Blog CS

Home Server Setup Steps

May 26, 2015/0/0
Home / Home Server Setup Steps / Home Server Setup Steps

Below I’ve recorded (and slightly curated) the steps I took to get my home server fully up and running.

Configuring Hardware

Installing SSD

  1. First off I put the SSD into an external caddy and plugged it into a Windows PC, so that I could use SanDisks utility to upgrade the firmware. Turns out it was already at the latest version though.
  2. The Gen8 case was straightforward to open. Two thumb screws at the back, then pull the cover back in the direction of the thumb screws, then up, and it all comes off as one piece.
  3. I had followed the advice here, so as well as the SSD, I had also bought an extra SATA cable, and a ‘MOLEX -> MOLEX + SATA’ power adapter – and I knew I was going to install the SSD into the top of the server.
  4. The SATA cable I plugged into the motherboard, to the port labelled ODD (optical disk drive).2015 - 3
  5. Meanwhile, I had to pull the MOLEX plugs through the gap in the top of the case, attach the power adapter, and then push everything apart from the SATA power plug back into the gap.2015 - 8
  6. This left the two cables accessible at the top of the case, where I slotted the SSD and plugged it in.2015 - 2

Installing Magnetic Hard Drives

  1. This was pretty straightforward as the case is designed to make changing the hard drives a doddle.
  2. Started by un-clipping one of bay brackets and pulling it out. The bracket had two metal spacers screwed into it, so it was just a matter of unscrewing these spacers, and then using the same screws/holes to attach the hard drive.2015 - 11
  3. Then the whole bracket and hard drive can just be pushed back into the case, and the clip pressed back down until it clicks shut.
  4. Did the same for the second hard drive.

Setting up the Disk Array

  1. First off when I tried to set the server off, I went into the BIOS and turned off the HP Smart Array.
  2. However, I found that with it off, there was no way to make the SSD (plugged into the optical disk drive sata port) the default boot disk. Since I wanted my OS on the SSD this didn’t work for me.
  3. Therefore I went back into the BIOS and turned the HP Smart Array Controller back on.
  4. Then, you wait a little longer into the boot process, and you get the option to configure the array. Shortly after it says ‘HP Dynamic Smart Array – initialise’ there is an option to press F5 to configure.
  5. At this point, you enter another HP Smart Storage Administrator utility, and you can select each of the drives in turn, and make them into RAID-0 drives (or make the two magnetic disks into a single array).
  6. I decided not to bother with a full on RAID array for the two disks, because I prefer to use the extra space and then add an rsync to get a bit of extra backup for a few key files (such as my bitcoin wallet).
  7. Finally you can go back to the main menu of the Smart Storage utility and make the SSD the default drive.

Installing the Operating System

  1. I opted for ubuntu server, as the most flexible OS for my server, and one which I have a good amount of experience with.
  2. I started by using one of my other ubuntu machines to create a Bootable USB key, from a disk image of server 14.04 LTS.
  3. Next, I need to enter the server’s BIOS again, and change the Boot order to put USB in front of the disks.
  4. Having inserted the usb, and rebooted the disk – everything seemed to have gone wrong. I was presented with a flashing prompt and nothing else. However it seems this is the confusing default for an ubuntu server live usb, and I just had to type ‘install’ and hit enter.
  5. After that I used ubuntu servers partial GUI to install the OS onto the available SSD drive.
  6. At the time, I hadn’t got a network cable plugged in, so I didn’t configure internet access during the install.
  7. After install, I removed the USB, reset the BIOS boot order, and rebooted.
  8. Ubuntu started nicely.

Setting up Internet on Ubuntu

Because I hadn’t set up the internet during install, I had to do this next.

  1. Plugged in the network cable to the first ethernet cable.
  2. Used ‘cat /proc/net/dev’ to check the name of the interface, which was em1.
  3. Added the following to the end of the interfaces file (sudo nano /etc/network/interfaces)

    auto em1
    iface em1 inet dhcp

  4. Finally called ‘sudo service networking restart’ and check the internet with a quick ping to google.

Install Software and Administration Tools

I installed a few different tools onto the server. This set of tutorials was very helpful. I also installed Ajenti – so I could do some simple server management tasks with a web based GUI.

Installing a Desktop GUI

Because I wanted the flexibility of sometimes running user desktop applications from the server, I decided to install a lightweight GUI, and a VNC service (to access the GUI over the network). Because I didn’t want these things to use up resources when they weren’t needed, I also made the whole lot default to off.

  1. Installed the gnome-core (i.e. without all the bloat like libreoffice)

    sudo apt-get install xorg gnome-core gnome-system-tools gnome-app-install

  2. Set the default in grub to be text (i.e. do not load gnome by default)
  3. I installed VNC so I could access the GUI over the network. Note the section on resetting the default shortcuts – I had to follow that section and disable any shortcuts with the ‘super’ key in them – as it was broken the same way for me by default.
  4. Finally, after all this, I can access the GUI when needed by running…

    startx
    vncserver -geometry 1920×1080

    … and then using TightVNC Viewer in windows to connect to the VNC server.

