuilding a raid array is an intensive process and it's not uncommon for a second disk to fail during the process. Raid 5 and equivalents only offer 1 disk redundancy, so if a disk fails during your rebuild you're fucked. Try to aim for at least two disk redundancy, or do a raid 10 instead.

Software v Hardware

Software raid typically has a number of features that are more beneficial than just standard RAID. Best in class at this moment is ZFS which has automatic file self healing and file system level checksums to combat bitrot. Btrfs is also good if you want an alternative to ZFS, but is still in development so be careful. Unraid is more noob friendly (but you pay for it). Snapraid+merger FS is a viable (free) alternative to Unraid if you don't feel like spending money on your OS.

ZFS

A long standing, reliable file system and software raid solution that works on BSD and Linux.

Supports up to 3 disk redundancy (RaidZ3) and has checksums and self healing to prevent data corruption.

Has some limitations, one major one being expansion is cumbersome.

If you plan on using RaidZ make sure you know what your array is going to be beforehand, you won't be able to add to it later.

Server hardware and at least 8gb ECC memory recommended. Using old hardware or consumer hardware is not recommended.

MDAM

A tool for creating and managing Linux software RAID arrays.

You can create file systems directly on the raid arrays, and then use mergerFS to pool the file systems together.

Technically supports disks of different sizes, but it requires multiple partitions on the drives and is not recommended.

No built in checksums, Can use dm-integrity to detect errors, but has no way of dealing with them.

Guide for configuring RAID arrays with MDAM.

LVM

Required learning for management of drives on Linux.

Can be used with Mdadm to pool multiple arrays into one logical volume.

A bit more confusing than partitioning drives normally but is very flexible.

XFS

Another reliable file system. Unlike ZFS it doesn't have built in software raid features.

ext4

Default file system for most Linux distros. Does everything a good file system should do and more.

Btrfs

It's "B-Tree", not "Butter". Has many of the same features as ZFS, including checksums and self healing. STILL UNDER DEVELOPMENT USE AT OWN RISK. Potential for data loss.

Raid 1 features are stable on the most recent Linux kernels.

mergerFS

A Union file system that pools multiple file systems together under one mount point, allowing them to appear as one.

Has some advantages over LVM, you can use multiple disks with data already on them instead of having to create LVM volumes/groups. If a disk fails, since the data is not striped across multiple disks (like with LVM), data loss can be less drastic.

Works with multiple different file systems at the same time, including Windows's NTFS. Use with Snapraid or mdadm for disk redundancy.

Available as a plugin for OMV.

Snapraid

Has an impressive list of features including up to 6 disk redundancy and the ability to add hard drives to expand as needed.

Supports differently sized disks, allowing for more flexibility with expansion (your data disks must be equal to or smaller than your parity disks! If you try to add a new data disk that is larger than your parity drives you will run into issues).

Technically not "real" raid and has some limitations. Read the manual.

Can be used with mergerFS to pool drives together while retaining a level of redundancy.

Available as a plugin for OMV.

Containers

"Containers" are a method of isolating running software from both the host OS and other software. You may also hear them called Jails or Chroot Jails if you are running some variant of BSD (such as TrueNas CORE/FreeNas).

There are a number of reasons why you would want this:

  • Less overhead than standard virtual machines because you aren't virtualizing the kernel.
  • Isolated software cannot interfere with each other or the host. If a container crashes it won't effect anything else.
  • Like VMs, containers are portable. You can create a container, configure it however you want, and deploy it anywhere.
  • Like VMs, removing containers and starting from scratch or a backup in the event of a fatal crash is easy.
  • Docker and Podman containers are incredibly easy to deploy and you can find pre-configured container images online.

Best practice is to keep the base OS as clean as possible and install each individual application (such as Plex, Samba, etc) in their own container. This makes your server much more stable since there is no chance of a containerised application crashing your server, or an installation gone wrong from ruining your host OS.

Pre-configured container images.

LXC and LXD

LXC is the standard Linux containers. Available on most distros. You will likely be using these if you are running a Proxmox server. Since Linux containers are essentially just separate instances of Linux, you can't run Windows programs in them without using WINE.
LXD is a newer, more user friendly version of LXC. Has better management options for containers.

Docker

Instead of running as though it was an entire OS like LXC, Docker only virtualizes a single application. Can run on Windows as well as Linux. You will still need WINE to run Windows apps on Linux. Freemium software. Base software is free for individuals (you).

Podman

An alternative to Docker. Those using Docker can easily switch without issues. Unlike Docker, it does not use a single large server daemon. Uses "pods" which can contain more than one container.

Jails

Jails are BSD's version of containers. Since TrueNas Core/FreeNas is freeBSD based you will be using these instead of LXC/LXD.

Remote access

SSH

Server software

A basic list of software and their use cases to consider running:

  • BBS Server: Mystic BBS, Synchronet
  • Compiling Speeding Up: ccache, distcc
  • Decentralised Social Network: MediaGoblin, GNU social
  • Direct Connect Server: uhub
  • DLNA: ReadyMedia (a.k.a. MiniDLNA), Universal Media Server
  • E-Mail: Exim + Dovecot (with procmail for filtering)
  • FTP: vsftpd
  • Honeypot: LaBrea, Nova, Honeyperl
  • IRC: ngIRCd, InspIRCd
  • IRC Fileserver (filesharing): iroffer
  • IRC bouncer: ZNC
  • MUD: PennMUSH
  • Music Player (and server): MOC (Music On Console), MPD (with vimus/ncmpcpp)
  • Proxy: Tinyproxy
  • Search Engine: YaCy, Searx
  • Torrent Search Engine: magnetico
  • Usenet Server: Leafnode, InterNetNews
  • VPN: WireGuard
  • Web Cache (accelerator): Squid
  • Web Server(lightweight, simple): GNU Libmicrohttpd, darkhttpd
  • Video Player (on the console): MPlayer, VLC (nvlc)
  • VoIP: Linphone
  • Volunteer Computing (donate CPU time to science): BOINC (+ boinctui)

System administration software

  • Backup: Rsync
  • Batch Renamer: qmv (renameutils)
  • Duplicate Files Removal: Fdupes
  • File Archiver (simplified): Atool
  • File Manager: Midnight Commander, Ranger
  • Drive Profiling: Smartmontools, hdparm
  • Filesystem Benchmark: MBW, Bonnie
  • General Benchmarking: HPC Challenge Benchmark, Sysbench, ProcBench
  • Network Profiling: iperf
  • Power Management: PowerTOP, TLP
  • System Tracing: strace
  • System Information: inxi, zCI
  • Hardware Information: dmidecode, dmesg, lshw, lspci, lsblk, blkid
  • Software Information: uname, lsb_release, vrms, ldd, file
  • Configuration Management (simple): cdist
  • Control Panel: Webmin
  • Disk Usage: Ncdu
  • Hardware Monitoring: lm-sensors (psensor for a GUI), Hddtemp, acpiclient
  • Logs: Logcheck, multiTail, lnav
  • Network Flow: nfdump (nfsen)
  • Network Latency: bmon
  • Network Monitoring: tcptrack, vnStat, iftop
  • Ports: psad
  • Processes: lsof
  • Serials: slsnif
  • System Latency: LatencyTOP
  • System Monitor: procps (ps, free, vmstat, top, pmap, nice), Sysstat (sar, mpstat, pidstat, iostat, sadf), nmon, htop, procinfo
  • HIDS: Tiger (with Samhain and chkrootkit)
  • Firewall: nftables, iptables, ufw
  • Network Intrusion Detection: Suricata
  • Network Intrusion Prevention: Sshguard, fail2ban