/hsg/ Home Server General

i can just like, not install the mitigations?
this is a headless server, no web browser or public facing ports or anything. when is it ever going to be exposing itself to running enough unauthorized code to be even slightly susceptible to this shit. I just need speed, and intel's got it.

>amd
>avx2
really nigga

k but don't support this shit company

in this case I have five services accessible through the single point of entry at port 443

>I just need speed, and intel's got it
sorry but it looks like i gotta

In terms of power efficiency and speed Intel still beets poo-processors

>yay -Syu
>2gb cuda update

>say i use arch for my home server in cyber sec club
>WTF YOU USE A BLEEDING EDGE DISTRO?? THATS SUCH A HUGE FUCKING SECURITY RISK WHAT THE FUCK
>ITS AN ATX SERVER TOO?? ITS NOT A 1U or 2U ITS AN ATX CASE?
>BRO WHAT THE FUCK YOU GOTTA GET A 12 YEAR OLD XEON AND A 1U SERVER AND RUN CENTOS AND USE 5 YEAR OLD SOFTWARE WTF ITS STABLE AND SAFER

still use arch btw
still use a fractal design r5 btw

>fractal design r5
desu this is a good chassi, im using it as well
fits plenty of drives with room for additional ones
running cables was also decent in it
are you running arch with the stable repositories or just madfagging it with rolling release?

rolling release because i legit just use samba(anime, movies, games, books, music, etc), ssh to it(key files only), host a minecraft server on it for local friends, and sometimes some linux C++ development on it (vulkan, mostly).

i dont have much of an attack vector and I've never ran into the "ran pacman and how my system is fucking broke" shit that brainlets seem to keep running into in all my years of using bleeding-edge linux distros. It's a headless server as well so like I don't have any of the security mitigations enabled.

The worst issue I've ever had to deal with was just some fstab issue using /dev/sdb rather than UUIDs back when I added an 8TB drive to it.

r5 is based and all my workstation desktops and servers I've built use it.

boomer IT spurges always get mad when people do anything modern

Does it work by looking at the SNI then? Because that is how I would check what resource, i.e. server, is being accessed. Sounds pretty useful anyway.

alright, yeah i used a suckless arch install on my laptop in university for 4 years with 0 issues
made the switch to debian some 3-odd years ago though for some reason and im decently happy with it so i run debian on my server too

in this case, aye, traefik is using SNI to handle certs and front end routing - backend plumbing is done by labelling the containers.

many ways to configure things

docs.traefik.io/user-guide/examples/

Cool, for now I'm just using different ports, since some of my services are locked behind client certificate checks, but this could be fun to play around with. Thanks!

no worries - give me a shout if you want some example compose files etc.

I have ports forwarded on my router and they appear open on canyouseeme.org and similar tools, however they appear closed on my machine. I’m running Debian. Any suggestions on fixing this? It would be much appreciated

netstat -tunlp to check you're listening on the correct ports, portscan from another machine on the lan and see if they're open form there?

Cute!
Mine only has a G3258 and 8GB of DDR3 in a little ISK 110 case
I was planning to upgrade it with a second hand i7-4785T but then the next round of vulnerabilities came in
I'll just wait until the 3200G gets released and see what the reviews say
With a little luck it won't blow up my 85W PSU

Attached: 1439577492837.gif (500x281, 938K)

I've actually got the avx2 flag in my 2400G's cpuinfo.

It shows the port I want as:
tcp 0 0 0.0.0.0:20883 0.0.0.0:* LISTEN

First column is protocol, second is recv-q, third is send-q, fourth is local address, fifth is foreign address, sixth is state

looks good, you have multiple NICs on this machine? no firewalling involved?

my main pc has this...

I only have one NIC, but this is the wired interface on the card. I also got rid of all of the rules on iptables to be sure.

AMD AVX2 is twice, almost 2.5 times as slow.
It just fires off its 128-bit vector units twice

Any other recommendations to fix this?

So i want to be able to automatically back up photos and view them from any computer, basically my own personal "botnet free" google photos.

Any suggestions on what server/app/client to use?

It still has it and an iGPU and a lot more. Generally speakin I'd say you'll be ok.

