home server

From IndieWeb


A home server is a machine you keep at home to host some of your services. Most people chose to run a machine dedicated to this, but it's also possible to use your everyday desktop/laptop computer.

Considerations

Privacy

Aiming for more privacy and technical autonomy, many people chose to host their personal data (such as blog and email) on machines they have physical control over.

One of the main reasons is to ensure your private data is not accessed by people without your knowledge. If your data is sitting in your living room, you can be sure it's not going to be sold to third parties without your explicit content.

Also, in many countries throughout the world, law enforcement requires a judicial order to penetrate your home and seize your data, while a machine hosted in a datacenter may be handed over to local authorities without any warning or warrant.

Network

Self-hosting requires a decent network speed (especially, upload speed) and a rather unfiltered (neutral) access to the Internet.

An upload speed of 1 Mbit/s is a good starting point for hosting private services for your whole household, but is definitely not enough to (directly) serve a public blog with many readers.

Many Internet Service Providers typically block ports (such as 53 to block outgoing emails) or filter content (to slow down Bittorrent). Make sure your ISP respects net neutrality.

If you have a professional-grade fiber connection, you probably are safe in terms of both speed and neutrality.

Safety

Home servers, like any server, require a safety check:

  • Is the server well ventilated?
  • Is the hardware on which the server is running reliable?
  • Are there systems in place to monitor the heat of the server?

Webhosting

There are a few considerations unique to home webhosting.

Security

Hosting from home may encourage attempts to exploit your home network, especially if you broadcast the technical details of how you implemented your server live. This has discouraged capjamesg from trying to build a home server.

These can be mitigated by taking steps such as:

  • Only opening the correct ports
  • Implementing a security login solution
  • Using fail2ban
  • Using a DMZ

ISP Relations

Your relationship with an ISP may be affected if your site attains a certain level of traffic. On a business connection, this is not too much of a problem. On a home connection, a single network device that receives thousands of inbound connections per day from all across the world may raise some flags.

Energy Usage

A home server consumes energy. For a smaller board such as a Raspberry Pi, the impact on one's power bill will be small. For larger implementations, a home server may inflate the cost of a power bill.

What's more, a home server should have a backup system for power dependence. If there is a power outage and there is no backup power system, the web server will be down.

How

Hardware

Your home server can be any machine you connect to the Internet, such as a phone, a desktop computer or a NAS.

People usually use a dedicated machine out of security concerns. Sharing a machine for different services is not in itself a problem, but having your personal data sitting on a machine where you run unverified and potentially malevolent code (for instance, through a modern browser's Javascript engine) is highly unadvised.

Second-hand hardware

Second-hand hardware (whether desktop or laptop) is ideal for a home server. It doesn't take much CPU or RAM to host web, email and instant messaging services.

For equivalent power, hosting second-hand hardware as a home server will probably cost you just as much (in electricity) as would a VPS in a datacenter.

An old laptop is perfect (built-in backup power and disk space), especially the ThinkPad T400/T500/X200 lines, since they are near silent, even if their fan is on. petermolnar is using his old T400 as a home backup server.

Single-board computers

If electricity where you live is scarce, expensive or unreliable, you may want to acquire in a low-power single-board computer, such as: RaspberryPi, BananaPi, Olimex.

Contrary to second-hand hardware, single-board computers requires an initial investment of between 20$ and 200$. But their low power consumption (1-10W) makes them very cheap to operate in the long run (usually < 1$/month).

The Internet Cube (La Brique Internet in French) is an Olimex free-hardware board pre-installed with YunoHost, and is distributed by hackerspaces and non-profit Internet Service Providers throughout France and Belgium.

If you're purchasing a single-board computer, it may be well worth considering finding second-hand solar panels and batteries to make your home server fully autonomous. There's examples throughout the country-side of non-profit ISPs (such as FFDN and guifi) deploying autonomous relays and access points so that Internet access may still be available when the electricity is cut in your neighborhood .

Software

You can use a personal cloud to make it easier to administrate your server.

Hosting services on a dynamic IP

If your ISP does not provide you with static IP addresses (sometimes a paying option), you will need to use a dynamic DNS provider to update in real-time the IP addresses your personal domain points to.

A reverse proxy serving your services (traversing your NATs, routers and firewalls) might also be an option.

NOTE: It is highly unrecommended to host email services on a dynamic IP, even on top of a dynamic DNS provider, due to missing/problematic reverse DNS. You do need a proper static IP and reverse DNS configured to send emails without issues.

There are many ISPs, hosting companies and hosting cooperatives providing dynamic DNS services, although only Digital Ocean is covered here. Don't hesitate to add links to tutorials/scripts for other providers as well!

Digital Ocean as dynamic DNS profider

Digital Ocean offers this service for free and they have an API you can use to update the domain with your current IP. This may still be an issue due to potential frequent chances, but it can work.

NOTE: This script was written for Digital Ocean API v1. However, API v2 is now in use. This script may be broken.

Example script to be run from cron:

   #!/bin/bash
   
   domain_id="DIGITAL OCEAN DNS DOMAIN ID"
   record_id="DIGITAL OCEAN DNS ENTRY ID"
   client_id="DIGITAL OCEAN CLIENT ID"
   api_key="DIGITAL OCEAN API KEY"

   ip=`wget -q -O- http://ipecho.net/plain`
   api="https://api.digitalocean.com/domains/${domain_id}/records/${record_id}/edit?data=${ip}&client_id=${client_id}&api_key=${api_key}"
   response=`wget -q -O- ${api}`
   echo ${response}

See the Digital Ocean Legacy API documentation for all details.

To get the domain & dns entry ID and obtain cliend id & keys:

Tunnelling

Another possible approach is to use tunnelling, e.g. Cloudflare Tunnel, to expose a self-hosted server to the public web without exposing your residential IP.

(Note: Cloudflare Tunnel apparently doesn't work for wildcard domains, but could be used for individual services, e.g. if you wished to setup a subdomain for locally hosted dynamic content like webmentions, micropub etc., while keeping the apex domain hosted on static hosting.)

See Also