Home Server General /HSG/

I got a Dell Precision T5500 with dual Xeon E5520, 32 GB RAM and 1 TB HDD.

What's the best way to go about setting up a public access shell server? And yes, I intend to increase the storage and RAID it.

> Seti@home or Hentai@home
> I'm currently using a Gen10
didn't quite get what you said here, anyway, running a seedbox on that kind of hw is more than enough, people can run thousands of torrents with rtorrent on lesser hardware.
key-based authentication, daemon like fail2ban that monitors access logs, disable root access and change the port, that, by itself will drop the amount of traffic that you'll get.
if you are a paranoid, setup a vpn and connect to to the shell that way

Nice... So all I have to do is look up how to configure key-based authentication in OpenSSH server, how to configure fail2ban... And disable root access? Can you explain that to me a bit more?

i could be wrong but this looks like the 'ground' setup so yeah op of the photo may be on here

G4 Minis are cute. Cute!

Attached: shitbrick.jpg (1280x1140, 177K)

the arch wiki, and man pages (and google) will have much more up to date, comprehensive info, if you got a specific thing you are having problem with, we can help you.

> I'm currently using a Gen10
Sorry, I meant I'm using a HPE Microserver Gen10

>the arch wiki
But I intend to use Debian Stable, not something that's marginally worse than Gentoo.

While some parts of the wiki, are arch specific, much of it isn't.
many linux distros share the same applications.
in your example. openssh is the industry standard anywhere, debian, arch or gentoo, therefore it doesn't really matter where the you find info regarding that.
on arch wiki, it's probably the best wiki out there from all the the distros. and again google is your friend, digital ocean have many great articles as well.

But how about disabling root access? Isn't that something distro-specific and not specific to OpenSSH itself?

It's in the standard sshd config file. I'll give you another hint: the parameter is PermitRootLogin.

You need to realise how meaningless the difference between distros actually is. It's basically just a package manager and a set of packages.
99% of everything works the same between distros.

It's especially true for systemd distros, which added a huge amount of consistency to the GNU/Linux ecosystem.

Thanks, man.

It's not just package managers... It's also directory and file locations for different config files. But yeah; since a lot of them use systemd, it shouldn't be to hard.

Hey lads. Im going to be leaving for a few years(might come back in a year or so for a bit) so I decided to finally set up my server. I would like SSH access from anywhere, and hopefully i can expand that to do anything i ever need on the server. What do I do to ensure maximum uptime and security(other than )? Since i wont have physical access, how do i safeguard against power outages? How can i make it autorestart? Also, i have really old drives. Should i raid them or buy new drives and raid those? Should i leave a raspberry pi as a backup vpn?
Sorry for all the questions, am noob.

>Thanks, man.
You're welcome. Most distros use the default of allowing ssh-keys for root access, but not allowing root login with a password. This is for orchestration with tools like Ansible.
I'd also look into SSHGuard over fail2ban.

personally for your situation I'd say rent serverspace with someone, like you would a seedbox. though I'm not even sure that's actually a thing, but you might look into it

Can I not run SSHGuard alongside fail2ban? I think that'd be like wearing 2 condoms for double the protection.

To safeguard against power outages, you need to configure your server so that all services you require start on boot, configure a DNS server so that you can instantly retrieve your server's address once it boots and you need to set your BIOS settings so that the computer powers up on AC (which means it turns on automatically, once power is restored to the house).

That is a thing. And you also don't have to rent; just look at a pubnix service.

A good example is thunix.net

>rent serverspace
As in colocation hosting or renting a VPS? I have a physical server sitting around with 36 cores, so id prefer not to rent a vps.
Thanks.

if you dead on setting things yourself.
setting ssh on rpi is good alternative on your local network, if there is a power outage, it just start on as soon as the power is back on, and that can be used to power on the main server, using WoL packets.
but if the place you are leaving, is going to be completely vacant, you are going to face other issues. things can be burned out, things broken, can catch fire and so on

i would do what said, it will save you the hassle. and as a first timer, setting things up and ensuring they will work correctly remotely , is IMO, too much

No problem. Also, I'd say to look into a free service like thunix.net.

