How to Set Up a Linux Home Server from Start to Finish!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

as promised in today's video I'm going to be taking you through setting up a home server from start to finish on a real bare metal host using this bad boy right here today we're going to be going over the entire thing from start to finish so there's going to be chapters in the description if you're only interested in specific parts or if you want to skip over the boring stuff we're going to be going through the creation of installation media the operating system install and the SSH any% speedrun dis mirroring SSH configuration hardening setting a message of the day installing Docker installing some example services and setting up a firewall hopefully by the end of the video you'll have a very basic home server setup that you can start to mess around with and bootstrap your own ideas this video is going to be filmed a little bit asynchronously cuz I'm a busy beaver today so if you notice the lighting change or the clock on the wall jump around that's probably why I might film the intro film The outro go do some stuff and then film The me of the video Let's Dive Right In this is what we're working with as you can see it's an Acer Aspire x3950 we've got a core i5 650 that's a dual core 4 thread processor from around 2009 2010 we've got 8 gigs of RAM and this particular computer was manufactured around 2010 to 2011 basic stuff I know but you'll see in this video exactly what we can do with so little to create the installation media you're going to want to head over to debian.org we're going to be using Debian for this video for a couple of reasons number one it's one of the oldest and most supported stable Linux distributions and I think it's a great allrounder for a server setup number two unlike some other server operating systems the Debian team hasn't routinely tried to screw over forks and other community projects and number three they provide the entirety of the Debian operating system in all of its feature set for free without any need for subscriptions or other purchases so to grab a copy of Debian head over to debian.org and just hit this big download button right here once you've coped your copy of Debian the next step is to figure out whether or not the system that you're going to be targeting has UEFI or bios for UEFI systems I would say anything after Intel's thirdd generation core processes so that's the Intel 3000 Series of core I CPUs is most likely going to be using UEFI if you're on something older it's most likely going to be using bios if you're trying this on a ryzen setup 100% going to be UEFI this determines the next step which is formatting your installation media the steps are slightly different for bios or ufi I'm going to demonstrate this both on Windows and Linux starting with Linux so you can skip to Windows in the chapters below if you're on that system the system I'm going to be targeting is running a bios Legacy system so when I go ahead and select my partition table over here on my USB drive I'm going to select Ms do if you were running UEFI you would select GPT here the rest of the steps should be exactly the same so go ahead and create a new partition table like so for uh this on Linux the utility I'm using is KDE partition manager although gome discs or gparted will do equally the same the guey is just going to be slightly different once you've done that the next step is to DD your um ISO onto the USB so you can do that by opening a terminal window cing to where your download is find out which uh dis your uh USB drive is for me it's Dev sdd make sure that you get this right because it'll be a little bit spicy if you don't you might end up using one of your operating system drives as a Debi and install dis which is not going to be be grade the next thing you're going to do is go in and type pseudo DD if equals uh and then you want to do the Debian installation I actually have a couple here so let me pick out the latest one uh 12.4 that would be the one uh set the output to your USB drive and I always include this flag here to give me a progress update uh go ahead and put in your password and it'll start copying over to your USB drive I'll see you when it's done if you're on Windows the same thing I said about UEFI versus bios in the Linux section applies here as well if you're running an Intel Core 3000 Series or newer you're likely running ufi if it's older it's likely bios and if you're in the middle there you might just want to double check anyways come on over to rufus. ien for English but they have other languages here as well if you prefer scroll down to the download section and here I usually just take the portable edition because you don't have to install anything you can just double click in exe so go ahead and grab that one and then as soon as it's done open it up right here and you'll be presented with this select your USB drive from the drop down menu be sure to select the right one um and then here hit select to select your Debian installation image which is right here for me and here's where you've got to make a decision this is the only thing where what you're doing and what I'm doing is going to differ throughout the video the rest of the steps are going to be exactly the same so here you just need to choose a partition scheme which is for bios or ufi so if you're targeting an older bios based system like I am you'd select MBR here but if you're selecting uh GPT you're going for a ufi based system so 3,000 series or newer we're going to be using NBR um so go ahead and hit start the rest of these defaults are perfectly fine uh writing in ISO mode is fine and it's going to prompt you right here to just include like go and fetch the latest versions of the installation um files which is fine so just go ahead and hit yes here it'll do some downloads copy over the information make sure to hit okay here because of course we want to overwrite the dis and uh it'll go ahead and Flash the USB for us so I'll see you when it's done power your machine on we're looking for the boot device selection menu for me this is a key like F12 but for you it might be different according to your Manu facturer once it loads up we're going to select our USB device that has the Debian installer on it from the list and on this menu we're going to select graphical install I'll be right back when it boots up we're here at the install menu I'm going to select English as my language but if you prefer a different one now is the time to select one I'm also going to go ahead and select Australia as my region and American English as my keyboard of course if you are in a different region with different um standards then you would select the ones appropriate for you now it's going to extract the installation files and mount them to somewhere on the file system this can take a while depending on the speed of your USB drive so I will be right back when it's all done here it's detecting Network so you're going to want to configure yours over ethernet again this might take a little while so I'll be back when this step is done the Debian installer is nice in that it will do the network configuration for you as long as you have an ethernet cable plugged in it's time to pick a host name for the machine your host name that you choose here