NAS is how most people get into this. It’s nice have a /comfy/ home for all your data. Streaming your movies/shows around the house and to friends is good feels. Repurpose an old desktop, buy a SBC, or go with cheap used enterprise gear. Lots of options and theres even a flowchart. Ask.
/hsg/ is about learning and expanding your horizons. Know all about NAS? Learn virtualization. Spun up some VMs? Learn about networking by standing up a pfsense box and configuring some vlans. Theres always more to learn and chances to grow. Think you’re godtier already? Setup openstack and report back.
>What software should I run? install gentoo. Or whatever flavor of *nix is best for the job or most comfy for you. Emby to replace netflix, nextcloud to replace googlel, ampache to replace spotify, the list goes on and on. Look at the awesome selfhosted list and ask.
>Datahoarding ok here? YES - you are in good company. Shuck those easystores and flash IT mode on your H310. All datahoarding talk welcome.
>Do I need a rack and all that noisey enterprise gear? No. An old laptop or rpi can be a server if you want.
>what hardware an old i5, 6GB or ram, and a bunch of 1TB hard drives in various raid arrays >what do you do with it? It's a backup server for my laptop and other machines, router for the network (IPv6, DNS-over TLS backed DNS server, ad blocking), host for my website and git repos, general file server, and runs a few miscellaneous other services I sometimes use.
I have another headless Linux machine that I use for spinning up Windows VMs to play VR games in, but I don't know if it qualifies as a home server.
Easton James
How can I make sure that my home server is secure?
Kevin Rogers
Anyone used Matrix/Riot recently? Good alternative to Discord from a functionality and feature perspective? Thinking about spinning it up locally with Docker, but I hear it isn't the simplest thing to get going.
Grayson Moore
Nice image work user.
Ryan Harris
thats neat start with iptables i guess also its probably a good idea to virtualize stuff, nspawn looks good if you're on a systemd distro havent looked into it much yet though docker is pretty simple too, creating and running containers i host a matrix server on my server for me and a friend of mine, turn was easy to set up and it works fine
John Martin
what OS?
Ian Carter
Debian
Tyler Brooks
If you have SSH open from the Internet then disable password auth, use keys and maybe another port than 22. Try to use chroot jails for services if possible, never run them as root. Use containers (Docker with extra care when creating host mounts and try to create your own images rather than pull from randoms, LXD, LXC or nspawn) or VMs (KVM) for web services and make sure the users they run as don't have more write permissions than necessary. Make a DMZ-esque bridge for containers/VMs and restrict access from it to your LAN using iptables. Restrict management stuff to trusted IPs (local or remote), implement fail2ban where applicable to mitigate bruteforcing. If you administer nginx or apache try to create rules against common attacks, pay extra attention when configuring PHP as a good chunk of the malicious scanning that's going on targets improperly configured PHP services.
Have working backups. Look at borgbackup and/or restic.
Jackson Cooper
bump
Nathaniel Anderson
There is just not enough interesting stuff to talk about every day. What do you want to hear? The same setups over and over again?
Evan Bell
>i host a matrix server Do you use docker-compose or similar to spin it up, or was it a manual setup?
>maybe another port than 22 Not them and I've never done this but is this not a little bit annoying? Having to set the port flag anytime you want to connect and maybe a bunch of other things, like if I was hosting a git server and had to set the port for SSH on the git server software etc. Is it really worth it or realistically will using key auth be more than enough?
Gavin Russell
The only reason to change your ssh port is if you don't want your logs cluttered with tons of failed login attempts from bots. Ssh shouldn't even allow password login for root at all, and your user should either be key-only or also have a large complex password that nobody will ever be able to guess with 1 attempt per second (PAM limited) and 3-5 attempts total (fail2ban)
Brandon Foster
How bad of an idea is running Arch on a home server?
Ryder Baker
run centos on all your headless shit run centos inside vmware if you need better vmrc support.
run other distros if you have a specific reason to, like freebsd for your router and nas
That was also one of the options I was considering. I’m running Ubuntu Server right now, but I’ve been wanting to try something different for a while now. Why CentOS over something like Debian though?