It's not like you weren't aware that this isn't the high end of processing power in a single box, right?

Syncthing maybe? Enable staggered retention on some machines.

So im at Unitymedia (cable internet in Germoney). Set up a server two days ago and now I realize they only give out ipv6/DS-Lite adresses to regular customers (non business).

What the fuck should I do now? I cant access my server from the outside without an ipv6 address and my phone LTE only supports ipv4.
Ive heard of 'portmappers' but what I've found is that I basically have to cuck to a third party for something which should be a non-issue?

Get a VPS and tunnel your server traffic through it.

I'm going to assume you meant avx2 bus width and not implying ryzen does not support avx2. No performance requirements were listed so ryzen checks the avx2 box and as far as iGPU the vega 8 and 11 should perform better than Intel 630 at a lesser price with similar tdp.

avx2, for CPU video encoding
forums.anandtech.com/threads/ryzens-halved-256bit-avx2-throughput.2501158/

That's actually better than I thought.

If it's https you need see if you can put it behind Cloudflare's proxy which will work with ipv4. Otherwise buy a cheap VPS and tunnel to that.

>NIGGAS IN HERE BE RUNING SERVERS WITH 9 YEAR OLD XEONS

funny meme

So I have to throw money at another company plus potentially reveal my traffic to them? Thanks unityshit.
Alternative to cable would've been DSL16k which is unacceptable in {current year}

Are the serverbuilds.net guides well accepted? Eventually hoping to go down this road with unRaid, but I've got lots of learning to do.

Is anyone using hardlinks with deluge or something similar to keep their Plex files and metadata clean?

And no, my 10TB drives haven't shipped yet from Amazon.

Got a CM HAF X case for free. Doing a budget build for a media server that will be running Plex. I've got an AM3 motherboard laying around, whats the best cpu I could stick in that? FX8350?

Attached: 1_1_54175655.jpg (500x750, 87K)

Is that a firewire close to some usb 3.0 connectors? What are you, a time traveller?

Can anyone please answer?

It really is. Pretty neat case, huh?

Attached: RC-942-KKN1-R-soft__86590.1350928411.1280.1280.jpg (500x500, 84K)

It is, with a pretty wild selection of connectors. Can be useful.

you should run netstat -a -n and post what it shows
have you tried SSH tunneling to the desired port?
don't forget to update and mitigate your certs

What's the smallest, usable server rack available?

Can I build my own?

Sauce on OP image?

Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:20883 0.0.0.0:* LISTEN

is using a 64-GB partition out of a 256GB NVME as a bcache for 3 2TB drives worth it

nmap also shows that all ports on this machine are filtered. How do I fix this? I'm pretty sure iptables has no rules, as I flushed them all.

sauce

thanks to the guys that gave some info about the HPE ProLiant DL380 I was planning to buy 2 days ago. Been playing with it for 2 days and its been alot of fun, Just bought some harddrives for and a NAS and I'm about to buy a 24 port cisco switch. Life is good.

Attached: unknown.png (659x367, 42K)

>centos

ur a centos

I've been running my own mail server for about five years. When I first set it up I did not really include any spam countermeasures. If you knew my username or one of its aliases, you could send me mail. For a couple of years I didn't receive any spam, and for a while after I began to receive it it was infrequent, but now it has become a problem.

The "reject_unknown_client_hostname" option in Postfix seems to prevent virtually all spam. This policy requires clients to have a PTR record and requires the domain name in the PTR record to resolve to the client's IP. I know that this policy can cause mail to be rejected as a result of DNS failures. Is there any other reason that it might cause legitimate mail to be rejected?

>unraid
why in the world would you pay for a glorified slackware and subpar snapraid install?
just go for whatever *nix, snapraid, mergerfs, and cockpit instead
its free

Because while all that stuff is free, it requires me to learn how to assemble it all and get it in working order. Paying for unRaid is paying for someone else to do all that work for you. I want plug and play; not having to learn linux from the ground up.

It's convenience and customer service. And it will be challenging enough all on it's own to set up. Let'sEncrypt and reverse proxy and dockers. That's a lot of shit to learn for a Windows 10 user. I ain't that smart.

