Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| selfhost:approach [2025/02/18 11:01] – willy | selfhost:approach [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== The Approach ====== | ||
| - | |||
| - | **Self-hosting** and **Home-Automation** are something that grow over time, getting more complex and elaborated. You start small, with some recycled hardware and makeshift cables to host some experimental services, then you start self-hosting important stuff. | ||
| - | |||
| - | But then... | ||
| - | * One day your home internet connection is down and so you find out about **reliability**... | ||
| - | * One day power goes out at home, and you find out that an unexpected server reboot might cause side issues... | ||
| - | * One day, maybe during a hot summer day, your USB network card fails on you, when you are on vacation... | ||
| - | * One day that critical CalDAV service stop working due to a Python update and you miss an appointment... | ||
| - | * One day maybe you get hacked.... | ||
| - | |||
| - | So you start studying and investing in UPS, reodundant ISPs with failover capability, advanced routing for your services, containers, backup techniques... | ||
| - | |||
| - | I went trough the process (except i never got hacked, maybe my security measures where good from the beginning, or i was lucky, o maybe i just never noticed?), and you will as well go trough it. | ||
| - | |||
| - | At the beginning i started out with a very simple approach, spent one year and half more or less expanding to the point where something a little bit more advanced was actually required. I will describe my final implementation (which, actually, is in constant evolution) and, along the way, also describe simpler ways to achieve similar results. | ||
| - | |||
| - | |||
| - | ===== Basic Requirements ===== | ||
| - | |||
| - | The following are the **very basics** that i assume you will take into consideration, | ||
| - | * Have a **proper backup plan** in place (see [[selfhost: | ||
| - | * Have **two** ISPs to provide a failsafe internet connection (see [[router: | ||
| - | * Stored your data on some redoundant **RAID array** (see [[selfhost: | ||
| - | * Have an **UPS** solution to protect your server / disk RAIDS from blackouts | ||
| - | |||
| - | |||
| - | ===== Architecture ===== | ||
| - | |||
| - | Home Server | ||
| - | |||
| - | Home Automation Server | ||
| - | |||
| - | Network Gateway | ||
| - | |||
| - | Network Access Points | ||
| - | |||
| - | External Server | ||
| - | |||
| - | |||
| - | ===== Architecture ===== | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | ====== The Simple Approach ====== | ||
| - | This is how i started, and while it has it's limitations and possible issues, it's a perfectly valid self-hosted approach. | ||
| - | |||
| - | The basic idea is to stay cheap, save on hardware using something you already have available and adapting to it's limitations. My choice has been an older, but powerful, laptop which has quite a few advantages: | ||
| - | * Doesn' | ||
| - | * It's fairly low-power, which is good for something on 24/7 | ||
| - | * It doesn' | ||
| - | * It uses little space (specially compared to a PC with monitor& | ||
| - | * Can fit vertically behind furniture, if you don't have a place for your self-hosted rig | ||
| - | * Come with WiFi out of the box | ||
| - | |||
| - | But it also have some drawbacks: | ||
| - | * Limited storage space (usually one SDD or maybe one NVME and one SSD) | ||
| - | * Limited upgradeability CPU/RAM wise | ||
| - | * Louder fans under heavy load | ||
| - | * Usually one (or even none) internal network interface card | ||
| - | * An always plugged in battery **will** swallow over time and can be a fire hazard | ||
| - | |||
| - | Most of the drawbacks can be overcome with modern USB devices. Today' | ||
| - | |||
| - | As a final word, this **simpler** approach works very well and might be all you need. The limitations come from the **single point of failure** that having only one piece of hardware implies: when it goes down, for hardware failure, software bugs or just maintenance, | ||
| - | |||
| - | ===== Storage ===== | ||
| - | Let's focus. You need RAID storage, which means at very least two hard-drives (or SSDs) in RAID1. Better would be many devices on RAID6 or such, but let's stick with two RAID1 mirrors for the simple approach. | ||
| - | |||
| - | Assuming your laptop cannot host two drives internally, you need to buy an external device. Laptops nowadays only come with various USB connectors, so i will not talk about E-SATA or other connection types, but only USB. Those are also the less expensive, so it's a win-win for the simple approach. | ||
| - | |||
| - | A few key concepts to follow: | ||
| - | * Prefer USB-C over USB-3 | ||
| - | * Don't go anything less than USB-3 (USB-2 and USB-1 are just too slow) | ||
| - | * Get a multi-disk enclosure (2 disks, or even better 4 disks) | ||
| - | * Get an externally powered enclosure, always | ||
| - | * Get a JBOD (Just a Bunch Of Disks), not a RAID enclosure | ||
| - | * Get a small UPS to keep those disks spinning on power loss | ||
| - | * Do **not** be cheap on this: get a reliable brand and model. | ||
| - | |||
| - | As i said above, USB-3 and USB-C are more than capable to sustain disk throughput and network loads, so USB will not be your bottleneck. but USB is quite unreliable, bot the protocol or bus itself, but the USB devices are usually low-quality. To ensure you have no issues over time, buy only reputable brands enclosures, do not save money on this item, and avoid RAID enclosures because i will be showing you how to leverage Linux built-in **software raid**, and JBOD enclosures have a better quality/ | ||
| - | |||
| - | Since laptops have limited USB ports, get only **one** big enclosure to fit all your drives, not many smaller ones. Prefer one which is externally powered, because they are more resilient, and buy a cheaper UPS power strip (anything in the lower end should fit) to keep the disks spinning then the occasional power outage **will** strike. In fact, having a laptop which will survive a blackout while the disks don't, it's not a good nor safe idea. (remember: UPS batteries will need to be replaced every year or two, do it) | ||
| - | |||
| - | ===== Networking ===== | ||
| - | The second issue with using a laptop is that you will need at least two, better three, wired Ethernet connections to use your server: | ||