should follow the same naming conventions as the rest of your home network if you don't have any conventions now would be the time to make some for me I use the first five Pokémon Generations towns and city names as my host names so I'm going to continue the theme here and call this one little root the domain name as the installer says you can make something up since this is a home network if you need to specify something custom here you'd know going to make a password for the root user um I'm just going to use password one here very secure I know um if you were actually going to deploy This Server so if you tagging along at home you're going to want to come up with something a little better than password one so full name for your new user I'm just going to make it my name and the username just like your host name follow the same nameing conventions as the usernames from your other machines I'm going to call this one MD Hoff that's what I use password for the new user I mean password one you already know and the clock so it's going to ask for your time zone I'm currently in coins land so I'm going to go ahead and select that and we're going to go onto the dis partitioning so this one might be a little bit um a little bit scary if you haven't done disk partitioning before but it's really not so bad so what we're going to go ahead and do is use entire disc and set up encrypted lbm I would always recommend that you encrypt your discs you may or may not want to encrypt the operating system Drive of your server based on various things so for example it's quite difficult to have the server start up at random times of the day if your dis is encrypted because it will ask you for a password prompt when you turn the machine on actually because most of you probably won't be doing that we're just going to use the standard lvm but if you want to encrypt your operating system dis it's not too much of a big deal it'll just ask you for a password in the step as well so go ahead and select your operating system drive I'm going to select this this 2 tbte device here and um after I finish filming this section I'm going to go and add some extra drives to this so I can show you how to mirror some stuff but we'll just use this one for now and all files in one partition is perfectly fine unless you are Advanced enough that you want to try these other ones personally I've never really felt the need for it I think um it's just kind of annoying because resizing partitions after you install them especially when the root partition is involved can be a little bit annoying so I just keep it all on one partition and of course we're going to go ahead and select yes here should note everything on that drive will be overwritten so just be absolutely sure that you've selected the right dis here um it'll probably go ahead and select the max for you but if not as you can say as you can see there it says you can just type in Max but two terabytes is the max for me so we can use that and these are the logical volume groups it's going to create I might do a different video on lvm and and Linux dis partitioning but for now all you should know is that you can have a look and see that you've got a root volume a swap volume which is just uh virtual memory um and you've got a boot partition there which is going to be EXT2 it's going to go ahead and create all of these uh partitions might take a little bit of time depending on the speed of your disc so I will come back when it's done it'll jump into installing the Basse system immediately after you finished partitioning again this is probably going to take a while so I'll come back when this is done as well after the BAS system is installed you'll be presented with this screen essentially all it's asking is for the package manager dpkg and apt its front end where do you want to download all of your packages from from when the system is installed so usually it's best to select the country that you're in because that's where the closest servers will be to you and therefore the fastest um so I'm going to go ahead and select Australia for this as it selects based on the region I selected way back in the first step then it's going to ask me for a mirror now you can choose a couple of different ones but deb. debian.org as it says here is a good choice that's the you know debian.org however there are different organizations for example digital Pacific servers Australia AET that host mirrors for Debian as well I'm just going to leave it as default here HTTP proxies we're not going to do that in this video I'm going to leave it blank and it's going to go ahead and configure the package manager I'll be back when it's done go ahead and read all this garbage I'm going to like no to popularity contest but it's up to you if you want to participate oh I feel feel like I'm saying this all the time but there's just so many little screens like this for us to wait through okay here's something interesting so it's going to choose let us choose some core pieces of software um this is a server so we're not going to actually select any desktop environment here it's going to be completely headless meaning no graphical environment we are going to go ahead and install an SSH server you can select web server here I don't actually know what web server it installs we're going to go ahead and set up engine X in a container later though so I'm just going to uncheck this for now uh yeah I'll see you when this is done it's going to ask us which device to install the bootloader to you're going to want to select the one that you installed the operating system to in this case again it's this 2 terb drive here so grub is the bootloader that Debian uses some other distributions use system deboot but Debian hasn't swapped over over yet in my opinion I prefer grub but people have their own opinion on system D and its utilities congratulations my friends we are done Debian is ahead and installed on our system so we're just going to hit continue and reboot so now comes the time when we do the SSH any perent speedrun basically we want to get to the SSH login as fast as we can so that we can leave this machine where it is go back to our nice setup over on the Des toop and do all the rest of the configuration from there so we're going to go ahead and let this boot up for the first time actually it's not the first time uh as I said I'm filming this asynchronously so it went ahead and rebooted and then I shut it down went and did a bunch of stuff and now we're back so um a couple things to note about this it's going to boot into a text based interface much like just a standard command line shell you're not going to be met with a graphical interface because of course we don't actually need one so it's going to go ahead and boot us to this login screen here I'm going to log in as root enter our very secure password and the first thing I'm going to do is type in IP addr to dump our Network information I'm going to note down the IP address of emp1 s0 that's my ethernet adapter yours will be named something similar but maybe not exactly the same so as you can see there my inet address is 1 1921 168 1.85 yours will likely be different so just note down what it is and I'm going to verify that sshd is uh running here with system CTL and as you can see there uh sshd is in fact running so we can