There are dozens of pubnix services like this; they offer free shell accounts, web hosting (some also include gopher hosting) and some actually don't have usage limits other than just abiding by the rules and common sense.

sdf.org will limit your hard drive space and will delete your account after a set time frame, though. Just look at pubnix services or shell hosts.

Im a little confused by this. What do you mean cree shell accounts? They will give me free access to a VM as long as I don't abuse it?

>Can I not run SSHGuard alongside fail2ban
I wouldn't suggest it, it would be more difficult to maintain and fix potentially unwanted or accidental bans or networking issues. Much like with wearing 2 condoms, it's more likely to break with no real benefits. Configure one of them correctly and you'll be better off.

There are places that offer you free accounts on an individual's own VM being hosted in a place like OVH or Hetzner. Someone just rents a VM that costs them however much a month, then installs their own server and opens it to everyone. Some will resell it, while others will openly give out accounts. thunix.net is an example of that. So's soupwhale.com, except the membership's a bit more autistic (it's founded by a bunch of 4channers).

Thanks, man. I'll look into SSHGuard as well as fail2ban, then choose which of the two is better.

Ah ok. Im not really short on money so i dont see any reason i should use those. Thanks for the tip anyways, though.

otra vez este thread de mierda loco vayan a laburar

No problem. The thing is the price for renting these boxes varies between providers and countries, so it's always good to know there are free options.

Back to building El Wall-o, Pedro.

shells.red-pill.eu has a list of free shell providers, though it's not kept up like it used to be and alot of the providers listed are long dead.

This. thunix.org, for example; there was a point where thunix.org died and then got revived as thunix.net.

There are also very shitty providers put up there with good ones (like weedbox.net). weedbox's admin has some kind of e debilitating mental illness, or is possibly hooked on valerian root and other substances that makes him message you like a schizophrenic (worse than Terry Davis) whenever you need help with your service.

It's usually hit or miss when it comes to the lesser known providers. The only way to find out is to join their IRC chats if they have them, or join their online forums if they have them. Just get a fee of who they are, before you decide on joining.

Yes they make you jump through hoops because of those who abused free shells for harassment, wares, dd0s, etc.
I had a provider for awhile and it was fun.
The soupwhale webstite just pays music.

Actually, soupwhale has a sort of registration system that you fill in, then you join their IRC channel to chat with them and they see if you can tolerate their level of retardation that's typical of summerfags on Jow Forums (trust me; their summerfaggotry's all year round). And if they think you're one of them, then they give you a shell account with 10 GB of storage and your own personal site for free.

A number of providers ask you to join IRC to be judged or to "get an invite,"though. Pubnix services are slightly better because they don't try to make it like an exclusive club of like-minded retards.

can /HSG/ teach me about VLANs ?
I currently define everything in the same subnet.
my wlan and wired network cohabit under the same bridge.

Can't speak for that guy's mental health, but valerian is less psychoactive than a small can of beer, and tends to have a similar soporific effect.

You'd have to upload a PHP-based forum or chat script like phpFreeChat, to start communicating with him, though (my experience was that I uploaded the script, did everything I was supposed to in the setup procedure but it failed because weedbox.net's server isn't setup properly to use PHP).

Now, the guy uses Ubuntu 17.10 and the standard LAMP setup, except that for some reason, his PHP parser's faulty and during setup of my script, file permissions on some of the files changed to a totally different user on the server. So I contacted him to ask him if he could delete the file. And all I got were cryptic messages as if he was smoking weed, valerian root and snorting Coca Cola (not actual coke). After an e-mail chain of 26 messages, trying to get him to actually help me, I just told him that he's too mentally ill to run a server and he got offended, so he blocked access to my account.

For shits and giggles, I made another account on his serer and went into my old account's folder; sure enough, the files I've asked him to delete were still there, untouched, along with my index.php redirect to thunix.net (I know I seem like a shill, but I really like these guys because they not only know what they're doing, but they're polite about it and are willing to teach noobs how to get around).

So what's an ideal drive type and brand for a NAS, or a shell/web server?

anything but seagate :^)

Any reason why anything but Seagate?

