Setting Up My New Home Server

Hardware and OS

I was inspired by this Ars Technica article to own hardware after renting one in the cloud for a while. So I ordered a Foxconn NTA350, 4GB of RAM, and 64 GB SSD for $270.

Once my new toy arrived, I named him Jarvis and installed Ubuntu 12.04 server edition including the DNS, OpenSSH, SMTP, and LAMP packages.

Personal Environment

I’m picky about my personal environment. Everything from keybindings to colors has to be just right for me to feel at home.

ran my dotfiles bootstrap script
created the best message of the day (motd) ever with this tutorial
in order to do that I needed to install hddtemp, lm-sensors (and configure it with sudo sensors-detect, fortune (fortune-mod on Ubuntu), and cowsay

my motd

Dynamic DNS

I’m hosting out of my apartment with an IP that’s potentially dynamic. I went with ZoneEdit as my dynamic DNS provider ($1/mo/domain) and installed Ubuntu’s ddclient which periodically updates ZoneEdit with its IP.

Security

Ubuntu 12.04 gives me the option to encrypt my home directory. For a while I didn’t understand why I couldn’t SSH into Jarvis. Then I figured out that the machine wasn’t be able to read my .ssh/authorized_keys files since they were encrypted. So I moved my authorized_keys from the usual .ssh/authorized_keys path to an unencrypted area /home/.ssh/david.

copied over my usual .ssh/config and .ssh/authorized_keys file
generated a public key pair
modified /etc/ssh/sshd_config: change default port, no root login, key only auth, etc
installed denyhosts according to Securing Your Server with Denyhosts
copied over my previous collection of blacklisted hosts to /etc/hosts.deny
added iptable rules according to Securing SSH with iptables and installed iptables-persistent to persist them after reboot

People who’ve tried to hack me but failed.

sshd: 106.187.52.187
sshd: 117.34.88.152
sshd: 150.101.188.250
sshd: 62.75.215.8
sshd: 223.4.88.39
sshd: 76.74.236.19
sshd: 79.189.102.226
sshd: 74.63.209.195
sshd: 189.1.162.182
sshd: 176.53.8.8
sshd: 89.238.183.188
sshd: 118.217.12.34
sshd: 202.29.95.141
sshd: 85.214.107.171
sshd: 218.201.210.215
sshd: 66.65.122.235
sshd: 91.205.189.27
sshd: 150.140.134.169
sshd: 85.219.190.10
sshd: 91.221.67.149
sshd: 221.7.11.112
sshd: 118.97.116.3
sshd: 122.255.4.178
sshd: 175.45.42.37
sshd: 99.185.86.198
sshd: 62.129.241.146
sshd: 180.148.0.163
sshd: 50.137.50.191
sshd: 173.76.29.185
sshd: 152.179.155.2
sshd: 130.132.200.149
sshd: 128.36.194.119

Web Server

I installed nginx with the commands below (also in the Ars article).

install python-software-properties
add-apt-repository ppa:nginx/development
aptitude upgrade
add-apt-repository ppa:nginx/development