Carson Lopez
Centos is the defacto standard because its the community version of Red Hat Enterprise Linux. like 90% of the customers I support use RHEL or Centos because of its excellent support structure comparatively. Debian and Ubunutu are designed for a lot of tasks, but they're not supported for a lot of enterprise stuff so its best to learn what is.
Blake Edwards
just lost an external seagate to droppage and now i'm depressed the fuck should i do bros
Ayden Sullivan
Where the fuck do I find a nextcloud ova image? Do I actually have to pay for this shit?
Jack Campbell
Load from backups.
James Russell
I need a switch but want to learn networking. Is this good value for $70 CAD?
Can't forward ports unless I contract something beyond household plans
Brandon Hall
Is there a distro or something that handles docker images easily? I bought a R710 because my old gaming computer is pegging out the ram on the box, I want to offload all the docker images I run on that box via Unraid and use them on the R710 which has 4x the ram. I have ESxi install going and I set up a Debian install for this purpose but I'd like to see if there is actual distro tailored for this purpose. Unraid is pretty good at handling Docker images using their Community Apps shit but I don't want to buy a another key.
Leo Richardson
Just install it yourself. It's not that hard. Even a brainlet can do the snap installation if you don't want to set up a lamp stack
Jeremiah Cox
>not owning a server/vm >Not downloading your favourite youtube playlist and subscriptions every midnight and viewing it locally without javascript
Eli Perry
why would you use unraid? its hot garbage snapraid is auperior and foss
Jace Flores
>Do you use docker-compose or similar to spin it up, or was it a manual setup? i use a manual setup, actually set it up a couple of years ago on a raspberry pi, well before i ever started dabbling with docker im intending to move it to my actual home server eventually and probably either go with docker or nspawn
Kevin Nguyen
3750G are also EOL since this year and therefore dirt cheap.
William Johnson
What do you guys think about VXRail?
Julian Anderson
I later found >Cisco WS-C3750G-12S-E for $12 locally. I think I'll get this. My network is small
Almost 4 years ago I set up a NAS that runs on Arch using ZFS to make the raid itself. I'm too scared to update it. How fucked am I?
Jaxson Gutierrez
I should look into this more... looking at 24t-s now.
Jayden Rodriguez
Surely your ISP can't block all inbound traffic. If you have your own router they are not going to notice something light going on. Maybe they have the usual ports blocked: 21, 23, 25, 80, etc.. just bond your services to different ports
Jeremiah King
>Surely your ISP can't block all inbound traffic. What is CGNAT?
Get something beyond a household plan. SMB plans are often just a bit more expensive but provide actuall support, no CGNAT and the possibility to use your own modem. Niggers who use the cheapest plan per mbit/s are the reason consumer ISPs are shit.
Is the security model of blocking everything at the gateway and having lesser/no firewalls at the clients gut? You probably should put vulnerable devices in their own subnet then shoudln't you
We have this at work. Not only on the gateway but between every server. If you setup an application server and a database server you need to order firewall rules on the central firewall for them to be able to connect to each other.
Gabriel Gonzalez
is it worth the extra hassle for home servers would you say?
Nathan Hill
No. The really relevant part is that you filter both incoming and outgoing. And outgoing is a major pain if you want to do it right.
Easton Brown
I'm running containers behind traefik, some of the frontends do not have built-in login features so I use traefik basic auth with fail2ban.
The problem is that traefik authentication logs are full of garbage and I cannot for the life of me make a nice jail filter, sometime I get instajail'd when trying to access the page from an applel device as it requests retarded shit that trigger 401 errors. And making a huge ignore list isn't clean.
Is there a better way to do this?
Ryder Walker
>Is there a better way to do this? Don't give a fuck what's in the log or alternatively grep -v "messages_you_don't_want_to_see" /var/log/.../*.log | less whenever you are looking at them.
