Article: Debian @ home server »
FERDY CHRISTANT - DEC 19, 2007 (08:38:59 PM)
||As of today I am the proud user of my own home server, a real server that is. I finished installing the hardware, network and services that I want. In this somewhat messy article, I will demo the incredible and fun things one can do with a powerful home server. I will also provide a brief overview of the steps involved in the setup. Perhaps after reading this article, you have gained some insight or inspiration in running your own server. Feel free to use this article to convince your family that you too need a server.|
Let's get to business straight away, an overview of the server capabilities, as seen from the perspective of the user...
The machine runs a file server, serving up files on my LAN. Since we have multiple desktops/laptops, this is a blessing. No more file synchronization, USB disk transfers, worries about backups or data inconsistencies. All our clients simply work on the file share, directly, from both Windows and Linux clients.
This is essentially the functionality you would get from a NAS drive, with one difference...this is significantly faster. I have not done any measurements, but it feels like working from a local disk. Opening a 20 Meg e-Book takes about 2 secs. This is the kind of functionality your whole family can benefit from.
Moving on to the web. The server runs Apache2, PHP 5, and MySQL. I have opened up some of that to the internet, so wherever I am, I can access some of the server's services. Instead of bookmarking each service, I redirect an easy to remember domain name to my home server's start page.
I only allow https traffic over the internet to my server, using a self-signed certificate. A self-signed certificate does give a browser warning, but the encryption is just as good: AES 256 bits. Of course, the web access is password protected. Once in, the server start page appears:
That's right, the server is named "Diablo", because it is such a beast in raw power, and unfortunately, noise. Anyway, the start page is a simple PHP page I slapped together that does the following:
- Provide a number of static links to key services
- Provide a dynamic list of the web projects I have deployed on the server
- Provide the logged in user, server uptime and server clock
From the start page, I can jump to most services, starting with file serving:
From my browser, I can browse and download all the files we have put on the server. I use this only when I am away from our home LAN. Since this is SSL-encrypted and password-protected, I trust this enough to be used over the internet. It is not possible to edit anything this way, but I generally do not require that functionality when away from my LAN. If I would, I would install a FTP server. FTP is often blocked at corporate firewalls however, so I don't bother.
Next, probably the coolest service on my server: streaming music. Over the years we have collected quite a number of mp3s, neatly organized into a library. We can now listen to them from anywhere, by streaming them over the internet.
Gnump3D, the streaming web app displays various overviews of the library, and also has the ability to create playlists, or randomize music. Next, after clicking "play", the selection of music is streamed to your default music player.
If you have a weak uplink on your server, you can even tweak the bandwidth to use for the streaming music. The streaming music service is obviously well-protected. It is directly linked to the file server. In other words, if we add music to the server, we can directly stream it.
Moving on with some geekier stuff, particularly web development. First, earlier I mentioned the file share. I also have a projects share, which links directly to a virtual host in Apache. This means I can conveniently develop on the server, from any IDE, as if I am developing locally, and test it on the server right away. This makes for an ultra-fast development-test cycle. Plus, I do not have to worry about losing work on my local client. Any project that I add to the projects share will directly appear in the start page mentioned earlier. From there I can open the project directly, here's an example of a site in development:
What's more. MySQL administration using PHPMyAdmin:
PHPMyAdmin is a very good way to adminster databases in a browser. Like the other services, traffic is encrypted and password-protected. In addition, MySQL has it's own administrator password, resulting in an ultra-secure remote database administration solution.
Moving on to one of my favourite tools, Subversion. Subversion is a source control system that is essential for open source or home developers. Basically it organizes your projects into repositories, tracking all changes to it. This allows you to revert a version, create forks, apply patches, and do proper release management of source code. I have installed Subversion on the server and made it accessible via Apache2 WebDAV. This means that I now have full access to my home projects using Subversion, no matter where I am (using port 443, bypassing any corporate firewall).
Note that before I outsourced Subversion hosting to Google. I have now insourced it again, because I like to be able to work on non-public projects. Anything I do in Subversion I can see using just a browser, by going to my WebSVN service:
Note that I made some customizations to WebSVN: A slight customization of the template, plus I added the ability to create a new repository from WebSVN, without requiring me to enter an obscure command in the terminal.
Perhaps it is hard to put the things together by just seeing the screenshots, but once you would experience the combination of the project drive, Subversion, WebSVN, and the server's start page, you would probably agree this to be quite a sophisticated development setup for a home situation. I know I am enjoying it!
Finally, not really a service but just a web application, is Webalizer, a simple web stats application. Although I have secured the server quite well, I still would like to be sure. Therefore I monitor the stats frequently to see if any weird IPs make it through.
Still not done. What's a linux machine without SSH access? I have installed and configured the services mentioned earlier via remote SSH, essentially a remote command line interface to the server. Since the server runs a OpenSSH service, I can remotely control the machine in a very secure way (encrypted, passphrase protected). There are SSH clients for many operating systems, here is Putty for Windows in action (although I prefer a native Linux SSH client):
I can SSH into the server from anywhere on the internet, although hat particular port is often blocked at corporate firewalls. Finally, when I need to use UI tools on the server, without taking place behind the server, I use VNC:
I only allow VNC access from my LAN, since I do not really trust it to be secure.
This concludes the demo part. I hope you liked it. Note that these are just basic services, I could quite easily go on installing Tomcat, video streaming, email, DNS, virtualization (i.e. a Windows server), Lotus Domino, etc. Essentially, this is the joy of a home server: flexibility, combined with raw power.
If at this point you are considering to set up your own home server, hereby some considerations. I will only briefly cover the installation steps, since they are mostly taken from other articles.