>there are people in this thread who put their home network in 192.168.178.0/24 instead of 10.0.0.0/8

Attached: 1540766424573.png (500x513, 119K)

>not using multiple public routable IPv6 subnets
>Not having different networks for WLAN, LAN, servers, guests, spyware etc

After going through the pain of putting *NIX and Lineage OS on all devices I want to not trust them?

>guests
But it's fun anyway and that's the main reason we do all this bullshit right?

Yeah, especially given that some ISPs love to sniff around over TR-069

Shouldnt be a Problem with encrypted traffic. Try it out with a cheap vps from vultr or hetzner.

I'd like to see what is the best solution for doing archiving for pictures every time I come back from a day trip or event. Instead of storing on my computer, I'll be storing onto two external HDD with both having exact copy. Currently, I'm just connecting it through USB, but it's really slow. Wondering if there are beret ways

Attached: FB_IMG_1550115338942.jpg (640x844, 67K)

Have you tried the business plans? They often don't have this shit.

eh I'll change it when I need it to be changed.

got a DS418 for free!

Attached: yb6g.jpg (4000x5440, 997K)

Very decent. Even more so if it is with the drives.

>Are the serverbuilds.net guides well accepted?
I'm not sure anyone here used these.

> unRaid
Not my thing.

> Is anyone using hardlinks with deluge or something similar to keep their Plex files and metadata clean?
I don't think this is needed? The plex configuration files are not the same as the data folder you point it to.

That said, you can of course symlink, mount, hardlink, use docker[-compose] volumes and so on as you please. I'd generally recommend docker-compose to set up plex anyhow.

came with a single 3TB drive, got rid of it and installed 4*4TB WD reds, pretty happy with it for now

LackRack
wiki.eth0.nl/index.php/LackRack

Yea, that's certainly decent.

>symlink
i do this with anime so that scudlee's anime plugin for kodi will tag my anime properly

Lucky son of a bitch! But it least it ended up in the hands of a /hsg/ member at all. May it last you long!

Attached: 1534431838947.jpg (184x184, 14K)

Page 10 fucktards

Attached: 1530312380018.gif (375x211, 2M)

Don't know that or why you'd need to symlink for proper tagging, but either way it'll probably be fine regardless which approach you choose with plex.

Any other useful advice to potentially fix this, Jow Forumsuys?

I can't believe you've done this to me.

what does iptables -L show?

My mom is a photographer but also not at all tech inclined beyond knowing about her camera. What I did for her was get a shitty Synology NAS and pop some 4TB drives in RAID 1 in there, then set up the NAS to sync to a cloud backup on a regular basis, and set a cronjob up on her Mac that would rsync everything in her pictures folder to the NAS (there are probably easier ways to do this). It's not fast, but she can just dump photos in her photos folder which is quick, and then they slowly get propegated to the NAS and then the cloud backup in the background so it wasn't a pain.

mine. sure the cables are mess but who cares? It's in a basement storage room.

Attached: Merge.jpg (4059x1348, 1009K)

What I did for mine was get the coffee table version of the lack, and placed the board that goes between the legs of the table so that it could fit a 1U server underneath, and then I jammed a server under there and piled everything else on top. The board itself is not strong enough to hold more than maybe a single Dell 1U, and the mount points are absolute shit, in addition to the legs being hollow so you can't really use it like normal.

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

this IS debian, not ubuntu right? your not running UFW or anything else?

This is debian, and I'm not running ufw

tracert from the other device on lan you used nmap from - there is def nothing in beween it and this machine?

what is it thats listening anyways?

I'll try that
FTP/SSH server and a torrent client daemon plus its remote interface, but the machine is blocking traffic from these ports even though they are forwarded on the router.

Only one hop with traceroute and it was directly to the machine itself,

gah, vexxing to say the least

kk reboot to make 100% absolutely sure iptables is out of the picture and double+triple check the listener is configured correctly - you didn't mess with hosts.allow/deny or anything?

I didn't mess with hosts at all. Before I reboot, how would I check that the listener is configured correctly? Even with a DDNS client configured, I can't ssh into the machine through that even though the ports are forwarded.