| - | * One LAN interface, to talk to all your home devices | ||
| - | * One, or better two, WAN interfaces, to talk to your one, or better two, ISPs (Internet Service Providers) | ||
| - | |||
| - | I suggest to avoid using WiFi because or reliability and bandwidth, so you need three Ethernet NICs. If you are lucky, your laptop should have one, the others needs to be added via USB network cards. This is where things get a bit complex because USB network cards are quite unreliable. Luckily Linux nowadays support most of existent USB network cards, but in my experience they tend to fail quite easily. Some suggestions: | ||
| - | * Buy a known brand, stick to 1Gbps cards | ||
| - | * Prefer USB-3 ro USB-C (seems more solid kernel drivers?) | ||
| - | * Avoid " | ||
| - | * Keep them cooled: heat will make them fail more than often | ||
| - | |||
| - | If you experience links going down, buy a different brand / model and hope for the best. | ||
| - | |||
| - | ===== Services ===== | ||
| - | Your laptop will be your server and your router. Which means that all your services will run on it as well as all your routing tables, fail-over between ISPs and such. | ||
| - | |||
| - | Your server, or your laptop then, will need to be beefy enough to host any service you will need. In my experience, this is not a big issue. For low power laptops, a good video card might be useful for on-the-fly AV1 / x265 video decoding (if you want to host a media server like [[services: | ||
| - | |||
| - | ===== Routing ===== | ||
| - | Your laptop will be your server and your router. Which means that all your services will run on it as well as all your routing tables, fail-over between ISPs and such. | ||
| - | |||
| - | This means that if you mess up or need to reboot the laptop, your home will lose internet connection for a while. Also, if your laptop dies for any reason you will not only lose all your self-hosted services (until you restore a backup/ | ||
| - | |||
| - | Setting up routing with multi-ISPs (fail-over, or load sharing...) will be done manually with a few routing rules and settings (see [[router: | ||
| - | |||
| - | While less glamour than using a fancy web GUI, it fits the same purpose and maybe it's also interesting to learn. This approach doesn' | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | ====== The Advanced approach ====== | ||
| - | |||
| - | The advanced approach gives your more peace of mind, stronger resillience and more flexibility at the price of higher hardware cost, more knowledged involved, and more setup times. It's also more fun, but you might want to evolve gradually from the simple to the advanced approach maybe to create a progressive investment in money and knowledge. | ||
| - | |||
| - | The basic idea is to split the simple approach by separating the two main pillars of the setup: | ||
| - | * The routing / network management: done using opnSense on dedicated hardware | ||
| - | * The services, both internal and external: done building a good pc (non laptop) | ||
| - | |||
| - | Using a dedicated firewall appliance like [[https:// | ||
| - | |||
| - | Going with something more solid than an old laptop for hosting your services is also a good idea for scalability, | ||
| - | |||
| - | |||
| - | ===== Storage ===== | ||
| - | Exactly as for the simple approach, you need RAID storage, which means at very least two hard-drives (or SSDs) in RAID1. Better would be many devices on RAID6 or such, but letìs stick with two RAID1 mirrors. If your server case has the capacity, plug in more disks and research on using ZFS or some advanced RAID techniques. I strongly suggest you use all SSDs, to save on energy consumption, | ||
| - | |||
| - | |||
| - | ===== Networking ===== | ||
| - | From the network hardware point of view, you want to purchase a so called **firewall appliance** with at least four Ethernet NICs. The CPU is not very important, the cheapest you find should be already more than enough. RAM and storage requirements might vary, depending if you want to do web caching or not. | ||
| - | |||
| - | Your firewall appliance will need at least two, better three, wired Ethernet connections: | ||
| - | * One LAN interface, to talk to all your home devices | ||
| - | * One, or better two, WAN interfaces, to talk to your one, or better two, ISPs (Internet Service Providers) | ||
| - | |||
| - | I suggest to avoid using WiFi because or reliability and bandwidth, so you need three Ethernet NICs. If you don't want to buy a dedicated firewall appliance hardware, you can always emulate one with a normal PC, plugging in as many PCI-Express NICs as needed. The overall power consumption will be higher tough, so i recommend to go for a low-power firewall appliance. In both cases, you will be installing OpnSense on it, so the hardware doesn' | ||
| - | |||
| - | |||
| - | ===== Services ===== | ||
| - | From the service hosting, you might go for a nice desktop PC or even a workstation. Usually both kinds should be able to host at least two disks, in addition to the main NVME slot, if not even four disks. This will ensure you don't need an external USB enclosure. Also adding more than one Ethernet NIC is usually pretty easy since you can plug in a PCI-Express ethernet card. There are even multi-NIC PCI-Express cards out there if you need more than two. | ||
| - | |||
| - | Your server will need to be beefy enough to host any service you will need. In my experience, this is not a big issue. A good video card might be useful for on-the-fly AV1 / x265 video decoding (if you want to host a media server like [[services: | ||
| - | |||
| - | In any case, with this advanced approach, you can always spin up an additional server should the first one be saturated at a certain point in the future. | ||
| - | |||
| - | To be honest, having a dedicated firewall appliance means that your services server don't need multiple NICs, but of course YMMV and the opportunities are endless. | ||
| - | |||
| - | |||
| - | ===== Routing ===== | ||
| - | The routing for the home network will be managed by your firewall appliance and OpnSense. OF critical importance is to properly define how you want to organize your network, and understand how a firewall applicance works to be able to leverage it's power properly. | ||
| - | |||
| - | More details will be provided later on. | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | ===== Architecture ===== | ||