What about Western Digital Black vs. Blue? Aren't those the same thing, only that one has a black label to appeal to gamers?

you want lower speed drives to minimize corruption due to rotational velocodensity

That really doesn't explain , but your statement makes plenty of sense.

Thankfully, all the drives I have available are 5400 RPM.

Dumb newbie question, but what affects LAN speed? I want to be able to host 1080p Blu Ray remuxes on a local server and stream to my various devices via WiFi. Is this an unreasonable goal?

The speed of a LAN is determined by the maximum speed of your server's network access card (NAC,) as well as the client's NAC and your router/switch/whatever networking hardware you use.

For example, let's say you have a server and client connected by wire to a router. The router can support 1 Gbps connection, the server's NAC supports 1 Gbps connection, but your client's an older machine that only has a NAC with 100 Mbps. The fastest speed would only be 100 Mbps.

Whichever appliance in the network has the slowest speed will determine the maximum speed of the network.

The same applies for wireless. Just be sure that you're running Wireless N and that all your wireless appliances can run at Wireless N speed. That's the fastest speed available for wireless.

I'm running something like this
If you have direct play, you'll be fine

look into backblaze reports and make your own conclusions
also, search on velocodensity, there are ways to mitigate it with 7200RPM drives

Why get a 7200 RPM and work on mitigating velocidensity, when you can get a cheaper and more reliable 5400 RPM unit?

Isn't 802.11ac more recent than 802.11n? Or am I just mixing up my protocols?
Even if I need to transcode, it should be fine. My server's CPU is more than beefy enough to handle transcoding 1080p

Supermicro ?

I'm looking at buying an HP microserver (probably Gen 7 as they're

Well no, I got an old laptop I wanted to use. I'm mostly wondering how to connect and stack the hard drives to it.

Bump

My home server software setup is a bit of a mess. It's currently on CentOS 7, and it's all just basically hacked together, following random guides I would've found on google years ago. If I lost my configs, I probably wouldn't be able to put it back together again.
With Debian 10 and CentOS 8 on the horizon (still haven't decided which one I'll use), I decided I should take the opportunity to redo everything from scratch in a more reproducible and maintainable way.

Does anyone have any tips for how to setup maintainable servers?
I haven't fallen for the docker meme, and I'd rather not use that for everything I do.

The server primarily is a mail server, web server, and I store my backups on it.

Attached: 47979030_p0.jpg (637x900, 185K)

5400 HDD's are hard to find, and they arent that much cheaper.

Im planing to run freenet, i2p on my server thats conected to hamnet

noob here, why do you need fail2ban if you have key-based authentication only

You don't, really. "Extra" protection doesn't hurt, but getting around key-only auth is so ridiculously absurd, the only possible avenue would probably be OpenSSH itself.

>soupwhale.com

kek

Opinions on using specialized NAS strictly for storage and some low power pc (NUC?) for other services?
I am tired of babysitting an old desktop running a horrible mix of debian, ubuntu and mint packages where every other update breaks something seemingly unrelated (a few years ago that seemed to be the most simple way to set up multiple users on multiple servers)
Reading up on modern 4-bay NAS they seem to have decent enough performance at reasonable price.

I have a x250 with an i7-5600U and 8GB single channel ram. Can it be used as a media server to watch movies and such and handle a deluge with 1500 torrents, a 8TB and 4TB externally? I might disassemble it for that purpose as OP's pic. I guess I could try to sell this and get an office pc with an i5 2400s for that money, but it will take time as it is pretty beaten.

hey boys

you shouldn't need a monitor on your server, much less two of them

it's good, use it. unless maybe you want to use zfs, probably better to go freenas for native zfs support but I haven't taken the zfspill yet

sounds like your setup is mainly a NAS so you won't need too much CPU power. I'd definitely try to get more than 2g of ram tho if you're running containers too. And get a cheap tv device like a fire stick, don't try to play movies from your server, especially since i doubt you can fit a real GPU in a microserver.