hop on over to the desktop and try to ssh in I think you and I can both agree this is a bit more comfortable we're going to go ahead and log into the machine using the parameters we created earlier so open up a terminal on your desktop and type in SSH the username you created at the IP address that we noted down just before hit enter this is going to ask if you want to add the machine to your computer's list of known hosts which of course we do want to do and enter the very secure password that you selected earlier and here we are on the machine that's the SSH any% speedrun done take whatever time stamp it is in this video and I challenge you to beat it considering that I had to do a whole lot of filming and cuts and setup and things through probably find it quite easy now that we've logged into the machine there's a couple of admin things we need to get out of the way no pun intended the first of which is setting up pseudo if you're not sure what pseudo is go ahead and Google it before continuing because we're going to dive a little bit deeper than pseudo in this video so the first thing to do is Elevate yourself to a root shell with this command here enter the right password um I think I just entered password instead of password one that's embarrassing for me and now we're going to go ahead and app install pseudo I'm also going to add Vim onto the end of this because that's my preferred text editor if you like Nano or if you like Ed for instance just replace themm with whatever your editor of choice is whenever I'm editing a text file in this video but I like Vim so I'm going to use that go ahead and install these and then when it's done we're going to type this command here which is user Espin vudo um now vudo is not actually in the system's path by default on Debian for some reason um so if it says not found if you try to execute vudo just put the full path in which is this one here and the uh the line that we want to note here is this one where it says allow members of group pseudo to execute any command so sometimes this will be commented out depending on the distribution that you're setting up on Debian it looks like it is uncommented by default essentially what this means is that users in the pseudo group are going to be allowed to use pseudo along with their password to elevate their privileges to the root user which is fine so now we know what group we need to add our user to so I'm going to go ahead and do user- a now for this next one I always forget what the order is is it the group first or is it the user first I have an inkling it's the uh user first so I'm going to try that pseudo user mod not found I bet it's in spin yep might want to go ahead and add that to the path later user pseudo does not exist okay it's the other way around for some reason I just cannot remember the the order for this particular command but there we go so my user is now in the uh pseudos group so to test this go ahead and exit out try doing a pseudo Sue put in your users password instead this time I might actually have to re ssh in give me a second here guys yeah so you'll have to re ssh in to make the uh the new group membership properly apply but now as you can see we are ready to pseudo um so the next thing we're going to go ahead and do is Harden our SSH configuration because currently SSH is insecure for a server in a couple of ways so number one it's still on Port 22 which is the default SSH port and many automated scripts will Target Port 22 they'll just have it you know because they're looking for low hanging fruit a lot of the time um and doing a full port scan takes a lot of time so usually they only target Port 22 so we're going to change that to something random and arbitrary it's more of a security through obscurity feature if someone really wants they can do a full port scan on you so there's other measures we're going to take as well that's one of the first things you want to change the second thing is to swap from password authentication to public key authentication now this just means that you don't you won't be able to enter a password to authenticate with the machine you need to use cryptographic key authentication which is stronger and more secure than passwords ever will be so before we go ahead and change these parameters we're going to take a couple of preemptive measures so on our machine over here we are just going to generate a public key to log into the server with so to do that you can use SSH key gen on both Linux and windows now it's going to ask us where we want to save the file I'm just going to save this as um video demo you can enter a password here to encrypt the file if you like my discs are running full dis encryption so I'm not really fussed about this but if your discs are unencrypted you might want to consider so now I'm going to go ahead and cat out the public key for this preemptively which is this one right here and I'm going to go ahead and copy that to my clipboard because what we're going to be doing is adding that to the uh system over here before we fully enable public key authentication so back on this machine over here we're going to go ahead and edit this file it is Etsy SSH s sshd config it's a bit of a tongue twister so here we are and as you can see right here is the port so for this video I'm just going to add two twos onto the end of this and we'll make it Port two two two two um so that's what we're going to change our port to and now another thing that we're going to go ahead and do here is disable root login over SSH because there is no good reason now that we've set up pseudo for the root user to ever be allowed to log in over uh the internet so we're going to change that to no um and again again like scripts will include the root user as the login user because every Linux machine has a root user um whereas you know your machine could have a different like almost unguessable username and they would just be denied access right off the bat but every machine has a root user uh public key authentication is yes by default I'm just going to uncomment it here to make sure that we you and I both know that we're using it uh correctly and here we're going to change password authentication to no because we actually want to completely disable password authentication remove that Vector of attack completely and just what over to public key authentication this is enough for now there's a lot more hardening options you can dive into but for this basic setup this is going to be good enough for us I might do another video on um s hardening who knows we'll see um so now exit out of this root shell if you haven't already and we're going to edit a file called I'm actually going to need to make this directory uh SSH SL authorized keys so this is where we're going to put that public key earlier you might have to make that SSH directory as well if it doesn't exist for you um so once that's done we can go ahead and just paste our key that we created earlier into this file right here and it should let us log in so write that file and now we're going to restart sshd with this command here so Debian like most Linux distributions is using system d and system CTL is the sort of service manager command Configuration utility you can do things like check the logs start Services stop Services restart Services if you change the