/hsg/ Home Server General

>the server will host people
*won't index directories
There are many ways to limit access by just displaying a dummy page as front.

>Why is there no Ran server though? .w.
there used to be it seems

Attached: 129669446093.jpg (2000x2000, 648K)

>being deprecated
Well RIP me, Sun Blade 1000 is cool though.

Attached: SunBlade1000_left_zoom.jpg (1000x769, 80K)

Attached: 1433219030075 Raspbian - Xebecs Cluster.webm (964x576, 2.37M)

Why would someone want tons of shitty underpowered machines in their home? He can probably replace all his Gentoo machines with a single threadripper build

this is 7+ years in the past, unless I read those burgerian dates wrong
Wasn't so bad back then to have. If the IO is fine and you have lots of SATA controllers it would do just swell.

Oh. I didn't see the dates so I thought it was recent.

what OS do you guys run on your SBC?
i have an odroid-xu4 and wanted something minimal that would stay out of the way of my services

Attached: 1555934095800.png (833x608, 553K)

>mfw have to start moving about 2300 torrents from one server to another to continue seeding on various private trackers
the problem is that my old """server""" is just a computer running windows 8 with qbittorrent while new one is a decently done debian install with encrypted drives and snapraid+mergerfs etc.

is there a way to script the migration process?
say if i have all the torrent files, is there a way to automate loading them into say rtorrent, transmission, or qbittorent-nox with paths and stuff?

exhentai.org/g/1096754/2fe54c61b6/

just about any headless distro should do
not sure about the support for odroid-xu4 but probably there are some blogposts on the net explaining the process

Sauce, plz??

based
>he doesnt known the holy grail of yuri
just search on nhentai

Plz

literally 2 posts above

check out armbian dot com

yandex

I second this, armbian has a very active community and skilled people.

very

Attached: cryign.jpg (700x734, 99K)

thanks guys!
i have tried dietPI but that think tends to create more problem that it fix (pihole stops running for no reason), anyway!

will install armbian and check it out

Attached: 5859b173711f64423aa5e050.png (1280x1280, 67K)

>he doesn't
laffin @you

You can run this with blacklists too:
github.com/jedisct1/dnscrypt-proxy

github.com/jedisct1/dnscrypt-proxy/wiki/Public-blacklists

And you can create your own blacklists from uBlock hphosts if you know how to use a text editor.

> all this effort went into something which can't be used outside of home projects by any professionals
I'm both amused and sorry.

what effort?
it's all premade stuff being cobbled together, even the artwork is taken straight from a porn game

>raspis
get good niggas

finally have battery backup, next on the list is a proper mount for the patch panel and some unifi APs for the other side. supposed to be getting an r210 ii soon that'll replace the IBM as my pfsense machine and hopefully save some watts

Attached: hsg-20190423-s.jpg (3011x1512, 1.99M)

cute shop friend
what battery backup? im using an eaton 3s and im pretty happy with it so far, easy to set up with NUT and automated shutdown and it seems to provide enough juice for now

Attached: 2019-04-23-194747_593x290_scrot.png (593x290, 28K)

May I have
The source
For OP pic
Pls

Even anime theming some available solution is too much effort if it's for bragging on Jow Forums.

nice ram, what machine is that running on?
My ups is a dell 1000t. got it free, just needed batteries so not bad for $60 plus a usb-serial cable since the usb port seems to be ded. haven't set up NUT yet, decided to try dell's software first but it's not the best

Sun servers are meant to run 24/7 unlike normal home computers. A different architecture gives immunity against most automated attacks, that is how Debian discovered they were under attack.

>dell 1000t
nice, it looks like its packing some juice

mobo is a supermicro x9sri-f
i just put everything in a define r5 blackout edition since it has quite a few 3.5" slots with room for additional 3.5" racks if i ever bother ordering some
not sure what to do with it all though, i mainly just stream anime/tv/movies to an rk3399 android tv box i have but i might go into jellyfin for transcoding Hi10p x264 anime because the android tv box is struggling with it, 10-bit x265 works fine for some reason

I have 120mbps internet
My router is not giving 120mbps wirelessly
Connecting a straight ethernet cable gives me 120mbps

I am 2ft away frm the router when I test ?speeds
Do I need to buy another router to reach my max speed? Because this router has ac and is supposed to go as high as 300mbps, I'm not exactly running a gigabit pipe to hit the limits of the hardware

This is an asus ac66u, is there any settings you can recommend to change? Everywhere I read suggests to turn off QoS because it's a janky inplementation and shits off NAT acceleration

hey /hsg/, what do you use? what do you host?

