In this blog am going to share my learnings and findings on how i build my mini home-server an year back, which am currently using to host my side projects, access my files anywhere from the world, alternate for google drive etc.. This blog will cover only the basic highlevel steps, although i have given all the source links for the setup, but if you are expecting a spoon feed kinda stuff, then this is not for you.
Pastly everyone in tech probably knows what a bare metal server is and why do we need it, but nowadays everyone is aware of Cloud Computing, AWS, GCP, Serverless etc stuffs, but just forgot the roots and basic stuffs like what is server and how to host things locally(bare metal) etc, Home server is not any definitive name or anything, its just a computer that sits with us(since in my case its in my home am calling it as a home server).
We can make use of our own home-server in multiple ways, like for storing and writing files(like NFS), accessing our system using SSH from anywhere, creating our own web server, hosting our unfinished side projects, also we can get rid of data sucking google drive by having our own FTP server etc(currently am using my home server instead of a traditional google drive),and yeah, there are lot more than this to explore.
> Internet Connection(I know this is dumb but still!), probably a home wifi like ACT, airtel fiber, hathway etc.
>
A Public IP address, This can be obtained from our ISP(ACT, hathway etc).
Why we need this? — our public IP showing in
whatsmyip,
cannot be accessed outside of your ISP, since by default all the ISP will be behind a CG-NAT.
you can learn about CG-NAT in this
blog,
youtube.
> A domain name for your public ip(this is optional as far as my opinion), if you are ok with accessing your server with ip address like (20.300.400.50) in browser or anyother client, this step is not needed.
> Of course a desktop or a laptop, with any linux distro installed.
Once you set up your public IP from your ISP, thats it! that is all you need to connect your local desktop/computer to the internet(outside world). To verify the same, find your public IP in whatsmyip, and try to ping your public ip address in your laptop/desktop from a different network other than your ISP(it can be your mobile hotspot).
If you are receiving a sucessful ping, thats all, you can confirm that your desktop/laptop has been publicly connected to internet. its upto us now to decide how to turn our normal desktop/laptop which is connected to internet into a webserver or as an FTP server etc.
If you find your public ip ping is not accessible, most probably you need to enable your ICMP settings on your router/firewall settings.Port forwarding is one way of exposing your server to the outside world, although this has some secruity flaws, which we need to take care by our self, but for simple tasks like hosting etc this is a good place to start.
Setting up a webserver like nginx, makes our life easier, where nginx supports reverse proxy, load balancing etc, out of the box. Although we don’t need all of that from nginx atleast for a simple home server setup, services like reverse proxy from nginx would be a great tool to get things done.
> Expose port 80 on your router settings using port forwarding.
> if(firewall_is_enabled) allow port 80 in the firewall settings as well; else SKIP_THIS_STEP
> Install Nginx
> Once the above steps are done, if you are now trying to access your in your browser from anywhere outside of your ISP network you should probably see default nginx page.
From here you can basically host any of your side projects without going to any cloud computing services like AWS, GCP etc, by doing some modifications to nginx conf settings.
If you face any issues like 502 or the if the site keeps on loading, try to restart the nginx or run sudo nginx -t(which tests your nginx conf file and will throw error if it finds any)Reference: install and nginx setup
Setting up an FTP server will help us to upload or download our private files, images etc(may be an alternate to google drive) from anywhere in the world, and whatnot we can be in full control of our own data. Here we are going to use vsftpd a FTP server.
> Expose port 21 on your router settings using port forwarding.
> if(firewall_is_enabled) allow port 21 in the firewall settings as well; else SKIP_THIS_STEP.
> Install vsftpd
> once the above steps are done, you can now able to connect to your home server using any FTP client(am currently using owlfiles from my mobile) from anywhere in the world, and you can upload or download anything into your server.
Currently am working on creating multiple user groups based FTP server!
Reference: vsftpd
SSH will basically lets us to connect to our system from anywhere to run commands, install softwares, literally to access your server without physically accessing it using command line(CLI). Here we are going to use OpenSSH server.
> Expose port 22 on your router settings using port forwarding.
> If(firewall_is_enabled) allow port 22 in the firewall settings as well; else SKIP_THIS_STEP.
> Install OpenSSH Server
> Don’t forgot to password protect since connecting via ssh will give an entire access to our server, on top of that also enable 2FA like google authenticator.
> Once the above steps are done, you can now access your server from anywhere using ssh clients.
References: openssh Google authenticator
There is another way of making our desktop/laptop as a FTP server etc, is by using a VPN servers like wireguard, openvpn etc, since in port forwarding approach we are exposing a lot of ports(like 21, 22, 80 etc) to the outside world, there can be multiple ways to hack into any of our open ports.
If we are using VPN based servers like wireguard, we don’t even need to open all the ports. By this way this would be way more secure compared to our previous approach.
Setting up a VPN service is a easy process, since installing and configuring wireguard is pretty easy with only a minimal amount of steps we need to follow,
> Expose port 51820 on your router settings using port forwarding(Compared to port forward approach, here we are exposing only a single port 51820 where this port is managed by wireguard and can only accessed by legitimate clients that already registered with our server.
> if(firewall_is_enabled) allow port 51820 in the firewall settings as well; else SKIP_THIS_STEP.
> Install wireguard(personally i installed using the official docker image, which is pretty easy)
> Once the above steps are done, now try to access your wireguard UI SERVER:51821 from your internal network, this will open a GUI based wireguard, where you can manage your wireguard clients.
Reference: Wireguard
Yep, this is it! this is how i turned my local desktop into a home server and am using it for the past 10-12months for hosting and alternate for google drive.