Home hosting (for a few weeks before I ship it off to a data center in Germany ;)).

Discussion in 'Systems Administration' started by Incrementing, Apr 4, 2016.

  1. Hello :)

    I've just ordered a ex-corporate server from ebay and a new server grade hhd from seagate.
    I'm planning to install Unbuntu Server (Trusty Tahr 14.04.4) on it and use it for hosting minecraft servers and providing cheap web/email hosting to people I know.

    Obviously I've done all the preparation on my end before I receive the server EG:
    1. Contacting my ISP about upgrading to a business plan.
    2. Getting a static IP address from my ISP to assign to the server (part of aforementioned plan upgrade).
    3. Setting up a strong firewall.
    When getting the server I also plan to make it as safe as possible by changing the ssh port and setting up CSF.

    Update: No longer planing to home host! I'm now planning to do some upgrades and then ship it off to a data center to be co-located.

    Is there anything else I should do to make the server more secure? in order to protect myself but also for my future "customers".

    Processor (CPU): 2 x Intel Xeon L5520 2.26Hz Quad Core CPU
    Memory (RAM): 24GB DDR3
    Hard Disk Controller: On-board HP Smart Array B110i SATA RAID Controller (RAID 0, 1, 1+0)
    Hard Disk Configuration: 4 x 3.5" SATA Hard Drive bays
    Hard Disk Drive: None Installed
    Graphics: 32MB shared supporting all display resolutions up to 1600x1200
    Optical Drive: Not Installed
    Network Ports: Embedded HP NC362i Integrated Dual Port Gigabit Server Adapter
    Power: 460W Power Supply (PSU)

    Expansion Slots:
    1x PCI-Express x16 expansion slot
    1x PCI-Express x8 Gen2 slot HL/LP (internal only)

    Interface Ports:
    1 x Serial
    1 x Video
    2 x Network RJ-45
    USB 2.0 Ports 4 total: 2 rear, 2 front

    Remote Management: N/A
    Bezel: N/A
    Rack rails: Not Included
    Dimensions (HxWxD): 4.32 x 44.80 x 68.20 cm
    Weight: Maximum - 16.78kg Minimum - 12.7kg

    Regards, Incrementing.
    (Feel free to call me a fruit cake for doing such a stupid thing and not just shelling out handfuls of cash to OVH ;)
    #1 Incrementing, Apr 4, 2016
    Last edited: Apr 6, 2016
  2. RiotShielder


    Why not collocate?
    • Agree Agree x 1
  3. I did think about that but I want to have the server within my reach for
    A) The experience of looking after server hardware as its something I might consider getting into as a career option.
    B) I don't really want to pay someone to host my server for me. I feel like I might as well just rent a server from OVH or some other company.

    But It's something I may have to do for security reasons and the fact that my fiber line probably won't be able to handle it.
    None the less, thanks for the feedback :D
  4. For your server use a secure web portal for purchases, as requests to the server from the web page should be encrypted and not all web portals support that.
  5. samczsun


    I hope you're prepared for the moment you piss off a 12 year old with a booter. Getting 50gbps jammed down a 'business' connection probably isn't what your ISP is looking for.
    • Agree Agree x 3

  6. Case:

    Incrementing: launches software

    xxMjNubxx: ik! let's git clone google-data

    ISP: oi, Jimmy, get me my wire cutter. Aim it at that server power outlet

    i should be a screenplay writer...
    • Like Like x 1
  7. Yeah aha, 12 year olds with booters are going to be the bane of my existence from now on.
    But for the websites that I'll be hosting I'll probably put it behind a CDN like cloudflare to try and make the server address somewhat hard to locate.
    Normally when a l33t haxx0r with a booter (*cough* I mean 4k botnet *cough*) sees cloudflare they give up :D
    • Agree Agree x 1
  8. CloudFlare and WHMCS = pentagon
  9. samczsun



    You can't put anything that's not HTTP behind CloudFlare. That means your Minecraft (or TS3) servers are wide open. Unless you want to stick it behind an OVH or Voxility ( but not Staminus ;) ) tunnel but at that point just get a server from them
    • Agree Agree x 1
  10. Yeah that's my set up right now.
    My bungeecord server and TS server are hosted on a BlazingFast VPS and game servers were on OVH dedicated servers.
  11. samczsun



    If you're confident about DDoS attacks, then the only thing you'd have to worry about are conflicts with your personal life. Of course, if you have two IPs this doesn't really matter.

    However, if you plan on sharing that static IP with everyday internet browsing be wary of malicious plugins and the sort. If someone manages to get an outbound connection open they can do whatever they like and it'll look like 'you'
  12. Hmmm yeah... I think I'll be fine. I keep my browser pretty locked down and my personal life away from the internet.
    If worse comes to worse I'll just have to get two plans (server plan and personal plan) with my ISP.
  13. Tux


    You'll have to go to a data center regularly if you work with server hardware.
  14. True.
  15. FG_


    You aren't just paying for someone to host your server at a collocation centre - you're paying for a premium bandwidth and connectivity. I collocate and haven't had any problems yet. Additionally, if you're serious about running a server, home-hosting isn't a good option due to the amount of downtime and poor connection your players will most likely experience. Not to mention the bandwidth issues you could have at your residence.
    • Agree Agree x 1
  16. wat. You said you're planning to use this for Minecraft?

    Anyways you should definitely look into colocation, there are reasons why it exists.
    • Optimistic Optimistic x 1
  17. Update:
    Server has arrived.

    New Plan:
    Based on your comments (thanks for that by the way :p) I'm now planing to co-locate and I'm currently talking to a German based company about that but I still plan to keep the server with me for a while mainly for learning Linux more in-depth and because I want to add some more hardware to the machine.
  18. You can learn linux with a $5 vps with ovh or virtualbox/vmware on your pc
  19. Fail2ban is pretty much a must-have if you're looking to improve your security. It blocks any IP that tries to bruteforce your SSH for about 15 minutes. If you're not planning on remoting in, you can disable SSH for the time being as you're starting out hosting it yourself :).
  20. I would recommend to have it on but use ssh Keys or a different ssh port