configuration for a lot of services like we've just done here you're probably going to need to restart them so we'll restart sshd and we will log out now try running this command again you'll notice that it fails why does it fail because s's default Port is 22 and we've just changed that you can specify the port you want to connect to like this now you'll notice we've got a different message this time you've been see you can see that we've been denied because of our public key we're no longer allowing password authentication for security purposes so even though we've got the right Port if we don't specify the right key it'll still boot us off so now we're going to specify d i for identity and then we're going to choose the identity that we just added to the AU Keys file as you can see we can log in now even without a password how neat and it's more secure as well just make sure that nobody is ever able to read that uh key of yours so that's that's like some basic estage hardening features as I said there's more but that's good enough for now let's move on to the next thing I went ahead and added some more discs to the system so I can show you how to set up mirroring let's have a look at the lsblk command as you can see there I have sdb and SDC sdb is a 120 g SSD and SDC is a 500 GB hard drive what I'm going to do next is set up a 120 gab partition on the 500 GB hard drive and use that to mirror the 120 GB partition on the SSD to do that we're going to use Fisk so type in pseudo Fisk and then specify the device that we're wanting to Target first we'll look at sdb so the first thing we want to do is create a new guid partition table you can do that with the command G even if you're on a legacy system it's best to use GPT here because this is not a boot device and MBR uh partition tables can only support up to 2 terab so for General data it's best to use GPT always so once that's done press n to create a new Partition having the partition numberers one is perfectly fine here first sector by default is perfectly fine and I'm going to do a plus 119g because if you had a look at the LSB command um I only actually have 119 to play with on this particular device um I'm going to go ahead and remove this signature if you're using a fresh disc it won't have a signature but because there was something previously on the device it's just giving me a warning to say that there was something that it found on the device and um making sure that I actually do want to remove that so I'm going to go ahead and hit W for right if I do LSB okay again you'll see there we have created sdb1 which is a 120 GB part ition we're going to do the same thing on SDC so here we're just going to set up another guid partition table create a new Partition go through the defaults plus 119g select yes and right so if you have a look now you can see we've got sdb1 and sdc1 which are our uh partitions that we're going to mirror so the next step to do is create the butfs file system you can do uh before before we do that though we're actually going to have to install the butfs utilities so to do that you want to install Butters procs like this I've already installed it um but it'll prompt you to install it if you haven't already I don't think it's installed in Debian by default so you're going to want to go ahead and grab that the next thing you want to do is mkfs butfs run all these commands as root of course so you can do that with either pseudo or through a root shell um and the next thing we're going to do is do- D and raid one what this means so- D is the flag for data so essentially what this is saying is we want to have butter FS manage our data in raid one- m is metadata so we specify raid one as well so we're mirroring both data and metadata um and now we select which devices we want to include so Dev sdb1 is going to be the primary partition this means that all of our Mount um setup is going to be targeting stb1 and now we're going to put in our secondary one which is sdc1 so this is where all of our data is going to be mirrored to go ahead and hit enter there and as you can see it's complete and we now have two devices in this little pool um one is sdb1 and the other is sdc1 so that's great now we're going to make the system recognize them and mount them at boot time so the first thing you're going to want to do is decide on where you actually want to mount this extra file system typically I use uh SL hdds um it's better in my opinion not to use SL MNT because that's kind of um that's managed automatically by the system in some cases as well like if you plug in a USB device sometimes it'll mount it in/ MNT so I prefer to make my own directory but you can do whatever you like so I'm going to make SL hdds and then I'm also going to make um W raid as an example because we're mounting a software raid here these can be arbitrary these can be whatever you want um and they can be even something funny or clever just make your server a little bit more interesting for you to administer um now the next thing we're going to do is Mount these at boot so to do that have a geese at BLK ID essentially what we were using before so SB and SDC these are actually fluid like these can change depending on uh system reboots so your devices aren't always going to be sdb or SDC in all cases it's better to use the uuid of the partition to identify it so here in BLK ID let's have a look so sdc1 has this uu ID right here and sdb1 has this uid right here if you remember stb1 was our primary so we're going to use its uuid to um to mount it a boot so go ahead and just copy this uu ID right here and next we're going to edit a file called Etsy slfs tab some people call it FS tab some people call it fstab I typically refer to it as fstab when I'm thinking about it in my brain but um there's a this it's kind of a hotly debated topic um so just go ahead and open it up and you'll see we already have some entries here so the system is configured a couple of things for us by default now what we're going to do is type uid paste the U ID in for sdb1 and this is essentially telling uh FST tab you know which partition we want to mount at boot the next thing here to specify is the Mount uh the mount point that we want to do this on you can already see we kind of have an example um right here with the boot partition so it's got a uid right here it's Mount Point um along here is/ boot the fast system type is EXT2 um the options are defaults and then these two here can be set by the system automatically but we're going to use um zero and zero for that which is usually just fine um so go ahead and specify your Mount Point here htds software raid specify the file system type butfs specify defaults and then 0 0 I'll might make another video on file systems and Fs tabs where I explain some of this stuff in more detail but because this is a very general overview basic type video you might have noticed I'm not really going deep into the details here um but if you are interested in hearing more about like the more advanced options for configurations of things like this and especially the fs tab let me know in the comments and I might do a video on it so write the file and um I'm going to go ahead and reboot the machine I'll uh I'll rejoin you when it's back up okay systems back up let's have a look so here's a perfect example of what I