Set up Network File Access

To conveniently access file shares on the Microserver from other machines on my home network, I used NFS. I followed the guide here to get it set up – piece of cake.

Format and Mount the Magnetic Drives into Ubuntu

I followed the standard guides to format and mount the other two hard drives. I also included the bit about making the group ‘plugdev’ default, so that non-user accounts were able to write to the mounted folders.

Set up Internet Facing SSH Access

Configure a Static Internal IP for the Microserver

These steps will depend on the router, so I’ll give them high level:

  1. Logged onto the router’s adminstration panel.
  2. Went to home network, and found Microserver as a connected device.
  3. From there I could use the settings to fix it’s IP, so it is always given the same IP whenever it connects to my home network. e.g. 192.168.1.100.
  4. I also added a hostname for the server on my internal network (DHCP), so I can access it more conveniently.

Get a Dynamic DNS Hostname

Next I needed a way to always know my home internet connection’s external IP address.

  1. Went to no-ip.com and registered a free account.
  2. Added a new (also free) hostname to the account.
  3. Logged back onto the router’s admin panel, and found the settings for Dynamic DNS.
  4. Entered the credentials and address for No-IP and tested.
  5. I then had a hostname which would resolve to my router’s IP. If the IP changes, then my router will update the hostname correspondingly.

Configure Port Forwarding of External SSH Traffic to the Microserver

  1. Next I went to the port forwarding section on the router admin panel. I added a new service to the application list for SSH on port 22.
  2. I told the router to forward all external traffic on port 22 to 192.168.1.100 (my home server’s new fixed internal IP).
  3. Finally, I can send SSH traffic on port 22 to the dynamic hostname, and have this traffic be recieved by my home server.

Install SSH and Google Authenticator

I installed and configured google authenticator with OpenSSH on the Microserver, so that I could secure access. This is more secure than just using a password, and more convenient that certificate based authentication, which means I have to carry around and protect a private key.

  1. Installed OpenSSH and google authenticator (sudo apt-get install openssh-server libpam-google-authenticator).
  2. Downloaded the Google Authenticator App to my phone.
  3. Followed this guide to set up authenticator.
  4. Finally, I also installed WebSSH on my Iphone, which supports two factor authentication, so I can SSH to the server from my phone.

Set up a personal VPN using OpenVPN

Out of principle (Snowden et al) I wanted to configure a VPN for the microserver. I went with PIA, and configure OpenVPN to make the connection for me.

  1. Get a PIA account. Lots of ways of doing this, from credit card to Bitcoin, but that’s another story.
  2. Followed this guide to quickly test it would work.
  3. Then when this worked I did the following to get it working on startup:
    1. Got the generic openvpn confs from https://www.privateinternetaccess.com/openvpn/openvpn.zip
    2. Moved the ‘london.ovpn’ to ‘london.conf’ inside /etc/openvpn/
    3. Also moved ca.crt and crt.pem to /etc/openvpn/, made a credentials file and locked permissions on this down.
    4. Check the service would start automagically by running ‘sudo service openvpn start’

Prevent DNS Leaking

I noticed that the VPN was not being used for DNS lookups, and realised I had a DNS leaking issue. To fix this was fairly easy – I just had to append the following lines to the end of the london.conf file, inside /etc/openvpn/:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Getting SSH to work through the VPN

After I set up the VPN connection and routed all traffic through it, I noticed my external SSH access was no longer working. Having decided this was to do with routing, I eventually found the answer here and here. Adding a new rule/routes, and make them default when the network connection comes up, by creating a script in ‘if-up.d’.

  1. Create a new file ‘/etc/network/if-up.d/SSHThroughtVPN’, and in it write:

    create – /etc/network/if-up.d/SSHThroughVPN
    #! /bin/sh
    ip rule add from 192.168.1.100 table 128
    ip route add table 128 to 192.168.1.0/24 dev em1
    ip route add table 128 default via 192.168.1.1

    … where 192.168.1.100 is the fixed internal IP you gave the microserver, 192.168.1.0/24 describes the subnet, and 192.168.1.1 is the IP of your router.

  2. Make the new file executable. (sudo chmod +x /etc/network/if-up.d/SSHThroughtVPN).

Create a Backup Folder

I wanted to have some resilient backup folders, so I added a folder on both of the magnetic hard drives, and then wrote an rysnc command to synchronise the content of these folders. Finally I added this command as a nightly cronjob, so the folders would be syncronised nightly! I put files such as my bitcoin keys into this folder!

Uncategorized
Navigation
« NEXT
PREVIOUS »

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.