top | item 39816789

Ask HN: Tips to get started on my own server

56 points| ctxc | 1 year ago

What I want to do: get hands on experience hosting and maintaining a linux server (perf, sec, etc). I love the abstraction cloud services provided to enable me to build stuff without having to understand the nitty-gritty - but I think the knowledge will help. Rent a server on the cloud for about $10/mo if possible, build an application for personal use with everything residing on the server. Nothing critical.

-----

Why: I've always wanted to. I read some HN posts this week that have inspired me to finally make the leap. For eg,

- I read this and realised I don't know what any of these commands are (I've always used Windows), and it's time to start. https://www.brendangregg.com/blog/2024-03-24/linux-crisis-tools.html

- The SingleFile post. I already built one with Supabase that I use now, but I want to do one with the CLI, my own DB etc.

-----

Where I'm at: I have quite a bit of experience building both FE and BE for applications, mostly utilizing cloud services (serverless, hosted DBs etc). I've also hosted a few applications locally for personal use but not open to the internet, like Postgres and Nginx (all windows). Some devOps experience. Serious about security but no hands on experience with networking, I want to actually understand and reduce the attack surface and so on without just flipping a switch.

-----

What I'm asking for: Any suggestions how to go about it, resources, links, advice - please feel free to share your experiences as well. Thanks!

107 comments

[+] throwaway38375|1 year ago|reply

Some tips:

1. Digital Ocean offer small VPS for $5 per month. That's a 50% saving right away!

2. Stick with Ubuntu in the beginning. It's not the best, but it's 100% good enough and has so much support and tutorials out there.

3. If you have a small VPS with not much RAM, definitely set up a swapfile. It gives you virtual RAM for doing RAM heavy things on a small VPS.

4. Use the virtual firewalls offered by your host rather than the server firewalls in the beginning. If you mess up a server firewall you may have to get your host to reset it for you. If you mess up a virtual firewall you can amend it through a web UI and get back to doing things quickly.

5. Learn to read man pages and log files. Between the two you can figure out how to do stuff, and then figure out why it isn't working correctly.

6. In terms of security, use a recent distro, use a firewall close everything you don't need, use SSH keys, and set up secure passwords for everything else, and you will avoid a lot of problems.

7. Keep an eye on resources, programs like top, uptime, free, df, and du will allow you to see what's using up CPU, RAM, or disk space.

8. Learn a relational database. MySQL or Postgres are good choices. This skill will keep you employed for years, almost every business uses a relational database in one way or another!

9. Have fun :)

[+] ctxc|1 year ago|reply

Thanks! Especially for the swapfile, hadn't heard of that one before. And your comment history makes me want to read up about ansible as well :D

[+] aborsy|1 year ago|reply

Ubuntu Server is superb! You can install it with one click in AWS Lightsail, configured securely with or without apps, with a public IP.

[+] RandomGuy456|1 year ago|reply

I will add 6.1 use containers and keep you VPS clean.

P.s. as an alternative to ubuntu you could check Alpine Linux (for both root vps and containers)

Good luck!

[+] strongly-typed|1 year ago|reply

Curious why you say Ubuntu is not the best. What would you consider better?

[+] JohnFen|1 year ago|reply

My two primary tips:

1) Keep notes as you set it up. Include problems you encountered and what the solution was, develop lists of how to install and configure the various services so you can refer to them should you need to reinstall things in the future.

2) Do it one service at a time and get each service completely running before starting on the next. Your server isn't a single thing, it's a home for multiple things. Do each of those one at a time.

[+] amingilani|1 year ago|reply

In the off chance you don’t keep notes, I’ve found reconstructing what happened on the server from its history to be invaluable.

I once joined a company after they ran out of backend engineers and had to restore a server from a backup. Figuring out how to bring all the services up based on history was a fun ride.

[+] 20after4|1 year ago|reply

It may not be appropriate for a complete beginner, such as the OP, however, ideally setups should be documented by using a configuration management tool like Ansible, puppet, terraform, docker, etc. This way the setup is easily reproducible. The best notes are executable notes.

[+] goat-throwaway|1 year ago|reply

> Keep notes as you set it up.

This. I still have a 10 year old server setup file that I refer whenever I am setting up a new server.

[+] Ensorceled|1 year ago|reply

I'd recommend a note taking app, something like Obsidian, and create a page for each new service you set up. Copy the commands and add notes to this file.

