/hsg/ Home Server General

If you have SSH open from the Internet then disable password auth, use keys and maybe another port than 22.
Try to use chroot jails for services if possible, never run them as root. Use containers (Docker with extra care when creating host mounts and try to create your own images rather than pull from randoms, LXD, LXC or nspawn) or VMs (KVM) for web services and make sure the users they run as don't have more write permissions than necessary. Make a DMZ-esque bridge for containers/VMs and restrict access from it to your LAN using iptables.
Restrict management stuff to trusted IPs (local or remote), implement fail2ban where applicable to mitigate bruteforcing. If you administer nginx or apache try to create rules against common attacks, pay extra attention when configuring PHP as a good chunk of the malicious scanning that's going on targets improperly configured PHP services.

Have working backups. Look at borgbackup and/or restic.

bump

There is just not enough interesting stuff to talk about every day. What do you want to hear? The same setups over and over again?

>i host a matrix server
Do you use docker-compose or similar to spin it up, or was it a manual setup?

>maybe another port than 22
Not them and I've never done this but is this not a little bit annoying? Having to set the port flag anytime you want to connect and maybe a bunch of other things, like if I was hosting a git server and had to set the port for SSH on the git server software etc.
Is it really worth it or realistically will using key auth be more than enough?

The only reason to change your ssh port is if you don't want your logs cluttered with tons of failed login attempts from bots. Ssh shouldn't even allow password login for root at all, and your user should either be key-only or also have a large complex password that nobody will ever be able to guess with 1 attempt per second (PAM limited) and 3-5 attempts total (fail2ban)

How bad of an idea is running Arch on a home server?

run centos on all your headless shit
run centos inside vmware if you need better vmrc support.

run other distros if you have a specific reason to, like freebsd for your router and nas

Attached: 1539114507679.jpg (500x375, 111K)

That was also one of the options I was considering. I’m running Ubuntu Server right now, but I’ve been wanting to try something different for a while now. Why CentOS over something like Debian though?

Centos is the defacto standard because its the community version of Red Hat Enterprise Linux. like 90% of the customers I support use RHEL or Centos because of its excellent support structure comparatively. Debian and Ubunutu are designed for a lot of tasks, but they're not supported for a lot of enterprise stuff so its best to learn what is.

just lost an external seagate to droppage and now i'm depressed
the fuck should i do bros

Where the fuck do I find a nextcloud ova image? Do I actually have to pay for this shit?

Load from backups.

I need a switch but want to learn networking. Is this good value for $70 CAD?

Attached: $_59.jpg (750x485, 43K)

Cisco Catalyst 3560G

Can't forward ports unless I contract something beyond household plans

Is there a distro or something that handles docker images easily? I bought a R710 because my old gaming computer is pegging out the ram on the box, I want to offload all the docker images I run on that box via Unraid and use them on the R710 which has 4x the ram. I have ESxi install going and I set up a Debian install for this purpose but I'd like to see if there is actual distro tailored for this purpose. Unraid is pretty good at handling Docker images using their Community Apps shit but I don't want to buy a another key.

Just install it yourself. It's not that hard. Even a brainlet can do the snap installation if you don't want to set up a lamp stack

>not owning a server/vm
>Not downloading your favourite youtube playlist and subscriptions every midnight and viewing it locally without javascript

why would you use unraid? its hot garbage
snapraid is auperior and foss

>Do you use docker-compose or similar to spin it up, or was it a manual setup?
i use a manual setup, actually set it up a couple of years ago on a raspberry pi, well before i ever started dabbling with docker
im intending to move it to my actual home server eventually and probably either go with docker or nspawn

3750G are also EOL since this year and therefore dirt cheap.

What do you guys think about VXRail?

I later found
>Cisco WS-C3750G-12S-E
for $12 locally. I think I'll get this. My network is small

Thats doesn't have Ethernet ports only SFP.

Shai'hulud.

Attached: 125114121111.jpg (250x228, 18K)

Almost 4 years ago I set up a NAS that runs on Arch using ZFS to make the raid itself.
I'm too scared to update it.
How fucked am I?

I should look into this more... looking at 24t-s now.

Surely your ISP can't block all inbound traffic. If you have your own router they are not going to notice something light going on. Maybe they have the usual ports blocked: 21, 23, 25, 80, etc.. just bond your services to different ports

>Surely your ISP can't block all inbound traffic.
What is CGNAT?

Get something beyond a household plan. SMB plans are often just a bit more expensive but provide actuall support, no CGNAT and the possibility to use your own modem.
Niggers who use the cheapest plan per mbit/s are the reason consumer ISPs are shit.

Attached: s-l1600.jpg (1600x1200, 221K)

Is the security model of blocking everything at the gateway and having lesser/no firewalls at the clients gut?
You probably should put vulnerable devices in their own subnet then shoudln't you

Attached: 5df62aaa7819cbbee1ca6a1d2b8630f2.jpg (2894x4093, 791K)

We have this at work. Not only on the gateway but between every server. If you setup an application server and a database server you need to order firewall rules on the central firewall for them to be able to connect to each other.

is it worth the extra hassle for home servers would you say?