was talking about earlier as you can see the partition that we set up to be our primary and software rate has actually changed itself to be SDA and our root device has changed to sdb so that's why it's always a great idea to use your uids instead but as you can see here it's mounted at hdds software raid the next thing we want to do is set up a sub volume to hold all of our various information if you're familiar with ZFS uh sub volumes are kind of analogous to a data set essentially it's not a extra partition in of itself it's more like a um semantic separation of data on the on the butfs file system so it's a good practice to almost go in and separate them for different types of tasks or things like uh you could do it however you want usually I separate my um sub volumes and data sets based on um you know the purpose what services they're going to be serving things like that um for this video I'm going to make a sub volume for each service that we're going to be configuring today so I'll just go ahead and Elevate myself to root and what I'm going to do is type in Butters sub volume create and the next um argument here the first three are pretty self-explanatory right but the next volum the next um argument here is going to be the path to the sub volume now this should be you should specify HDD software raid because that's the root of our uh butfs file system and next you actually specify what you want the sub volume to be called so I'm going to do one called engine X because we're going to be setting up engine X as well I'm going to do one called games cuz we're going to be setting up a Minecraft server and I'm going to do one called Cloud because we're also going to be setting up Samba so now that you've done that you can actually have a look at um LS and you can see here it's created three new sub volumes for us and if you go butterfest subv list you can use subvolume or subv is shorthand uh HDD software raid you can see there we've got three new sub volumes so cool next we're going to move on to Docker set up some services and then we're going to actually Mount these inside of the container so we can actually use them okay now we can actually have some fun we're going to install and set up Docker which is what we're going to be using for containers on this particular server Docker is the industry standard there are other containerized Solutions available but Docker is probably the most popular there are plenty of guides for it and it's pretty easy to get going now Docker does provide a repository that you can add to your apt sources list but we're not really going to do that in this video it's a bit outside the scope we're just going for something basic the ones package was thean are fine for our purposes here so we're just going to go ahead and PSE sudo app install docker.io Docker compose and Docker D dooc so there's quite a bit to download here and it might take a while so I'll rejoin you when it's all done now if you remember I was showing off the system CT command earlier we're going to go ahead and use that again here to make Docker start at boot so to do that it's system CTL enable make sure I spell that right God what is up with me today docker so now as you can see it adds Docker to our startup services and we can go ahead and start this with system CTL start Docker as you might imagine the astute among you might have noticed that there's actually a way to do both those steps in one so it is pseudo system CTL enable D- now Docker so that's a little shortcut you can use in future if you like so dock has started we're going to go ahead and install some containers and services make this thing a little bit more fun so the first thing we need to do is add our user to the docker group so that we actually have permission to chat with the docker Damon to do that we can just use PSE sudo Espin user mod Ag and I remember which order the group is in this time guys come on it's um it's group first and then username so go ahead and do that and then relog into make the groups apply and you can see that I'm in the docker group we're going to pull some container images now an image is essentially just a um a pre-made container environment for us to look at the first one we're going to be pulling is the uh Debian one so we're just going to pull a Debian blank container and the reason we're doing that is so that we can go in and use this container for whatever we want it's just going to be a standard Debian container we can do everything we'd want to do on the host system within that container and set up whatever Services we want the second container we're going to be pulling is the engine X container because they have an official one that we don't need to bother setting up ourselves in a standard Debian one so we're just going to go ahead and pull these they they'll pull the latest ones by default but you can specify custom tags if you like and you can have a look at the actual official um container page on docker's website to see what kind of tags you can choose from but the latest tag is fine for us I'll see you when it's ready the engine X container is ready to be deployed the first thing I'm going to do is create a new directory I'm going to make htds software raid and next www if I were you this is where I'd be storing my static website content that uh engine X is going to serve this is what we're going to pass into our Docker container so I'm going to go ahead and Chin that as my user to change the ownership so I can access it correctly and now we're actually going to start the container and pass this in so to start the container I'm going to do Docker run D- name I'm going to call the container little root engine x uh- v here is our Mount Point specification so it means that we can pass in s SW raid engine X www and we can pass that in I'm going to do hmnt www hmnt means host Mount I'm also going to specify read only here you don't have to do this um and in fact in situations where you need to manipulate the data from within the docker container this is actually going to be a big pain if you mark it as read only but since enginex is just going to be serving static content the idea with this is that our website content is on this raid backup so it's being mirrored right if one dis fails we can get it all back but we're going to pass it transparently through to the docker container here so that the engine X instance can actually use it uh now the next thing I'm going to do is actually type in P here and expose Port 80 to Port 80 what this means is essentially inside of our Docker container engine X is going to be running on HTTP Port 80 and I want to bridge that to Port 80 on my host machine so that I can access the engine X server by going to my host's IP address on Port 80 that's all that means there then I'm going to do- dine X and we can go ahead and start this container so now if we go ahead and type Docker PS you'll see that this container has started and you can see here that we're forwarding Port 80 um on our host to Port 80 TCP on this Docker container here now if I can actually go ahead and copy this container ID and exec interactive to it with bash and we're inside the container how cool is that if I do an LS on HM www you you'll see that we've got some stuff there well we don't I'm going to make some stuff there so I'm going to create