Michael Garcia
sup /hsg/ recently moved to a new apartment. probably going to get one of those IKEA coffee tables soon for a rack
Based chinks making my home server more up to date
Last week I got the idrac6 cards, today this 2.5" drive rack arrived Still waiting for a sas-sata cable to be able to ditch the raid controller completely
nice how's the noise? from that one, i've got that one IKEA coffee table and been thinking about buying a rack eventually when i move to a bigger place rad
Ryder Rivera
god I love computers
Grayson Campbell
Wanna make a home server for just general storage and maybe backups if I'm not feeling like a dumbass. How much storage should I go with? I don't have too much to spend on it.
how much storage do you currently have? get at the very least 4 times the amount i guess
Dylan Scott
Hey friends recommend me a good MYSQL client pls. On Ubuntu.
Dominic Martinez
I've around 4tb used over all 6 os' installed, though I'm not looking to back them all up. I'm probably going to back up around 500gb or so, and I'm looking to download anime and music with some of the rest. Also going to put a lot of file I'd normally have in my home folder probably there so I can sync it between installs
I have an old dell inspiron netbook that I would like to use as a gateway, it has a single core intel atom and 2gb of ram. Issue is, it gets so damn hot and I am worried it might be a fire hazard. Any ideas?
I'd like to upgrade to around that much in the future, but I don't currently have too much to spend. I've only around $100, so would 4tb or so be fine to start?
Tyler Jackson
oh sorry i read that you had much to spend 4tb is plenty good enough to start with if you want parity, go with snapraid because then you can add disks to your machine whenever you need more and just resync parity
Christopher Wilson
alright thanks, any specific drives I should look for?
Gavin Gomez
if you want to save money, look into shucking drives, some external drives contain regular "nas-grade" drives inside with a cheap sata to usb adapter otherwise toshiba n300, wd red, or seagate ironwolf i guess are all decent choices in that order
Between those two which should I get? or goes it really even matter? I just want to mess around with it so I dont need it to be amazing fast or anything.
Jacob Williams
Disconnect it from the internet download packet tracer if you want to learn networking get a gbit switch, these are literally trash, you'll pay a bit more but have an actual use for them.
Evan Gomez
I personally like to reference not only common sense but a book called Practical Unix and Internet Security. Its a bit old but still alright imo for some ideas where to look. Probably can find it on LibGen. Also pen testing yourself is the only way to know if it all works.
Isaiah Edwards
Give me your opinions on the optimal disk size for a home NAS in 2019.
Luke Watson
able to hold the entirety of the BD 80's-90's anime library
Anthony Cox
If you aren't trying to hoard a whole lot but have a bunch of stuff (1080p anime for me) Id say minimum of a 4tb raid 1. I run a 3tb raid 1 and thats dangerously close to being 100% full.
Samuel Anderson
>Is it really worth it or realistically will using key auth be more than enough? If you use default ports you're going to be spammed with attempts, all automated (I assume). It's not that they'll get through, but why even let them attempt it in the first place? It's just going to fill your logs with shit. I have SSH and OpenVPN exposed externally, I had random ass attempts even when using OpenVPN on the default port (1194), though nothing ever got through since they obviously didn't have the certs. I changed ports and it's all whisper quiet now, much better.
Noah Turner
I'm curious how you anons handle expanding your arrays while also moving up to higher capacity drives.
I currently have a 9x3TB md RAID6, which is working perfectly and still has enough free space for me, but it will eventually run out. I feel like 9 drives is already quite a lot, so for future expansion I don't want to keep adding to this array and I'd also want to move away from 3TB to larger drives. How do you do this while being cost effective as a home user doing this as a hobby? Upgrading all at once to (for example) 9x8TB would be very expensive and basically out of the question and I don't think the usable capacity can be expanded without changing every drive in the existing array, so this option is out.
So I was thinking I'd start another array with bigger drives and write new data to that one, while maintaining the old array with the old data, at least until the new one becomes so large that the old one is basically obsolete, at which point I would copy the old data to the new array and retire all old drives. Is that the way to go?
Hudson Cox
i chose to go with snapraid for this exact reason
Sebastian Russell
I'm looking for something between an Intel NUCi7, and an HP MicroServer form factor that can do 4k hd transcoding. What would Jow Forums recommend?
