New life for an old laptop as a Linux home server
Why setup a home server?
You might have something in mind that would benefit from having an "always-on, always-available" computer.
For myself, it started with the desire to:
Out of curiosity I decided to forego using commercial cloud-computing services and put together something myself. Install a stable Linux distribution such as Debian and gain access to tens of thousands of software packages with the ability to host all kinds of services.
Why use an old laptop as a home server?
Something like a Raspberry Pi is certainly one option, but one big advantage of the laptop option is I already have one not being used! You might also have a spare laptop, or know where to get one for little to no cost.
Second-hand laptops - retired in favour of more current and powerful machines - can still deliver plenty of oomph for running a personal server, and can include all sorts of things built-in (case, display, keyboard, multiple ports, storage) that need to be purchased separately for the Pi. Laptops are designed to be frugal with power and, if the battery still holds a charge, come equipped with their own built-in UPS!
My setup
A discarded and saved-from-landfill Thinkpad E520 (circa 2011) with:
- i5-2430M CPU
- 8GB RAM
- gigabit ethernet and wifi
- scuffed up but usable display
- no internal storage (I added a WD Blue 500GB SATA SSD)
1. Getting started
1.1 Install Debian
Debian 11 aka "Bullseye" is the latest stable release of the popular Linux operating system. I use Debian's (unofficial) network installer image (which includes non-free firmware for pesky wifi cards) to create a minimal, console-only base configuration as the foundation for my home server. Read more
1.2 Static IP Lease
Our new server should use a fixed IP address so its hosted network services can easily be found.
Most home routers come with an integrated Dynamic Host Control Protocol (DHCP) server, and allow configuration via a web console. I have OpenWrt installed on my router, and I create static leases to assign fixed IP addresses to client devices.
Debian's network interfaces are configured for the ifup and ifdown commands in /etc/network/interfaces. By default, wired (ethernet) interfaces are configured for auto-detection and to use DHCP.
Example entry ...
# The primary network interface
allow-hotplug enp0s31f6
iface enp0s31f6 inet dhcp
Display all detected network interfaces along with their IP and MAC addresses ...
$ ip addr
For Openwrt, login to the web console and navigate to Network->DHCP and DNS->Static Leases.
Click Add, then include the MAC address of the server's network interface, the hostname, and the desired IP address. When done click Save & Apply.
All subsequent connections to the local network by the server will see it assigned this IP address.
1.3 Secure remote access using SSH keys
Create cryptographic keys and disable password logins to make the server more secure. Read more
1.4 Remotely unlock a LUKS-encrypted Linux server
When I use LUKS to encrypt the root partition on my Linux server, I need to supply the crypt passphrase at boot to unlock the system for startup to continue and get to login. All well and good if I'm sitting in front of the machine with a keyboard and display. But what if it's a headless server? Or located in a remote location? Read more
1.5 Terminal multiplexer: tmux
Useful on desktops and especially on servers, tmux launches a session in the console that can be divided in multiple windows and panes (multiplexing).
Where it really makes a difference from simply opening multiple terminals or logins, though, is the ability to detach/re-attach sessions. Login to the server, open several windows, run ongoing processes, detach session, logout, login, re-attach session, and restore your working environment.
Install ...
$ sudo apt install tmux
See: Getting started with tmux, and my own tmux.conf configuration.
1.6 Turn off display and close lid
Install vbetool to control the laptop's display backlight ...
$ sudo apt install vbetool
Turn off the backlight with the command ...
$ sudo vbetool dpms off
To close the laptop lid and have the computer continue to run (i.e. don't suspend the system), edit /etc/systemd/logind.conf.
Change ...
HandleLidSwitch=suspend
To ...
HandleLidSwitch=ignore
Restart ...
$ sudo systemctl restart systemd-logind.service
2. Services
2.1 Sync data: syncthing
Syncthing is acontinuous file synch program that synchronizes files between multiple computers. My home setup is a star layout; that is, I have multiple devices that exchange data with the home server. Read more
2.2 Backups: rdiff-backup
A backup you don't have to think about is a backup that gets done. Read more
2.3 RSS reader: newsboat
Newsboat is an RSS feed reader that runs in a console.
Install ...
$ sudo apt install newsboat
Create a list of feeds to track in ~/.newsboat/urls.
Sample file ...