Later, when you upgrade or modify the service, you can keep adding to this notes.

Also, copy any configuration files OFF the server and into you notes when you are done editing them.

[+] ctxc|1 year ago|reply

Thanks, I try to do it with my normal dev process as well. "preferably one unknown at a time" I call it, although I always end up wishing I had more notes. At least my blog would have more than 5 entries if I had half decent notes.

But never too late eh :P

[+] xyzelement|1 year ago|reply

One quick (but possibly retro) suggestion is to just host something small on your home network. Could be a raspberry pi. Getting the os and network to the point where you can host a simple website - perhaps with the aid of a dynamic DNS provider - could be a huge step.

What if you set a goal for yourself - that whenever someone clicks the user page for CXTC on HN, it contains a link to a web page on this server you have built.

Anything further (in terms of hardware, not-self hosting, etc) is incremental.

[+] mattw2121|1 year ago|reply

Completely agree. Use a raspberry pi or just run a VM on your desktop. Do your initial learning on something contained in your home network before you experiment (and potentially get compromised) on the internet.

[+] pewu|1 year ago|reply

I wouldn't suggest hosting publicly open services from own local network. Without proper maintenance and experience, this is asking for trouble imo. VPSes are so cheap these days (far cheaper than 10$ if you don't need much performance), I'd recommend leaving local network out of the question.

When searching for cheap VPS, I usually peruse https://www.serverhunter.com/

[+] brianshaler|1 year ago|reply

> host something small on your home network

I came to suggest the same thing. Another comment raised a good point about rpi vs a tiny x86—ARM may introduce some extra hurdles.

At the end of the day, especially when dealing with network configuration and security, you're going to make mistakes and get locked out. Having physical keyboard access can be a lifesaver and is how many of us "retro" people got started with linux administration

[+] kimbernator|1 year ago|reply

It might be "retro" in the sense that it isn't the primary way most businesses host their services, but I still don't think there is any better way to actually learn the ins and outs of networking and server management early on than to have non-obfuscated control and responsibility for everything you're doing.

[+] boricj|1 year ago|reply

I'm hosting my blog and my private Ghidra server on my Synology NAS. The NAS and the ISP router are already always-on, so it "only" costs me ~20€/year for a domain name.

Even accounting for the electricity and network I'm going to use anyways, it's quite cheap.

[+] MatthiasPortzel|1 year ago|reply

I started with Linux by paying 5$/month for a Linode server, and I’ve never regretted it. I’m all for setting up your own hardware as well at some point, but it’s a different experience from having a server with 100% uptime to play with.

[+] ctxc|1 year ago|reply

Thanks for the great suggestion! I think I'll start with the hosted server and then move to this.

I've been burnt too many times (by myself), buying domain names and arduinos and cool things I never got around to using .-.

[+] BirAdam|1 year ago|reply

I've worked in managed webhosting quite a bit. I would really recommend starting with the cheapest VPS you can get, something like a Vultr VPS, unless you're already familiar with DNS.

If you are familiar with DNS, I would actually recommend using a cheap SBC and then utilizing Cloudflare tunnels for DNS.

I've written about hosting at home a few times. While the posts are a bit out of date now, they may be helpful:

https://absurd.wtf/posts.cgi?post=posts/2020-05-04_setup-wor...

https://absurd.wtf/posts.cgi?post=posts/2022-03-12_Setting-u...

https://absurd.wtf/posts.cgi?post=posts/2021-10-04_scalable-...

https://absurd.wtf/posts.cgi?post=posts/2022-11-05_vaultward...

https://absurd.wtf/posts.cgi?post=posts/2022-04-14_hosting-a...

[+] ctxc|1 year ago|reply

wtf, those are absurd. But I'll read em anyway!

Vultr is the way I'm planning to go, with the sive.rs tech independence list.

[+] gwbas1c|1 year ago|reply

Here's a very cheap way to get started:

I'm going to assume you have a Windows computer that you can leave on 24/7.

Go get Virtual Box (an open-source VM application) https://www.virtualbox.org/ and download a .iso from a distribution of your choice. (Maybe even try a few different distributions.)

Install Linux on the VM. Whenever you set up a service, open up a port for it on your router. Use Dyndns https://account.dyn.com/ or No-ip https://www.noip.com/ to set up a domain.

The advantages of the above approaches is that they require little (or no) money to start, and allow you to try a lot of different things. The nice things about VMs is that you can make a few of them, and back them up before you make changes, so it's easy to make mistakes and go back.

