This guide provides an overview of the setup process for an Ubuntu home server, including steps for setting up various services and tools to maximize functionality and ease of use.
Before starting, ensure you have the following:
- A server with Ubuntu installed.
- Basic understanding of Linux terminal commands.
- Internet connection.
Our home server project is powered by the Beelink R5-5560U Mini PC. The system specifications were carefully chosen to deliver optimal performance for the services we intend to run. Here are the key specifications of our server:
| Component | Specification | Reasoning |
|---|---|---|
| CPU | AMD Ryzen 5 5500U, 2.1GHz up to 4.0GHz, 6 cores/12 threads, L2 3MB L3 8MB Cache | This multi-threaded processor delivers excellent performance for our server, with ample cores and threads to handle multiple services simultaneously |
| Graphics/GPU | AMD Radeon Graphics with 7 cores running at up to 1800MHz | While graphics processing is not a primary concern for a server, the integrated GPU can assist with tasks that require graphical processing |
| OS | Pre-installed Genuine Win11 Pro (Replaced with Ubuntu) | We decided to run Ubuntu for this project due to its wide support and stability as a server operating system |
| RAM | 16GB SO-DIMM DDR4 RAM running at 2666MHz | This is more than sufficient to run multiple services without a hitch |
| Storage | 500GB M.2 NVMe 2280 SSD with a speed of 3000Mb/s (Expandable) | This ensures fast data read/write speeds, improving the overall performance of our server |
| Wireless and Ethernet | Dual-band Wi-Fi 6, Built-in Bluetooth 5.2, Gigabit Ethernet | Offers flexible connectivity options for both wireless and wired connections |
| Power Supply | 19V/3A 57W Certification Adapter | Highly energy efficient, ensuring that our server doesn't consume too much power even when running 24/7 |
The choice of this server reflects a balance between cost, performance, and expandability. It has the power to handle the services we intend to run while offering room for future expansion.
NOTE: Many of the guides below may be unnecessary as Portainer has an extensive list of templates
Here's an overview of the tools and services we will be setting up:
- ZFS (RAIDZ) Setup
- SSH Setup
- Samba Setup
- FTP Setup
- Rsync Setup
- Nginx Setup
- Certbot Setup
- File Browser Setup
- Nextcloud Setup
- PiHole Setup
- Heimdall App Dashboard
- Shell in a Box Setup
- Grafana Setup
- Prometheus Grafana Setup
- Zabbix Grafana Plugin
We decided to use Docker for the majority of our services due to the numerous advantages it offers. Docker's containerization technology allows for efficient utilization of system resources, high scalability, improved isolation, and simplified version control. With Docker, each application runs in a self-contained environment with its own set of libraries and dependencies. This significantly reduces potential conflicts between applications and allows for easy updates and rollbacks.
The services chosen for our home server were based on a combination of user needs, available resources, and a desire for self-hosting to ensure data privacy and control.
- Nextcloud provides a self-hosted cloud storage solution, giving you control over your data.
- Heimdall is used for creating a unified, visually pleasing, and easily accessible dashboard for all of our applications.
- Certbot is utilized for managing SSL certificates, ensuring secure communication to our server.
- Nginx serves as our web server and reverse proxy, making our services accessible and secure.
- Grafana, Zabbix, and Prometheus are used for network and system monitoring, helping identify and diagnose issues.
Security was a key focus during the development of this project.
- SSH provides secure remote access to our server, which is crucial for administration purposes.
- Certbot automates the process of obtaining and renewing SSL certificates, providing encrypted connections to our services.
- Pi-hole is used as a network-wide ad-blocker, not only improving browsing experience but also blocking malicious ads that could pose a threat to our network.
To ensure a secure and reliable system, consider implementing the following security measures as you set up your home server:
-
Configure SSH for secure remote access: Set up key-based authentication, limit user access, and change the default port. Keep your SSH daemon up-to-date.
-
Implement a firewall to control network traffic: Use tools like UFW or Firewalld to create specific rules for required traffic, apply a default deny policy, and monitor logs for suspicious activity.
-
Secure your Docker images: If using Docker, regularly update images, use trusted official images, and consider implementing scanning tools like Anchore for vulnerability detection.
-
Segregate your network: Isolate services using network segmentation techniques such as VLANs or subnetting, and implement network access controls to limit communication between segments.
-
Manage user access: Create and manage user accounts with defined permissions, enforce the principle of least privilege, and use auditing tools to monitor user activities.
-
Encrypt data and use certificates: Use tools like Certbot to obtain SSL/TLS certificates, ensuring encrypted data transmission, and encrypt stored sensitive data at rest.
-
Perform regular security audits: Conduct ongoing security assessments of your system, monitor logs using tools like Logwatch, implement intrusion detection systems like Snort, and stay informed about emerging threats and best practices.
By considering these action points and using appropriate tools, you can establish a secure and reliable home server environment.
To ensure the reliability and stability of our services, comprehensive monitoring is essential.
- Grafana provides a powerful platform for visualizing metrics, which can be used for system and network monitoring.
- Prometheus collects time series data, providing the raw data for Grafana to visualize.
- Zabbix is used alongside Grafana for its advanced network monitoring capabilities, providing alerts and detailed network metrics.
The implementation process for each service is detailed in its respective section. However, it typically follows these steps:
- Setting up the Base System: Install the base system (Ubuntu) and configure basic settings.
- Installing Docker: Install Docker on the base system.
- Setting up each Service: Set up each service in a Docker container. This involves pulling the Docker image for the service, configuring it, and starting it up.
- Configuring Nginx and Certbot: Configure Nginx and Certbot to make the services accessible over HTTPS.
- Setting up Monitoring: Set up Grafana, Prometheus, and Zabbix to monitor the system and network.
If you encounter any issues while setting up or managing your server, refer to the documentation provided for each service. Additionally, consider searching for or asking questions on community forums or the GitHub page of the respective service.
Setting up a home server with these services can provide a powerful and flexible solution for file sharing, network monitoring, ad-blocking, and more. With Docker, managing these services becomes much more straightforward, making this project accessible even to those new to home servers. While setting up and maintaining a home server requires some effort, the payoff in terms of control and flexibility is significant.