What’s your favorite internet/networking/communications protocol clients and host software, Jow Forums?
I’m trying to build out my knowledge of client side programs I’m familiar with/use, and get good with them before I play around hosting what I can on my home server.
Prefer open source but will look at proprietary.

Communications/File Transfers
Instant Message/XMPP:
Voice Chat:
Video Chat:
VOIP/SIP:
IRC:
E-mail/SMTP/POP:
RSS:
Atom/Web Feed:
Podcast:
Usenet/NNTP:
FSP:
BBS:
Telnet/SSH:
TFTP/FTP/SFTP:
SCP:

Privacy/Anonymity/Security
VPN:
Tor:
I2P:
Freenet:

File Sharing
Gnutella:
Gnutella 2:
Direct Connect:
eDonkey:
FastTrack:
GNUnet:
RetroShare:
WASTE:
ZeroNet:
Ares Galaxy:
BitTorrent:
IPFS:

Desktop viewing/control
VNC:
RDP:

Web/HTTP Browser:
Text-Based Web/HTTP Browser:
Gopher:

>what do you use? what do you host?
On own servers?
SSH, SAMBA, HTTPS, HTTP, DLNA, FTP
unecrypted is LAN facing only

I'm not including my desktops and other clients.

Is it time to ditch the software raid?

Attached: Captura.png (417x174, 9K)

Anyone running game streaming in a virtual machine on their server?

I'm reformatting my old acer netbook server that was running some frankenstein crunchbang waldorf/debian wheezy abomination.

It has 2GB of memory that hardly ever get used, even when it was running H@H, I don't feel like waiting a week for a new SSD, should I make a 1GB ramdisk and run /var from it so I can host my toy messageboards without spinning up the disks?
Or do http servers already do this sort of caching in the background?

Attached: debian uwu.png (232x276, 64K)

...

yes, turn off qos
use 5ghz for the wifi
ac66u and friends should be able to do more than that on 5ghz provided the device you're connecting from is new-ish, however wifi speeds will never be as good as ethernet so use the latter whenever you can

does having a bunch of shit old servers and chink routers count as being /hsg/?

XMPP: Prosody
SIP: Asterisk/FreePBX (everything else looks as bad or worse imo)
RSS: tinytinyrss
NNTP: i've been looking, nttpchan seems a great way to get jailed
BBS: enigmabbs (lmao look at this js peasant)

VPN: a bunch, i use them for a lot of stuff (zerotier, wireguard, openvpn etc)
Memenets: ipfs before i got my connection raped by the sheer number of peers, also zeronet

Webserver: nginx

No.

I have a setup with Windows 10 in a KVM machine with Moonlight, the streaming part works okay but could not for the life of me pin down the cause of my DPC latency spikes which cause some minor but noticeable stutter. If this bothers you a lot of tweaking and testing will be required. What I suspect would help from the get-go is having a NUMA-aware CPU so that one node can be fully dedicated for the VM along with RAM (newer Xeon/i9 or Threadripper would work). According to various docs and mailing lists this would be the optimal setup.
rebbit slash vfio has good resources unironically.

Any good free Windows dynamic DNS updater that works with Namecheap?

try with the ram disk, you have nothing to lose

>>Do I need a rack and all that noisey enterprise gear?
>No. An old laptop or rpi can be a server if you want.
Wouldn't the USB ports be a horrible bottleneck if you tried to connect a bunch of big hard drives and serve large video files?

Used to host a smol pomf clone cause it was handy asf and I had a nice domain on it, but anyone with the link could just upload shit to it. Are there any similar scripts out there that don't let literally anyone upload cp on your serverino? (like behind a login or pass)

If you require enterprise-level throughput, nobody is suggesting you run your operation out of a netbook with a USB hard disk attached.
USB 2.0 speeds are enough for most people, whose needs don't exceed the realistic 25MB/s data transfer rate after their speed gets capped twice, once via USB 2.0 and again via their 802.11n connection.

That being said, it wouldn't cost much to post-2013 hardware, which all come with usb 3.0 as standard features, and maybe a router that can handle the increased throughput.
Or you could just buy actual server hardware and eliminate the bottlenecks.

Make the upload page check the login form or write a flask applet that asks for a username and password and else ignores the POST request.

Attached: nana-dhebuadze-ghost-in-the-shell-copy.jpg (1920x2381, 741K)

Imagine it; all your movies/music/etc stored in a central place that streams your media to whatever device you wish that "just works" where you basically just add to your collection as needed. No fear of "bit-rot" or "drive failure" or "power failure" killing your data.

The whole setup runs silent and as I said "just works" day in and day out with no attention required by you. Your only interaction with it is if you get an e-mail alert telling you that "all is well" or "a drive is about to shit".