If / when you're ready to spend some money, you can either move to a physical computer or a VM hosted somewhere. Just hold off on doing this until after you've made a few mistakes.

[+] deusum|1 year ago|reply

This would be good opportunity to test out BSDs or Illumos variants, as well.

[+] ctxc|1 year ago|reply

Hadn't heard of dyn dns, thanks for that! Will check it out.

[+] thx|1 year ago|reply

Derek Sivers — Tech Independence

https://sive.rs/ti

Also what’s kinda cool is he encourages e-mailing him / reaching out . He’s pretty great

[+] ctxc|1 year ago|reply

This is exactly what I wanted. I think I'm going to follow these steps and then branch out and experiment. Thanks a ton!

[+] thenipper|1 year ago|reply

If you use a Mac and just want to mess around with linux try something like Orbstack(https://orbstack.dev/) to start up VMs and mess around. The benefit of this is you're going to break things a bunch as you get started. Going from there I'd start looking automating the deployment of the various components the 'old fashioned' way aka writing shell scripts/using SSH. Once you do that then go to using things like Ansible or Terraform etc.

[+] ctxc|1 year ago|reply

Windows, but yup - I'll start with the raw stuff and move to Ansible.

Till a while back, ssh sounded scary though xD

[+] axus|1 year ago|reply

Sounds like the easiest thing to do would be install Linux to a VM locally and configure the same services you've hosted in Windows, but now in Linux. Test it out from your client to make sure everything that worked on Windows is also correct on the new setup.

[+] ThrowawayR2|1 year ago|reply

> "I read this and realised I don't know what any of these commands are (I've always used Windows), and it's time to start."

I'm a great admirer of Brendan Gregg but I have to say that 1) that's trying to run before you can walk; those tools require fairly advanced Linux knowledge to operate properly and you say that you've only used Windows, and 2) if you're primarily interested in the performance analysis aspect, analogous performance measurement tools exist in Windows, like Windows' built in performance counters and PerfMon.

If you're unfamiliar with Linux and want to get to a point where you understand the tools Brendan Gregg mentioned, I'll say something similar to what others have said: get an inexpensive used 1-liter PC¹ at home, load Ubuntu or some other popular Linux distribution, and start with Nemeth's "UNIX and Linux System Administration Handbook" to learn your way around the system. That will give you the context you need to be able to start to understand how performance analysis tools are used. After that, you can move to the cloud whenever you feel you're ready.

¹ The description at https://www.servethehome.com/introducing-project-tinyminimic... explains what they are and why they are a good value. I wouldn't recommend the Raspberry Pi because not all diagnostic tools are available on ARM and a PC is no more difficult to re-image if you make a mistake than a Raspberry Pi.

[+] ctxc|1 year ago|reply

That was a good article! I saw the handbook recommendation on a other HN post as well, will take a look. Thanks!

[+] maerF0x0|1 year ago|reply

My experience is I did a systems administration internship and i had to play with all the services, it taught me a ton about tools and layers below where I usually operate (Go APIs and backend services). If you're just wanting to get skills on system administration and linux. I'd start with either 1) an old machine you have lying around (or pluck one from a recycling center) or 2) a virtual machine, and 3) once you have confidence on a single box, start to use multiple to make clusters/replica sets of things like multiple nodes of HTTP server, or multiple nodes of a mongodb, etcd or other distributed systems. Try doing work on them and pulling the plug on one mid execution to see what happens.

From there try to play with a bunch of the following things: (OTOH, no particular order)

setup a domain name server like bind (<something>.localhost?), setting up an SMTP service, setup an IMAP/POP3 service, set up a http server like nginx, lighttp, apache, try communicating to the http service over telnet, setup a https certificate with lets encrypt, try doing the same telnet to https and get it piped through gnutls, setup nightly backups to an external HD (try rsync), setup a spam filter for your SMTP server, try to run excalidraw on your http service, build an api that sits behind your HTTP(s). use tcpdump and wireshark to inspect network traffic.

Most of that should be google-able :)

Edit: MOAR

fail2ban, ssh-server, iptables firewall, irc server, sftp host, kubernetes cluster of virtual machines, hadoop/spark for a map reduce workload, check out https://www.cncf.io/projects/ and start to learn to build with those projects/abstractions.

[+] j45|1 year ago|reply

Learning to make snapshots at different steps so you can restore to them and not have to build from scratch is a big help too.

