Recently i joined a network security company as a software developer, where i got the opportunity to learn some basics of Networking concepts to understand the product better, in doing so i found myself of having some interest or curiosity towards networking concepts, which eventually led me to build a mini home-server, in this blog am sharing my learnings and findings on how i build this mini home-server.
This blog will cover only the basic highlevel steps, although i have given all the source links for the setup, but if you are expecting a step by step tutorial kind of stuff, then this is not for you.
What is Home Server and why do we need?
What is Home Server;
Pastly everyone in tech probably knows what a home(bare metal) server is and why do we need it, but nowadays everyone is aware of Cloud Computing, AWS, GCP, Serverless etc stuffs, but just forgot the roots and basic stuffs like what is server and how to host things locally(bare metal) etc, Home server is not any definitive name or anything, its just a computer that sits with us(since in my case its in my home its probably a home server).
Why do we need;
We can make use of our own home-server in multiple ways, like for storing and writing files(like NFS), accessing our system CLI using SSH, creating our own web server, hosting our unfinished side projects, also we can get rid of data sucking google drive by having our own FTP server etc, and yeah, there are lot more than this to explore.
Prerequisites or What do we need to acheive this?
> Internet Connection(I know this is dumb but still!), probably a home wifi like ACT, airtel fiber, hathway etc.
> A Public IP address, This can be obtained from our ISP(ACT, hathway etc).
Why we need this? - our public IP showing in whatsmyip, cannot be accessed outside of our ISP, since by default all our ISP will be behind CG-NAT, you can learn about CG-NAT in this blog, youtube(personally for me this helped me alot to understand what is public ip, why do we need CG-NAT etc).
> A domain name for your public ip(this is optional as far as my opinion), if you are ok with accessing your server with ip address like (20.300.400.50) in browser or anyother client, this step is not needed.
> Of course a desktop or a laptop, with any linux distro installed.
How to Configure?
Once you set up your public IP from your ISP, thats it, that is all you need to connect your local desktop/computer to the internet(outside world). To verify the same, find your public IP in whatsmyip(IPV4) and try to ping your public ip address in your laptop/desktop from a different network other than your ISP(it can be your mobile hotspot).
Once you are receiving a sucessful ping, thats all, its upto us now to decide how to turn our normal desktop/laptop which is connected to internet into a webserver or as an FTP server etc.
If you find your public ip ping is not accessible, most probably you need to enable your ICMP settings on your router/firewall settings.
Once the above setup is done and verified, there are two ways you can make your desktop/laptop as your webserver, FTP server etc
Using PortForwarding.
Port forwarding is one way of exposing your server to the outside world, although this has some secruity flaws, which we need to take care by our self, but for simple tasks like hosting etc this is a good place to start.
> Setting up a webserver like nginx etc and open necessary ports to expose what you need to access from outside world for hosting purpose.
> Setting up an FTP server like vsftpd for NFS purpose.
> Setting up an SSH server like openSSH for CLI purpose.Setting up a Webserver
Setting up a webserver like nginx, makes our life easier, where nginx supports reverse proxy, load balancing etc, out of the box. Although we don't need all of that from nginx atleast for a simple home server setup, services like reverse proxy from nginx would be a great tool for starters like us to get things done.
> Expose port 80 on your router settings using port forwarding.
> if(firewall_is_enabled) allow port 80 in the firewall settings as well; else SKIP_THIS_STEP
> Install nginx.
> Once the above steps are done, if you are now trying to access yourin your browser from anywhere outside of your ISP network you should probably see default nginx page.
From here you can basically host any of your side projects without going to any cloud computing services like AWS, GCP etc, by doing some modifications to nginx conf settings.
If you face any issues like 502 or the if the site keeps on loading, try to restart the nginx or run sudo nginx -t(which tests your nginx conf file and will throw error if it finds any)
Sources: install and nginx setupSetting up an FTP server
Setting up an FTP server will help us to upload or download our private files, images etc(may be an mini alternate to google drive) from anywhere in the world, and whatnot we can be in full control of our own data. Here we are going to use vsftpd a FTP server for linux environment.
> Expose port 21 on your router settings using port forwarding.
> if(firewall_is_enabled) allow port 21 in the firewall settings as well; else SKIP_THIS_STEP.
> Install vsftpd.
> once the above steps are done, you can now able to connect to your home server using any FTP client(am currently using owlfiles application from my mobile) from anywhere in the world, and you can upload or download anything from your server.
Sources: vsftpd installation and setup
Setting up an SSH server
SSH will basically lets us to connect to our system from anywhere to run commands, install softwares, literally we can access our computer without physically accessing it using command line(CLI). Here we are going to use OpenSSH server.
> Expose port 22 on your router settings using port forwarding.
> if(firewall_is_enabled) allow port 22 in the firewall settings as well; else SKIP_THIS_STEP.
> Install OpenSSH server.
> Don't forgot to password protect since connecting via ssh will give an entire access to our server, on top of that also enable 2FA like google authenticator.
> Once the above steps are done, you can now access your server from anywhere using ssh clients.
Sources: openssh installation and setup, google-authenticator setupUsing VPN servers like wireguard, openvpn etc
There is another way of making our desktop/laptop as a webserver, FTP server etc, is by using a VPN servers like wireguard, openvpn etc, since in port forwarding approach we are exposing a lot of ports(like 21, 22, 80 etc) to the outside world, there can be multiple ways to hack into any of our open ports.
If we are using VPN based servers like wireguard, we don't even need to open all the ports. By this way this would be way more secure compared to our previous approach.
Setting up a VPN server with wireguard.
Setting up a VPN service is a easy process, since installing and configuring wireguard is pretty easy with only a minimal amount of steps we need to follow,
> Expose port 51820 on your router settings using port forwarding(Compared to port forward approach, here we are exposing only a single port 51820 where this port is managed by wireguard and can only accessed by legitimate clients that already registered with our wireguard.).
> if(firewall_is_enabled) allow port 51820 in the firewall settings as well; else SKIP_THIS_STEP.
> Install wireguard(personally i installed using a docker container)
> Once the above steps are done, now try to access your:51821 from your internal network, this will open a GUI based wireguard, where you can manage your wireguard clients.
Sources: complete installation of wireguard server and client.
Yep, this is it! this is how i turned my local desktop into a home server and rn using it for hosting and alternate for google drive.
Feel free to share your comments on security and how to improve this even more!
Do Follow
Github X
