Home server setup
-
I wrote blog post on how to setup Cloudron on a home server - https://cloudron.io/blog/2018-04-13-home-server.html .
It's nice to have this documented once and for all since I have repeated this many times
Let me know if I missed something.Happy to answer any questions!
-
Hi @girish, this is a great post (from a couple of years ago!)
So would it be safe to install Cloudron on a vanilla install, no firewalls preconfigured or anything? -
does it need any updates for 2021?
-
-
@staff Is this still good in 2022? I'm running into issues with setting up my own "home server" and I want to make sure the guide is accurate. Thanks!
Edit: my main problems are:
1- when I google what's my ip, I get a ipv6 address but if I use a website to locate my ip, it shows an ipv4.
2- can't see my server ip in the router gui so I can't assign a static ip to it or attach port 443 to it.
3- i added a passphrase to encrypt the disk when installing ubuntu server 20.04. I think that might be problematic down the road after I fix the ip issues. -
@humptydumpty generally home server setups work fine with some caveats.
In your case you have to have a router which allows portforwarding as well as a real ipv4.
Some providers only give a fake/shared ipv4 over ipv6, which does not work for incoming connections to your home over ipv4. -
@nebulon I was able to get to my dashboard through the my.domain.com but the installed apps wouldn't load. I'm guessing I hit the problem you mentioned earlier. I was able to attach/open ports 443 & 80 (HTTP, HTTPS) in my router. Then, I noticed the following in the blog post:
Remember to port forward TCP ports from the router to the server when using non-HTTP(S) ports. For example, you might have to forward SSH ports for git to work when using Gogs, Gitea & GitLab.The two apps I tried were Wekan and Uptime Kuma. I'm guessing there are other ports I need to open. If not, then I need to replace AT&T's router with a third party. I got a headache... shutting "my server" off for now
-
@humptydumpty both mentioned apps do not use any further ports. So if you can reach your dashboard, the portforwarding is fine for those, as dashboard and apps are handled through the same reverse proxy on your Cloudron. Did you maybe see a certifcate issue or what exactly was the behavior when trying to open the apps?
-
@nebulon No certificate issue. The dashboard cert has a valid date, no broken shield or error msg, and it's issued by Let's Encrypt. However, even the dashboard took its time initially to get the cert from LE. Afterwards, loading the apps page, settings, installing an app, etc., were all sluggish and would hang before working again.
I also noticed that when installing the apps, I would get the "cloudron is offline message" for 1-2 seconds and then it comes back online and finishes the app installs. Once installed, if I click on the app, it keeps "spinning" and never loads anything.
I'm running the server on an older laptop (i5 5th gen, 8gb ram, 120gb ssd). It shouldn't be a hardware thing.
Is there anything I need to do directly with my ISP? Perhaps they're blocking/limiting traffic?
BTW, when I said home server, it's actually at my office so the internet is on a business plan with an AT&T provided modem/router all-in-one unit. Currently, I have it shutdown and I closed off the ports on the router so I can't run any troubleshooting or provide the domain link to you. -
@humptydumpty I have no experience with US AT&T connections. If you see Cloudron offline messages in the dashboard, can you check what the browser shows in the network inspector regarding the responses? Also check the server logs at
/home/yellowtent/platoformdata/logs/box.logand check if it keeps restarting. -
@nebulon I'll do that today. I forgot to mention that I didn't notice the laptop restarting at any point.
-
@nebulon I sent you a DM with the sensitive stuff but since I can't attach images there here's some I wanted to share.
Do I need to change anything here?
I opened ports 443, 80, 20/21, 22 so far.
-
@humptydumpty this looks good, I also replied to your DM that I can reach the app in question just fine.
-
@nebulon Yes, I'm able to access it too now. I left it all as-is from yesterday so I don't know what changed. Anyway, it's awesome that I now have my own "home" work server. The main purpose of having one is to have Uptime Kuma to monitor my main VPS while repurposing an unused laptop. Mission accomplished!
One last question though, is it safe to leave SSH, FTP, and SMTP ports open on the router?
-
@humptydumpty it's probably just time for DNS propagation : your may have tried the app domain locally before it was registered, so your local machine or DNS server cached the non-existing result, which led to failures even after it was registered.
About the ports, there shouldn't be a problem. (FTP port ? I don't remember anything about this one though. Why is there an FTP ?)
If you want to be extra-safe, you can redirect the SSH port to another non-standard external port on the router, to avoid most basic scan tools
-
@mehdi Noted. Thank you!
-
IMO this is the best way to have a cloudron instance running. The instructions shouldn't really vary much outside of:
- Static IPv4
- Port forwarding
- Knowing how to install Ubuntu
At the end of the day a VPS is just a VM (or bare metal computer) running on a server elsewhere.
One suggestion that might trip people up is making sure your ISP supports specific ports. Most don't block ports (in Canada) but I know that residential Telus plans here block SMTP and IMAP ports unless you get a business plan. Generally speaking though you can go through fewer hoops getting mail working directly from cloudron instead of relying on something like Sendgrid, which for me kind of defeats the purpose of self hosting to begin with.
-
@atridad said in Home server setup:
One suggestion that might trip people up is making sure your ISP supports specific ports.
This was/is my biggest concern. I wish the guide went into more depth on which ports are needed for which services/apps and what is the job of each is. I know most of the folks on here see Cloudron as a place for "devs" but I see it as a "THE" place for the not-so-tech savvy, so having the simplest of things like port #'s explained in layman's terms is greatly appreciated!
As for the IP, I think I have a fake/shared ipv4 over ipv6 according to the results I got online but it's working regardless. Maybe this new addition had something to do with it: https://forum.cloudron.io/topic/6277/ipv6-support-on-cloudron-io?_=1641421150213
I want to thank the Cloudron team, app devs, and the entire community on here for creating such an amazing service and knowledge hub that I believe is key to help us noobs make the switch from big tech. THANK YOU!
-
@humptydumpty Oh this part of their docs has the important ports: https://docs.cloudron.io/security/#inbound-ports
This obviously doesn't apply to specific apps (minecraft, for example) but yeah.
-
@humptydumpty Also if you're using the built in mail server, make sure you can contact your ISP and get them to change the PTR record for your IP to your SMTP server address (default: my.<domain>.<tld>
-
@atridad I configured it to work with my existing Mailgun account as I didn't want to deal with my ISP. I had issues with them in the past regarding simpler things like billing Q's and plan changes.. imagine the horror if I ask about technical stuff
For a future project, I'm going to try to run a CR home server on a residential internet plan with SPECTRUM/TIME WARNER. North American residents will understand the struggle lol.