[+] ctxc|1 year ago|reply

That's a good list, thank you! Will keep the ~Google~ duck overlords busy :)

[+] generalizations|1 year ago|reply

Dig up an old laptop, put a beginner OS on it (like Ubuntu). Pick something you want to do on it - like a shared network folder. Then figure out how to build it.

If you need a full server to do it - that's a toy that'll get in your way.

[+] j45|1 year ago|reply

Self-hosting is a lot easier than it was 10 or 15 years ago.

Many things about self-hosting then that leads to cloud tools becoming more popular are quite a bit better now, and people are starting to circle back to compare, or learn.

Start simple and first use tools in between and gradually get more and more complex. There's lots to absorb and learn, but the good thing is the same body of knowledge is way easier to get today than in the past.

Learn something like Yunohost first to get the concepts down on administering apps, and then move to installing one from scratch.

Sticking with super well documented and community supported things can help. So that means Debian and usually Ubuntu, as well as enough docker to be dangerous (portainer is OK to use as well).

DevOps today is much higher level than what it was when it was self hosting. You will find just by starting and reinstalling over a few times, how much the dots start to connect between what you already know.

Find some content, on youtube that you like. The ability to pause and replay explanations an screen shots can help.

In the beginning only do what there are videos and tutorials for (in that order) until you get your feet underneath you to start exploring and yes troubleshooting.

[+] hnarayanan|1 year ago|reply

This is a great thing to learn. There are a few basic pieces to this.

- Start with any server, like a Digital Ocean droplet for like $5 per month - Read some blog posts and setup basic security (like locking down ssh access to root, setting up a firewall and so on) - Think about the kind of app you want to use or host - This will entail things it needs, e.g. Postgres, setting up dependencies - Come up with ways to start and stop services and such

In the end, as you start to see patterns for all this, you will find it beneficial to script everything in some way so that you can easily reuse patterns and lessons on other servers and apps.

I tend to use Ansible for this, and here is a concrete example of all sorts of things you might find interesting: https://github.com/scancer-org/setup

This sets up a server, locks it down, adds a python app with a worker set and so on: https://github.com/scancer-org/setup

Good luck on your learning journey!

[+] ctxc|1 year ago|reply

The repo looks like something for me to explore, will check it out. And I plan to take a look at ansible too. Thanks!

[+] jasode|1 year ago|reply

>Rent a server on the cloud for about $10/mo if possible

It can be cheaper to buy your own "mini" server (e.g. a small N100 ITX computer) to use on your home network. You'll get more RAM and more disk space (e.g. 16GB ram 512GB disk) to play with compared to datacenter rental prices cumulatively adding up over a year.[1]

Unless the specific aspect of renting a public-facing server is part of your self-learning curriculum and/or you also need to access it from outside your home without NAT port-forwarding or Cloudflare reverse-proxy tunneling, you can self-host your playground server at home.

[1] compare the rental costs and cross-reference GB of RAM and GB of disk they include for the monthly price range you want to pay.

https://www.digitalocean.com/pricing/droplets

https://www.linode.com/pricing/#compute-shared

[+] al_borland|1 year ago|reply

Instead of having the sever hosted, you could also get a cheap PC and install it yourself. You’d have more control and more choice over the distro. Install CLI only, so you don’t lean on the GUI, and so you can get a much cheaper system (which will be cheaper than your $10/month hosted system after a few months).

For what it’s worth, that list of crisis tools… I haven’t heard of any of them either, and I spent over a decade working in a datacenter dealing with everything that broke, from hardware, to OS, to app… across Windows, Linux, Solaris, and more. I had some escalation points, but a lot of that was on outage calls where people are talking about and showing what they are doing, and we’d always write down useful stuff so we’d have it. I worked 3rd shift, so we tried to handle everything ourselves as much as possible. Those commands might be useful, but apparently you can survive for a decade in a large production environment without them. Don’t take that one page as your bible.

[+] ctxc|1 year ago|reply

Haha, thanks! Just trying to narrow my "unknown unknowns"...your experience sounds cool! You could write about some of it, I'm sure it'd be an interesting read :)

[+] PaulHoule|1 year ago|reply

You might like the t-series servers from AMZN

https://aws.amazon.com/ec2/instance-types/t2/

the t2.large costs about $10 a month and is particularly good for the bursty loads you'd expect for a lab server. You can get a t2.micro on the free tier as well which is a pretty weak machine. I would watch out because I once ran OpenVPN on a t2 instance that had way too little RAM and it went swap crazy and ran up a $200/month I/O bill. (For the life of me I cannot understand why AMZN doesn't support a branded VPN server that "just works")

Note Azure has the B-series which is similar to the AMZN T-series

https://azure.microsoft.com/en-us/pricing/details/virtual-ma...

and my understanding is that this is about as good.

