Below I’ve recorded (and slightly curated) the steps I took to get my home server fully up and running.
Configuring Hardware
Installing SSD
Installing Magnetic Hard Drives
Setting up the Disk Array
Installing the Operating System
Setting up Internet on Ubuntu
Because I hadn’t set up the internet during install, I had to do this next.
auto em1
iface em1 inet dhcp
Install Software and Administration Tools
I installed a few different tools onto the server. This set of tutorials was very helpful. I also installed Ajenti – so I could do some simple server management tasks with a web based GUI.
Installing a Desktop GUI
Because I wanted the flexibility of sometimes running user desktop applications from the server, I decided to install a lightweight GUI, and a VNC service (to access the GUI over the network). Because I didn’t want these things to use up resources when they weren’t needed, I also made the whole lot default to off.
sudo apt-get install xorg gnome-core gnome-system-tools gnome-app-install
startx
vncserver -geometry 1920×1080
… and then using TightVNC Viewer in windows to connect to the VNC server.
Set up Network File Access
To conveniently access file shares on the Microserver from other machines on my home network, I used NFS. I followed the guide here to get it set up – piece of cake.
Format and Mount the Magnetic Drives into Ubuntu
I followed the standard guides to format and mount the other two hard drives. I also included the bit about making the group ‘plugdev’ default, so that non-user accounts were able to write to the mounted folders.
Set up Internet Facing SSH Access
Configure a Static Internal IP for the Microserver
These steps will depend on the router, so I’ll give them high level:
Get a Dynamic DNS Hostname
Next I needed a way to always know my home internet connection’s external IP address.
Configure Port Forwarding of External SSH Traffic to the Microserver
Install SSH and Google Authenticator
I installed and configured google authenticator with OpenSSH on the Microserver, so that I could secure access. This is more secure than just using a password, and more convenient that certificate based authentication, which means I have to carry around and protect a private key.
Set up a personal VPN using OpenVPN
Out of principle (Snowden et al) I wanted to configure a VPN for the microserver. I went with PIA, and configure OpenVPN to make the connection for me.
Prevent DNS Leaking
I noticed that the VPN was not being used for DNS lookups, and realised I had a DNS leaking issue. To fix this was fairly easy – I just had to append the following lines to the end of the london.conf file, inside /etc/openvpn/:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Getting SSH to work through the VPN
After I set up the VPN connection and routed all traffic through it, I noticed my external SSH access was no longer working. Having decided this was to do with routing, I eventually found the answer here and here. Adding a new rule/routes, and make them default when the network connection comes up, by creating a script in ‘if-up.d’.
create – /etc/network/if-up.d/SSHThroughVPN
#! /bin/sh
ip rule add from 192.168.1.100 table 128
ip route add table 128 to 192.168.1.0/24 dev em1
ip route add table 128 default via 192.168.1.1
… where 192.168.1.100 is the fixed internal IP you gave the microserver, 192.168.1.0/24 describes the subnet, and 192.168.1.1 is the IP of your router.
Create a Backup Folder
I wanted to have some resilient backup folders, so I added a folder on both of the magnetic hard drives, and then wrote an rysnc command to synchronise the content of these folders. Finally I added this command as a nightly cronjob, so the folders would be syncronised nightly! I put files such as my bitcoin keys into this folder!