um this file here and if we go back to our container Lis it again you can see that it pops up in our container just like that and then when you go and configure engine X later you can go in and specify that that's where you want the uh static content to be served from but I'll leave that for another video I might do a separate one on actually fully configuring enginex setting up https doing all kinds of fun stuff like that so cool next we're going to move on to setting up a Minecraft server in another container that we're going to use for games I can also just quickly go ahead and show you that engine X is working real quick because I figure you might want to see that so as you can see here if we just go to http 192168 1.85 replace your IP with whatever it is we get this little message Mage here to say that engine X is properly installed and working so let's move on to something else so the first thing we're going to go ahead and do is make the directory our Minecraft server is going to live in so I'm going to make games MC server pop in my password and I'm going to Chone it as me now the next thing you wanted to go ahead and do is come on over to this website here uh minecraft.net en US download server and you can right click on this copy the link and what we're going to do is go back to our server CD into htd software raid games MC server and just let me make sure yep W get is installed and paste this in right here so that we can download it directly onto the server this just saves us from having to SCP it over L later um wget is just um a tool for downloading files from the internet so now you'll see we've got server.jar in here just like that now we're going to create our container for the uh Minecraft server I'll break down this command for you because this is what we're going to use Docker run-it for interactive because after we start the container we're going to want to log on to it and um configure some things- P 25565 25565 that's the default Minecraft Port so we're going to forward 25565 from The Host 2 25565 on the container the name I'm going to be calling it little root Minecraft keeping in with our theme the mount point that we're specifying is this one right here so htd software raid Games Minecraft server to host Mount Minecraft server uh we're going to be using the deban image and we want to run bash so we go ahead and do that it'll create the container for us and we can do a dock a PS to see what the IDE is now we can go ahead and log onto this one right exact bash onto it and uh where in the container we can begin setting things up so there's another really great um website here that I'm looking at which is linked on the Minecraft server download page it's the official um it's the official documentation for setting up a server and you can use this to customize any parameters that you like but this is the section that we are interested in uh which is the dependencies so as you can see here for Debian it recommends that we install open jdk now I'm going to say one thing here because this video is targeted towards people that maybe aren't as confident with the command line in server Administration copying and pasting commands from the Internet is a very well-known meme at this point and you should never do that without understanding what the commands do so this Command right here that we're going to be copying uh apt update is going to update our package repositories and this is harmless because it just make sure that we have the latest version of the package repositories available this next one is just going to install open jdk from the official repositories so this one is perfectly fine to go ahead and copy paste so we're going to grab that we're going to come back to our container we're going to paste this because the container doesn't have pseudo in it we're going to get rid of that we don't even need it because we're on the root shell and as you can see here it's going to update our package repository and then it's going to fail to find open jdk the reason for this is because the Minecraft Wiki documentation is actually out of dat on Debian we've moved on to open jdk 17 um so this is the one you're going to want to grab instead when you get to a certain level in proficiency you can do little things like this um like the brain just kind of your neurons just kind of go boom boom boom boom when the documentation is like wrong or out of date to try and figure out the workaround um so now we're just going to go ahead and AP install open jdk 17 headless instead this is going to be a big download so I'll be right back when it's all done the next thing I'm going to go ahead and do is add user MD Hoff because I just want a dumber user to run the Minecraft server as not really a fan of running it as root as you probably would be aware just going to use the same password as I've been using throughout video and I don't care about any of this other information I just want the dummy user now that that's out of the way we're going to install two things you going to install your preferred text Eda and you're going to install screen screen is like a virtual terminal basically it lets you um push a process to the background and then resume it to view what its logs are outputting it's actually very useful we're going to be using it to run the Minecraft server in the background so now that that's done Sue into your user and go to where we are storing the server now if you go back up here you'll note that this is the command we need to run in order to run the server so we're going to grab that I'm going to create a file called start.sh give it a shebang to run it in bash paste the command in like this and the first thing I'm going to go ahead and do is match up this jar file to what it's actually stored on on my disk which is server.jar now set the dedicated amount of Wham for your server you got to make the joke the recommended amount of dedit Ram is 4 GB so we're going to specify that it's not actually what the recommended amount is uh I'm just doing it as a joke but for our purposes today for is fine you might need to specify more depending on your use case so go ahead and write that I'm going to mark it as executable with chamod and we're going to start it up for the first time it's going to unpack a whole bunch of stuff um and it's going to generate its files and then it's going to generate a Ula for us to accept which of course we're going to go ahead and accept because we've definitely read the Ula and we definitely agree with it isn't that right now that we've done that we can start it up with start.sh I'm going to let it start up correctly generate the world and everything and then I'll show you how to run it with screen so I'm going to join you back once it's generated all of its things so to run this thing with screen you type in screen and then the command so in our case start.sh it'll start up the Minecraft server in a virtual terminal for us to push this to the background hold down control and then tap and release a and then tap and release D like this as you can see we have detached and we're back at our terminal prompt if I type screen- LS you can see here that I've got one session that's detached to resume it you type screen- R and then the name of the screen socket which is 5303 in my case and as you can see we back to the