First, some logistics: to set everything up we’ll need a monitor and a keyboard. If you’re building anything resembling what I’ve described in the hardware post), chances are there is no WiFi, so unless you can place the box, and the monitor, and the keyboard close enough to the router to connect it with an ethernet cable, you might want to choose an OS setup option that does not require network connectivity.
The operating system: Debian
I’ve used Debian on the servers for a long time, and value its commitment to stability, free software, and the wide availability of software (not only free) via the apt package manager. To install it on our server we can download a complete installation image - despite the name, it can be written to a USB stick.
The official image might not include some of the firmware packages required for the OS to work with our hardware, which would manifest with errors such as unable to load firmware rtl_nic/rtl18168h-2.fw shown during boot. In the case of my build), the missing packages were:
firmware-realtekfirmware-misc-nonfree
They can be downloaded from the Debian package repository and written to a USB stick, so that they can be transferred to the system before it has network connectivity.
Access from the outside: dynamic DNS
To access the server from outside of our household’s local network we’ll need to first locate our router using its IP, then the router will have to forward the requests to the server. For the latter, we’ll need to configure the router to assign a static IP to the server within our home network and to forward the TCP traffic for specific ports to the server. Typically we’ll want the following ports forwarded:
- 22 for SSH
- 80 for HTTP
- 443 for HTTPS
To reach the router from the outside we’ll need to know the IP that the ISP assigned to our router. Some ISPs might offer static IP addresses; otherwise, a dynamic DNS might be an option: our router or server can monitor its public IP changes and update the DNS records at the DNS provider so that we can reach it using our domain name.
Some routers might provide support for dynamic DNS out of the box. Otherwise, our new server can do the job. There are many providers of dynamic DNS services, I’m using Dynu which was free and easy to set up. It comes with a Debian package that sets up a systemd service to update the IP, whose only quirk was that it stopped working in a non-obvious way (service still running, but no entries in the log and the IP doesn’t get updated) after a couple of days, so I ended up sticking a daily restart in the crontab, which seems to have addressed the issue:
# restart dynuiuc service, as it tends to get stuck after a few days
0 1 * * * /usr/bin/systemctl restart dynuiuc
Turning things off and on again will always be near the top of my troubleshooting checklist.
Reverse proxy: Nginx
We’ll probably want to serve multiple applications – file storage, blog, photo collection – on different subdomains, so we’ll need a reverse proxy. I’m using Nginx, because it’s something I know and trust; otherwise, Traefik appears to be a popular option these days. To provide TLS certificates I’ve used certbot that ships with Debian. Obtaining the first cert for each subdomain means first setting up a site file that only handles unencrypted HTTP, then running certbot with Nginx plugin to request the cert; in the process certbot will update the site definition to use HTTPS. Luckily, this manual step only needs to be made once for each application.
Go:
- Next: Security and Privacy
- Previous: The Hardware
- Up: Table of Contents