[+] tomschwiha|1 year ago|reply

If someone wants to use Amazon, as beginner I would rather recommend Lightsail. It includes some data transfer and I think it has a free tier of 3 months. https://aws.amazon.com/lightsail/?nc1=h_ls

[+] ctxc|1 year ago|reply

TIL ram swap! I always thought processes would get shut down when ram is full...thanks!

[+] joshavant|1 year ago|reply

Here's my strategy:

- Setup VMs locally, on your development machine. (This eliminates the cost of hosting but gives you all the technical learning opportunities). My development machine is macOS and UTM has been an excellent app to manage these VMs. You can eventually model your VM's configuration around what resources your VPS will have on AWS/DO (e.g. 1GB RAM, 2 vCPUs, etc).

- Learn the basics of Ansible, in order to provision a server (local or remote). I did the course on KodeKloud.com and found it great to getting me going quickly.

- Write Ansible playbooks to provision your local VM as you would want your VPS on AWS/DO/etc to work. Ansible Galaxy is a repository of many community-supplied roles for common tasks/services. You could consult these for best practices on building your own playbooks or totally offload provisioning onto those roles.

- Once you're comfortable getting your local VM setup, point your Ansible playbook at an AWS/DO VM and put it online!

My high-level roadmap has been to build my own Ansible playbook to provision a Ubuntu server to CIS Level 2.

CIS benchmarks define security controls for a few of the more common aspects of DevOps work (e.g. Ubuntu OS hardening, AWS account security, Docker host, etc). They're freely available and there's many well-maintained scripts that can both audit and provision your host to the standard. I've been using the benchmarks as an easy to way to self-teach security aspects (and validate I've done it correctly). Level 2 is the standard used to handle financial information and medical records, so it's probably the most secure you'll ever need to go.

Once I have a provisioning playbook to stand up a secure host with some services (Nginx, Redis, etc), the next goal on my roadmap is learn Terraform to configure + deploy a personal cloud of services to AWS/DO/etc.

[+] ctxc|1 year ago|reply

This is pretty comprehensive. Thanks! KodeKloud looks interesting.

[+] gmuslera|1 year ago|reply

Provisioning is something that may be out of the picture you described, Terraform, Ansible, templates, whatever, more than creating that server try to recreate it after destroying it (and backups while at that). Monitoring using your own tools instead of (or along with) your provider tools will give you a view of not just when it is working wrong, but also when is working right. Security is another thing that goes both for the cloud and your own server, but for long running instances firewalls and vulnerabilities in what is exposed gets more urgent.

Regarding performance, if you want to dig in that topic, don't wait for a crisis for using those tools, try to understand how the system run, even if not under high load. Gregg have more tools (https://www.brendangregg.com/linuxperf.html) and a few great books.

[+] ctxc|1 year ago|reply

Yup, I got to focus on monitoring as well! Will check the tools out

[+] lode|1 year ago|reply

Tons of great tips in this thread already.

For cheap virtual machines/virtual private servers there’s options beyond the $5/ish a month at Digital Ocean/Vultr:

* many of them offer starting credits for new accounts * lowendbox often has offers for VMs as cheap as $20 a year * Scaleway Stardust is super cheap as well. The web interface never shows them in stock, but I have always been able to create them via their CLI tool.

What will definitely help is look for a community (there’s multiple great subreddits that are welcoming to beginners). Don’t be afraid to ask questions, even if they may sound obvious. That’s the best way to learn!

Good luck, and enjoy!

[+] ChilledTonic|1 year ago|reply

I'm surprised nobody has mentioned SDF yet.

http://sdf.org/

They're an org with a super long legacy in the technology / linux server space and they offer a unix shell for free. It's a great starting place to play around, and there is a built in community of hackers that are also hacking around on the shell, so its easy to find answers for "Beginner" questions.

I know as well for a nominal fee they offer VOIP Telephony, every flavor of database under the sun, and lots of other fun stuff. Great place to start tinkering with these technologies.