Yes such a easy thing can be created and setup. With planning done before hand. Freenas is the key. Plex is your Media guru that works in the backround. Toss in a UPS and EEC ram and your data is as safe as it can get barring a house fire. (Even that can be eliminated if you backup to a external drive)

Build the server right and it'll run for years with nary a issue. Cut corners, well, be prepared to spend a lot of time restoring the data from backups,re-ripping movies, or downloading them all, if you can restore it that is.

Which is better? Loading a disc each time you want to watch a movie or ep (and over time fuck up that disc with scratches) or simply selecting the movie or ep from a list and hit play.

>have so much shit i can't keep track of it anymore
>drives randomly start failing
>don't care because don't remember I had it

Data hoarders are literally crazy cat ladies except dead petrified cats don't stink up their house.

>flask applet
Not a Jow Forums denizen so I've no clue what that is. Setting up a pomf on a linux server was the most techy thing I've ever done. Just lookin for an easy way to share memes and keep a copy of em on a server.

Attached: f7990250a60043abd57e29efd23f7844.jpg (640x775, 67K)

Fox here again, try this:
>tls12_flask_upload_server.py
github.com/ran-sama/flask_server_experiments

You can add a check for client certificates too, like:
sslcontext.load_verify_locations("/home/pi/keys/client.pem")
only allowing yourself access

a client key is loaded in firefox after generating it like this:
openssl ecparam -genkey -name P-384 -out key.pem
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 3650 -in csr.pem -signkey key.pem -out cert.crt
openssl pkcs12 -export -in cert.crt -inkey key.pem -out firefox.p12

If tis was useful tell me :3c

Attached: preview.png (542x383, 8K)

I might have to add:
firefox needs the private PKCS12 file called firefox.p12 file
the server checks the pubkey called client.pem

But that is only if you upgrade to top level security. If your password has very high entropy (30 char, a-zA-Z+0-9+special) you may be okay.

1) get dependencies:
sudo apt install python-flask python3-flask
2) MUST change password in tls12_flask_upload_server.py
3) add a cronjob to run it like on reboot (example for raspberry):
sudo crontab -e -u pi
@reboot python3 /home/pi/net/tls12_flask_upload_server.py

Cannot offer more easy than this

Attached: 7ca8374d.jpg (1024x683, 416K)

>If tis was useful tell me :3c
Maybe just a little bit

Attached: 4628dee4-d2ec-48f6-bbb2-b0745bb4e775-profile_image-300x300.png (300x300, 51K)

>asking for advice and then complaining about it
never change

Fucking CIA niggers infected my shit. Every service open to the internet is being attacked from a fuckton of different IP's that are a part of the CIA nigger botnet that they're trying to make me become one of the undead. Found a huge PHP file uploaded to my server by said CIA niggers, but it's obfuscated. Can anyone make any sense of this? Some files like index.html and upload.php on my file server have been vandalized (rude comments), but the logs show no mention of those files ever being touched. Vandalization is an odd thing for a botnet to do. I could be getting DP'ed by two different CIA niggers at the same time.

PHP was too big for pastebin, so I used some other thing that didn't have the same limit.
>paste , ee slash GGXK4

My guess is that this is the bot that the botnet is trying to get me to execute? Likely containing dictionaries and whatever else it could possibly need. I wouldn't recommend running this code unless you want your server to start glowing in the dark.

Attached: hak.png (1527x1383, 360K)

Forgot to add a p between the ee and the slash.

Attached: niggersfromCIA.png (753x1407, 243K)

Deobfuscating it made it a little more clearer, but there are still parts that are obfuscated. They are called recognizable things like css = "CIA gibberish", js = "more gibberish".

Attached: moreCIA.png (2539x1365, 664K)

Reposting

the public internet is a shitfest of skid scripts and hackermen 24/7. That's why nobody runs DMZ and firewalls their shit. And when ports are open you fail2ban and lock that shit down tight.

Also If you want some really good advice, use nonstandard port for public facing SSH. You can bind 22 and the nonstandard on local, but only nonstandard on public. public facing port 22 gets a barrage of constant attacks. Use a high port that is easy to remember for example 12312, 20202 etc....

any bucket of bolts desu senpai. 10Gbit is honestly only memory bound so just choose anything with a decent CPU that isn't garbage and a PCI 8x slot.

If you want higher performance get something with SAS backplane and some 15k RPM drives. Some decommissioned 2U server racks have like 24 hot swap drive bays and enterprise tier raid controller cards that monitor drives.

you got a wire closet for it or is it going to be with you in a room? enterprise shit is noisy as fuck if you don't have it behind a closed door. What price range?

This wants me to setup my own DNS for my RPI.