Ansible. You define your infrastructure as yaml files that you can easily reproduce and verify.

do it. it's good to split up your resources, not have all your eggs in one basket so to say. i'd look into putting another NIC in the NUC and setting up a hypervisor using the NAS for storage

Attached: hsg-20190612-s.jpg (1500x2191, 1.22M)

Can I have a tip?

a gen10 microserver should be enough for all the torrents you could ever need. as for seti@home and the likes, i'm not too familiar with those but from what i understand it's basically crowd sourced compute resources so it'll probably eat up whatever you give it. you can probably just limit the amount of resources it'll take on your system

>5400 HDD's are hard to find
every laptop hdd is 5400rpm user.

I have an old core2duo 8400 with an old p5n-d motherboard. What can I do with that?

throw it away. you can get a dirt cheap system that'll blow it away and make your money back in power savings reasonably quickly

I should clarity, 3TB+.
don't want a bunch of 1tb 2.5 inch hdds.

Is it worthwhile from a security perspective to put a machine that's going to be exposed to the internet on its own, separate subnet? or is it enough to make sure I only forward the ports I need and run a local firewall on that machine with matching restrictions?

>rpi can be a server if you want
wrong
>rpi can be a server if you want a slow-ass piece of shit that can barely get 4-5MB/sec over wired lan

still a server. were you expecting a 10 gig connection over a nic connected through a usb 2.0 hub shared with other devices? still, you should be able to pull close to 100mbit/s unless you're doing something wrong

>A server isn't a server if it's slow
Buddy... You can even make a 286 laptop from the 80's into a server using SIOUX You can even make a Commodore 64 with a user port NAC cartridge into a web server with Contiki OS, running nginx and the only limitation is the NAC itself. As for your saying 4-5 MB a second, that's absurdly fast for any connection.

he didn't claim it wasn't a server, he was just rightly pointing out that it's a shitty server and a waste of monies considering you can get a better performing desktop to do the job for fifty bucks off craigslist

what cronjobs does /hsg/ have?
pic related is my server

sensible port forwarding, ssh key authentication only, and fail2ban should by all accounts be sufficient

Attached: 2019-06-19-182314_665x345_scrot.png (665x345, 30K)

So, I've just finished putting this together, put Rockstor on it, clicked update about half an hr or so ago, and the webGUI is throwing a refused to connect, I think it's still updating as lights are still flashing.

Setting that aside, I put 3 1tb and 1 500gb drives in it and I don't know what to do with it. 3TB of space doesn't seem very useful when my main computer has 24TB and I don't want to buy 4*8TB drives to put into a NAS that I don't know what to do with.
I don't have any thing else on the network that needs NAS.

Attached: IMG_20190619_234902.jpg (1200x1600, 720K)

Update temperature report sheet, every 45mins
Empty Recycle bin in all shares, every 12hrs
Freenas Jail auto-update repos, once a month
Smart HDD report via email, once a week
Zpool report via email, once every 3 days
Pixiv subscription downloader, every 2 days
Twitter subscription downloader, every 6 hours
Keepass auto-backup, daily

>refused to connect
are you using the right credentials? unless you've set up a user already through the webgui you'll need to use rockstors default credentials to connect and create a user

as for what to do with it, make it a media hub so you can connect any time from any device without having to have your main machine on all the time

Has anyone here used an N36L or N40L processor? Will they be fast enough to play 1080p content locally over plex, as well as do a few torrents + cloud service? Are they noisy (in an HP microserver?)

No it's not a credential problem, I finished configuring a pool, share and samba export. Connected to the pool on my main computer and it was working.

It then had a notification that 3.9.1-16 update was ready so I clicked update, it had a count down and then just ended up with a
"Hmmm… can't reach this page *ip address* refused to connect." and the samba share went offline, my router says that the machine is still having some ethernet activity and drive activity light is still flashing so I don't think I should reboot it.

If only the hardware wasn't shite.

Any one using co-location services? What are you paying per month?

was very close to pulling the trigger on a provider in Houston called Oplink that came out to around $220 for one 1U server, one 2U server, redundant power, and some extra IPs. Not too bad but ended up getting an apartment with symmetric fiber connection so kept it in house.

It's pretty rare to find a provider that actually offers, or at least advertises, single server colocation. They want to lease full racks to businesses