Caleb Bennett
mmm feetsies
Samuel Lewis
Tell me about firewalls. Is it already secure enough to have them on a vm with 2 dedicated nic's, or they should still go physical?
Try cleaning it and reapply thermal paste first. Also make sure you arent blocking airflow.
Hudson Flores
>memefs Show me a use case related to home servers.
I prefer a dedicated host (I'm using an APU2) not because of security reasons but because it's nice to still have internet if i do some maintenance / reboots on the server and fuck something up.
Jaxson Garcia
That's depends entirely on your use case, threat model, and the rest of your network.
Ryder Butler
What's the deal with 2.5" drives in a NAS? Some people say they're quieter, they use less power and they generate less heat, but the price-per-TB is insane. You can get fucking Ultrastars for the same price-per-TB as consumer-grade 2.5" drives. Should I seriously consider them or are they a meme or only used by enterprise or something like that?
Asher Gutierrez
They're used by people with more money than sense who want a "small form-factor nas"
Ethan Howard
small form factor, less power, lower noise
Juan Reyes
SnapRAID sounds like a very interesting solution, sadly I didn't know about it when I first started my array, which must've been like 4-5 years ago now.
William Harris
>less power Do they really use less power for the same available storage? Sure, a 2.5" drive uses less power than a 3.5" drive, but you'll need to use more 2.5" drives to reach the same capacity.
Charles Russell
>but you'll need to use more 2.5" drives to reach the same capacity. what
Nathaniel Garcia
Solution: don't. Use btrfs instead
Anthony Rivera
Does it offer native file tagging like a database file system? No? It's trash then.
Andrew Cook
>2.5" capacity 2TB >3.5" capacity 14TB You need 7 x 2.5" drives to get the same capacity.
Parker Moore
>btrfs No RAID5/6 support.
Zachary Butler
pribably not comparing 4tb 2.5" vs 8tb 3.5" seagate barracuda it seems like you save about 1w at load with 2 2.5" but lose abouth the same for idle
Nolan Torres
It does, though. Write hole is basically the only remaining bug, and it's a non-issue so long as you use a different raid level for metadata and scrub immediately after an unclean shutdown. You should have your NAS on a UPS anyway.
Ethan Taylor
Back when I first set things up btrfs was considered incredibly unstable and absolutely nobody recommended using it for anything beyond experimentation as far as RAID went. How would it solve the expansion issue anyway? Can you somehow add larger drives to existing parity arrays without losing redundancy and also benefiting from the greater capacity?
Michael Garcia
How hard is it to configure my server as a router? I'm running Devuan, so I can't do anything weird with systemd.
Owen Baker
I have a pretty gay but nice dell laptop that I'm working on turning into a server hopefully.
I have on external 5-drive setup going through the usb3 port, and I also have a MEDIASONIC DRIVE CUBE with 4 drives in it that has a eSata port that I was hoping to get in there without bottlenecking the USB speeds any more. Debian is running on the 128gb m2 nvme drive thing it came with, and it has a free 2.5 inch SATA port where an internal drive used to be.
Is there any way I can convert the female Sata port to eSata? I bought what I thought was the answer on eBay but it was male->male and I need female 2.5 sata -> Male eSata
This sounds easy as fuck on paper but I can't seem to find the cable I need, the drive itself is powered and I don't really care how ugly it looks I'll drill a hole right through this hunk of plastic
>Can you somehow add larger drives to existing parity arrays without losing redundancy and also benefiting from the greater capacity? Yes, you specifically can and it's very flexible. Add drive(s), run the balance filter, enjoy more space. However since you wanted RAID6 (two drives worth of redundancy) it's likely not an option for you, I'm pretty sure it's still considered unstable.
For RAID5, btrfs RAID1 would achieve pretty much the same, ie. one drives worth of redundancy.
Isaac Rodriguez
Yeah, with 9 drives total I wanted at least 2 drives worth of redundancy since 9 drives seems like a pretty large number for me.