You can pretty much run a server on any hardware. In fact, a 3 year old desktop machine could probably deal with the load of the above services quite well. My consideration was different though, I wanted raw power, server-optimized hardware (for stability), extensibility, and generally a machine that can last 5 or more years. That's why I purchased a Dell Poweredge 1900. It is quite an investment, but very much worth it, if this kind of thing is your hobby. By the way, if you have strong server-based computing needs, owning and running a home server is cheaper than leasing in the long run, especially when you require lots of storage.
Speaking of storage, I saved almost 300$ by adding a terrabyte of storage myself, instead of buying the upgrade at Dell. If you plan to go for dedicated server hardware, consider the following:
- Servers are noisy, be sure to have a spare room that is well isolated. It will probably be on 24/7 and you definitely do not want to hear it, trust me.
- Servers need some room to breath, this means a well-ventilated room. Avoid extreme temperatures and tight corners.
- Servers consume a lot of power, compared to a desktop computer. Consider the costs involved. Compared to leasing costs, it is probably still cheaper to run it from home.
- Make sure your electricity setup is safe and can handle the server's power load.
- Depending on placement, check if your physical network setup allows for a dedicated line to the server.
I have had my fair share of Linux tryouts, including Suse, Red Hat, Fedora and Ubuntu. I will not even consider Windows for a home server, since it is not free. From my own experience and what I learned from magazines and the Linux community, Debian seemed like a logical choice for a home server OS. Based on just that, I gave Debian Etch a try. Before Etch I did not consider Debian, since its packages were so outdated.
So what is Debian like? It is simply awesome. It is rock solid, easy to install, has Debian-optimized packages for 18,000 programs, and extremely effective with system resources. All the services above combined consume less than 300 meg and less than 1% CPU in idle mode. Windows Vista, although I admit this is comparing apples with oranges, consumes over 500 megs on my system, just to give you an idea. Debian on server hardware is like driving a ferrarri with the stability of a tank.
A common misperception about Debian is that it is difficult to administer. I could not disagree more. Even a relative Linux newbee like me was able to set up a feature-rich, secure server in no time. Will you have to use the command line a lot? Yes, but that's why this is a server OS, it is not meant to be a rich user experience. Is the command line difficult? No, in fact it can be a joy. Imagine typing "apt-get install mysql", and one minute later having a MySQL server running. That's it, nothing to download, extract, no wizards, no reboots, no confirmation dialogs, nothing, just one line of code. If you still do not like the terminal, there is GUI package manager that lets you simply select what you want. All these packages are optimized for Debian Etch and work straight out of the box.
Tired of getting update notifications from individual software packages, or having to go out and download/install updates manually? Debian consolidates the updates of the OS plus everything you installed on it. You can then either automatically install them, or (de)select updates manually.
Installing Debian itself is super simple too. Simply download and burn the DVDs, place them in the drive, boot the server and follow the steps on screen. Enter basic details, such as the hostname and root password and leave everything else as-is.
With the basic OS running, it is time to install services on top of it. It goes too far to describe every step I took to get the services above working, but here is the generall process. If you want more detail in a specific area, please leave a comment.
- Google for the subject. Do not pick the first match blindly, read a few articles and then decide on which article seems best or closest to your requirements and situation.
- Carry out the steps in the tutorial. Often this starts with the installation of new packages (apt-get install). In some cases, that is all you need to do.
- More complex services, such as Apache, require you to tweak config files. Find a good tutorial/example and give it a shot. Always back up the original config files and thoroughly test your changes.
- Once working, do not forget to document and back up your changes.
Using this simple process, a bit of existing Linux experience and a lot of enthusiasm I was able to setup the home server in less than 20 hours. This is pretty much a one-time exercise you have to do, which is in fact quite fun and educational. If I can do it, it must be easy.
Security is crucial, especially when you serve over the internet. I'm not a security specialist of any kind, but I use these simple principles to protect the home server:
- Do not open up services over the internet when it is not required, your home LAN is much more secure. I hope. Work from the inside out: block everything, and then open up only the things required.
- Only open up services once you finished configuring it and testing it.
- Know how your network equipment works, i.e. your router.
- When you serve over the internet, encrypt the traffic where possible.
- Choose different passwords of proper strength for each service. Do not go for the convenient single root password. This way, when somebody compromises your system, they will only have control over a small part of the system.
- Install or know about your logs and statistics. Monitor them frequently for unwanted visitors.
- Install security patches for the OS and packages regularly
With the hardware, OS, services and data in place, there is a need to back it all up. First, you probably want to backup the OS, packages and settings you have altered. In Linux, you can simply tar (archive) the full OS, while it is running, no need for third party software or reboots. Place the tar at an external drive and you're done.
Data is something you probably want to update regularly. I choose to use rsync for a daily incremental backup to a USB drive that I have connected to my server.
Note: I am currently in the process of setting up/testing the backup routines, so no details yet.
Once you are done with the full server and network setup, do not forget to document it. You are likely to forget all the settings you made once you start using it. Document it while it is still fresh. I simply created a diagram that displays the physical and logical network setup, as well as key config files and passwords. Never ever distribute such documentation.
From my experience in this whole process I can conclude:
- A dedicated home server can be quite an investment, but it is a good investment. It can be a joy for years, and even save money in the long run, especially for power users.
- A server can provide meaningful, time-saving and fun services to you or your family. It can also easily professionalize the way of working for home developers
- Debian is well recommended as a cheap, solid, effective server OS, particularly if you're not afraid to learn a bit in the process of setting it up. The process of setting up such a server is quite easy, fun and educational. Do not foget about security though!
- A server is not for everyone, consider costs, noise, placement, ventilation, etc.