Home Server Setup
November 27th, 2022Summary since the last update:
Set up Ubuntu Server on an old laptop
Worked on securing Ubuntu Server and my home network
Switched to Cloudflare as my name server for miketekin.dev
Tested my network security
Pointed miketekin.dev to my home network
Set up dynamic DNS with Cloudflare using ddclient
Configured Cloudflare to enhance security
Set up Nginx to serve my new website
Deciding to host the site myself:
I wanted the code for my gatsby site and my serverless contact form to be public to showcase my work. However, when I went to make the repository public, I realized the repository was filled with gatsby created files that I wasn't familiar with - files that could contain sensitive information. I wanted to avoid going through all of them and didn't like the idea of putting them up publicly as part of my project when I didn't even know the purpose of many of the files.
That's when I decided I wanted to host my website without a site generator like gatsby and all of the dependencies that it brings with it. Hosting my site myself would give me even more control and allow me to be more confident in what it is I'm sharing. Along with it being a great learning experience, it also sounded fun - so that was a bonus.
Where to host:
My first step was to figure out where I would be hosting the site.
First, I considered using a virtual private server like DigitalOcean or Linode. But they cost around $70/year, and I didn't think that was a necessary expenditure to pay indefinitely for my portfolio - and if I ever wanted to stop paying for it, I didn't want to lose anything.
That led me to the decision to run my own server.
I'm considering investing in an old dell optiplex tower because I can get one relatively cheap, and it should do everything I need. But I just wanted to test the waters first. So, I decided to turn an old laptop I had that was gathering dust into a server.
Choosing an operating system:
I decided to go with Ubuntu Server because Ubuntu is my daily driver, and so Ubuntu Server felt familiar and friendly. I also wanted to stick with something similar to Ubuntu to continue developing my Linux and Ubuntu knowledge. What I learned on Ubuntu Server could carry over to my Ubuntu desktop work and vice versa. It didn't hurt that it was also free.
Lately, I've been having trouble with my Ubuntu desktop freezing or just losing the display altogether. I've read that Debian is more stable, and I'm considering switching over in time. But, by the time I'm ready to make a switch, I may learn more about other server OSs that I would prefer.
Setting up and securing my server:
The installation and initial setup were quick and easy. But my top priority was making sure it would be secure.
I looked up some guides on securing/hardening Ubuntu Server and knocked a few steps off those lists.
At the top of my list was configuring Ubuntu's Uncomplicated Firewall and installing and configuring fail2ban. Both were easy to figure out and set up, and I'm happy with how they're both working.
Securing my network:
I was confident in my server's security. So, my next step was to make sure my network was secure. I looked up some guides on doing that, which included things like using tools to scan my network for open ports and other vulnerabilities.
Pointing my domain to my home network:
My system had the latest security updates, my firewall was configured, my ports were locked down, and fail2ban was set up - next, I decided it was time to point my domain to my server.
I was apprehensive about pointing my domain to my home network. After doing some research, I decided to use Cloudflare as a CDN. "Cloudflare hides your origin server IP addresses for traffic you proxy to Cloudflare." My domain is registered through Google Domains, and Google offers a CDN through Google Cloud, but it requires a subscription - which I've been avoiding for this small project.
Setting up Cloudflare as my CDN:
Cloudflare kept popping up as a recommendation. I researched CDNs and Cloudflare and decided that's what I would go with because it was free and came with some built-in security features that Google Domains alone did not provide.
Using Cloudflare involved setting up Cloudflare as a custom name server on Google Domains and setting up DNSSEC with them. Fortunately, Cloudflare made this a reasonably pain-free process.
Setting up dynamic DNS:
Next, I set up the DNS records in Cloudflare. I needed to provide an IP address, and, initially, I was going to set up a static IP address for my home network, but that also requires a subscription and I discovered I could instead just use a dynamic DNS which would be free.
So I needed to set up dynamic DNS from my ubuntu server. This lead me to ddclient. I ran into several problems setting up ddclient and found multiple recommendations for using a script some random person had made, but I wasn't super comfortable using a random script that I didn't fully understand and didn't want to spend the time learning exactly how it worked (ddclient was also discussed in Ubuntu documentation which gave it some more credibility). So, I kept working on ddclient. Eventually, I got it working, and my server automatically checked my public IP address and updated Cloudflare whenever there was a change.
Routing traffic to my server with port forwarding:
Next, I needed to set up port forwarding so that connections to my home IP would route to my server. This was easy using my Google Home app, which allowed me to reserve an IP address for my server and set up port forwarding for it.
Setting up a web server:
Next, I needed to set up a web server on my server. I found several suggestions but the ones most commonly recommended were Apache and Nginx. I went with Nginx after learning that it is now the most popular web server and is used by large companies that depend on speed, security, and reliability.
I installed Nginx and went through the beginner guide to learn how to configure it for a simple static site.
Integrating my server with my website repository on GitHub:
Finally, all I had left to do was to put together the website files I wanted to serve. I connected my server to GitHub to easily work on the files on my main computer and then pull them into my server where Nginx could serve them.
With all of that done, you can now view the barebones site at miketekin.dev. It took me a few days to figure this out and get it working. But, if I needed to do it all again, I could get it done much faster this time.
What I'm considering working on next:
Cloning the look of this site and building up miketekin.dev (using just HTML, CSS, and JS)
Adding the serverless contact form to miketekin.dev (or looking into what tools Node provides for creating a contact form)
Looking into Ansible Playbooks for hardening my server
Learning more about Node and Nginx and what they can do for my site/server
Seeing what other cool things I can use my home server for