Skip to content
/ HomeServer Public

Documentation and scripts to setup and maintain mz home server and the services running on it

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

IvanPalm/HomeServer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
services
services
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup_dir_structure.sh
setup_dir_structure.sh
 
 

Repository files navigation

Home Server Setup Guide

This repository documents the configuration and setup of a home server, including details about server configuration, domain management, and services deployed in Docker containers. It serves as a guide to recreate or maintain the setup, with links to dedicated documentation for each service.

Table of Contents

Introduction

This document outlines the steps to set up and configure my home server. The services included aim to provide a comprehensive solution for file management, media streaming, content organization5, and personal cloud functionality. Each service is run in a containerized environment for easy deployment and management.

Server Configuration

  • Operating System: Ubuntu 24.04 LTS
  • Hardware: Lenovo IdeaPad U430
  • Prerequisites:
    • Non-root admin user with sudo permissions.
    • Docker and Docker Compose installed.

Networking

For the first connection, use passwork-based access from the admin user on the server.

Install and Set Up UFW

UFW (Uncomplicated Firewall) is a simple and effective way to secure your server by managing incoming and outgoing traffic.

  1. Install UFW (if not already installed)

    sudo apt install ufw

  2. Set Default Rules
    Configure UFW to deny all incoming traffic by default and allow all outgoing traffic:

    sudo ufw default deny incoming
sudo ufw default allow outgoing

  3. Allow SSH
    Specify the port for SSH to ensure you don't lock yourself out of the server:

    sudo ufw allow ssh

  4. Enable UFW
    Activate the firewall with the specified rules:

    sudo ufw enable

  5. Verify Configuration
    Check which ports are allowed and ensure the firewall is active:

    sudo ufw status

This setup provides basic protection, restricting access to only the specified ports. Be sure to configure additional rules for any other services you intend to expose.

Configure SSH Key Authentication

  1. Generate an SSH Key Pair On your client machine, generate a secure SSH key pair:

    ssh-keygen -t rsa -b 4096

  2. Copy Public Key to Server Transfer the public key to the server with ssh-copy-id.

    ssh-copy-id <USER>@<SERVER-IP>

    Replace <USER> and <SERVER-IP> with your username and server IP, respectively

  3. Enable Key-Based Login Only Edit the SSH configuration file to allow only key-based authentication:

    sudo nano /etc/ssh/sshd_config

    Update the following lines:

    PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes

    Restart the SSH daemon to apply changes:

    sudo service sshd restart

Install and Configure Fail2Ban

Fail2Ban helps protect against brute-force attacks by banning IPs with repeated failed login attempts.

  1. Install Fail2Ban

    sudo apt install fail2ban

  2. Create a Local Configuration
    Copy the default configuration to a new .local file:

    sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local

  3. Set Up an SSH Jail
    Add the following to the end of /etc/fail2ban/fail2ban.local:

    [sshd]
enabled = true
port = SSH_PORT
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = -1

    Note: bantime = -1 bans indefinitely. Adjust as needed.

  4. Restart Fail2Ban

    sudo service fail2ban restart

  5. Check Fail2Ban Status
    View the status of the SSH jail:

    sudo fail2ban-client status sshd

  6. Unban an IP Address
    If needed, unban a specific IP:

    sudo fail2ban-client set sshd unbanip <IP-ADDRESS>

This configuration secures your server by enforcing key-based authentication and adding brute-force protection.

Setting Up a Custom Domain on Cloudfare

  1. Domain Registration

  2. DNS Configuration

    • Configured AAAA record assigned to homeserver public IPv6, setting host to @.
    • TODO: Set up subdomains for services (e.g., nextcloud.mydomain.net).

  3. Dynamic DNS

    • Configured ddclient as shown below.
    • Set run_damenon=true in /etc/default/ddclient for ddclient to run as a daemon.
    • Forced run in debug mode with sudo ddclient -daemon=0 -debug -verbose -noquiet -force.
    # Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf

syslog=yes              # log the output to syslog
ssl=yes                 # use ssl when updating IP

use=web, web=ifconfig.co/ip
protocol=cloudflare, \
zone=mydomain.net, \
login=token, \
password=my-cloudfare-api-token \
mydomain.net

  4. Configure DNS Nameserver

    • By default, the DNS server and DNS domain were set to localhost and to the router.
    • Open the systemd-resolved configuration file with sudo nano /etc/systemd/resolved.conf.
    • Add the following entries:
    DNS=1.1.1.1 1.0.0.1
Domains=mydomain.net
    • Restart the service with sudo systemctl restart systemd-resolved.

Dockerized Services

Please see dedicated guidance.

About

Documentation and scripts to setup and maintain mz home server and the services running on it

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

Approxying Latest
Jan 13, 2025
+ 1 release

Languages