No. The really relevant part is that you filter both incoming and outgoing. And outgoing is a major pain if you want to do it right.

I'm running containers behind traefik, some of the frontends do not have built-in login features so I use traefik basic auth with fail2ban.

The problem is that traefik authentication logs are full of garbage and I cannot for the life of me make a nice jail filter, sometime I get instajail'd when trying to access the page from an applel device as it requests retarded shit that trigger 401 errors. And making a huge ignore list isn't clean.

Is there a better way to do this?

>Is there a better way to do this?
Don't give a fuck what's in the log or alternatively grep -v "messages_you_don't_want_to_see" /var/log/.../*.log | less whenever you are looking at them.

sup /hsg/
recently moved to a new apartment. probably going to get one of those IKEA coffee tables soon for a rack

Attached: hsg-20190402-s.jpg (3024x2016, 1.46M)

Based chinks making my home server more up to date

Last week I got the idrac6 cards, today this 2.5" drive rack arrived
Still waiting for a sas-sata cable to be able to ditch the raid controller completely

Attached: IMG_3074.jpg (2272x1704, 355K)

nice
how's the noise? from that one, i've got that one IKEA coffee table and been thinking about buying a rack eventually when i move to a bigger place
rad

god I love computers

Wanna make a home server for just general storage and maybe backups if I'm not feeling like a dumbass. How much storage should I go with? I don't have too much to spend on it.

Attached: 1547145321942.png (306x405, 142K)

how much storage do you currently have? get at the very least 4 times the amount i guess

Hey friends recommend me a good MYSQL client pls.
On Ubuntu.

I've around 4tb used over all 6 os' installed, though I'm not looking to back them all up. I'm probably going to back up around 500gb or so, and I'm looking to download anime and music with some of the rest. Also going to put a lot of file I'd normally have in my home folder probably there so I can sync it between installs

mycli.net/?

Reminder that the best servers are literal garbage under a couch

Attached: JPEG_20180127_022201.jpg (3120x4160, 1.57M)

>be vacuuming
>fuck it all up
yeah, nah

>max 2 hdds
haha no thanks

I have an old dell inspiron netbook that I would like to use as a gateway, it has a single core intel atom and 2gb of ram.
Issue is, it gets so damn hot and I am worried it might be a fire hazard.
Any ideas?

then 16tb or so of usable storage is a good start

Attached: 1522127143517.jpg (510x624, 208K)

I'd like to upgrade to around that much in the future, but I don't currently have too much to spend. I've only around $100, so would 4tb or so be fine to start?

oh sorry i read that you had much to spend
4tb is plenty good enough to start with
if you want parity, go with snapraid because then you can add disks to your machine whenever you need more and just resync parity

alright thanks, any specific drives I should look for?

if you want to save money, look into shucking drives, some external drives contain regular "nas-grade" drives inside with a cheap sata to usb adapter
otherwise toshiba n300, wd red, or seagate ironwolf i guess are all decent choices in that order

alright, thanks!

Attached: ching chong.jpg (223x349, 36K)

A better option would be Interplanetary file system.

Attached: 0.jpg (579x313, 31K)

enough to stream chinese cartoons because let's face it, you'll be the only user

how so
whats the benefit of ipfs?

Want to add a switch to my lab setup,

ebay.com/itm/Cisco-Catalyst-WS-C2960-48TT-L-48-Ports-Managed-Switch-TESTED/202623793157?epid=74123139&hash=item2f2d51b805:g:MYMAAOSwcrdco60Z

ebay.com/itm/Cisco-WS-C3560-24TS-S-24-Ports-10-100-Ethernet-Switch-with-WS-C3560-24TS-E-IOS/291634194350?_trkparms=aid=555018&algo=PL.SIM&ao=1&asc=20131003132420&meid=e8e6a07b98bd46ffa72e5f29682ca355&pid=100005&rk=5&rkt=12&mehot=pp&sd=291786842258&itm=291634194350&_trksid=p2047675.c100005.m1851

Between those two which should I get? or goes it really even matter? I just want to mess around with it so I dont need it to be amazing fast or anything.

Disconnect it from the internet
download packet tracer if you want to learn networking
get a gbit switch, these are literally trash, you'll pay a bit more but have an actual use for them.

I personally like to reference not only common sense but a book called Practical Unix and Internet Security. Its a bit old but still alright imo for some ideas where to look. Probably can find it on LibGen. Also pen testing yourself is the only way to know if it all works.

Give me your opinions on the optimal disk size for a home NAS in 2019.

able to hold the entirety of the BD 80's-90's anime library

If you aren't trying to hoard a whole lot but have a bunch of stuff (1080p anime for me) Id say minimum of a 4tb raid 1. I run a 3tb raid 1 and thats dangerously close to being 100% full.