Minecraft server control ad to detach and we're all good so let's go ahead and uh bring Minecraft over here and we'll see if we can go ahead and connect to it so I'm going to put in the IP address of our new server and as you can see there it's showing up I'm running uh 1.20.1 because I haven't updated my client yet but as you can see the Minecraft server is showing up right there so awesome next we're going to configure some file server stuff with Samba so I'll see you there there all right guys here's the mining that I did off camera I just made a new directory churned the directory and this is what we're going to be passing into our samb container this is the command that I've come up with 445 is samb's Port so we're going to do pretty much the same thing as setting up the Minecraft server except we're just going to change the port and the name and the mount path I realized uh when I was looking back over the footage that my beautiful face up here was actually blocking the command to create the Minecraft server one so I'll uh fix that in post hopefully I'll have done that but yeah here it is spaced down a little bit so you can actually see what the command is so we're going to go ahead and start this one up like so go ahead and uh figure out which one it is it's this one here so grab the ID and jump into it and now we're going to do app update update our package repos and we're going to install Samba so appt cach search sambar I believe it should just be called yep just be called sambar and we're going to grab sambar s common and sber Libs get that right this is going to be another big uh download so again I'll be back when it's done so now on this one I'm also going to add another user password one our classic don't care about any of this and the reason I'm doing this is because samb's user um sort of structure is based around the Unix one as well so you've got to have a Unix user to correspond to your samb user so now I'm going to do SMB wd- MD Hoff to create a samb user for the Unix user MD Hof I'm going to use password one again and now change this to e to enable the user like that now to configure a share and I'll show you real quick that we've got the um public folder over here for us to use our share and I'm going to need to install them again of course I uh I always forget I always forget and then sometimes I'm punished when it says Vim not found but I'm starting to catch myself now when I need to remember how to install Vim so Vim Etsy SMB uh sambar sb.com and this is where our summer config file is so we're going to go right down to the bottom and uh it's got some example configs in here that are pretty useful so down here somewhere there should be an example one for us to steal um maybe not so I'll just go ahead and create a new one from scratch so down right here at the bottom I'm just going to steal this example from the arch Wiki and paste it in and we'll edit it because nobody has time to memorize how to configure samb let's be honest here I'm going to change this to Andy hofu going to call it that the path through our share is hmnt ublic public uh I'm actually going to mark that as no and the reason for that is because I still want to force you to log on uh get rid of this writable yes and I believe to change the user we specify users or user equals mhof like that so now we're going to run the s service and um we'll try and connect to it from a Windows host to run s from within this container just type smbd like that and it should be running now I'll grab our Windows host over here and what we're going to do is map a network drive so back SLB SL the IP address of our server SL nyhoff public going to ask us for credentials so we're going to enter the credentials for the S use that we created just before and I'll select remember here and there we go it's mounted so here's where it's really cool I'm just going to create a new uh bit map image why not and we're going to go back over here and if I do an LS of hmnu you'll see that the new bit map images over here like that so SRA is working and is connectable by Windows hosts which is fantastic so all of our services are set up and running now something I'll note here real quick is that when your server host reboots you may have to restart these containers with Docker start and you may also have to restart whatever Services were running inside them manually automatically setting these up is a little bit outside the scope of this video but I may do another one in future on Advanced automation tips for starting things automatically running containers as they should and starting containers pointing to a specific command I might even get into Docker compos later on as this video was intended to be very simple I've done exactly that we're not diving into Docker compose or any custom configuration files we're just pulling official images treating them like regular hosts and um setting up our services from there so that's it for this section let's dive into the next one okay we both agree firewalls are important right I mean never in the history of ever have I ever been too lazy to configure a firewall or never have you ever been too lazy to properly configure a firewall that's for sure right I won't tell but today there's no excuse we're going to be using ufw which stands for uncomplicated firewall and it really is just that it's the easiest firewall I've ever used guys there's no excuse not to do it right so to cop it it's literally just AP install ufw it's not very big should only take a minute and we're going to add exceptions for all of the services that we added earlier so to do that you do pseudo ufw allow and we're going to specify the ports so 2222 is our SSH Port we're going to add that one first now we're going to go ahead and enable the ufw so you can do that like this and you can also add the system D service like that now that ufw is en a we can view our list of rules with ufw status and you can see here that we have two rules created for 2222 one of them is ipv4 and the other is IPv6 now if you're using IPv6 you can keep that rule I'm not so what I'm actually going to go ahead and do is delete that rule so to do that you can check your rules with status numbered and as you can see it adds a little number to the end now you can get rid of rules that you don't want with the delete and then the number so I'm going to get rid of the IPv6 if I go ahead and do this one again I've only got the ipv4 rule so now I'm going to add um the one for engine X on Port 80 and I'm going to add the one for Minecraft on 25565 so now we've got a firewall and I'll go ahead and get rid of those IPv6 ones later but we've got a firewall that's configured to block all requests except the ones on the services that we've specified uh my bad I just realized I forgot to allow samb on Port 445 so make sure you do that as well okay this next part is going to be pretty fun we're going to set a message of the day and a custom bash prompt in my opinion these are little bits of personalization that every server needs it just makes the administration process more fun right it makes it feel more personal to you so if you're not aware the message of the day is this stuff that gets printed here when you log in the machine um and this can actually be configured to be whatever you want and that's why I say it can really