Oddbean new post about | logout
Custom Designed | 9 months ago (raw) | full thread 
 What kind of security issues?   Of course, you should not give clients of any services you offer (like http) access to your "home network" (assuming that means LAN your personal stuff is on).   A firewall is the general answer.

I have a minimum of 2 LANs, one called DMZ is connected to internet peers (including ISP - you really should have more peers and non-ISP ones) and one for your home stuff.  Servers are receive requests from the DMZ.   A typical configuration is to have 1 or more (local) cloud servers running VMs connected to the DMZ.  If the cloud server is also the gateway for the home LAN, a firewall on the host OS maintains the separation.  (I do that because the main cloud server has 2 PSUs and is more reliable than a cheap router.  I am reconsidering because so much stuff is down during maintenance on that server.)

Whatever the gateway, a firewall on that gateway should block incoming connections to the home LAN (with exceptions - need a longer discussion).  For Linux, I use iptables - but that is sadly becoming obsolete.  I need to learn nftables, and if you are just learning linux firewall, start with that.   There are high level systems like firewalld that sit on top of nftables or iptables - and make things simpler for the specific scenarios the designers considered.   While a laptop generally is one of those scenarios, the local cloud server setup is generally not - and things like firewalld make it MORE complicated, so I just use iptables on the gateway.

Simple things first: all your reliable servers must have ECC ram.  Do not compromise on this.  I won't go into all the reasons.

The most frustrating part of self-hosting has always been power.  I've been doing this for 40 years (starting with Series-1 minicomputer), and the most common server component to fail is the PSU.   This is mitigated by having 2 PSUs - much more reliable and much more expensive.  I can get a used 1 PSU server for $100 plus shipping and maybe additional ram or disk.    I am looking at $1000 used or $2000 plus for a new dual PSU server. 

The next item is the UPS.  These fail all the time.  If nothing else, the batteries wear out in 3 to 5 years.   You want more than one.   Any server with dual PSU should connect to 2 different UPSes.  Or at least your 1 UPS and a dedicated wall outlet with surge supressor.  You want an extra UPS to swap in or take up load when one fails (or the batteries fail).   The UPS thing is a huge pain - I would pay a reasonable amount for a service that provides N UPSes for N sats/usb per month and exchange them by mail to replace or change batteries.

You need Gbit ethernet switches - maybe even 10Gbit switches for high bandwidth applications (like SAN).  Always have extra.  I prefer "dumb" (unmanaged) switches.  I've seen too many security holes in managed switches.  Always buy cable that supports the faster switches - you will probably be upgrading (if we still have a country able to buy from China were all the stuff is made).

In addition to an OS that supports VMs (I use EL8 and Fedora with KVM), you can use old laptops or old desktops as lower reliability servers for experimentation.

Is this the kind of info you are looking for?