Alex's Guide to running a home server (WIP, DRAFT)
This is a living guide to hosting digital infrastructure. I'm writing this out of a dissatisfaction with a lot of existing approaches to running a home server. It seems to me that a lot of self-hosting guides mirror the approaches and infrastructure of big tech.
This is a living document, and I will update it as I learn more. If you have suggestions or corrections, please contact me.
Principles
Keep it simple
Your system should be as simple as possible. Use lightweight tools: this often means that you will be using things that are not mainstream, as mainstream tools are often designed primarily with large, modern, distributed, high-traffic services in mind: not what we are doing here. You may find yourself using Linux tools that are quite old, from an era were simpler and more straightforward infrastructure was more common.
No cloud services
Some self-hosting guides will say, set up your home server then use a cloud proxy server, or put things behind Cloudflare. In my view, this defeats the purpose: if you want true digital self-sufficiency, you should control as much of your infrastructure as possible.
Accept limitations
There are things that you won't be able to do on self-hosted infrastructure. Rather than compromise another principle to attempt them, accept and work within these limitations. For example: you will probably not achieve 100% uptime with your service. Accept this and communicate it to your site visitors
Operating System
I choose Linux as my operating system. Alternatives to consider, in order of feasibility, are OpenBSD and Plan9. This guide is focused on Linux because it is the operating system I am most familiar with, and it is so ubiquitous that it is easy to find resources, software and guides for configuring Linux.
In terms of distros, I choose Alpine Linux. Alpine Linux is a very minimal distro. I am both familiar with it and philosophically aligned with it. Alpine Linux uses musl rather than glibc, which may cause software incompatibilities, but this is less of a concern for the kind of thing you'll be hosting in the cloud. Unlike something like Raspberry Pi OS, there won't be a step by step "how-to" guide for running Alpine on the Raspberry Pi. You'll need to develop a bit of understanding about your operating system. You are welcome to use another Linux distro if you'd prefer.
TLDs
Unfortunately, a lot of TLDs are operated by Identity Digital or a similar for-profit company. These companies are rent-seekers: they seek to profit on the natural abundance of digital infrastructure by creating walled gardens to exploit. Companies like this exist all throughout the infrastructure of the internet, and it is difficult to avoid them, but it is something to consider when choosing a TLD. Preferring TLDs operated as nonprofits (e.g. .org) or at least as public-private partnerships is a good idea.
I chose .nyc as my TLD, which is a public-private partnership between the City of NY and Verisign.
TODO -- update this section. This may be misinformation or incomplete
Some TLDs may have difficulty sending email.
ISP
Your ISP may or may not "officially" let you self-host a web server or other traffic on your network. Whether this is actually enforced depends on your location and ISP. Do whatever research you can on your ISP, and consider a local ISP if available.
A better connection is preferable, but you can still self-host with relatively low upload speeds so long as you lean harder into the third principle (accept limitations).
Your ISP may or may not have a static IP adress, in which case you may need to set up DDNS to handle DNS records.
Hardware
In terms of hardware, you should be fine with any hardware that can run Linux. Personally, I use a Raspberry Pi 3B, because I already have one lying around. This setup is so light that you can probably get away with something as lightweight as the Raspberry Pi Zero.
Comments on the Raspberry Pi
Installing Alpine Linux on the Raspberry Pi is a bit of a challenge, by which I mean, you will not find any guide that will tell you exactly everything you need to do. Instead, you should develop an understanding of your specific needs and how different installation methods may or may not meet them.
Raspberry Pis boot from an SD card, and SD card wear is a problem: SD cards an unreliable storage medium, and may fail for any reason. I have not found reliable information about SD card wear and how to avoid it, so I tried the SD card as inherently unstable and make sure to have regular backups.
For my Alpine installation on the Rasbperry Pi, I uase a combination of this
wiki guide, using diskless install, plus a few bind-mounted filesystems, as described in this guide.Router
I use OpenWRT as my router software. I much prefer this to using proprietary, commercial software, whose security I cannot vouch for.
OpenWRT does not auto-update. You'll need to keep on top of security updates and patch your router regularly.
Configuration
I put my publicly-facing infrastructure on a separate VLAN so it should not be able to access anything else if it is compromised. A combination of these two guides, plus reading and understanding OpenWRT docs, should get you a VLAN set up: cli guide web iface guide
Security
Opening up your network to the public internet means that you'll have to take security seriously. A misconfiguration can mean compromising your server, and potentially anything else on your network that the server may have access to.
I do not have any IOT devices, such as a "smart" TV, thermostat, etc. The only devices on my network are my home laptop, work laptop, and cell phone. I recommend this as a general principle, not just if you're operating a home server.
Move carefully and make sure you understand things thoroughly before you make your server accessible to the public
Software
Learn Linux a bit. Be able to navigate around your filesystem and understand how things are laid out.
Firewall
I use ufw as my firewall, and block all in and out ports by default. I then allowlist the needed ports. A good place to start is: DNS, NTP, HTTP, HTTPS
Web Server
I use lihgttpd as my
Monitoring
I use rrdtool for monitoring, which is an older and much lighter-weight alternative to something like Prometheus
Other helpful resources
- A Traversal Network of Feminist Servers
- Counter Cloud Strategies
- Feminist Server Manifesto
- Server Security
For anyone interested in setting up their own home infrastructure, I am happy to help, please send me an email at alex@alexwennerberg.com