add a bit of personal touch and personal flare so uh in my case I usually like to add a little asky art that prints out and as I mentioned before my computers are all named after towns from Pokemon so I like to print out asy art of a Pokémon that I associate with that particular location so this was machine's called little root and I have this picture of um Torchic right here that I'm going to convert to asky Art and put as the message of the day so to convert something to asky Art I use this program called aski image converter if you're on AR you can get it from the a but it's also available on GitHub I'll link it in the description that you can go download build and install um so to run it you just do asky image converter pass it the image you can also specify other things so Capital C makes the image color uh Das uh lowercase C increases the character set that it can pull from and then of course I don't want it printing out this big so we can specify things like a Max width uh let me see what width I might want for the method of the day 50 is probably a bit on the high side so maybe I'll go with 45 so you can export that to a file using um reader Direction like this so essentially this character here if you're not familiar with bash redirection takes the output of this uh Command right here and saves it to the file so now that I've done that I can SCP that over to um my server if you're not familiar with the SCP command it's literally just copying a file over SSH so you can do the same options that you would do here and if I specify tori. txt to mdof at my serers IP address this here is the path that I want to copy it to so in this scenario I've copied this file to my home directory and if I go ahead and log in you can see that it's in my home directory now to add that to the message of the day the file that you want to edit is called etley motd you can see this is what it's like on Debian by default informative but boring what I'm going to do now is uh C tori. txt and redirect it to Etsy MD Now if I cat out etmd you can see this is what it looks like if I go ahead and log into the machine again you can see now that my little picture of Torchic prints out pretty cool right so next we're going to set the bash prompt which is set in bash RC so bash RC if you don't understand any of this don't worry at all there's one thing in particular that we're looking for and that's where they set PS1 right here so PS1 is this little bash promp down here um so if you want to change your PS1 in fact I could give you an example right now if I go ahead and set PS1 to hello there you can see that my prompt has now changed to hello there so when we set it in bash RC what we're doing is just setting it automatically when bash opens I'm going to show you a really nice website where you can customize your bash prompt I'll bring it up and I'll see you there this is the Fantastic website I was telling you about before so it's bash prompt generator.org.uk then typically I follow up with my username then the at symbol then my host name and then I might put a space which you can specify with custom text down here so you can put text and this text can actually be anything you want like it can be completely garbage you can fill your prompt up with garbage if you like but I'm just going to include a space and then I like to have my working directory base name here so um I can see what directory I'm in you can also do the entire working directory if you like it's it's pretty cool how flexible you can make it then I close it off with another bracket add a dollar sign and then add some more text with just a space and that's the basics of my prompt now I can go ahead and uh oops I hit the X on that by mistake when they're this thin it's pretty easy to do so you can select an individual element and actually go up here and change the color so I'm going to make this one maybe some kind of orangey color and then I might make this a green color I might might make this a blue color of course I'm doing this very quickly without any regard for Aesthetics when you're going through and selected your own custom one maybe you can make it look a little bit nicer than mine I'm going to follow up with this orange again um working directory I'll make this just a red and then I'll close this one out with another of this orange so this is what my um prompt is going to look like of course feel free to make yours look a little bit more aesthetically pleasing than this so you can copy it by um grabbing this little icon down here and then just go ahead and log on into the server and then edit bash RC now remember we're looking for this PS1 variable right here so as you can see this also includes a definition for PS1 so what we're going to be doing is getting rid of this entire line here and replacing it with this if I can get my spacing right on this file here there we go so now uh next time I log in you'll notice that my prompt has updated to the custom one that we set just before and it's as simple as that now whenever I log in I I'm presented with my custom message of the day and a custom bash prompt just little touches of personalization like that make it feel more fun if you've made it this far I want to say thank you very much for watching the video and congratulations if you've been following Along by now you'll have your own fully functional basic Home Server that's ready for you to bootstrap your own ideas and projects onto it really is very exciting guys once you get this initial thing off the ground the initial setup the initial you know getting all of it ready you can start bootstrapping and making it as a Launchpad for your own infrastructure and your own ideas the possibilities really are Limitless if you're good enough at programming you can even make your own custom Services I've written a few of those and maybe I'll do a video on them in the future but yeah it's exciting stuff it's cool stuff it's I always say like I heard somebody say once the cloud is just someone else's computer so my thinking is why can't the cloud be my computer and if you've been following along congratulations because the cloud is now your computer as well you don't have to worry about any companies stealing your data you can just go to the living room or wherever your server is located and see the discs physically there in person and you're in complete control so congratulations thank you so much watching the video and if you've got any uh ideas and stuff and projects that you've done with your server I'd love to hear about them in the comments thank you so much have a good day the to so that when we go to this next step which is vudo um this path is fine for demonstration purposes so I'm just going to go ahead and do that or not because it seems I've already got one that's embarrassing tap and release a and then tap and release D in quick succession so I'm going to execute that now and as you can see I detach from the screen session and I'm back here so if I do a screen LS are you kidding me

Info

Channel: hoff._world

Views: 29,195

Rating: undefined out of 5

Keywords: linux, server, debian, home server, tutorial, nginx, samba, minecraft, java, bash, command line, networking, raid, partitioning, disks

Id: hzpN-JhBJBQ

Channel Id: undefined

Length: 64min 59sec (3899 seconds)

Published: Sun Jan 21 2024