-
-
awesome-selfhosted
A list of Free Software network services and web applications which can be hosted on your own servers
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
awesome-sysadmin
A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP.
-
yunohost
YunoHost is an operating system aiming to simplify as much as possible the administration of a server. This repository corresponds to the core code, written mostly in Python and Bash.
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
This is a journey that will require a lot of time, practice, and errors in order to get you anywhere. The Open Source project which might be closer to offer most of Google Drive services is https://nextcloud.com/ it's well documented with plenty of tutorials online on how to install it and configure it.
Let me start with few lists. Every app I mention later is linked and described there. These are really gold mines. Easy to get lost! Awesome Selfhosted Awesome Privacy Awesome Sysadmin
Let me start with few lists. Every app I mention later is linked and described there. These are really gold mines. Easy to get lost! Awesome Selfhosted Awesome Privacy Awesome Sysadmin
Let me start with few lists. Every app I mention later is linked and described there. These are really gold mines. Easy to get lost! Awesome Selfhosted Awesome Privacy Awesome Sysadmin
In exemple, you have a project called Yunohost which help you a lot to selfhost somes services. This is very helpful at the beginning but in the end : do you really understand how it works behind the stage ? And it's the same thing for every docker-like app.
Things I had to learn when I was at your stage and bought my raspberry pi (lengthy): - Use a good password manager, you will need it. KeePass is amazing, I store the keepass file on Dropbox for sync purposes (it's encrypted, I don't care if Dropbox wants to read a bunch of gibberish) - Setup a user other than default pi, that's a username people will try to attack with. - set up SSH with a strong user password, learn port redirection for remote access - sudo apt install -y fail2ban (for ssh) - install Rootless Docker (helpful guide), docker-compose will simplify your life greatly. You can use regular Docker, but then you have to trust that your containers won't hurt you. - use an external HDD for Docker and your personal files, it's much faster than the sd-card. Throw an SSD if you want even faster and can afford it. - Use LUKS to do a full-disk encryption (guide) of your hard disk. Doing the same for the sd-card and booting on it looks like a nightmare, but go ahead if you like. - I recommend this setup for the Docker daemon { "storage-driver": "fuse-overlayfs", "data-root": "/your_hdd_path/docker_data_root", "default-address-pools": [ { "base": "192.168.0.0/16", "size": 24 } ] } Setting the address pool was needed to use Unbound (goes great with Pihole), but isn't necessary. Instead of this base, you can use any subnet defined [https://www.arin.net/reference/research/statistics/address_filters/](here) and it will work with Unbound. The storage driver was already like that. The data-root is self-explanatory. More details - install https://github.com/azlux/log2ram to lower sd card usage - sudo apt install -y ufw UFW is an awesome yet simple firewall. Look into it. - I personally email myself at every SSH login and shell use. Look into setting up exim4, then add echo "message" | mail -s 'subject' [email protected] at the end of ~.bashrc and /etc/ssh/sshrc (create this one if it doesn't exist). I also added SMS notifications, your phone provider likely has a system setup that you can trigger too. Check your_provider sms api to see how to do this. - look into setting up unattended-upgrades, you will likely have to sudo nano /etc/apt/apt.conf.d/50unattended-upgrades to change default settings. Add packages by checking sudo apt-cache policy. - Look into setting up a backup system, it is very important. I like Duplicati because it's easy, find something for you. - Rootless Docker doesn't update automatically for now, remember once in a while to upgrade it manually. - Look into setting up logrotate whenever you install a new package and it has logs in a file in /var/log. The default settings are in /etc/logrotate.d, it's not complicated. I do it for all my public Internet facing containers in order to avoid growing 10GB log files and wonder why my system is bugging. - Set up fail2ban in a container for all your public Internet facing services (I avoid this for SSH, if Docker bugs then you can't ban IPs for SSH). crazymax/fail2ban is great. - containrrr/watchtower:arm64v8-latest is nice to auto-update containers - pihole/pihole + klutchell/unbound is great for recursive DNS + filter queries - SECURITY: setup a network every time you need 2 containers to talk. I currently have around 40, and that caused some network collisions with default settings (Docker gave the same address to 2 networks) so I setup every network manually (just copy-pasting). networks: default: # Docker sometimes asked me for a gateway, but maybe you don't need to specify it) ipam: config: - subnet: 192.168.1.1/24 gateway: 192.168.1.1 net_1: # Copy-paste this part and increase the subnet as shown, change name if you want ipam: config: - subnet: 192.168.1.0/24 net_2: ipam: config: - subnet: 192.168.2.0/24 - SECURITY: learn about Docker secrets (some sites say you need Docker Swarm to use them, but just ignore them, you don't), it's really easy
Things I had to learn when I was at your stage and bought my raspberry pi (lengthy): - Use a good password manager, you will need it. KeePass is amazing, I store the keepass file on Dropbox for sync purposes (it's encrypted, I don't care if Dropbox wants to read a bunch of gibberish) - Setup a user other than default pi, that's a username people will try to attack with. - set up SSH with a strong user password, learn port redirection for remote access - sudo apt install -y fail2ban (for ssh) - install Rootless Docker (helpful guide), docker-compose will simplify your life greatly. You can use regular Docker, but then you have to trust that your containers won't hurt you. - use an external HDD for Docker and your personal files, it's much faster than the sd-card. Throw an SSD if you want even faster and can afford it. - Use LUKS to do a full-disk encryption (guide) of your hard disk. Doing the same for the sd-card and booting on it looks like a nightmare, but go ahead if you like. - I recommend this setup for the Docker daemon { "storage-driver": "fuse-overlayfs", "data-root": "/your_hdd_path/docker_data_root", "default-address-pools": [ { "base": "192.168.0.0/16", "size": 24 } ] } Setting the address pool was needed to use Unbound (goes great with Pihole), but isn't necessary. Instead of this base, you can use any subnet defined [https://www.arin.net/reference/research/statistics/address_filters/](here) and it will work with Unbound. The storage driver was already like that. The data-root is self-explanatory. More details - install https://github.com/azlux/log2ram to lower sd card usage - sudo apt install -y ufw UFW is an awesome yet simple firewall. Look into it. - I personally email myself at every SSH login and shell use. Look into setting up exim4, then add echo "message" | mail -s 'subject' [email protected] at the end of ~.bashrc and /etc/ssh/sshrc (create this one if it doesn't exist). I also added SMS notifications, your phone provider likely has a system setup that you can trigger too. Check your_provider sms api to see how to do this. - look into setting up unattended-upgrades, you will likely have to sudo nano /etc/apt/apt.conf.d/50unattended-upgrades to change default settings. Add packages by checking sudo apt-cache policy. - Look into setting up a backup system, it is very important. I like Duplicati because it's easy, find something for you. - Rootless Docker doesn't update automatically for now, remember once in a while to upgrade it manually. - Look into setting up logrotate whenever you install a new package and it has logs in a file in /var/log. The default settings are in /etc/logrotate.d, it's not complicated. I do it for all my public Internet facing containers in order to avoid growing 10GB log files and wonder why my system is bugging. - Set up fail2ban in a container for all your public Internet facing services (I avoid this for SSH, if Docker bugs then you can't ban IPs for SSH). crazymax/fail2ban is great. - containrrr/watchtower:arm64v8-latest is nice to auto-update containers - pihole/pihole + klutchell/unbound is great for recursive DNS + filter queries - SECURITY: setup a network every time you need 2 containers to talk. I currently have around 40, and that caused some network collisions with default settings (Docker gave the same address to 2 networks) so I setup every network manually (just copy-pasting). networks: default: # Docker sometimes asked me for a gateway, but maybe you don't need to specify it) ipam: config: - subnet: 192.168.1.1/24 gateway: 192.168.1.1 net_1: # Copy-paste this part and increase the subnet as shown, change name if you want ipam: config: - subnet: 192.168.1.0/24 net_2: ipam: config: - subnet: 192.168.2.0/24 - SECURITY: learn about Docker secrets (some sites say you need Docker Swarm to use them, but just ignore them, you don't), it's really easy