Attached: amber-heard.jpg (2152x3158, 2.68M)

I'm trying to get up a subnet within my lan and connect a second router to the main router to act as a WAN to the internet.

Anyone did this before? using pfsense

Attached: Network.jpg (1600x714, 98K)

multiple routers is not a good idea most of the time.
Sounds like you just want to run a single router with a VLAN.
Why do you want to use multiple routers?

I didnt want to mess with the "main" LAN because I have people that live with me, I want a private subnet to just fuck around in without using VLANs

You aren't going to get internet from the public facing router to devices behind another router without configuring the public facing router. At a minimum you need another NAT rule on it.

Why not though if I set a static route from the test lan to the main lan on the internet facing router?

I run a quotom with a 2TB Seagate attached as my home server. Nothing beefy but it's comfy.

Debian 9 host OS. Iptables/dnsmasq/fail2ban as my router on it.

Docker nextcloud server with the volumes mounted to the Luks encrypted external.

Docker minecraft pointing to external.

Docker mail server with clam and spamassasin dumping to the Luks external as well.

I then use rclone weekly to run encrypted backups of the whole thing to jottacloud.

Maybe not perfect, but it is exactly what I want. ^.^

The NAT on the public facing router isn't going to know how to forward traffic destined for the test LAN without some modification of the rule set to make it aware of the other subnet. Simply setting static routes won't work. Plus most SOHO routers don't let you mess with the NAT and routing configuration much unless you use a third party firmware.

I seriously trying to grasp why you're trying to do this...

some questions:
Are you trying to do a Subnet or a NAT?
Where does the 192.168.0.0/24 network start? at the main router or the secondary router?

Basically point to 192.168.0.1 on the diagram for me so we can continue.

I think it will actually route and give you internet.
But you will be behind a double NAT which is not ideal or preferable.

a subnet, I'm not doing NAT, the only thing that is doing NAT is the main router to the internet, I want to treat the main LAN as a WAN to the second router

Attached: Network1.png (1600x714, 217K)

this makes some sense, I can do some basic routing on my router, I have to look into NAT settings

Successfully shucked a 8tb WD Elements. $140 is a bargain. Good shit bros.

If your gateway is 192.168.0.1 how is the other 10.0.0.5 router going to get out?
If you are going to add a route for the 10.0.0.0/24 range to the internet on Pfsense, why do you need the other router? It could just as easily be a switch.

it'll work with default setup with the pfSense WAN behind the first router, just make sure to disable the default rules that block private IPs from hitting the WAN, since it'll be in private IP space

>If your gateway is 192.168.0.1 how is the other 10.0.0.5 router going to get out?

what do you mean? 10.0.0.5 is just one interface on the main network and 192.168.0.1 is a different interface on the same router

I would have 192.168.0.1 as the gateway for the 192.168.0.0/24 network and a static route to the 10.0.0.0/24 network to the internet using my ACTUAL main LAN gateway

yeah? for sure?

>and a static route to the 10.0.0.0/24 network to the internet using my ACTUAL main LAN gateway
If you are going to add a route for the 10.0.0.0/24 range to the internet on Pfsense, why do you need the other router? It could just as easily be a switch.

yeah and you shouldn't need any sort of static routes. the pfSense WAN will be like any other device on the 192.168.0.0 network and devices behind it will be able to access the internet. I had one set up like that at home for a bit while preparing to colocate it.

this is the setting you'll need, it's in the WAN interface settings. make sure it's not checked

Attached: 2019-04-23-221950_1296x184_scrot.png (1296x184, 26K)

how would anything on the 192.168.0.0/24 network get out of the subnet without routing? unless you are talking about a layer 3 switch?

You only need on router. Are you asking how you will route traffic with only one router??
1. connect everything to router
2. add routing rules
3. ???
4. profit.

I do have it unchecked, what are your gateway settings? you have a gateway for the second lan obviously

the stuff on the 192.168.0.0 network will use 192.168.0.1 as a gateway. that's the pfsense machine, so it'll route the traffic through the wan interface and thus use the gateway on the 10.0.0.0 network if necessary
the second lan being the pfsense lan? it'll be the ip of the pfsense machine (192.168.0.0), that is the gateway.

Then how would it be different subnets? Sorry dude I just might be retarded

You can route an IP to any other IP.
You can bind one device to multiple IPs.
1. Bind to 192.168.0.1
2. Bind to 10.0.0.1
3. ???
4. Profit!

what gateway does the 10.0.0.0 network use to communicate with the 192.168.0.0 network?

in that case, you'd just set a static route on the 10.0.0.0 router to use the pfsense wan ip for traffic to 192.168.0.0. all that traffic will be blocked by pfsense by default so you'll have to add firewall rules to allow it