>Is it really worth it or realistically will using key auth be more than enough?
If you use default ports you're going to be spammed with attempts, all automated (I assume). It's not that they'll get through, but why even let them attempt it in the first place? It's just going to fill your logs with shit. I have SSH and OpenVPN exposed externally, I had random ass attempts even when using OpenVPN on the default port (1194), though nothing ever got through since they obviously didn't have the certs. I changed ports and it's all whisper quiet now, much better.

I'm curious how you anons handle expanding your arrays while also moving up to higher capacity drives.

I currently have a 9x3TB md RAID6, which is working perfectly and still has enough free space for me, but it will eventually run out. I feel like 9 drives is already quite a lot, so for future expansion I don't want to keep adding to this array and I'd also want to move away from 3TB to larger drives. How do you do this while being cost effective as a home user doing this as a hobby? Upgrading all at once to (for example) 9x8TB would be very expensive and basically out of the question and I don't think the usable capacity can be expanded without changing every drive in the existing array, so this option is out.

So I was thinking I'd start another array with bigger drives and write new data to that one, while maintaining the old array with the old data, at least until the new one becomes so large that the old one is basically obsolete, at which point I would copy the old data to the new array and retire all old drives. Is that the way to go?

i chose to go with snapraid for this exact reason

I'm looking for something between an Intel NUCi7, and an HP MicroServer form factor that can do 4k hd transcoding. What would Jow Forums recommend?

mmm feetsies

Tell me about firewalls. Is it already secure enough to have them on a vm with 2 dedicated nic's, or they should still go physical?

Attached: l40py22uzyr11.png (1247x729, 80K)

Try cleaning it and reapply thermal paste first. Also make sure you arent blocking airflow.

>memefs
Show me a use case related to home servers.

I prefer a dedicated host (I'm using an APU2) not because of security reasons but because it's nice to still have internet if i do some maintenance / reboots on the server and fuck something up.

That's depends entirely on your use case, threat model, and the rest of your network.

What's the deal with 2.5" drives in a NAS? Some people say they're quieter, they use less power and they generate less heat, but the price-per-TB is insane. You can get fucking Ultrastars for the same price-per-TB as consumer-grade 2.5" drives. Should I seriously consider them or are they a meme or only used by enterprise or something like that?

They're used by people with more money than sense who want a "small form-factor nas"

small form factor, less power, lower noise

SnapRAID sounds like a very interesting solution, sadly I didn't know about it when I first started my array, which must've been like 4-5 years ago now.

>less power
Do they really use less power for the same available storage? Sure, a 2.5" drive uses less power than a 3.5" drive, but you'll need to use more 2.5" drives to reach the same capacity.

>but you'll need to use more 2.5" drives to reach the same capacity.
what

Solution: don't. Use btrfs instead

Does it offer native file tagging like a database file system? No? It's trash then.

>2.5" capacity 2TB
>3.5" capacity 14TB
You need 7 x 2.5" drives to get the same capacity.

>btrfs
No RAID5/6 support.

pribably not
comparing 4tb 2.5" vs 8tb 3.5" seagate barracuda it seems like you save about 1w at load with 2 2.5" but lose abouth the same for idle

It does, though. Write hole is basically the only remaining bug, and it's a non-issue so long as you use a different raid level for metadata and scrub immediately after an unclean shutdown. You should have your NAS on a UPS anyway.

Back when I first set things up btrfs was considered incredibly unstable and absolutely nobody recommended using it for anything beyond experimentation as far as RAID went. How would it solve the expansion issue anyway? Can you somehow add larger drives to existing parity arrays without losing redundancy and also benefiting from the greater capacity?

How hard is it to configure my server as a router? I'm running Devuan, so I can't do anything weird with systemd.

I have a pretty gay but nice dell laptop that I'm working on turning into a server hopefully.

I have on external 5-drive setup going through the usb3 port, and I also have a MEDIASONIC DRIVE CUBE with 4 drives in it that has a eSata port that I was hoping to get in there without bottlenecking the USB speeds any more. Debian is running on the 128gb m2 nvme drive thing it came with, and it has a free 2.5 inch SATA port where an internal drive used to be.

Is there any way I can convert the female Sata port to eSata? I bought what I thought was the answer on eBay but it was male->male and I need female 2.5 sata -> Male eSata

This sounds easy as fuck on paper but I can't seem to find the cable I need, the drive itself is powered and I don't really care how ugly it looks I'll drill a hole right through this hunk of plastic

Attached: confused.jpg (309x309, 17K)

>Can you somehow add larger drives to existing parity arrays without losing redundancy and also benefiting from the greater capacity?
Yes, you specifically can and it's very flexible. Add drive(s), run the balance filter, enjoy more space. However since you wanted RAID6 (two drives worth of redundancy) it's likely not an option for you, I'm pretty sure it's still considered unstable.

For RAID5, btrfs RAID1 would achieve pretty much the same, ie. one drives worth of redundancy.

Yeah, with 9 drives total I wanted at least 2 drives worth of redundancy since 9 drives seems like a pretty large number for me.