"query:Unread Articles:unread = \"yes\""
https://www.dwarmstrong.org/feed.xml
https://www.reddit.com/r/debian.rss "~r/archlinux"
https://www.youtube.com/feeds/videos.xml?channel_id=UCxQKHvKbmSzGMvUrVtJYnUA "~yt/LearnLinuxTv"
Translates to:
"query:Unread Articles:unread = \"yes\""-- Generates a combined list of unread posts from all feedshttps://www.dwarmstrong.org/feed.xml-- My own feed linkhttps://www.reddit.com/r/debian.rss "~r/debian"-- Reddit feeds can be created by copying the URL and adding.rss; give a custom_name to a feed by adding"~<custom_name>"https://www.youtube.com/feeds/videos.xml?channel_id=UCxQKHvKbmSzGMvUrVtJYnUA "~yt/LearnLinuxTv"-- To subscribe to a Youtube channel:- Open a YT channel's
VIDEOSpage - Use the browser's page source view option, and search for
channelIdand<string>, where<string>in this example isUCxQKHvKbmSzGMvUrVtJYnUA - Add link
https://www.youtube.com/feeds/videos.xml?channel_id=<string>to file
- Open a YT channel's
Run program (and leave running inside tmux) ...
$ newsboat
2.4 Calendar: radicale
CalDAV and CardDAV are open protocols for sharing a calendar and address book respectively between devices. Radicale is a self-hosted CalDAV and CardDAV server. Read more
2.5 Web and reverse proxy: nginx
Nginx is an open-source, high performance, lightweight HTTP and reverse proxy server. Read more
2.5 Dynamic DNS: Duck DNS
My home server sits behind a router assigned a dynamic IP address by the ISP.
If I want to remotely connect to my server, I can use a Dynamic DNS (DDNS) service to create a domain name, automatically update the IP address whenever it changes, and redirect traffic to the new location.
I use the free DDNS service provided by Duck DNS, which permits the creation of up to five domains in the format <subdomain_name>.duckdns.org.
See the install instructions for setting up a cron job on the server that polls the external IP address assigned by the ISP, and notifies Duck DNS of the current address.
Use Network Address Translation (NAT) on the home router to setup port forwarding, which forwards traffic directed at one of the router's ports to the listening port on the home server.
3. Maintenance and monitoring
3.1 Package updates: unattended-upgrades
On desktops, I like to keep the system updated manually. However, on servers, once you get into several devices, upgrading can quickly get repetitive and timely security updates may be put off.
I use unattended-upgrades to automate the process. Read more
3.2 Logs: logwatch
Keep an eye on the server with logwatch, which combs through the system logs and emails reports.
Install ...
$ sudo apt install logwatch
Configuration file is /usr/share/logwatch/default.conf/logwatch.conf. A daily cron job is placed in /etc/cron.daily/00logwatch. I stick with the default settings, which emails a daily report of yesterday's activity to root, which is forwarded to my username. Run mail to read.
3.3 Process viewer: htop
The top command displays Linux processes, and one of the first packages I install on a new Linux setup is the enhanced, interactive htop viewer. Good-looking and easy to use: see CPU and MEMORY usage at a glance, system load and uptime, kill wonky processes, and more!
Install ...
$ sudo apt install htop
See: A Guide to the htop command in Linux
3.4 Authentication: fail2ban
Fail2ban is a daemon that can block other nodes when there are a certain number of authentication failures.
Install ...
$ sudo apt install fail2ban
Default configuration file is /etc/fail2ban/jail.conf. Don't modify this file directly; create a /etc/fail2ban/jail.local file for any custom details ...
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
The existence of a jail.local file will supersede the jail.conf file.
One option that is a good idea to change right away is to add your local devices to the ignoreip line to ensure you don't lock yourself out. Example: localhost is ignored by default, and I add a internal LAN addresses ...
ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24
Other options include bantime (how long a host is banned when fail2ban blocks it) and maxretry (number of failures that need to occur before fail2ban takes action).
After any configuration change, restart the daemon and check its status ...
$ sudo systemctl restart fail2ban
$ sudo systemctl status fail2ban
4. Helpful
- Mastering Ubuntu Server - Third Edition by Jay LaCroix
- Except for a few Ubuntu-specific services, this excellent guide is equally relevant to putting together a Debian server.
- yt/LearnLinuxTV
- YouTube channel with Linux tutorials, reviews, etc. Produced by the author of Mastering Ubuntu Server.
- The Debian Administrator's Handbook by Raphaƫl Hertzog and Roland Mas
- In-depth guide to becoming a Debian power-user/sysadmin. Read online or download the ebook.
- Debian Package Tracker
- A searchable interface that packs a lot of information about a given package on a single page.
- ArchWiki
- Dedicated to Arch Linux, but contains many excellent HOWTOs relevant to all Linux distros.
» Next: Install the LTS kernel in Arch Linux
« Previous: A look at Xfce